Despite Crisis Over Its “GoToFail” Internet Back Door, Apple Rejects “Best Practices To Protect User Data” as Co-Founder Steve Wozniak Joins Spy Lockout Effort
Cupertino — At Friday’s Apple shareholder meeting, Apple’s directors overruled an urgent, popular shareholder resolution entitled Spy Lockout, aimed at improving security and keeping NSA surveillance and other intruders out of Apple’s products and systems. The same morning, Apple co-Founder Steve Wozniak endorsed the SkyLockout initiative.
Apple had quietly advised shareholders in its January 10, 2014 Proxy Statement that directors Bruce Sewell and Peter Oppenheimer would exercise their discretionary voting authority — their ability to cast votes for on behalf of shareholders who toss their voting forms in the trash — to defeat the proposal, without citing any reason.
The proxy statement does not refer to the proposal as “Spy Lockout” but as a “Floor Proposal” that “if approved, would, among other things, ask the Board ‘to enact a policy to use technical methods and other best practices to protect user data.’”
An eligible shareholder has notified us of his intent to propose a resolution at the Annual Meeting that, if approved, would, among other things, ask the Board ‘to enact a policy to use technical methods and other best practices to protect user data.’ This shareholder proposal is referred to as the ‘Floor Proposal.’ … If the Floor Proposal is presented at the Annual Meeting, then to the extent permitted by applicable rules, the proxy holders will have, and intend to exercise, discretionary voting authority under Rule 14a-4(c) under the Exchange Act to vote AGAINST the Floor Proposal.
(bold face ours, capitalization Apple’s)
Apple gave no indication why it would vote against a resolution to follow best practices recommended by industry technical experts and the Electronic Frontier Foundation to protect users.
Apple has likewise been conspicuously silent about a very serious internet security flaw, increasingly referred to as GoToFail, that was on all Apple mobile devices running iOS 6 or iOS 7 from September 2012 until last Friday, February 21st 2014, and which was on all Macintosh laptops and desktops running Mavericks OSX until the Tuesday before the meeting. Apple has received growing criticism that, while it has now released upgrades that resolve the flaw, it has not alerted users or provided any info describing how GoToFail may have compromised their data. The flaw allows any machine on the same network as an Apple customer to impersonate any site, whereafter the Apple user may then enter password information or unwittingly hand over control of their machine.
Experts on Apple and security have noted that within weeks of GoToFail’s silent introduction in 2012, the NSA reported internally that Apple had joined the PRISM bulk surveillance program providing “direct access” to Apple users’ data. These experts could not rule out complicity by Apple, perhaps under gagged National Security Orders. Although National Security Letters were ruled unconstitutional in March of last year, Apple privacy officer Jane Horvath refused to answer whether it is still cooperating with new orders. Apple’s most recent transparency report says it may have cooperated with more than 200 such requests just between January and June of last year. more…