Apple brings back security expert Jon Callas following FBI dispute

By , May 24, 2016

JonCallas_CTO_SilentCircle

Apple this month brought back software engineer and top expert in practical cryptography Jon Callas, reports Reuters. The move follows Apple’s high-profile battle with the FBI, and amidst a growing war between governments and tech firms over encryption.

Callas worked at Apple in the ’90s, and again between 2009 and 2011, when he designed encryption to protect data stored on Mac computers. He rejoined the company in May, to help add more powerful security features to its wide range of consumer products.

Callas has said he is against companies being compelled by law enforcement to break into their own encrypted products. But he has also said he supports a compromise proposal under which law enforcement officials with a court order can take advantage of undisclosed software vulnerabilities to hack into tech systems, as long as they disclose the vulnerabilities afterwards so they can be patched.

“Jon is someone who has deep appreciation of all sides of the story,” said Phil Dunkelberger, who was chief executive of PGP Corp and its predecessor PGP Inc, which invented a system for securing email.

Away from Apple, Callas co-founded several well-regarded, secure communications companies including PGP Corp, Silent Circle and Blackphone. Silent Circle protects phone calls from eavesdroppers and Blackphone sells a mobile phone that is very difficult to hack.

Source: Reuters

  • Share:
  • Follow:
  • Chris Wagers

    I really hope they encrypt iCloud. That would be a major plus for Apple as far as for users that want to feel data is more secure.

    • Chris

      iCloud is 100% encrypted, the difference between it and the encryption on your iDevice is that Apple have a master encryption key for iCloud services which they can use to gain access to parts of a users account unlike your iDevice which stores the master encryption key in the Secure Enclave that lives on the Apple A series chip.

      • Chris Wagers

        Thank you for clarifying. I should have worded it different. I want apple to not have the key because that means they can be convinced to give up that key or use it themselves. It should be all on the user if the user chooses. For everyone else it could work as it does now. Thanks again for clarifying.

      • Toukale

        Then I would users be able to get their data back in case they forget their password, or restore to a new phone with a different key? That’s the problem with what you want. You can make a lot of stuff really secure, but can you, and all the consumers deal with the inconvenience that comes with that?

        That is always the biggest question with security, can you deal with the pain points. Apple is trying to have stuff as secure as their can with providing it’s users with some convenience.

      • Chris Wagers

        It’s fooling people now though. Hey your phones encrypted. Law enforcement or other country agency can’t get into it. But they can come to us with an order and we’ll give it to them since it’s backed up on iCloud. Now you can saw don’t back it up on iCloud. Then encrypt it on your own PC using iTunes encrypted backup. Then I have to remember that password right? So if I choose to encrypt in either case I need to remember password. Apple could easily set this up and let you know they could encrypt it and it would be semi safe (however they want to explain it) or you can set your own code but YOU will be the only one that has your password. If you lose it there is no recovering your data. I know what your saying as well security vs convenience.

      • Toukale

        The problem is most users don’t care about that. You and a few can scream all you want but at this point most people don’t care. It’s a big reason why Facebook and Google are killing it nowadays. Maybe if enough people care that will change but what you are describing is nothing but a major headache for Apple in the long run. If people are really security conscious then they won’t use iCloud and will do it themselves. At least we have that option. That way, when something goes wrong they won’t have to cry to Apple about not being able to retrieve their data.

      • Chris Wagers

        Really? Then why encrypt the phone and not just put a password on it? Why did whatsapp start using encryption by default so they can’t read your text? Why are a lot of company’s encrypting stuff? Why does apple allow encrypted time machine backups? Why do they allow encrypted iTunes backups? They could even make it not enabled by default for iCloud and then an advanced option to change it. Not sure why we’re turning this into a major topic all I said was “That would be a major plus for Apple as far as for users that want to feel data is more secure.” That doesn’t mean for everyone. Only those who want it. Anyway we all have different opinions but I can tell you encryption that tries to prevent a man in the middle type attack is becoming more prevalent. I do value your opinion and hope you value mine. Apples going to do what apple does and neither of our opinions matter as far as that goes lol

      • Chris

        There are significant differences between the services you’re describing, using WhatsApp as an example:

        This service uses end-to-end encryption through a technology known as TLS – better known as SSL. The difference with this type of encryption is that it relies on the server telling it which certificate signed the request which your device can then use to verify the request and retrieve the message using your authenticated session.

        Time Machine is different again, like a backup you create of your iPhone through iTunes – this type of encryption uses an AES-256 bit encrypted password. It doesn’t rely on any type of encryption keys but instead relies on OS X to ensure the password you enter the next time around matches the original password regardless of whether you wiped your existing install of OS X.

        In reality, having these types of encryption is vital to protecting your personal information, files etc.

        Back to the original point though; Apple keep this master decryption key to ensure that if a users account is encrypted that they still can access it via a strong security process. Without this, your account would be lost to time if you forgot your password.

      • Chris Wagers

        Thanks Chris I know your very knowledgable as I see your posts on here so thanks for taking time out to discuss this. I wasn’t comparing those services to each other or to iCloud backups. I was simply responding to user toukale because he said people don’t care about encryption. Or that’s how I took it. So I was explaining that if people didn’t care about encryption popular apps, services and devices wouldn’t be implementing it. Thanks again! Sorry if I’m not explaining it as good as I should be.