Fight for the Future wrote an open letter to Salesforce/Heroku regarding their endorsement of the Cybersecurity Information Sharing Act (pdf link). The bill would, according to FFTF, leak personally identifying information to DHS, NSA, etc.
The first sentence of the letter bothered me, though:
I was disappointed to learn that Salesforce joined Apple, Microsoft, and other tech giants last week in endorsing the Cybersecurity Information Sharing Act of 2015 (CISA).
Apple is proud of their lack of knowledge about you. They encrypt a lot of things by default. They have a tendency to use random device identifiers instead of linking things to an online account, which is better security but causes annoying bugs and edge cases for users. Tim Cook has specifically touted privacy and encryption as advantages of using Apple devices and software. The FBI has given Apple flack for using good encryption, and there were rumors they would take Apple to court.
Has Apple reversed their stance? Are they lying to their customers? I haven’t seen them do that, ever. It would be really weird if they started now.
Oh, wait, they’re not:
Microsoft and Apple, two of the world’s largest software companies, did not directly endorse CISA. They – along with Adobe, Autodesk, IBM, Symantec, and others—signed the letter from BSA The Software Alliance generally encouraging the passage of data-sharing legislation. They also specifically praised four other bills, two of which focused on electronic communications privacy.
But who cares about the details, right? Get outraged! Get mad! Go the window, open it, stick your head out and yell: “I’m as mad as hell, and I’m not going to take this any more!”
The second sentence of the letter is also problematic:
This legislation would grant blanket immunity for American companies to participate in government mass surveillance programs like PRISM…
This implies a conflation I’ve seen around the internet a lot: that Apple willingly and knowingly participated in an NSA data-harvesting program codenamed PRISM because Apple’s name appeared on one of the Snowden-leaked slides about the program. Also appearing: Google, Microsoft, Facebook, etc.
Apple responded that they did not participate knowingly or willingly. Google said the same thing. Microsoft spouted some weasel words; damage control as opposed to “what the fuck?!”
The NSA may have been using the OpenSSL “Heartbleed” bug for some or all of the data collection from these companies. Apple issued a patch for that bug with timing that subtly suggests it was in response to PRISM - pure speculation, but plausible.
Point is, if the three-letter agencies were using exploits like heartbleed, they wouldn’t tell Apple or Google. To all appearances, Apple and Google didn’t know anything about PRISM. The FFTF letter is making a weird insinuation that Apple, Google, and other companies would knowingly participate in such a scheme if the bill were passed.
I’m sick and tired of web sites, Twitter, news, etc telling me to be outraged. Virtually all of them reduce big, complex issues to sound bytes so we can get mad about them. I flat-out refuse to have any reaction (positive or negative) to anything “outrageous” I find on the internet, until I’ve done my own homework.