tag:theconversation.com,2011:/id/topics/icloud-575/articlesiCloud – The Conversation2021-08-10T18:17:26Ztag:theconversation.com,2011:article/1657852021-08-10T18:17:26Z2021-08-10T18:17:26ZApple can scan your photos for child abuse and still protect your privacy – if the company keeps its promises<figure><img src="https://images.theconversation.com/files/415327/original/file-20210809-13-86rvyi.jpg?ixlib=rb-1.1.0&rect=0%2C0%2C4158%2C2763&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">If you have an Apple device and upload photos to iCloud, the company will use some clever math to sniff them for instances of child abuse – without actually looking at the photos.</span> <span class="attribution"><a class="source" href="https://unsplash.com/photos/YF66WGnybqQ">Vinicius "amnx" Amano/Unsplash</a></span></figcaption></figure><p>The proliferation of <a href="https://www.nytimes.com/interactive/2019/09/28/us/child-sex-abuse.html">child sexual abuse material</a> on the internet is harrowing and sobering. Technology companies send <a href="https://www.missingkids.org/content/dam/missingkids/gethelp/2020-reports-by-esp.pdf">tens of millions of reports per year</a> of these images to the nonprofit <a href="https://www.missingkids.org/theissues/csam">National Center for Missing and Exploited Children</a>. </p>
<p>The way companies that provide cloud storage for your images usually detect child abuse material leaves you vulnerable to privacy violations by the companies – and hackers who break into their computers. On Aug. 5, 2021, Apple <a href="https://www.apple.com/child-safety/">announced a new way to detect this material</a> that promises to better protect your privacy.</p>
<p>As a <a href="https://scholar.google.com/citations?user=lneZSfIAAAAJ">computer scientist</a> who studies cryptography, I can explain how Apple’s system works, why it’s an improvement, and why Apple needs to do more.</p>
<h2>Who holds the key?</h2>
<p>Digital files can be protected in a sort of virtual lockbox via encryption, which garbles a file so that it can be revealed, or decrypted, only by someone holding a secret key. Encryption is one of the best tools for protecting personal information as it traverses the internet.</p>
<p>Can a cloud service provider detect child abuse material if the photos are garbled using encryption? It depends on who holds the secret key.</p>
<p>Many cloud providers, including Apple, keep a copy of the secret key so they can assist you in <a href="https://support.apple.com/en-us/HT201487">data recovery</a> if you forget your password. With the key, <a href="https://www.macobserver.com/analysis/apple-scans-uploaded-content/">the provider can also match</a> photos stored on the cloud against known child abuse images held by the National Center for Missing and Exploited Children.</p>
<p>But this convenience comes at a big cost. A cloud provider that stores secret keys might <a href="https://www.vice.com/en/article/g5gk73/google-fired-dozens-for-data-misuse">abuse its access</a> <a href="https://www.telegraph.co.uk/news/2021/07/12/exclusive-extract-facebooks-engineers-spied-women/">to your data</a> or fall prey to a <a href="https://epic.org/privacy/data-breach/equifax/">data breach</a>.</p>
<p>A better approach to online safety is <a href="https://ssd.eff.org/en/glossary/end-end-encryption">end-to-end encryption</a>, in which the secret key is stored only on your own computer, phone or tablet. In this case, the provider cannot decrypt your photos. Apple’s answer to checking for child abuse material that’s protected by end-to-end encryption is a new procedure in which the cloud service provider, meaning Apple, and your device perform the image matching together.</p>
<h2>Spotting evidence without looking at it</h2>
<p>Though that might sound like magic, with modern cryptography it’s actually possible to work with data that you cannot see. I have contributed to projects that use cryptography to <a href="https://thebwwc.org/">measure the gender wage gap</a> <a href="https://www.usenix.org/system/files/soups2019-qin.pdf">without learning anyone’s salary</a>, and to <a href="https://www.mycallisto.org/">detect repeat offenders of sexual assault</a> <a href="https://static1.squarespace.com/static/5ff5d891409193661a0718c0/t/604134db3f35b3501dabfa4a/1614886107693/callisto-cryptographic-approach.pdf">without reading any victim’s report</a>. And there are <a href="https://drive.google.com/file/d/1NT_vdxRC8YEPlkQa2KHw22ai9IshyU73/view">many more examples</a> of companies and governments using cryptographically protected computing to provide services while safeguarding the underlying data.</p>
<p><a href="https://www.apple.com/child-safety/pdf/Apple_PSI_System_Security_Protocol_and_Analysis.pdf">Apple’s proposed image matching</a> on iCloud Photos uses cryptographically protected computing to scan photos without seeing them. It’s based on a tool called <a href="https://blog.openmined.org/private-set-intersection/">private set intersection</a> that has been studied by cryptographers since the 1980s. This tool allows two people to discover files that they have in common while hiding the rest.</p>
<p>Here’s how the image matching works. Apple distributes to everyone’s iPhone, iPad and Mac a database containing indecipherable encodings of known child abuse images. For each photo that you upload to iCloud, your device <a href="https://www.apple.com/child-safety/pdf/Expanded_Protections_for_Children_Technology_Summary.pdf">applies a digital fingerprint</a>, called NeuralHash. The fingerprinting works even if someone makes small changes in a photo. Your device then creates a voucher for your photo that your device can’t understand, but that tells the server whether the uploaded photo matches child abuse material in the database.</p>
<p>If enough vouchers from a device indicate matches to known child abuse images, the server learns the secret keys to decrypt all of the matching photos – but not the keys for other photos. Otherwise, the server cannot view any of your photos.</p>
<p>Having this matching procedure take place on your device can be better for your privacy than the previous methods, in which the matching takes place on a server – if it’s deployed properly. But that’s a big caveat.</p>
<h2>Figuring out what could go wrong</h2>
<p>There’s a <a href="https://www.youtube.com/watch?v=XLMDSjCzEx8">line in the movie “Apollo 13”</a> in which Gene Kranz, played by Ed Harris, proclaims, “I don’t care what anything was designed to do. I care about what it can do!” Apple’s phone scanning technology is designed to protect privacy. Computer security and tech policy experts are trained to discover ways that a technology can be used, misused and abused, regardless of its creator’s intent. However, Apple’s announcement <a href="https://twitter.com/mattblaze/status/1423474134202437637">lacks information to analyze essential components</a>, so it is not possible to evaluate the safety of its new system.</p>
<p>Security researchers need to see Apple’s code to validate that the device-assisted matching software is faithful to the design and doesn’t introduce errors. Researchers also must test whether it’s possible to fool Apple’s NeuralHash algorithm into changing fingerprints by <a href="https://twitter.com/yvesalexandre/status/1423293697152610314">making imperceptible changes to a photo</a>.</p>
<p>It’s also important for Apple to develop an auditing policy to hold the company accountable for matching only child abuse images. The threat of mission creep was a risk even with server-based matching. The good news is that matching devices offers new opportunities to audit Apple’s actions because the encoded database binds Apple to a specific image set. Apple should allow everyone to check that they’ve received the same encoded database and third-party auditors to validate the images contained in this set. These public accountability goals <a href="https://www.bu.edu/riscs/2021/08/10/apple-csam/">can be achieved using cryptography</a>.</p>
<p>Apple’s proposed image-matching technology has the potential to improve digital privacy and child safety, especially if Apple follows this move by <a href="https://www.reuters.com/article/us-apple-fbi-icloud-exclusive/exclusive-apple-dropped-plan-for-encrypting-backups-after-fbi-complained-sources-idUSKBN1ZK1CT">giving iCloud end-to-end encryption</a>. But no technology on its own can fully answer complex social problems. All options for how to use encryption and image scanning have <a href="https://mobile.twitter.com/alexstamos/status/1424054544556646407">delicate, nuanced effects</a> on society.</p>
<p>These delicate questions require time and space to reason through potential consequences of even well-intentioned actions before deploying them, through <a href="https://cyber.fsi.stanford.edu/io/content/e2ee-workshops">dialogue</a> with affected groups and researchers with a wide variety of backgrounds. I urge Apple to join this dialogue so that the research community can collectively improve the safety and accountability of this new technology.</p>
<p>[<em>The Conversation’s science, health and technology editors pick their favorite stories.</em> <a href="https://theconversation.com/us/newsletters/science-editors-picks-71/?utm_source=TCUS&utm_medium=inline-link&utm_campaign=newsletter-text&utm_content=science-favorite">Weekly on Wednesdays</a>.]</p><img src="https://counter.theconversation.com/content/165785/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Mayank Varia receives research grant funding from the National Science Foundation and DARPA. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author and do not necessarily reflect the views of the United States Government.</span></em></p>Apple will scan all photos uploaded to the cloud for child sexual abuse without actually looking at the photos. Privacy experts are concerned by the lack of public accountability.Mayank Varia, Research Associate Professor of Computer Science, Boston UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1623712021-06-08T12:33:25Z2021-06-08T12:33:25ZFastly global internet outage: why did so many sites go down — and what is a CDN, anyway?<figure><img src="https://images.theconversation.com/files/405062/original/file-20210608-23-zjvohu.jpg?ixlib=rb-1.1.0&rect=0%2C696%2C5000%2C3046&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><span class="source">Shutterstock</span></span></figcaption></figure><p>If you were having difficulty accessing your favourite website on Tuesday evening Australian time, you’re not alone. A jaw-dropping number of major websites around the globe <a href="https://californianewstimes.com/twitch-pinterest-reddit-and-more-go-down-in-fastly-cdn-outage-techcrunch/384198/">suddenly became unavailable</a> with no immediately obvious explanation — before <a href="https://inews.co.uk/news/technology/reddit-down-is-amazon-twich-guardian-websites-internet-503-error-fastly-outage-explained-1040594">reappearing an hour later</a>.</p>
<p>It’s disconcerting when the sites we rely on suddenly become inaccessible, and even more so when it happens on <a href="https://techcrunch.com/2021/06/08/numerous-popular-websites-are-facing-an-outage/">such a vast scale</a>. This outage saw seemingly unrelated sites go dark, including the BBC, Pinterest, the Financial Times, Reddit and even The Conversation.</p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1402211722715447305"}"></div></p>
<p>How can so many sites, from so many different organisations, all be affected by the same incident? To understand the answer, you need to know what a CDN (<a href="https://www.cloudflare.com/learning/cdn/what-is-a-cdn/">content delivery network</a>) is and how crucial they are to the smooth running of the internet.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/remember-apple-airtags-and-find-my-app-only-work-because-of-a-vast-largely-covert-tracking-network-160781">Remember, Apple AirTags and 'Find My' app only work because of a vast, largely covert tracking network</a>
</strong>
</em>
</p>
<hr>
<h2>What happened and what’s a CDN?</h2>
<p>While it’s too early to provide a comprehensive diagnosis of the incident, the internet (once it was accessible again) quickly pointed to the culprit: Fastly.</p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1402205996387389441"}"></div></p>
<p>Fastly is a cloud computing company that provides CDN services to a <a href="https://www.fastly.com/customers/">range of websites</a> including Amazon and Deliveroo. But how can a single company bring down a noticeable proportion of the internet?</p>
<p>When we access a website, we might assume our browser goes off to the internet, talks to the remote site, and then presents the page on our screen. While this is in essence what happens, it masks a much more complicated process, which can include CDN services.</p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/Bsq5cKkS33I?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
<figcaption><span class="caption">What is a CDN?</span></figcaption>
</figure>
<p>A CDN is a service that allows popular websites to keep copies of their pages closer to their customers. </p>
<p>For example, if we want to browse the BBC website, we could talk directly to a server in the United Kingdom. While the internet is perfectly capable of transferring the web page from the UK to Australia, there is an inevitable delay (perhaps a few hundred milliseconds). And nobody likes delays.</p>
<p>The experience for the user can be up to ten times quicker if a copy of the page (or elements of its content) can be held in Australia and delivered on demand.</p>
<p>Of course, accessing a version of the page held in Australia would work great if you’re in Australia but not so much if you’re in, say, Los Angeles. So, to ensure fast content delivery for everyone around the world, CDNs usually work on a global scale. </p>
<p>A CDN service provider will typically operate data centres around the world, holding copies of popular content in major population centres to deliver content in each region.</p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1402216123102343170"}"></div></p>
<p>The speed of delivery of a single image or page element may not be noticeably faster coming from a CDN — the difference between 200 milliseconds and 20 milliseconds isn’t discernible to most users. </p>
<p>However, modern websites often contain many elements, including images, videos and so on. When combined, the speed improvement through CDNs can be significant.</p>
<h2>So, why did so many sites fail?</h2>
<p>CDN services provide a valuable service to improve our web browsing experience — but at a cost. </p>
<p>When a major CDN provider such as Fastly experiences a failure, it doesn’t affect just one website; it’s likely to impact every website they support.</p>
<p>In Tuesday’s example, sites across the world suddenly went offline as requests for the CDN-hosted content were not serviced.</p>
<p>This incident demonstrates how reliant we are on technology — and on the specific implementations of technology in our modern lives. </p>
<p>If each website we visit hosted its own content exclusively, we would not be facing these issues. However, our web browsing experience would be much slower, reminiscent of the days of dial-up modems (well, perhaps not quite that bad).</p>
<p>Despite the global outage, it was resolved within about an hour. That would <a href="https://status.fastly.com/">seem to indicate</a> it’s unlikely to have been a security- or hacking-related issue. </p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1402215984354803719"}"></div></p>
<p>It was more likely due to a short-term failure in Fastly’s infrastructure, or a misconfiguration that spread through its systems.</p>
<h2>Could it happen again?</h2>
<p>Fastly is not the only CDN provider. Other high-profile services include Akamai and Cloudflare. Outages are <a href="https://www.catchpoint.com/blog/cloudflare-outage-2019">not uncommon</a>, but they are usually short-lived.</p>
<p>Readers can be assured (assuming you haven’t lost internet again) that service providers are closely watching this incident to ensure lessons are learned for next time.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/how-to-boost-your-internet-speed-when-everyone-is-working-from-home-135313">How to boost your internet speed when everyone is working from home</a>
</strong>
</em>
</p>
<hr>
<img src="https://counter.theconversation.com/content/162371/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Paul Haskell-Dowland does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>To understand what happened, you need to know what a CDN (content delivery network) is, and how crucial they are to the smooth running of the internet.Paul Haskell-Dowland, Associate Dean (Computing and Security), Edith Cowan UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/320512014-09-24T09:42:23Z2014-09-24T09:42:23ZAfter all these hacks, tech firms could do more – but better security starts with you<figure><img src="https://images.theconversation.com/files/59822/original/q8n92bxj-1411502680.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">A belt and braces approach is wise.</span> <span class="attribution"><a class="source" href="https://www.flickr.com/photos/modernrelics/6889241086/">Modern Relics</a>, <a class="license" href="http://creativecommons.org/licenses/by/4.0/">CC BY</a></span></figcaption></figure><p>After various celebrities’ accounts on Apple’s iCloud servers were <a href="https://theconversation.com/novice-mistake-may-have-been-the-cause-of-the-icloud-naked-celebrities-hack-31272">hacked</a>, the company has made a point of addressing these issues. It has made <a href="https://www.apple.com/privacy/">new claims for the security of iOS 8</a>, the firm’s latest phone operating system, and for its cloud services. Similarly, Google announced the next version of its Android phone operating system will <a href="http://www.bbc.co.uk/news/technology-29276955">encrypt all data by default</a>. But what sort of security do these measures provide?</p>
<h2>Security in the hand</h2>
<p>All phones and tablets provide a device lock that requires a passcode or swipe gesture to unlock. But many owners – up to 50% – either don’t use the feature, or use a <a href="http://danielamitay.com/blog/2011/6/13/most-common-iphone-passcodes">trivial passcode such as 1234</a>. Fingerprint readers, as <a href="https://theconversation.com/iphone-5s-fingerprint-scanning-thumbs-up-or-down-18112">introduced in the iPhone 5</a>, are perhaps the way forward and through ease of use are likely to increase the number of users locking their phones.</p>
<p>While a device lock provides some protection, it’s still possible that a hacker, or the authorities, could extract data given physical access to the device. Encryption, as offered by both Apple’s iOS and Google’s Android platforms, would defeat this (or make it extremely difficult) by requiring a passcode to decrypt the contents and make them readable. </p>
<p>Android has offered this since 2011, while for Apple it was introduced with iOS 7 in September 2013 for mail and data in third-party apps. With iOS 8, this is extended to the phone’s messages, mail, calendar, contacts and photos. Additionally Apple claims that it no longer stores a copy of the encryption key used, making it unable to respond to a warrant demanding access to the data, whether backed up in the cloud or on the device.</p>
<p>In the UK, police will <a href="http://www.independent.co.uk/life-style/gadgets-and-tech/uk-police-to-start-seizing-drivers-mobile-phones-after-all-crashes-9632873.html">seize mobile phones after a car crash</a> in order to see if drivers were texting and driving. This follows a pilot scheme in which police stations equipped with specialist readers are able to swiftly <a href="http://www.bbc.co.uk/news/technology-18102793">extract the entire contents of a phone</a>. Whether this will be defeated by the encryption introduced by iOS and Android remains to be seen. Certainly the UK Regulation of Investigatory Powers Act 2000 (RIPA) empowers the authorities to <a href="https://theconversation.com/cloud-data-makes-life-easier-for-government-spooks-and-the-law-gives-them-a-free-pass-31696">compel a user to supply decryption keys</a> or passcodes.</p>
<p>Apple’s <a href="http://www.cnet.com/how-to/apple-pay-how-it-works-security/">new payment system</a> built around its near field communication (NFC) chip and protocol does not store or transmit credit card details. This makes it fairly secure, and should massively reduce the number of skimming techniques that are possible with other card payments, as neither the card number nor the pin code will be accessible during the payment process, stored as they are in a secure hardware chip in the phone.</p>
<h2>Security in the cloud</h2>
<p>Most smartphones now back-up data to the cloud and it was through this that hackers gained access to the images that were then leaked. There’s no evidence that Apple’s servers were hacked and compromised – unfortunately this privacy breach was made possible by poorly chosen passwords and <a href="http://www.eweek.com/mobile/what-apple-needs-to-do-to-secure-its-users.html">a weak security questions system</a> that allowed repeat guesses without raising the alarm.</p>
<p>There are files containing millions of popular passwords available on the internet and it’s likely hackers simply ran programs that tried various combinations until they succeeded – a “brute force” attack – together with answers to security questions guessed based on publicly known information. Apple has now firmed up its security procedure by introducing a maximum number of incorrect answers to security questions and notifying users when their online accounts are accessed.</p>
<h2>Security starts with you</h2>
<p>So make sure the weak link in the security isn’t you. Choose a <a href="http://xkcd.com/936">strong password</a> – it isn’t hard. Don’t use an obvious passcode, and use a fingerprint scanner if fitted. Use Apple <a href="https://www.apple.com/uk/icloud/find-my-iphone.html">Find My Phone</a> or Android’s <a href="http://android-device-manager.en.softonic.com/web-apps">Device Manager</a> so a lost or stolen phone can be locked, traced or even remotely wiped. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/59815/original/hp9qnst5-1411496487.png?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/59815/original/hp9qnst5-1411496487.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/59815/original/hp9qnst5-1411496487.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=487&fit=crop&dpr=1 600w, https://images.theconversation.com/files/59815/original/hp9qnst5-1411496487.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=487&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/59815/original/hp9qnst5-1411496487.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=487&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/59815/original/hp9qnst5-1411496487.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=612&fit=crop&dpr=1 754w, https://images.theconversation.com/files/59815/original/hp9qnst5-1411496487.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=612&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/59815/original/hp9qnst5-1411496487.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=612&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption"></span>
<span class="attribution"><span class="source">xkcd</span>, <a class="license" href="http://creativecommons.org/licenses/by-nc-nd/4.0/">CC BY-NC-ND</a></span>
</figcaption>
</figure>
<p>For iPhones, upgrade to iOS 8 or at the very least upgrade to iOS 5 or higher. For Android, look into encrypting the device’s contents and when installing a new app be aware of what it is asking access to – don’t blindly click on messages that say “Let this app have access to…” as malicious apps could wrestle data from your phone and send it out over the internet. Some companies have a terrible reputation when it comes to privacy (for example Facebook), so be cautious of default settings.</p>
<h2>Use the best tools available</h2>
<p>Currently the best way to secure online accounts is (together with a strong password) to turn on <a href="http://lifehacker.com/5938565/heres-everywhere-you-should-enable-two-factor-authentication-right-now">two-factor authentication</a> – as offered by <a href="http://support.apple.com/kb/ht5570">Apple</a>, <a href="https://www.google.com/landing/2step/index.html">Google</a>, <a href="https://www.facebook.com/note.php?note_id=10150172618258920">Facebook</a> and <a href="https://blog.twitter.com/2013/getting-started-with-login-verification">Twitter</a>.</p>
<p>You register a phone number, which the service will call or text with a pin number. This will be required in addition to your password to gain access. This is set up per device, for example once for your phone and once for your laptop. Trusted devices will work as they did, but someone else (or you) attempting to access your account from another device will need not only your password, but access to your phone to get the pin number the service sends.</p>
<p>Google goes further, allowing you to generate new, random passwords for each of its online services you use or each device, so that if someone compromises one password it won’t open any others.</p>
<p>While it’s a bit more of a hassle, try to have different passwords for different accounts as <a href="http://xkcd.com/792/">re-using passwords is as bad as having weak passwords</a>. Use the tools available – web browers save passwords and there are software tools such as password managers that can simplify the task – but make sure you know how they work.</p>
<p>And even at the end of their lives, computers, phones and other devices <a href="http://www.computerworld.com/article/2538325/computer-hardware/how-to-wipe-personal-data-from-cell-phones-and-pcs.html">need to be securely wiped</a> to <a href="http://ico.org.uk/for_the_public/topic_specific_guides/online/deleting_your_data">remove all traces of personal data</a> (including the passwords and financial details we’ve been so keen to protect) before being given away or sold. Not doing so is little different than handing your keys to a burglar.</p>
<p>Blaming the companies for security failures is too easy – consumers have to get wiser about locking their data away.</p><img src="https://counter.theconversation.com/content/32051/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Barry Avery does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>After various celebrities’ accounts on Apple’s iCloud servers were hacked, the company has made a point of addressing these issues. It has made new claims for the security of iOS 8, the firm’s latest phone…Barry Avery, Associate Professor, Informatics and Operations , Kingston UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/312722014-09-05T05:05:15Z2014-09-05T05:05:15ZNovice mistake may have been the cause of the iCloud naked celebrities hack<figure><img src="https://images.theconversation.com/files/58241/original/4w9skqk5-1409825605.jpg?ixlib=rb-1.1.0&rect=39%2C32%2C4263%2C2518&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">The way in is simple.</span> <span class="attribution"><a class="source" href="https://www.flickr.com/photos/chipsillesa/7386345440">chipsillesa</a>, <a class="license" href="http://creativecommons.org/licenses/by-nc-nd/4.0/">CC BY-NC-ND</a></span></figcaption></figure><p>The investigation of the hack that gave the world access to hundreds of <a href="https://theconversation.com/celebrities-nudity-and-other-ways-4chan-drives-the-internet-hype-machine-31150">nude celebrity pictures</a> identified another massive gap in online security. Given Apple’s reputation of being among the more secure tech companies, this puts them in a tight spot. Also, the <a href="https://theconversation.com/three-ways-your-personal-photos-are-vulnerable-to-hackers-31134">ramifications</a> of the security weakness for other companies are quite serious, as more and more people use cloud services to store their data.</p>
<p>The compromise seems to have nothing to do with Apple’s iCloud infrastructure or associated backup system. Instead, as part of the investigation of the activity, researchers discovered a weakness around the <a href="http://uk.pcmag.com/news/35372/apple-no-icloud-find-my-iphone-breach-in-celeb-pho">Find My iPhone</a> app. It uncovered a major weakness in the design of the app, and can be seen as a novice mistake in setting up the security of the Cloud infrastructure.</p>
<p>Most login systems lock out a user after a certain number of tries at remembering (or guessing) a password. This guards against a hacker trying out a few passwords which might fit. But it seems that Find My iPhone didn’t have an automatic lock-out feature. This could allow hackers to use automated tools which will try many permutations and combinations for usernames and password, and eventually find the right one.</p>
<p>Such tools are numerous. For instance, <a href="http://en.wikipedia.org/wiki/The_Hacker%27s_Choice#THC_Hydra">Hydra</a> reads from lists of common names. It is programmed such that it can talk to most types of systems on the internet. Hydra can then blast the login system with millions of credentials. If the user has used weak passwords, it can quickly get a successful login.</p>
<p>The Apple authentication system failed perhaps because it focused on improved usability, where users typically forget their password, and then continually try to remember the right one. If the users themselves kept getting locked out, it can be a significant drain on support where a human operator is needed to verify the user and reset the system.</p>
<p>Overall the authentication system failed in this case to provide a lock-out mechanism for the scanning for usernames and passwords, and it should have had in place:</p>
<ul>
<li>A lock-out on a certain number of tries.</li>
<li>A network detection system setup to detect multiple logins against a single account. While it is likely that Apple have this in-place, it requires a complex infrastructure built around listening agents on the network (known commonly as IDSs - Intrusion Detection Systems).</li>
<li>A “human” challenge to stop automated bots from trying the multiple usernames or passwords (such as with Captcha).</li>
</ul>
<p>The problem often comes down to developers quickly producing a solution to get it online, but forgetting to give security matters enough consideration. In this case, it was a novice problem, which was discovered by others, and most system administrators would advise that a lock-out system works best. </p>
<p>In many cases a lock-out after three attempts is used, but perhaps with typing problems in mobile phones that this value is too low, but it should at least be set at a level which protects the user. The balance between usability and security is tricky, but its the job of any tech company to find an optimal solution. Apple must learn from this public relations disaster.</p><img src="https://counter.theconversation.com/content/31272/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Bill Buchanan does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>The investigation of the hack that gave the world access to hundreds of nude celebrity pictures identified another massive gap in online security. Given Apple’s reputation of being among the more secure…Bill Buchanan, Head, Centre for Distributed Computing, Networks and Security, Edinburgh Napier UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/312152014-09-03T05:32:33Z2014-09-03T05:32:33ZWho is to blame when iCloud is ‘hacked’ – you or Apple?<p>A hacker’s release of <a href="http://www.theguardian.com/technology/2014/sep/02/fbi-investigating-hack-nude-celebrity-leak">personal photos</a> of actress Jennifer Lawrence and other female celebrities on the internet on the weekend has again drawn our attention to the security of our personal information online. Are we really aware of what we upload? And how can we make sure the information we intend for private viewing remains private?</p>
<p>With new devices incorporating features for recording personal data, such as the health monitoring technologies used in Samsung’s <a href="http://www.samsung.com/au/consumer/mobile-phone/wearables/wearables/SM-R3800VSAXSA">Gear</a> and the Apple <a href="https://www.apple.com/au/ios/ios8/health/">Health app</a>, should we be even more concerned about our ability to control our private data?</p>
<p>Most of the hacked images were <a href="http://www.news.com.au/technology/online/how-to-turn-off-photo-stream-if-youre-worried-about-being-hacked/story-fnjwnj25-1227045503538">reportedly obtained</a> through Apple’s iCloud service which can automatically back up personal data from Apple products to its servers.</p>
<h2>Cloud confusion</h2>
<p>How iCloud works is <a href="https://theconversation.com/even-experts-find-apples-icloud-baffling-what-hope-is-there-for-the-rest-of-us-31202">baffling</a> even to some computer security experts.</p>
<p>The response from Apple has been unequivocal. While the tech giant said it was “outraged”, the <a href="https://www.apple.com/pr/library/2014/09/02Apple-Media-Advisory.html">official response</a> noted:</p>
<blockquote>
<p>None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone.</p>
</blockquote>
<p>So individual users were responsible for any failure to take the proper precautions to make sure personal data remains in personal control.</p>
<h2>The blame game</h2>
<p>Like those who defend the hackers of stolen photos, Apple is blaming the victims of the attack without acknowledging the role its service plays in opening up private data to these attacks. This position is indefensible for several reasons.</p>
<p>Social media and services such as iCloud present us with countless examples of personal data doing things that seem counter to the will of the individual.</p>
<p>In a study I <a href="http://www.tandfonline.com/toc/utis20/29/3#.VAZeL0iVFaE">published last year</a>, Facebook users sometimes feared their data to have a “life” that does not correspond to that of the person who “owns” the data generated. </p>
<p>Like our Facebook profiles, we assume what we backup with any cloud services to be “our” data. Yet the <a href="https://www.apple.com/legal/internet-services/icloud/en/terms.html">Terms and Conditions</a> of whatever you upload to iCloud state:</p>
<blockquote>
<p>[…] you grant Apple a worldwide, royalty-free, non-exclusive license to use, distribute, reproduce, modify, adapt, publish, translate, publicly perform and publicly display.</p>
</blockquote>
<p>These words mirror similar statements in Facebook’s <a href="https://www.facebook.com/legal/terms">Terms of Service</a>.</p>
<p>At the same time, Apple is clear to claim:</p>
<blockquote>
<p>[…] you, and not Apple, are solely responsible for any Content you upload, download, post, email, transmit, store or otherwise make available through your use of the Service.</p>
</blockquote>
<p>Merely using iCloud means that Apple can do what it wants with your data, but you – and only you – are responsible with what happens to that data.</p>
<p>Placing the blame on the individual, as Apple does, results in a common response whenever data are thought to be beyond the control of the user: delete all of your personal information online, shared intentionally or not.</p>
<p>This response simply is not good enough given how cloud services operate. They make multiple copies in multiple locations, stored on multiple servers and hard drives across the globe.</p>
<p>These files are uploaded automatically and are built into new features of our mobile devices. When an individual deletes a file, this does not mean that it is actually deleted, simply by virtue of <a href="http://www.clir.org/pubs/reports/reports/pub149/pub149.pdf">how computer storage works</a>.</p>
<h2>All about trust</h2>
<p>Apple may wish to absolve itself of responsibility when individuals lose control of their personal data. In legal terms, Apple places all burden on the individual for the management of their data.</p>
<p>Yet understanding the control of data as a personal matter disregards how these services actually operate. If Apple and other cloud-based services want our trust, then they have to acknowledge the role their products play in perpetuating anxieties of data-out-of-control.</p>
<p>They must refuse to place sole responsibility on their users – the victims of these attacks.</p><img src="https://counter.theconversation.com/content/31215/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Grant Bollmer does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>A hacker’s release of personal photos of actress Jennifer Lawrence and other female celebrities on the internet on the weekend has again drawn our attention to the security of our personal information…Grant Bollmer, Lecturer of Digital Cultures, University of SydneyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/41232011-11-09T19:48:10Z2011-11-09T19:48:10ZCloud Shredder: hiding data better or making life more complicated?<figure><img src="https://images.theconversation.com/files/5219/original/4519957374_5f90df7963_o.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Having precious data split in two could keep it safer from prying eyes.</span> <span class="attribution"><span class="source">dorena_wm</span></span></figcaption></figure><p>Your data is out there, somewhere – all of your data. Encryption can protect files on your laptop or PC. Storing them on a remote server – such as <a href="http://www.dropbox.com/">DropBox</a> is another option. And … well, that’s about it. </p>
<p>So I read with interest a recent <a href="http://www.newscientist.com/blogs/onepercent/2011/11/cloud-shredder-protects-your-d.html">article in New Scientist</a> that pointed towards a so-called “third option” for data security. </p>
<p>Dubbed “Cloud Shredder”, this new system is scheduled for launch – at least for Adobe Acrobat and Open Office – this month.</p>
<p>It has been developed, we’re told, by Nan Zhang, a researcher at the <a href="http://english.cas.cn/">Chinese Academy of Sciences</a>, and colleagues. </p>
<h2>How will it work?</h2>
<p>The Shredder reportedly splits files into two pieces when they’re placed in a Dropbox-style folder. One half remains on your local hard drive, while the other is sent to <a href="https://theconversation.com/topics/cloud-computing">the cloud</a>. </p>
<p>If your laptop is stolen, you simply delete the cloud part of your data and the thief is left with a hard drive full of junk.</p>
<p>Conceptually, this seems a great way to encourage people to feel more comfortable about storing their confidential files using cloud computing. </p>
<p>People can, and do, store their files using cloud computing at the moment, of course, but there are a number of privacy considerations – not least the question of who else can access your information.</p>
<p>The Shredder system means you will need to bring together the two parts of the file to be able to open and read it. Someone on the internet may be able to see the other part of your file, but they can’t open or read it as they do not have access to the all-important second part, which is on your PC. </p>
<p>Think of it like tearing up a dollar bill and giving another person the other half – the bill’s only of value when the halves meet up again.</p>
<p>The idea of having two parts (or “<a href="http://www.webopedia.com/TERM/P/public_key_cryptography.html">keys</a>”) to allow access to any of the files that are stored in the cloud is not new. </p>
<p>This is core to the design of the internet, in that secure data is encrypted with a number of “keys” that only allow the sender and recipient to access the data. Anyone intercepting the data cannot read it as it’s coded, and is therefore secure from prying eyes. </p>
<h2>Drawbacks</h2>
<p>Sharing and storing a range of file fragments would be fine if you were to use the same PC or laptop to access your files in the cloud. The obvious logistical challenge comes the minute you want to use another PC to access your cloud files, given that PC will not have the part needed to make the file complete.</p>
<p>There are a number of other considerations to the approach of having parts of your file on your PC and the other parts on the internet:</p>
<p>1) <em>Performance overhead</em>. With one half of your file in the cloud and the other on your PC, each time you update your file and save it, it has to write parts of the file to the internet and the other part to your PC. </p>
<p>The Shredder introduces another layer of software that has to manage the processes of deciding which bits (literally) go where (i.e. to your PC or the cloud). </p>
<p>That would increase the processing time needed for working with the file, and slow things down marginally. </p>
<p>2) <em>Backup and recovery</em>. Files such as PDF, Excel spreadsheets, Word documents and so on can be stored anywhere (a memory stick, your PC, the cloud) as distinct objects, as they are fully encapsulated and complete. </p>
<p>That also means that you have full control over the back-up and restoration of the file in its entirety. If your files were split in half by the Cloud Shredder, how would this be possible? </p>
<p>3) <em>Internet bandwidth and latency</em>. If you are using a file on your local PC, it all runs as fast as your PC, and you are not dependent on how fast your internet connection is. </p>
<p>By having half of your file constantly on the internet, you are at the mercy of the speed of your internet connection. For large files, this may be a problem. </p>
<p>Imagine working on a large spreadsheet – each time you moved from one end of the file to the other, you could be watching the hourglass way more that you’d like to.</p>
<p>3) <em>Emailing files to others</em>. Presumably this would be a problem? The file joining methods would need to be capable of transferring the local PC copy to others via email.</p>
<p>4) Wherever there is a code, security system, key or other encryption method, it will attract keen hackers. The encryption algorithms would need to be fairly robust.</p>
<p>5) <em>Cloud vendor “lock-in”</em>. Presumably your cloud provider would be providing the Shredder capability. If you wish to put your files into another cloud provider’s system, how would this transfer be done without breaching the security?</p>
<p>The Cloud Shredder concept is a good one. The real challenge will be to overcome the range of practical considerations, and to convince everyone it’s robust enough to provide the rigorous security expected by businesses, governments and consumers alike.</p><img src="https://counter.theconversation.com/content/4123/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Rob Livingstone does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Your data is out there, somewhere – all of your data. Encryption can protect files on your laptop or PC. Storing them on a remote server – such as DropBox is another option. And … well, that’s about it…Rob Livingstone, Fellow of the Faculty of Engineering and Information Technology, University of Technology SydneyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/38432011-10-13T06:09:34Z2011-10-13T06:09:34ZiOS 5 is a leap forward for Apple … once you get past Error 3200<figure><img src="https://images.theconversation.com/files/4453/original/aapone-20110607000323437235-correction-entertainment-us-it-company-music-original.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Steve Jobs discussed iOS5 in one of his final public appearances.</span> <span class="attribution"><span class="source">AFP/Kimihiro Hoshino</span></span></figcaption></figure><p>Apple has made a series of releases today, including an upgrade to its iPhone and iPad operating system <a href="http://www.apple.com/ios/features.html">iOS 5</a>, the introduction of <a href="http://www.apple.com/iphone/icloud/">iCloud</a>, its cloud storage service and, in the US, its new music matching service, <a href="http://appadvice.com/appnn/2011/08/itunes-match-what-you-need-to-know">iTunes Match</a>.</p>
<p>For many, it seems the upgrade to iOS 5 has not gone smoothly. </p>
<p>The massive load of everyone trying to update the phone has <a href="http://thenextweb.com/apple/2011/10/12/apples-ios-5-upgrade-servers-are-slammed-causing-3200-or-internal-error-update-issues/">swamped Apple’s servers</a>, resulting in thousands of customers receiving an “Error 3200” message. </p>
<p>Apple support staff have said they are working on the problem, but there’s no fix until the server load dies down. </p>
<p>The advice to anyone wanting to upgrade their phones or iPads to iOS 5 is to wait at least a few hours. </p>
<p>But it doesn’t stop with iPads and iPhones. It seems the entire Apple support site is suffering similar problems. This has led several people to joke that Apple is experiencing a form of unwitting customer-led <a href="http://theconversation.com/zombie-computers-cyber-security-phishing-what-you-need-to-know-1671">Distributed Denial of Service attack</a>. <a href="http://twitter.com/#!/search/Error%203200">“Error 3200”</a> and “<a href="http://twitter.com/#!/search/Downloading%20iOS%205">Downloading iOS 5</a>” have been in the top trends on Twitter.</p>
<h2>So what will you (eventually) get?</h2>
<p>The new features available on iOS 5 have been discussed extensively in the <a href="http://mashable.com/2011/06/06/texts-tweets-and-to-dos-whats-new-in-ios-5/">media</a>, and there are a lot of them. </p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/4452/original/Dekuwa.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/4452/original/Dekuwa.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=142&fit=crop&dpr=1 600w, https://images.theconversation.com/files/4452/original/Dekuwa.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=142&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/4452/original/Dekuwa.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=142&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/4452/original/Dekuwa.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=178&fit=crop&dpr=1 754w, https://images.theconversation.com/files/4452/original/Dekuwa.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=178&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/4452/original/Dekuwa.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=178&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption"></span>
<span class="attribution"><span class="source">Dekuwa</span></span>
</figcaption>
</figure>
<p>I’ve used iOS 5 for the past month or two as a developer. In that time, the new features have become second nature and in reviewing this article I was surprised to see how many of the features I now use daily were actually introduced in this upgrade. </p>
<p>These include a new pull-down notification centre that brings all of your notifications into one place. This can be accessed by pulling down from the top of the screen. Notifications (such as text messages) also now appear at the top of the screen of whatever application you are in.</p>
<p><a href="http://www.apple.com/safari/">Safari</a>, Apple’s browser, has been upgraded. Tabbed browsing has been introduced, as has a reading list, which allows you to save articles to read later, as well as reader view, which eliminates clutter from a page.</p>
<p>And now that everyone else has (or will be) upgrading to iOS 5, I will be able to test out the new iMessage feature. </p>
<p>This is the Apple equivalent of the <a href="http://en.wikipedia.org/wiki/BlackBerry_Messenger">BlackBerry Messenger</a> feature, allowing Apple users to message each other for free. </p>
<p>It’s thought this feature alone is responsible for the popularity of BlackBerry in countries such as the UK. Apple’s introduction of this similar feature will be <a href="http://www.rimarkable.com/apple-introduces-bbm-clone-imessage-at-wwdc">potentially devastating</a> for the BlackBerry MARKET. </p>
<p>What makes the iMessage feature more likely to succeed is its ability to decide if the person you are messaging can receive an iMessage or not. If not, it will revert to SMS.</p>
<p>There are host of other <a href="http://www.apple.com/iphone/ios/">features</a>, including Twitter integration, photo editing capabilities, taking photos from a locked screen (something I have only managed to do by accident) and new apps such as Reminders and Find My Friends (the Apple equivalent to <a href="http://en.wikipedia.org/wiki/Google_Latitude">Google’s Latitude</a> service.</p>
<h2>Your mobile in the iCloud</h2>
<p>For those users that used <a href="http://en.wikipedia.org/wiki/Mobile_Me">MobileMe</a>, Apple’s cloud service, <a href="http://theconversation.com/apple-icloud-storms-the-market-a-review-1709">iCloud</a> will not be that much of a change. Unlike MobileMe, the service is free for storage of up to 5GB of documents, music, appointments and email. </p>
<p>The other difference is that the iDisk feature, where any file type could be stored, has now gone. Users who depended on this service will have to use an alternative such as <a href="http://www.dropbox.com/">DropBox</a>. </p>
<figure class="align-left ">
<img alt="" src="https://images.theconversation.com/files/4467/original/IMG_0583.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=237&fit=clip" srcset="https://images.theconversation.com/files/4467/original/IMG_0583.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=900&fit=crop&dpr=1 600w, https://images.theconversation.com/files/4467/original/IMG_0583.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=900&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/4467/original/IMG_0583.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=900&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/4467/original/IMG_0583.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=1131&fit=crop&dpr=1 754w, https://images.theconversation.com/files/4467/original/IMG_0583.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=1131&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/4467/original/IMG_0583.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=1131&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption"></span>
</figcaption>
</figure>
<p>Apple dispensed with the iDisk feature because iCloud storage is directly integrated with the apps themselves. New versions of Apple’s word processing, spreadsheet and presentation applications now support iCloud. Other vendors will issue updates of their applications to do the same.</p>
<p>Although the iCloud integration is an improvement from the perspective of simplifying the user’s experience with the phone, it does make it harder to share documents with other users. </p>
<p>DropBox, for example, has a feature that makes a document publicly available. iCloud users will still need to use other services to share photos, documents and other app content.</p>
<p>The availability of iCloud as a free service is going to be popular. It brings more seamless sharing of calendars and contacts across multiple mobile and desktop platforms and allows iPhone and iPad backups and automatic installation of purchased apps and music.</p>
<p>iOS 5 brings the ability to synchronise with iTunes wirelessly. This makes a start on breaking the need to plug your iPhone into a PC or Mac.</p>
<h2>Is it worth it?</h2>
<p>In my opinion, iOS 5 is well worth the effort (and wait) in upgrading. It’s another step towards making the mobile platform more usable (and pleasurable to use) and takes us inexorably on to a post-PC future. </p>
<p>What users don’t see are the changes made “under the hood” with each of these releases.</p>
<p>From a developer’s point of view, there were changes in iOS 5 that made building application easier and less prone to problems. </p>
<p>The success of the iPhone and iPad has been in part due to the devices and their operating systems, but it is also largely to do with the apps that run on the platform. </p>
<p>The verdict? Despite the teething problems many are experiencing, Apple continues to innovate and improve.</p><img src="https://counter.theconversation.com/content/3843/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>David Glance does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Apple has made a series of releases today, including an upgrade to its iPhone and iPad operating system iOS 5, the introduction of iCloud, its cloud storage service and, in the US, its new music matching…David Glance, Director, Centre for Software Practice, The University of Western AustraliaLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/17712011-06-14T21:00:48Z2011-06-14T21:00:48ZMusic pirates won’t rush to iCloud for forgiveness<figure><img src="https://images.theconversation.com/files/1647/original/935937304_d7619c8b11_b.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">If you download shanties illegally, the iCloud may not float your boat. </span> <span class="attribution"><span class="source">sean cumiskey</span></span></figcaption></figure><p>Some people, <a href="http://theconversation.com/long-john-icloud-silver-has-steve-jobs-cleared-the-decks-for-pirates-1742">including on this site,</a> have suggested there’s a loophole in Apple’s new iCloud that will allow people who illegally download music to somehow “launder” their dirty music files, getting a nice clean, and legal, license to the music stored on iCloud. This argument is flawed for two main reasons.</p>
<p>The first has to do with how the laws of copyright work and the second is to do with why people share or download music (and movies) in the first place.</p>
<h2>The law</h2>
<p>Unlike existing cloud services offered by <a href="https://www.amazon.com/clouddrive/learnmore">Amazon</a> and <a href="http://music.google.com/about/">Google</a>, Apple will search your hard disk looking for music; for any track it recognises, it will give you access to download a legitimate version of that track from the iCloud.</p>
<p>In Australia, copyright law allows the public to “format-shift” their music. If you have a CD, you’re allowed to “rip” it into another format so that you can listen to the music on another device such as an iPod or phone. </p>
<p>You can even share this music with other members of your household, but not with anyone outside. Importantly, you have to keep the original copy of the music. If you give that original away, or sell it, you have to get rid of all copies you’ve made of the music. </p>
<p><a href="http://www.appleinsider.com/articles/11/06/06/apple_announces_itunes_match_music_streaming_for_24_99_per_year.html">iTunes Match</a>, which, at a cost of $24.99, matches a user’s existing music library against the 18 million tracks held in iTunes store, will work on the basis of assuming that you have a legal version of the music on your disk. </p>
<p>It will have to do this to stay in keeping with the copyright laws in the US which are similar to that in Australia. So if you were acting illegally before you used Apple’s iCloud, you will still be deemed illegal afterwards.</p>
<h2>Dancing in the dark</h2>
<p>The second and probably more relevant issue is this: why you would anyone bother to “launder” their pirated music? Some 60% of 18 to 24 year olds <a href="http://www.ukmusic.org/assets/media/uk_music_uni_of_herts_09.pdf">surveyed</a> in the UK in 2009 admitted to using <a href="http://www.techterms.com/definition/p2p">peer-to-peer</a> networks to download music. </p>
<p>They had, on average, 8,000 music files in their collection – a staggering 17 days’ worth of tunes. The main reasons cited for downloading illegally were to do with cost (it was free), accessing hard-to-get music and simply trying new music out. </p>
<p>The other key findings of this survey were that the majority of the young people were more bothered by the moral aspect of piracy (the fact musicians are losing money) than the legal one.</p>
<p>They were not particularly interested in streaming the music, as offered by a number of services currently. Physical ownership of the files was important because it meant they could transfer them to other devices, as was the fact they could listen to music offline (in the car or on the bus, for example).</p>
<h2>Teenage kicks</h2>
<p>Picture this: I am a 16 year old with 8,000 music files and I only feel mildly guilty that I downloaded them or got them from my friends. </p>
<p>I listen to the music mostly on my computer and then on my iPod, which I synchronise with my computer after having carefully constructed my favourite playlists. </p>
<p>Why would I feel motivated to pay $25 a year to download this exact same music again? </p>
<p>It certainly won’t be, as some have been arguing, so I can claim to be the legal owner of the music – even if I cared about this, I clearly wouldn’t be the legal owner.</p>
<h2>Live and let die</h2>
<p>Downloading music and movies gives people access to things they would not be able to access any other way, either because it would cost too much or because it’s simply not available for sale. </p>
<p>Competing against “free-and-now” is hard to do, but there are signs that the music industry at least is starting to do exactly that. </p>
<p>It used to be the case that live music was the promotional, loss-making part of the business to drive recorded music sales. </p>
<p>Increasingly, the music industry is seeing that the money can be made from live music, concerts and music festivals, while the recorded music could be used as a give-away to promote these social events.</p>
<p>Live is the only thing that can’t be replicated: everything else – with or without the iCloud – is up for grabs.</p>
<p><br>
<strong><em>Do you agree or disagree with the points in this article? Leave your comments below.</em></strong></p><img src="https://counter.theconversation.com/content/1771/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>David Glance does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Some people, including on this site, have suggested there’s a loophole in Apple’s new iCloud that will allow people who illegally download music to somehow “launder” their dirty music files, getting a…David Glance, Director, Centre for Software Practice, The University of Western AustraliaLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/17422011-06-08T04:28:14Z2011-06-08T04:28:14ZLong John iCloud Silver: has Steve Jobs cleared the decks for pirates?<figure><img src="https://images.theconversation.com/files/1585/original/aapone-20110607000323436622-us-san_franciso-apple-steve_jobs-original.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption"> Observers are making a song and dance about potential misuses of the iCloud.</span> <span class="attribution"><span class="source">Kimihiro Hoshino/AFP</span></span></figcaption></figure><p>Was Steve Jobs’<a href="http://theconversation.com/apple-icloud-storms-the-market-a-review-1709">announcement of the Apple iCloud</a> yesterday music to your ears? </p>
<p>It certainly takes cloud computing a significant distance further along the path of integration. </p>
<p>All your devices – PC, iPad, iPhone and others – will be automatically synched to each other and to your file store in the iCloud. </p>
<p>Mobile devices are converging with laptops and desktops. There’s no more looking under the hood. Indeed, it’s harder to find if there’s a hood at all. </p>
<p>There are no more cables. Wherever you are in WiFi range, your devices will work with integrated information, apps and resources. No more manual synching things from one to the other. </p>
<p>And that holds for music, photos, apps, calendar, documents and email, ibooks and more. </p>
<p>Apple’s most surprising innovation, however, concerns your music. The iCloud checks the music on your hard disk. Whether or not it’s on your iTunes list of purchases, iTunes will give you access to a legal copy for $25 a year. </p>
<p>It’s quite possible that some of your music files will be copied from legal CDs that you have bought – remember buying CDs? iTunes doesn’t care. </p>
<p>If it’s on your disk, and if iTunes has a copy among its 18 million songs, you get legal rights. $25 a year is peanuts for you. It’s also better than nothing for the big music companies, who get 70% of the $25. </p>
<p>We haven’t seen a business model yet, but it could well be a fair compromise compared to no income from pirated copies. </p>
<p>Enter Long John iCloud Silver. He copies all his friends’ pirated copies of songs and mounts them on his hard drive. iTunes authenticates the lot. He’s now legal. </p>
<p>It’s not difficult to see how this kind of strategy could lead to the laundering of huge volumes of pirated music. </p>
<p>Someone must have done the arithmetic to show that this leaves the music companies at least as well off as they are now. At first glance, though, Long John is going to do rather well, so long as he remembers to pay his $25 a year. </p>
<p>If he’s late, he can listen only to his legally purchased iTunes tracks. Perhaps it’s not such a bad deal after all for the music companies. </p>
<p>There are other wrinkles, though, which are yet to be ironed out. What if one of your devices is stolen, and all your music is accessible to some nefarious iPad pickpocket? </p>
<p>The iCloud is still a big work in progress. But it’s also one of the obvious ways of the future. </p>
<p><br>
<em><strong>Interesting article? Engage with The Conversation: leave your comments below.</strong></em></p><img src="https://counter.theconversation.com/content/1742/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>The authors do not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and have disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Was Steve Jobs’announcement of the Apple iCloud yesterday music to your ears? It certainly takes cloud computing a significant distance further along the path of integration. All your devices – PC, iPad…Roland Sussex, Professor Emeritus, The University of QueenslandAlan Cody, Senior eResearch Fellow, Centre for Educational Innovation and Technology, The University of QueenslandLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/17092011-06-07T01:40:50Z2011-06-07T01:40:50ZApple iCloud storms the market: a review<figure><img src="https://images.theconversation.com/files/1543/original/usa-new-lion-operating-system-20110607000323446677-conversation.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Steve Jobs is banking on cloud computing having a silver lining. </span> <span class="attribution"><span class="source">EPA/Monica M. Davey</span></span></figcaption></figure><p>Apple CEO Steve Jobs emerged briefly from medical leave to introduce <a href="http://www.apple.com/icloud/">iCloud</a> at Apple’s World Wide Developer Conference (WWDC) in San Francisco yesterday (2am Australian EST). </p>
<p>So how was it?</p>
<p>In previous years, the conference has been the venue of some of Apple’s biggest announcements – from iPhones to new versions of the company’s flagship operating system (OS), Mac OS. This year, the notoriously secretive Apple took the unusual step of pre-announcing the focus of the event: the company would introduce <a href="http://www.apple.com/icloud/">iCloud</a>, and cloud-aware versions of the <a href="http://www.apple.com/ios/ios5/">iOS 5 mobile OS</a> and <a href="http://www.apple.com/au/macosx/">Mac OS X Lion</a> for desktops and laptops.</p>
<p>The iCloud service keeps important data such as music, mail, contacts and calendars synchronised via the cloud across all devices. </p>
<p>Music management has now moved completely to the cloud with <a href="http://www.macworld.com/article/160339/2011/06/itunesncloud.html">iTunes in the Cloud</a>. Purchased tracks are stored online and automatically downloaded to all devices. Supplementing this is <a href="http://www.appleinsider.com/articles/11/06/06/apple_announces_itunes_match_music_streaming_for_24_99_per_year.html">iTunes Match</a> which matches your existing music library against the 18 million tracks held in iTunes store. </p>
<p>Matching tracks are then added to your online iTunes library. This is a marked improvement on <a href="https://www.amazon.com/clouddrive/learnmore">Amazon</a> and <a href="http://music.google.com/about/">Google’s</a> cloud-music offerings, which require you to manually upload your existing collection – a slow and cumbersome approach for those with large music libraries.</p>
<p>Photos are now kept in sync via iCloud, with <a href="http://isource.com/2011/06/06/apple-introduces-photostream-wireless-storage-and-transfer-of-pictures/">PhotoStream</a> automatically keeping a rolling collection of the last 1,000 photos taken on all connected devices. For longer-term storage, a master collection of photos can be stored on a PC or Mac.</p>
<p>Apps, books, documents and back-ups of your iOS devices are stored on iCloud, ensuring that you have the latest versions of them on your device at all times. With iBooks, the cloud even remembers what page you were up to. </p>
<p>Device back-ups will be a boon to anyone who has ever lost a phone: a new iPhone can be restored directly from iCloud with your latest back-up with a few taps.</p>
<p>Contacts, calendar and mail services have been retooled in iCloud, replacing Apple’s previous $99/year service, MobileMe. Apple has had stiff competition in this arena from Google, which has offered cloud-based mail and calendaring services that were vastly superior to MobileMe, at no cost. </p>
<p>These capabilities are now free with iCloud, and sync automatically in the background, removing the need to connect to a Mac or PC to keep your productivity applications in sync. </p>
<p>Updates to the iOS and Mac OS operating systems have iCloud services baked into their DNA. Fans of iOS devices such as iPhones, iPads and iPods will be pleased to see the last of the desktop iTunes application – a clunky, inflexible program that until now was the only way to activate and manage these devices.</p>
<p>The latest Mac OS operating system, Mac OS X Lion, will be available exclusively for download via the Mac App Store, rather than boxed software in bricks and mortar retail outlets as in the past.</p>
<p>As a company, Apple has raised many eyebrows over the last year, investing heavily in <a href="http://macdailynews.com/2011/05/18/apple-building-new-data-center-in-silicon-valley/">enormous data centres in North Carolina and Silicon Valley</a>. Many pundits suspected the company was gearing up its cloud strategy – <a href="http://theconversation.com/chromebook-why-google-has-its-head-in-the-cloud-1285">following the industry trend</a> of storing customers’ data and applications in the cloud. </p>
<p>With the introduction of iCloud, it’s clear Apple is following through on its strategy of a <a href="http://www.engadget.com/2011/03/03/editorial-its-apples-post-pc-world-were-all-just-living/">“post PC”</a> landscape. </p>
<p>Steve Jobs and Apple are betting lightweight mobile devices will become the productivity and entertainment tool of choice for many users, with “PC Free” syncing direct to the cloud replacing the need for a PC or Mac.</p><img src="https://counter.theconversation.com/content/1709/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>James Broberg has previously received funding from the Australian Research Council. He works for and owns shares in MetaCDN Pty Ltd. He is affiliated with the University of Melbourne.</span></em></p>Apple CEO Steve Jobs emerged briefly from medical leave to introduce iCloud at Apple’s World Wide Developer Conference (WWDC) in San Francisco yesterday (2am Australian EST). So how was it? In previous…James Broberg, Research Fellow, The University of MelbourneLicensed as Creative Commons – attribution, no derivatives.