> A state is perfectly allowed to write and enforce any laws it deems fit, and if companies want to operate within those states, they need to follow those laws.
Or you can just leave. Google did it when China demanded unfair censorship and surveillance measures, Apple can too if they wanted to market themselves as a security defender that has an actual backbone. Right now Apple's whole security shtick feels like the theater you get out of Bitlocker or McAfee.
> do you honestly believe that a private enterprise is capable to withstanding that kind of pressure, while also remaining within the law?
No, I believe that a private enterprise claiming to respect privacy as, and I quote, a "human right" would be willing to stand up for the rights they believe in. Whether that means disclosing when things are backdoored, apologizing and preventing further backdoors, or outright open-sourcing your code, is up to Apple. They have communicated none of those things clearly or quickly which leads most people to (correctly) assume their obligation to the state supersedes their obligation to individual privacy.
> How is an organisation like Apple supposed to prove that the requests they received were unlawful [...] when entirely legal apparatus was used to essentially make it illegal to challenge the orders themselves.
By not automating the process? Let's break it down here - assuming Apple's PRISM compliance is real, we can assume the status-quo is Apple and the NSA both wanting to keep the surveillance quiet. Being sneaky with their backdoors is mutually beneficial and allows both of them to maintain plausible deniability when a national news story starts breaking.
The NSA has basically no leverage over Apple. The federal government could punish them punitively for refusing to disclose information in the name of national security, but unless they have dirt on Tim Cook the NSA is mostly relying on cooperation to get what they want. Apple on the other hand has everything to gain from proving their dedication to security and identifying illegal misconduct within their own services. When they don't identify these things and admit they were compelled to stay silent about blatant dragnet surveillance it reneges the faith they advertise to those of us in the security community.
Or you can just leave. Google did it when China demanded unfair censorship and surveillance measures, Apple can too if they wanted to market themselves as a security defender that has an actual backbone. Right now Apple's whole security shtick feels like the theater you get out of Bitlocker or McAfee.
> do you honestly believe that a private enterprise is capable to withstanding that kind of pressure, while also remaining within the law?
No, I believe that a private enterprise claiming to respect privacy as, and I quote, a "human right" would be willing to stand up for the rights they believe in. Whether that means disclosing when things are backdoored, apologizing and preventing further backdoors, or outright open-sourcing your code, is up to Apple. They have communicated none of those things clearly or quickly which leads most people to (correctly) assume their obligation to the state supersedes their obligation to individual privacy.
> How is an organisation like Apple supposed to prove that the requests they received were unlawful [...] when entirely legal apparatus was used to essentially make it illegal to challenge the orders themselves.
By not automating the process? Let's break it down here - assuming Apple's PRISM compliance is real, we can assume the status-quo is Apple and the NSA both wanting to keep the surveillance quiet. Being sneaky with their backdoors is mutually beneficial and allows both of them to maintain plausible deniability when a national news story starts breaking.
The NSA has basically no leverage over Apple. The federal government could punish them punitively for refusing to disclose information in the name of national security, but unless they have dirt on Tim Cook the NSA is mostly relying on cooperation to get what they want. Apple on the other hand has everything to gain from proving their dedication to security and identifying illegal misconduct within their own services. When they don't identify these things and admit they were compelled to stay silent about blatant dragnet surveillance it reneges the faith they advertise to those of us in the security community.