Watch this episode on YouTube.
Reasonably Accurate 馃馃 Transcript
Good morning builders. How's it going today? Uh It is Tuesday, um, lots going on today. Lots going on yesterday. Um, trying to kind of wrap my head around what I want to tackle today. It's unfortunately one of those days where what I actually want to tackle and what I'm going to tackle are completely disconnected.
Um It is Canadian Federal Budget Day. Um So I talked about that a bit in the last episode and I'll be um speaking to the Canadian Federal budget announcements uh tonight doing a little bit of punditry um on various media outlets, um as well as uh tonight and tomorrow.
Um uh If there are, if, um there are any announcements around cybersecurity, obviously, that's a huge issue that's key to the national interests. Um And it will probably feature prominently in this year's budget. So, um, that's a big chunk of my day is prepping for that and getting ready and squared off and uh sort of prepared to react in the moment because things start flying fast and furious.
And of course, um, you know, you want to be able to focus on the core issues and provide some, um insightful commentary. Um But it's a really complex and nuanced issue because you're setting policy at the national level trying to push things down, not just to protect the government of Canada, but systems of interest to Canada and Canadians in general.
So that's kind of what's tackling or what's occupying most of my brain cycles today. But yesterday, so many little articles and posts started popping up around some Apple ecosystem stuff that I was dying to jump on to it. Um And unfortunately I'm not gonna have the time to do it today.
Um So I'm, I'm sort of queuing that up for later, but I want to talk about uh about it a bit about it today to you guys um on the broadcast this morning. Uh because I think this is the whole point right now, what's on my mind, what's going on?
Um So a couple things that got announced yesterday, um First of all Apple released its um semi annual ish kind of every once in a while when they feel like it security guide. Um Now this is a deep dive breakdown of how um in this case I OS um So what runs on your iphones and your ipods and your um ipads.
Um And uh how that um is built from a security and privacy perspective. Um Now this every year is sort of incremental and though this latest guide updates for I OS 11, um So that's really, really interesting. Because Apple's general principle, um, is that what's on here, um, is extremely valuable to you and, uh, should be made completely useless and lacking in any value to anybody else.
So, they've gotten in trouble or at least, um, had uh some interesting debates and arguments with law enforcement um around the accessibility of some of these devices and that ties to another thing that popped up yesterday, apparently. Um, cleri who is well known within the forensics um industry.
Uh They say that they now have the ability to access devices that are running IOS 11, so they say they can get in and get there. However, the way they do that is that law enforcement needs to send their device off to the celeb right labs.
Um and then they will send back the data and the device now from an evidentiary standpoint. So if you're trying to put that in a criminal case, if you're trying to press charges based on that, that's going to be really, really, really difficult to do.
I'm pretty sure most forensics experts should be able to shoot holes in that. Um, because you need to be able to prove the forensic viability and the repeatability of that access. Um, and celebrate doesn't want to do that because that goes against their business interests.
Obviously, the business interests are, you know, getting 1500 bucks a pop to, to go through these devices that's significantly cheaper than um, the cost of the zero day, which ties the whole responsible disclosure discussion and lots of interesting things to dive into there. But also how exactly are they breaking I OS security?
Because if they put that into their software as opposed to as a service, that means Apple can get their hands on it and they can try to resolve that. Or someone else in the research community can try to find that zero day that they're using and then push that back for disclosure to fix it up.
So keep an eye on that because that's, that's really, really interesting. Um Another thing that popped out of the security announcement or the security, not the security announcement, the security paper. So the celebrate thing was just sort of secondary. But out of the security paper, Apple announced that they're using GCP Google cloud platform in the background for icloud services and people kind of went, oh wow, they're using because, you know, it's important and it's important not at all from a security perspective, it's important from a business perspective.
And I think it's really interesting in that they migrated these particular services for icloud off of Azure and onto Google cloud platform. Um you know, from my day to day role with Trend Micro, I think there's a real business thing to dive into there to see why that was an attractive solution for Apple from a security perspective though, it doesn't matter in the slightest they're storing encrypted data on there.
So it doesn't really change the dynamic from a risk perspective or from a user perspective. There is the same challenges which are very um so it's an interesting business move but not really an interesting security move. Far more interesting from a security perspective was Apple's announcement yesterday that there are for Chinese customers in China, they are moving the keys for icloud on to um Chinese providers to comply with local law.
Everyone was kind of up in arms in this saying, you know, Apple is backtracking on their privacy commitments, there are backtracking on their security commitments, not in the slightest, this is standard operating procedure for multinational companies. You're going to be shocked by this, but multinational companies tend to obey the laws of the countries they operate in crazy, right?
Um so Chinese law requires access, they have far more um strict requirements for technology providers to have um access to devices and technologies that they're providing to Chinese citizens. Um This uh you know, ties to a larger debate around um you know, we have providers, different countries.
So, you know, as a Canadian, I have certain privacies or certain protections that are Canadian law. Yet the technology I use is built by an American company who answers to not only Canadian law but to American law. So when it comes to cloud services and their geography, there's a whole bunch of huge knot like a Gordian knot of challenges around jurisdiction around whose cultural norms around whose approach to privacy, that kind of stuff.
Um which is why we need strong encryption. Why we need clear legislation, why we need clear rules and things like that? And the move in China is totally expected, totally understandable, totally to comply with local law doesn't impact any user outside of China. But that larger discussion comes back to the topic of the day for me, which is the Canadian budget and cybersecurity efforts at the national level.
Um And how are we as Canadians pushing things forward? Are we pushing things forward? What are we doing to ensure that digital citizens that Canadians citizens in the digital domain have the protections that they expect that they have the privacy and security that we as Canadians accept as our cultural norm and that's very different than other countries around the world.
And that's fine. That's the whole point. So it's going to be an interesting day. I'm tabling the apple stuff until obviously after today. But more importantly, probably until after I've got all the South by Southwest stuff locked and loaded. I'm speaking at south by Southwest in Austin on the Monday the 11th.
I believe it's a Monday march break. I'm talking about rogue robots and the potentials for cyber attack and challenges around the security and safety of robots moving forward. I think it's going to be a really fun talk. I haven't been to South by before. I'm really looking forward to it.
I've heard nothing but amazing things and I think that's going to be an interesting discussion and hopefully it will be a discussion as always hit me up online at market here in the comments below whether that's, uh, you're watching this video on youtube or on Facebook or wherever you may find it.
I'm always looking to have a discussion. What do you think about, um, Canadian cybersecurity? What do you think about Apple's latest moves? Um, anything and everything? I think we move the state of the art forward, um, by discussing these things and by having a conversation.
Um, and that's really what this is all about. It's all about connection. Hope you guys have a great day and we'll talk to you tomorrow.
