I read through the article and thought that pretty much all the activity taken by the Apple Security team sounded reasonable. If I'm not mistaken, everything described was taking place in the work place/work systems/etc...
The sketchy companies go a little further, and start doing this with people's _personal_ lives. I'm thinking about when Patricia Dunn (HP Chairman) hired a private investigator to start hacking into people's Cell Phone Bills to find out who they were talking to - Not just from the office, or on office equipment.
There is a reason why you see so many Silicon Valley people carrying two laptops, two cellphones, etc... - One of them is for work, and is to be used in the workplace, and is handed over / searched / subject to surveillance / carries confidential company material. The other one is for personal stuff.
If there was a material leak from my organization, and it was jeopardizing my livelihood, I would darn well _hope_ company security would have its act together and would track down the leak in a professional manner.
If you bring your personal laptop into a high-security area and refuse to submit to a search, then, without calling the police, and unless grellas shows up to school me because I am not a lawyer, all your employer can do is fire you.
This is wholly-fabricated nonsense. I worked at Apple for 5+ years and, besides for knowing what actually happens in these situations, there are a couple of dead giveaways that "Tom" was never an Apple employee (or, at least, not in Cupertino).
I don't know how people who work in large companies expect to have privacy on the company premises anyway: most of those companies make you sign a set of rules that basically says you forfeit your rights. Same concept in the military, you don't have a right to privacy because (they say) it would be to difficult to manage privacy and check for spies at the same time.
In more sane countries, they expect to have privacy because there are reasonable worker protection laws. Something of this sort would be illegal in most western countries.
As an American that's been in Germany for the last 8 years, it often blows my mind what's actually taken for granted as being acceptable in the US. Searching through employees' mail is illegal here (as would be searching an employee's personal belongings, drug tests, the whole shebang).
How is it "sane" for companies not to be able to control and monitor their own Internet connections? People clearly do abuse those connections to violate IP, confidentiality, and insider trading agreements.
I think you've over-simplified the situation to the point that it's a straw-man.
Different societies have different social contracts. There's what is legal, and what is polite / socially acceptable. In many Western countries, this kind of behaviour at a non-military company would be in shocking bad taste.
It kind of depends on whether your society thinks people > companies, or companies > people.
Well, I don't believe companies are more important than people, and I do think companies should be able to monitor their own computers, and yet somehow I continue to exist.
People also use their home internet connections to violate IP, confidentiality and insider trading agreements. Using the purported Apple-logic from this post, Apple is (indirectly) paying for that too, so shouldn't they be able to monitor those connections as well?
A utility argument here, I don't believe is the way to approach this. There are all sort of "useful" things that companies could do that most folks would agree cross the line into invasion of privacy, in the US or elsewhere.
I think there are two important assumptions I'm working with:
- People have a right to privacy in personal affairs
- The work place being only for work is an idealization that in practice does not exist
My argument won't make sense if you don't agree on those two.
Employment is one of the fundamental elements of the social fabric, and the rights of employers and employees are participant to a more general social contract. There exists a line at which a company must sacrifice some utility to uphold its end of that contract (e.g. they can't make people work 12 hour shifts, 7 days a week, even if they think it'd boost output), and as employers have an imbalance of power in negotiating employment terms, the government, in the interest of the people, lays down some guidelines for what the minimum boundaries are. Every developed country has this. The only variant is the extent of those stipulations, not their existence.
I believe the right to privacy is important enough that it's something that an employee should not be obliged to forfeit it in an employment contract. And since it's clear that personal and professional spheres overlap in the workplace, no, I don't think the company should have unrestricted access to an employee's data or actions in the workplace or through work-provided mediums. I don't think there should be microphones in every room; I don't believe that all thoughts discussed in the coffee corner are thusly entitled to the company. Even if they did buy the coffee and the chairs and are paying you at that time. And for me, and the legislators of many (most?) western countries, that clearly extends to internet access and company cell phones.
Scott, employees generally are only able to use their home Internet connections to violate confidentiality because their work computers and connections are poorly policed.
And, it is as a direct result of rampant abuse of company resources that companies are now deploying draconian security controls on worker machines, locking down USB connections and intercepting and parsing Word documents in the OS kernel. I've been involved in several deployments of these products (not a fan), and I can tell you that it's not an abstract concern that is driving their adoption. Bad stuff is routinely happening on company networks, and companies need to be able to protect themselves.
People have a right to privacy in personal affairs, but people need to make arrangements for their privacy when they're at the workplace. The idea that a Dell desktop that a Fortune 500 company provides you with becomes a bastion of personal privacy just because you decide to use it to check your GMail is untenable. Companies need workers to be able to handle sensitive information, and they need workers to be able to use computers and networks to do their job, and they cannot be expected to grin and bear it as their confidential information walks out the door and onto Yahoo Finance message boards.
Germany has powerful computer privacy laws. It is also not a great epicenter of tech entrepreneurship.
It is also not a great epicenter of tech entrepreneurship.
Perhaps a stable society where people are protected from overbearing authority is more valuable than making a couple of extra dollars today. It is definitely more valuable than a slightly smaller cell phone or a website where you can share 140 character messages with your friend.
There are bigger risks to business than some employees posting a few internal word documents to Yahoo Finance. The worldwide financial crisis was not due to inadequate monitoring of employees' personal e-mail, after all.
I simply disagree that privacy on workplace computers is worth more than money or smaller phones. I see no greater good being traded for the drag on businesses. If you want workplace privacy, you can provide it for yourself, and you can avoid jobs where intense monitoring is a reasonable condition, such as R&D on the industry's most secret products.
I don't know what the worldwide financial crisis has to do with this, but intensive workplace privacy laws would have hurt the investigation and wind-down of fraudulently priced contracts, not helped it. Hey, you brought it up.
If you want workplace privacy, you can provide it for yourself, and you can avoid jobs where intense monitoring is a reasonable condition, such as R&D on the industry's most secret products.
Can you? Can the majority of people make the right decision here?
It's illegal to sell your child to someone. Why is it legal to sell your privacy?
I don't think it is. People will often trade something for money that they really shouldn't. If a person has $a and wants $b, and someone will give them $b in exchange for $a, people will often give up $a regardless of the long-term consequences.
Apparently selling children was a problem for society, so it is generally not legal now. People made the wrong decision, and it hurt society, so now making the wrong decision is no longer an option, and our society is better for it.
I think selling your privacy for a salary is detrimental to society in the same way, so it makes sense to use the legal system to remove the option. Then employees can't be tempted into making bad decisions with respect to their privacy by their employer, or rather, by the threat of non-employment. Plus, people that care about their privacy will no longer have to be off-the-grid wackos, and their value to society is increased as a result.
So you think people are stupid enough that they cannot decide whether selling their privacy is a good decision, therefore the government should make this decision for them?
How about health..we know that people are so stupid that they will sell their health for food (eat cheap fast food that is horrible for their health). Should we ban fast food?
May be we should let people decide what people are comfortable with.
May be we should let people decide what people are comfortable with.
The problem is when people stop caring about privacy because so many others made that decision for them, and the choice completely disappears. I would want to ban fast food if all healthy food became unavailable as a result of its popularity.
I'm not arguing that these things aren't useful or driven by real problem; I'm arguing that they're wrong. As are the actions of employees in harming the companies they work for.
But the American stubbornness in me goes back to the same logic of the Fourth Amendment, that despite the no doubt usefulness from a policing perspective of being able to search people without jumping through a lot of hoops, it is still wrong.
The issue of Germany and entrepreneurship is a whole different rant, and there are legal barriers here which I believe stifle entrepreneurship. (The essence of the real rant though is that it's a deeper cultural issue.) But Germany sans privacy laws wouldn't suddenly be an entrepreneurial hotbed. If we're talking easing incorporation, sure. Making it easier to hire and fire people? Once again, I'd be on board. But I don't think privacy is a significant component of the equation.
What does the Fourth Amendment have to do with a company searching it's own property? I just don't understand why you think that's wrong! I'm an ACLU-giving privacy nut (and I have real problems with how IT security is often managed), and I recoil from the idea that company employees should somehow have some claim on company property simply because they've been allowed to touch it.
I'm not saying that the right is guaranteed by the fourth amendment, just that the logic is similar.
Trying to boil down our disagreement: I don't believe that ownership of a device or communications medium entitles one to all of the information which passes through it. It seems we differ there.
So for me that leaves no conflict between something not being my property, but the things which are on it still being mine. "What should a company be able to monitor?" is separate, where both utility and privacy are part of the formula. I believe, morally, not from a utilitarian perspective, that personal privacy trumps corporate utility in this particular case and that a reasonable set of privacy laws encode that.
Even in Germany, if a company states unequivocally that computer resources are for work purposes only, they can in many circumstances monitor usage.
I want to believe you and I don't really disagree on a fundamental level.
Because sure, to the extent that you're talking to your wife on AIM, it is simply none of IT's business what you're saying, and it is appalling that they would paw through logs of those conversations. To the extent that we can legislate against that kind of thing, and even harshly punish company staff for doing that, I'm on board.
But when you get to the place where a company can't provide a sensitive Internet-connected workstation for someone to deal with unreleased financials or the blueprints for a top-secret product, you lose me completely. Your argument simply doesn't seem tenable. Companies in the US have vast monitoring rights over their own property, and that simply hasn't fatally harmed personal privacy.
To be clear, and we seem to be approaching a middle-ground, I'm not against any and all technical measures of preventing corporate information leakage. But I do believe that there's a boundary, and it seems we agree here, as to how far that should be allowed to go. Unfettered access to all information on company owned devices as presented (sensationalized as it likely is) in the article that kicked off this discussion takes a flying leap over that boundary.
I wonder if I can pull you closer to my side of the middle by suggesting that it's reasonable for Apple to select for the 5th Generation iPhone engineers who are willing to undergo much more intrusive monitoring, especially if they are compensated for that.
Incidentally: drug testing is something you and I could bitch together about way into the night.
This is admittedly a tough one for me, because it brings it down to a choice between two things I'm not comfortable with:
- Corporate invasion of personal privacy
- Limiting a person's ability to choose to do things which I (or the government) think they shouldn't
My first swing at it was that I thought, "Ok, when the legal system much choose one side to protect, perhaps it should default to the weaker side; the side which is least likely to be under duress". But that's just sweet sounding bullshit that was a fancy way of saying, "As long as the weaker party actually wants what I would."
The best I can come up with, and this is oh-so-typically-German, is to say, "Ok, Apple still can't invade their privacy. But I'm fine with ratcheting up the legal repercussions of violating the trust of the employer."
In other words, I'd be fine if more things were promoted up from the level of contract violations and moved closer to the penalties for industrial espionage in an effort to provide a stronger legal deterrent for information leakage, and also to bring in a third-party arbiter (the courts) to decide when, as in any legal proceeding, additional search and seizure is warranted by just cause. (See, I knew I could work in the Fourth Amendment somehow.)
As noted, that is a typically German jurisprudential notion, and I did have to think it through some. (The question really for me is: did I end up here because I think this way? Or do I think this way because I ended up here? :-) )
The people doing that just turn on encryption. The people that get in trouble for using encryption just encode the cyphertext as codewords in their email.
Monitoring communication is mathematically impossible these days.
The deep problem is that employees have a lot less to lose than employers. If you leak a picture of the next iPhone to your competitor, you lose, at most, everything you own. For most people, that's a few thousand dollars. The employer, on the other hand, can lose the entire market for their products.
Technical countermeasures increase the cost of violating contracts. In the real world, DLP systems routinely catch violations, despite the fact that they are all (currently) trivially bypassable.
Your logic says, "wiretaps are meaningless, because monitoring voice is mathematically impossible". Leaving aside the fact that many things that are mathematically possible (such as undetectably encoding high-entropy data as a greater volume of low-entropy data) are practically infeasible, what's your point? Wiretaps, for instance, are clearly incredibly valuable.
For now. This sort of thing just encourages active development and deployment of countermeasures. "The more you tighten your grip, Tarkin, the more star systems will slip through your fingers."
I think you think you understand my point, but you really don't.
In a frictionless intellectual vacuum, it is true that you can create undetectable covert channels. Covert channels are a fundamental problem in systems security, and that's been well-known since Salzer-Schroeder.
In the real world, the arms race of encoding and detecting extends to the horizon of our understanding of computer science and, most importantly, software engineering. Nobody knows all the mistakes that humans will make attempting to engineer systems to do perfect cover channels. For the forseeable future, both sides of this problem need to come to grips with the fact that they're armed imperfectly.
However, in the data leak scenario, the incentives are lined up to favor the monitors and not the leakers. The monitors have budget, continuous practice, access to all company communications to derive norms, and roughly the same access to equipment as the leakers. Meanwhile, if the leakers are caught just once, they're liable for extreme civil and (in some cases) criminal penalties.
The rough idea is that countries that hobble companies' ability to compete will have more trouble generating competitive companies. Obviously this can be taken to extremes (allowing companies to buy children as slaves, for example), but if you err too much on the side of protecting the laborer then you can run into other kinds of consequences.
There's many ways that governments protect their local industries. For instance, the US saved its semiconductor industry (Intel, etc) from doom at the hands of the Japanese, by aggressive tariffs and other trade policies. (Intel cofounder Andy Grove mentioned this in the context of worker's rights. [1]) And that's not mentioning all the subsidies that went into building the US high-tech industry [2], as well as US industry in general [3].
That said, I certainly don't think Apple developers are badly off compared to Apple janitors, or Bay Area fastfood workers. And it's not like countries like Japan and Germany are slouches.
And it's possible that the article on Apple under discussion is false, as some commenters claim.
The implicit suggestion that this is because of privacy laws is silliness. There are plenty of industries in which Germany is ascendent (automotive, biotech, chemicals) which have no more lax information security requirements than computing. I mean, wouldn't you call bullshit if I said, "Maybe if the US had stronger privacy laws Europe wouldn't be dominant in the chemicals industry..."
Have you ever read William Langewiesche's book on nuclear proliferation, _The Atomic Bazaar_? The fact that Europe has a need for workplace security does't mean that Europe actually has workplace security: Langewiesche alleges that lax security and deference to workers essentially allowed URENCO (the UK, Germany, and [mostly] Netherlands) to arm the A.Q. Khan network in Pakistan.
Even with the government: you don't have to obey laws. You can go live in jail. There's always an alternative option. Freedom is about having fair options.
I'm pretty sure people are in fact allowed to bring cameras onto the Apple campus, and, from what I can tell, there are no metal detectors or bag searches of any sort there. My knowledge is secondhand, but I'm inclined to believe that much of this article is BS.
In Israel, because there is a fear from terrorists, before you go into any shop, restaurant, mall, or university, your bag is searched (for ~30 seconds) and sometimes a metal detector is used (a hand-held one).
I know nothing about Apple HQ, but it would be trivial to set something like this up.
Unrelated, but they (Gizmodo) shouldn't have used the word 'gestapo' or anything else related to nazis.
And it's not just one off-handed comparison - the article goes on and on about it. It really trivializes the hardships of people who couldn't just leave and get another job, and where the stakes involved torture and death.
Not only that, but people opt to work at Apple, some of them not just in spite of the secrecy but because of it; Apple is super-sensitive because what their people work on tends to really matter in the marketplace.
I remember seeing a photo of an iPhone developer in front of a huge banner with a screenshot of his app inside of an Apple building on their campus, and it was labeled something like "Secret photo of me in front of banner with our app!" or something of that nature, so it's a possibility that they have restrictions on cameras.
They have a restriction on taking pictures of things you shouldn't (which includes most of the campus), but they don't have restrictions on cameras.
In addition to there being no written rule against it, I've openly and regularly hauled digital video and still cameras across campus without ever hearing any complaint from the omnipresent security guards.
How do you think people work on iPhoto/iMovie/FCP? Check out cameras from a locked facility?
How long until someone needs medical attention during one of these lockdowns, and they are fired for leaving to go to the doctor, or feel that they must endure the problem (and risk complications) in order to keep their job?
Not long, I bet, and I imagine that this practice will remain legal for ... oh ... about 3 months after that first case.
I hope Apple increases the frequency of this practice so that it attracts the attention of legislators sooner, and so that their brightest employees seek employment elsewhere. The beginning of the end is near.
I think it's pretty ridiculous to imply that Apple would accept spectacular corporate liability by dissuading someone from seeking emergency medical attention during an IT investigation. So my guess as to the answer to your question is: it will never happen.
Apple's brightest employees (on the high-security projects) have been aware of extreme security measures for many years now, and positions on those teams are sought after.
The reason why they need these draconian measures is that employees feel disenfranchised and expect to gain more by leaking secrets than by contributing work and sharing in the rewards. Steve Jobs himself would never leak anything - he has a stake in the outcome that the leakers believe they don't.
They don't ask for cameras because there are no cameras at Apple: Employees are not allowed to get into the campus with them. If the cellphone is an iPhone, it gets backed up onto a laptop. "In fact, at the beginning they used to say that the iPhones were really their property, since Apple gave every employee a free iPhone," he points out. All the employees are asked to unlock and disable any locking features in their cellphones, and then the special forces will proceed to check them for recent activity.
The sketchy companies go a little further, and start doing this with people's _personal_ lives. I'm thinking about when Patricia Dunn (HP Chairman) hired a private investigator to start hacking into people's Cell Phone Bills to find out who they were talking to - Not just from the office, or on office equipment.
There is a reason why you see so many Silicon Valley people carrying two laptops, two cellphones, etc... - One of them is for work, and is to be used in the workplace, and is handed over / searched / subject to surveillance / carries confidential company material. The other one is for personal stuff.
If there was a material leak from my organization, and it was jeopardizing my livelihood, I would darn well _hope_ company security would have its act together and would track down the leak in a professional manner.