Category Archives: Security

Apple’s AI Cryptography Fails Simple Lock Test

While Apple’s technology itself could be seen as innovative and privacy-preserving in a very narrow view, their implementation of a closed ecosystem has dangerous lock-in effects. A properly open, standards-based approach could deliver these benefits while preserving the fundamental user agency and platform choice required for actual safety. Having led the design and delivery of encrypted virtual machines in 2010 and initiated field level client-side encryption of NoSQL in 2019, I can say with confidence there are better fundamental paths ahead for AI safety than what is being offered by Apple.

Security and Privacy Checklist

Here’s a set of tests to expose systems designed with too much lock-in:

  • Does it use open standards for homomorphic encryption in AI applications?
  • Does it use interoperable protocols that allow encrypted data sharing across platforms?
  • Does it have community-audited implementations?
  • Does it use decentralized approaches where encrypted processing happens on edge devices?
  • Does it use peer-to-peer networks for sharing encrypted embeddings?
  • Are encryption keys and processing user-controlled?
  • Are there clear user controls over data usage and sharing?
  • Is there an ability to revoke access to historical data?
  • Are there options for local-only processing?

Critical Analysis of Apple’s AI Encryption Strategy

I couldn’t help but notice how Apple frames their belief in privacy, without the really important part said out loud about barriers to exit.

At Apple, we believe privacy is a fundamental human right [that you lose if you jump ship].

In the late 1700s philosopher David Hume clearly warned that any vendor who gives the option to jump off a ship only in the middle of the ocean is not giving any real option.

An Apple client device encrypts a query before sending it to an Apple server, and the Apple server operates on the encrypted query and generates an encrypted response, which the Apple client then decrypts. The Apple server does not decrypt the original request or even have access to the decryption key, so it is is designed to keep the Apple client query private throughout the Apple process. Source: Apple

Problem 1: Centralized Infrastructure Control

  • While the data remains encrypted, Apple maintains complete control over the homomorphic encryption infrastructure
  • Users are dependent on Apple’s proprietary implementation and cannot easily migrate to alternative systems
  • The “networked” benefits are confined within Apple’s ecosystem

Problem 2: Encryption Implementation

  • The security relies entirely on Apple’s proprietary implementation of homomorphic encryption
  • There’s no way to independently audit or verify the encryption process
  • Users must trust Apple’s claim that the data remains truly encrypted and private

Problem 3: Platform Lock-in Effects

  • By creating a powerful network effect around encrypted data sharing, Apple strengthens its ecosystem lock-in
  • The more users contribute encrypted data, the more valuable the system becomes, creating high switching costs
  • Competitors would struggle to build comparable systems without similar scale

Problem 4: Data Sovereignty Issues

  • Even though data is encrypted, users still lose direct control over how their data moves and is processed
  • The evaluation function and global POI database are controlled entirely by Apple
  • Users cannot opt out of specific data uses while maintaining platform benefits

Problem 5: Future Risks

  • If Apple’s homomorphic encryption is ever compromised, it could expose historical user data
  • Apple could potentially modify the system to reduce privacy protections in the future
  • Users have no guarantee of long-term data portability

Tesla Dumps Hundreds of Gallons of NaOH “AI Coolant” Chemicals Into City Water

Lucky for Palo Alto residents, one of them who saw the spill called emergency responders.

The spill occurred at about 5 p.m. on Oct. 17, according to a hazardous spills report issued by the governor’s Office of Emergency Services. While the office could not say how much of the mixture was released and how much of it affected the creek, the Palo Alto Fire Department recovered 550 gallons of the mixture from the storm drain, the report stated.

This story has legs now because of shady business — Tesla doesn’t have permits required for the chemicals the city is now cleaning up.

While the incident occurred on Oct. 17, the city didn’t publicize it until this week, when community members began asking questions about the industrial activity around Matadero Creek, near Boulware Park. […] According to the city, the cleanup in this area concluded quickly but officials later saw damage east of the area, as the substance moved through the city’s storm drains. …according to the National Institutes of Health, sodium hydroxide is toxic by ingestion, corrosive to metals and tissue and may severely irritate skin, eyes and mucous membranes. […] According to the city, storage of sodium hydroxide requires a city permit, which the company had not obtained.

Lots of twists. The city says it was a quick cleanup of 550 gallons, but then Tesla says they only dumped 12 gallons, and meanwhile a week later the cleanup doesn’t seem to be over yet.

But let me speak to something especially odd about this story. If the liquid was indeed NaOH (sodium hydroxide), which the news correctly explains is highly corrosive to metal, then someone needs to audit the company’s safety practices.

A bright green color likely means a specialized liquid. The presence of sodium hydroxide suggests it could be an alkaline-based coolant, possibly with corrosion inhibitors and dye added for leak detection. Or there could be the presence of copper compounds from the cooling system’s metal components reacting with the alkaline solution.

While data centers typically use standard coolants like water with glycol or specialized dielectric fluids, Tesla may have been playing with a custom cooling solution to handle extreme heat generated by their AI chips. If this was indeed their approach, the choice raises serious questions about both the engineering decisions and safety protocols involved. This isn’t just a basic leak because Tesla actively using sodium hydroxide in a cooling system is baffling from an engineering perspective.

NaOH corrodes most metals, including aluminum and copper that are essential in cooling systems. Running corrosive coolant through metal pipes and heat exchangers under pressure is asking for trouble — it’s like filling your car’s radiator with drain cleaner and hoping it doesn’t catastrophically fail.

Even if they’d added corrosion inhibitors, the base chemical endangers both the infrastructure and the workers. The fact that no one caught this in safety reviews (and that Tesla lacked basic chemical storage permits) suggests their rush to build AI systems may be overriding fundamental engineering and safety practices.

The disaster is exacerbated by the delay in public notification, as people and pets could have been unknowingly exposed to contaminated water in Matadero Creek and around Boulware Park while Tesla and officials knew about the hazard. Even more concerning is whether Tesla has known for a long time, spilling before anyone was watching or reporting.

Elon Musk Loses His Voice When Anyone Mentions His Links to Putin

Two weeks ago I was in a large policy forum discussing Elon Musk’s long standing connections to China and Russia, when someone asked me “is this known publicly?”

“Yes” I said, of course knowing at the same time that some people’s definition of public is different than others.

Anyway, in case you’ve been asleep for the past five years, this is as public as it gets:

Elon Musk has stayed unusually silent after The Wall Street Journal revealed Thursday night that the tech CEO has been speaking regularly with Russian President Vladimir Putin.

The newspaper reported that Musk has corresponded with Putin since 2022, discussing personal topics, business, and geopolitical tensions. Putin even made a request of Musk in one conversation: to refrain from setting up his satellite internet service, Starlink, over Taiwan as a favor to Chinese President Xi Jinping.

Musk has been tweeting around the clock since the story broke at 9 p.m. EST Thursday, but has not mentioned the Journal article once, mostly sticking to right-wing conspiracies and promotion of Donald Trump. According to the Journal, Musk not only had conversations with Putin, but with other high-ranking Kremlin officials as well. He even faced “implicit threats against him,” one source said.

It has become increasingly clear that Russia bought Twitter by using Elon Musk as their puppet. Unfortunately, that hasn’t been discussed enough before now.

Elon Musk’s secret talks with Putin ramped up during his Twitter takeover. […] Russia’s KGB, and its successor agency the FSB have, for decades, been interested in controlling media narratives and reaching as many people as possible with anti-Western or pro-Kremlin messages. The conversations between Musk and Putin, who once ran the KGB, reportedly occurred as Musk was in the midst of a leveraged buyout and takeover of Twitter.

Did I say the past five years? Oops, maybe that isn’t as public yet as these types of stories popping up lately.

“Black Insurrectionist,” the anonymous [xTwitter] persona behind some of the most widely circulated conspiracy theories about the 2024 election, can be traced to a man from upstate New York.

He’s also white.

Black insurrectionist on xTwitter is a white guy? Color me surprised.

At this point, xTwitter seems primarily to be a platform funded by Russia and run by FSB.

Researchers at ISD found that Russian disinformation agents exploited weak content moderation on U.S.-owned social media platforms such as X to spread their content far and wide. Before it was purchased and renamed by Elon Musk, the platform once known as Twitter required labels on content from authoritarian state media. Musk rescinded that rule and gutted the platform’s content moderation efforts, leading to a surge in foreign propaganda, hate speech and extremist recruitment.

As one pundit put it, Elon Musk has been selling out America and destroying democracy for less than the cost of Russia replacing their lame aircraft carrier.

Security experts in the EU showed me their Twitter feeds are flooded with pro-Trump fascist campaign messages sent by Elon Musk himself… as if to expose not just American national security failures but the global threat.

Tesla Fails Own Test: “does not achieve the safety level that allows for unsupervised FSD”

For years the Tesla CEO has deceptively marketed his cars as ready for driverless and, as they failed, asked his victims for increased advance fees to achieve his promises of the future.

And now the Tesla CEO has just officially warned his victims that they will never get the driverless features he promised them. It turns out, unfortunately still surprising some, that his advance fee fraud schemes were always in fact… fraud.

After a disappointing earnings call, the CEO softly landed the awful truth beneath years of unaccountable lies.

We are not 100 percent sure. HW4 [a hard pivot made last year, admitting failure of earlier versions] has several times the capability of HW3. It’s easier to get things to work on HW4 and it takes a lot of efforts to squeeze that into HW3. There is some chance that HW3 does not achieve the safety level that allows for unsupervised FSD.

Talk about an understatement. The CEO has some doubt that his cars can ever achieve the safety level that allows for driverless?

This is the man who had said if anyone ever criticized Tesla for safety issues, he would accuse them of killing people.

Source: My presentation at MindTheSec 2021

That’s not an exaggeration or a misquote. Tesla’s CEO Elon Musk took an aggressive stance against critics of his company’s autonomous driving technology, making two notable declarations. In 2016, he claimed that those who criticized Tesla’s technical approach were directly responsible for causing deaths. He escalated this position in 2018, arguing that any criticism of Tesla’s driverless technology would result in fatalities by eroding public trust in autonomous vehicles and deterring adoption.

Let me be even more clear.

In this new 2024 earnings call the Tesla CEO claimed that FSD will somehow be safer than a human by Q2 2025. The future! Got that?

Ok, now watch his investor call in 2016 when he coldly declared that Tesla had already surpassed this milestone.

Mission accomplished 2016.

So here he is, eight years later, being critical of all the HW3 on the roads like nobody yet should trust it… after arguing that such criticism will kill people.

Who’s the real killer, by a real measure of intentionally misleading people? The data speaks for itself, with Tesla clearly being far less safe than any other brand.

Tesla deaths by year. Source: TeslaDeaths.com

Also what is this nonsense about it being easier to work with HW4? Is the Tesla motto now that they can’t work on the hard things?

Driverless is known for being one of the hardest problems in transit to solve. The CEO is admitting (albeit subtlely) his company will never actually solve it — as they can only work on the easy things.

Futurism now literally refers to Tesla as an “astonishing screwup.” That’s a funny way to spell F-R-A-U-D.