Why such a big difference between both of these safe countries? The crime rates are pretty similar, Australia definitely doesn't have 70x more crime than Canada, and there aren't simply way more iPhones in Australia. Very different police/prosecuting strategies I guess.
Australia has always seemed like the ultimate nanny state. Seems like they are one of the frontrunners in the anti-encryption debate. Mail is heavily scrutinized, etc.
But for some measurement, it seems to work. Drugs are insanely expensive in aus.
Australian here: I think we have a cultural high degree of trust in our institutions. That trust is frequently unearned or betrayed in the modern era, but it remains nonetheless.
I don't have a great definitive answer on why that's the case, but I do have suspicions. One is around the (perceived?) strength of our democracy, driven by mandatory voting and a well designed parliamentary system. Also, we don't have the American history of revolution - distrust for government just is not part of the thinking.
The other is that, for the most part of the last 50 years, our more public institutions have done a good job. The ABC (think the BBC, but Australian) is a trusted news source, Medicare largely "just works" for most people, our public/private education system mostly works, etc.
When it comes to law enforcement, I think the general perception is that while they're far from perfect, they tend to be well governed and as a result given a generous amount of power.
Again, whether this perception is justified or not is a different thing, especially if you're not of Anglo descent.
My learned view is that most Australians don’t dis-trust the government, they just think it’s a bunch of morons gather around to do a fairly shit job at leading the country.
Culture of war crimes (ADF regularly executed civilians), metadata retention (bipartisan support), anti-encryption (bipartisan support), raiding journalists, letting multiple newborns die because of coronavirus travel restrictions, university censorship kowtowing to China, police brutality, no free speech, no free expression and repeated attacks on the IT industry (many companies incl Microsoft yanked data and compute away from Australia after the bi-partisan laws rammed through parliament allowing the government unfettered access to data).
All of the above has wide bi-partisan responsibility. Most of it has happened in the last 5 years.
You won't get any argument from me that those things are bad. They're total rubbish and I'm still pissed that my local member voted for metadata retention and data access laws from the opposition bench. That said, they wouldn't be able to if the majority of Australians didn't trust the government enough. There's been an election since those laws were passed.
Metadata retention has already been repeatedly abused, including by police and intelligence who use it to spy on girlfriends and random civilians. I don't hear any parties talking about it (because they don't care and issued full-throated endorsements of the practices).
In Australia, both parties sell you down a river and tell you they're the best party because of some irrelevant policy minutiae, meanwhile supporting war crimes and the evisceration of the IT industry and our rights.
I agree, although the quality of the ABC collapsed a few years ago after serious budget cuts and they will probably lose that trust over time.
But the other thing to note about Australia is that the country is a bit of a demographic and cultural misfit in SEA, and reliant on the US umbrella to have unquestioned security against the countries just to the north including two superpowers and any number of countries with the potential to be economic and military powerhouses.
It would be strategically justifiable for Australia to get serious about building up a powerful intelligence system, in a way that it just doesn't for Canada. I imagine if Canada wanted to become the next US State it probably could. Australia is much more isolated and it is foreseeable that the US might withdraw from the Pacific in the next 50 years.
It’s traditional stereotypical “she’ll be right mate” image is far from reality. Hugely litigious, lots of red tape, if there is a fine for something you will be fined.
The ex prime minister stood in parliament and said “The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia,” in regards to wanting to back door encryption. That’s what you are dealing with.
AFAIK Australia has far weaker personal privacy protections and powerful remedies for government agencies. They even passed a law in 2018 allowing them to force companies to build-in backdoors.
I am not Australian and have not seen any updates since it was passed, but "forcing companies to build backdoors" is a massive understatement. The government could effectively compel any employee to act as a spy, without their consent. Don't want to play along? Go directly to jail.
> The new law also allows officials to approach specific individuals—such as key employees within a company—with these demands, rather than the institution itself. In practice, they can force the engineer or IT administrator in charge of vetting and pushing out a product's updates to undermine its security. In some situations, the government could even compel the individual or a small group of people to carry this out in secret. Under the Australian law, companies that fail or refuse to comply with these orders will face fines up to about $7.3 million. Individuals who resist could face prison time.
Well, if you want to go to that extreme, probably also ditch any data service hosted by any company that hires an Australian. The law passed was not restricted to Australian corporations, but Australian citizens regardless of where in the world they reside. Since E3 visas (basically an Australian-only H1b) are so easy to get, that's probably just about any US-based company with more than a few hundred employees.
In practice though I don't think anyone actually cares. I certainly haven't been asked about it by any prospective employers and I work in areas of finance where companies are famously protective of their IP.
The varying strategies (and their varying results -- even when applying the same strategy but in a different location) is rather surprising to me, especially when you dig around a little and find that plenty of places don't re-think their strategy for decades while the results remain 'meh' at best.
Maybe this works well for Australia, or they are stuck in 1990 and simply haven't looked back and wondered if anything could be done differently.
Example would be: instead of catching everything you see, you can also collect information until you find a pattern, central driver or societal problem and solve that to solve the underlying problem. The counter-example would then be: instead of always trying to catch the biggest fish you can also make a few examples and disturb something like a criminal network by messing up the actions of their foot soldiers.
I suspect the way you go about it increases or decreases the amount of individual requests you need in order to execute your mandate.
> places don't re-think their strategy for decades
because it is hard to measure the effectiveness. How many terrorist attacks and domestic incidents are there (assuming in good faith those are the only things to be prevented) ?
I would assume in the absence of any of these national security agencies that there were only very few per year if not decade. That makes it hard to adjust the strategy even if you assume that they are totally focused on security only, and not e.g. on the continued presence of their paycheck of suppression of opposition parties.
To give you an example: the (American) security measures at the airport that were introduced in 2001 can be considered a total success, as there has been no incidence since then
(success = good, people can get promoted for that[0]), although these measures have been called security theater at times[1].
And with these measures called successful by those promoted people, why change them? Of course some other people opine that they may not be as successful as they claim they are [2], but it is still hard to quantify.
> instead of catching everything you see, you can also collect information until you find a pattern
yeah that seems likely. Though this scares me personally as I may demonstrate a pattern now that will make me a suspect in the future, despite doing nothing wrong.
Yes, the way we 'measure' or call something a 'success' can be amusing at best (sometimes). Reminds me of a joke where someone is throwing paper out of a train, someone asks: why are you doing that. Person says: to keep the flying elephants away from the train. And since there are no flying elephants storming the train it must be working!
More important: canada has 68500 police. Austrailia has 63000 (google). So australia has a much higher police:people ratio. Once all the traffic tickets are issued there is probably a tipping point where there are suddenly more officers for technology-related investigations. Canada is also netorious for not investigating tech crimes. It is not a focus for the RCMP.
How accurately can you compare these numbers against country populations? Do iProducts have an equal distribution around the world in various countries?
This is the USA's information[1], it's interesting to see the number of account requests increased from ~5k to almost ~8k accounts, and this is for 2019.
Given the mass protects and how much phone live streaming was involved NEXT years report will be truly revealing.
It's possible it wont jump all that much as when arrested many protestors had their phones at least temporarily siezed, and the Grayshift[2] boxes law enforcement have probably don't need Apple's involvement.
This is why I am, for once, glad for the massive ewaste disaster that is old cell phones.
They are perfect for protests. If you are not coordinating or worried about realtime Twitter, but instead documenting, you don't even need a cheapo prepaid SIM.
Wipe them first, and don't leave them anything other than pictures of their own abusive behavior for them to find, unless you'd also like to gift them a copy of the Constitution or perhaps some personal musings on the role of policing in modern culture.
You don't actually need the ewaste disaster to have cheap old cellphones. You can get a 64-bit PC on eBay shipped to you for <$50. 10+ years old but will still run the latest Windows or Linux.
If phones worked like this, people would keep them for many more years, but there would still be more than enough 10+ year old phones available for a close approximation to the shipping cost.
It would also mean that the older phones would go to poor countries that could still use them instead of being slag, because "slow but runs current software" is usable whereas "not even old enough to be slow but can't run current software" means you can't use the thing because websites will throw certificate errors from missing roots, apps won't run on it and it will be full of known vulnerabilities and get malware.
> Based on 110 public records requests to state and local law enforcement agencies across the country, our research documents more than 2,000 agencies that have purchased these tools, in all 50 states and the District of Columbia. We found that state and local law enforcement agencies have performed hundreds of thousands of cellphone extractions since 2015, often without a warrant.
There are other tools available as well to collect 'cloud' data. Such as Magnet AXIOM Cloud[1] and Cellebrite UFED Cloud[2]. These still require legal process in most cases.
I don't know anything about Grayshift boxes, but you can pair-lock your iPhone so it can't be accessed by devices that connect to it physically.[0] Note that there are some downsides like not being able to restore from a backup from a date before you pair-locked the device, and only being able to backup and restore from that device. (Better hope it never dies!) But if you've got a burner phone you don't want authorities to be able to get into (unless they take the device it's locked to, as well), it's a workable solution.
It looks like you're including preservation requests in the Google number; Apple doesn't report these. If you only look at requests for user information, the numbers are 10,197 for Apple and 26,186 for Google.
Interestingly, the rate at which both end up turning over data is nearly identical (85% for Apple and 83% for Google).
---
EDIT: nostromo points out that Apple does report the preservation request numbers in a separate section on the detail page. So inclusive of preservation requests, the comparison would be 12,719 for Apple and 38,042 for Google. However, I think Apple is right in not including these in the main number since preservation requests are asking the companies to preserve data that they might otherwise delete in anticipation of a future data request -- which would be counted.
> Device requests are based on device identifiers such as Apple serial number, IMEI or MEID.
At least for the device part, if you use an open source OS like LineageOS, you can fake all of these things so that it's not even a question. One of the biggest privacy disadvantages of iOS is that Apple maintains total control over the system and therefore they can be compelled by governments to serve these requests, whereas on my "Google" phone I can actually prevent Google from being able to serve them. Sure, the default OS Google supplies may track the hell out of you, but at least you have the option to load your own OS onto the device.
I find it extremely annoying that Apple continues to play the "we're the good guys" card while there is absolutely no data on how Apple themselves track and use your personal data. I would much prefer the system itself were designed such that you have the ability to restrict data collection from even Apple themselves, and that there is clear proof of that fact.
That argument is getting old. Yes, you could do those things, but can you do that for billions of people? Going back to the "you don't own your computer"-post from yesterday (or the day before?): it's not simply a matter of 'the big bar corp did it', users that do not or cannot understand technology to a degree that they can also control it generally don't have this choice at all. And for people that do have that choice, you also have to choose the ecosystem (be it social or technical). Plenty of people seem to stay on facebook for the same reason. It's not because it's good, it's because that's where the critical mass is.
Yes, you can. At some point regulation does need to step in and keep corporations in check.
You probably buy food from a restaurant or food ingredients from a grocery store. You don't have to buy food -- you can grow it or hunt it yourself. But there are laws around food labels for a reason.
You can from a physical point of view, but that's not what I was talking about; I was talking about ownership, and how you can't really talk about owning something if you don't know what it _is_ what you think you might want to own. No amount of regulation will fix that.
At the same time you do of course need to have a select group of people that are specialised to deal with this 'for the many', which is where you get government and regulation. But that's just an parallel path to a solution, not something that will 'repair' the lack of understanding from the users.
That's not to say that it used to be better or something; when you needed to know how electronics work to be able to buy, install, operate and maintain a basic radio it wasn't very widely usable. (but at least the users knew enough to 'own' their stuff)
That's right, the Venn diagram of Google users includes almost all Android users, a big chunk of Apple users, and even more too. In general I would assume there are at least 2x more Google users than Apple users, and even bigger disparity if you look worldwide.
In the US I believe Android/iOS is 50/50, but worldwide it's close to 80/20.
Oh no, the terrorists use iPhones so now we can only get access to their location, iMessages, photos, browsing history, credit cards and all purchases made through Apple Pay. Might as well not bother sending a request at all.
It's astounding that a supposedly free country won't even allow Apple to tell us how many illegal and unconstitutional warrantless data seizures the US government has compelled them to comply with.
Abridging the 4th amendment rights of users wasn't enough: they had to abridge Apple's 1st amendment rights to even say how many times it happened.
These are the people who voted to suspend the constitution and due process in the USA:
The US constitution has a very long history of being selectively enforced whenever it is convenient for those in power, be it on issues of civil rights, the HUAC, various CIA and FBI programs exposed in the 70s, mass surveillance and "national security", etc. It needs to stop, but those in power seldom want their own powers curtailed.
> Abridging the 4th amendment rights of users wasn't enough: they had to abridge Apple's 1st amendment rights to even say how many times it happened.
The other (potentially more important side) of Apple's 1st amendment rights to speak are the subjects' and everyone else's 1st amendment rights to hear / receive information.
In telling Apple that they cannot reveal the identity of these requests, they are saying that I am not allowed to learn whether I was subjected to ones of these searches. Without being allowed to know, I cannot challenge the search, etc.
The same contra-positive-analysis is helpful with claims of "foreign interference" in elections, where I may have little concern for a foreign adversary's right to speak, but also take serious issue with the idea that I should not be allowed to learn about matters that may be important to and relevant to my vote.
"Government and private entities are required to follow applicable laws and statutes when requesting customer information and data from Apple."
A Transparency Report is still no substitute to Encrypted backup [1] because it made the assumption that every country 's law enforcement system are just.
If Apple cant provide encrypted backup due to pressure from Government, an iOS Time Capsule would surely be a great product. But that would go against the goal of increasing its Services Revenue from iCloud.
Yeah, I do this for a variety of reasons. If Apple doesn't have my backup, they can't give it to anyone and nobody can steal it from them. It's slightly inconvenient if I have to replace a phone while traveling, but honestly, that's never happened to me, and with a global pandemic, it's not an issue at the moment.
It would be much nicer if I can just backup my iPhone to my nas (which I use for my Mac's Time Machine target) which is always online and available over a vpn rather than have to pull out my mbp to do a backup.
The narrative that Apple is the bastion of good UX has sailed quite a while ago given their regressions with MacOS 10.14-10.15 bugs, iOS 13 bugs requiring major reOrgs, iPhone Battery-oriented CPU throttling with no user affordance, etc.
Also their web design has been accessibility-hostile often enough with the landing pages of Trashcan Mac Pro, iPhone 12 etc all taking over your scroll…
On an iPhone it took me a hell of a long time to swipe over to the US, we are talking minutes with all the miss swipes which accidentally forwarded me to other pages etc. for such a UI/UX focused company that seems fishy
Surprisingly it only takes a second on Droid.. But it wouldn't surprise me that they intentionally did it this way in order to discourage people to scroll to the numbers that hurt the most.
They include the NSL breakdown and point to the relevant reporting restrictions they’re working under (6 month delays and having to report most numbers in brackets of 500).
Interesting, when did they start being allowed to admit they even receive a NSL request. I thought that was part of not being able to challenge them in court is that you were not allowed to challenge something you 'never received'.
Yeah I was surprised too but apparently the 2015 renewal of the Patriot Act established some reporting allowances. I guess it makes sense the government doesn’t really care about aggregate reporting like this, it doesn’t really help companies fight individual acts of overreach to say “we received more NSLs than 1000 but less than 1500”.
Assuming the data is available, we should prefer to normalize by # of active customers rather than population. The average German consumer is more likely to buy an Apple device than, say, the average Mexican consumer.
It's almost certainly the first. Or, more specifically, not "an unusual level of effort", but having a system and/or just deciding to include such requests as standard procedure for thefts.
I'm somewhat surprised, tbh, as I was under the impression that petty theft just isn't actively investigated because it's neither much of a problem, nor economical to do so.
For context, the US page[0] lists the primary types of requests they get:
> Device: High number of devices specified in requests predominantly due to return and repair fraud investigations.
> Financial Identifier: High number of financial identifier requests predominantly due to iTunes Gift Card and credit card fraud investigations.
> Account Requests: High number of accounts specified in requests predominantly due to fraud and cyber intrusion investigations and a third party app related investigation.
I wonder what "a third party app related investigation" is about.
I think it's interesting the UK's "emergency" requests list is so high relative to the overall requests made: Either the UK marks nearly all their data requests as emergencies, or are only requesting data in the case of an emergency.
Canada Population: 37M
Australia: 1694 device requests (~70x)
Australia Population: 25M
Why such a big difference between both of these safe countries? The crime rates are pretty similar, Australia definitely doesn't have 70x more crime than Canada, and there aren't simply way more iPhones in Australia. Very different police/prosecuting strategies I guess.