Despite Crisis Over Its “GoToFail” Internet Back Door, Apple Rejects “Best Practices To Protect User Data” as Co-Founder Steve Wozniak Joins Spy Lockout Effort

Cupertino — At Friday’s Apple shareholder meeting, Apple’s directors overruled an urgent, popular shareholder resolution entitled Spy Lockout, aimed at improving security and keeping NSA surveillance and other intruders out of Apple’s products and systems. The same morning, Apple co-Founder Steve Wozniak endorsed the Spy Lockout initiative.

Apple had quietly advised shareholders in its January 10, 2014 Proxy Statement that directors Bruce Sewell and Peter Oppenheimer would exercise their discretionary voting authority — their ability to cast votes on behalf of shareholders who toss their voting forms in the trash — to defeat the proposal, without citing any reason.

The proxy statement does not refer to the proposal as “Spy Lockout” but as a “Floor Proposal” that “if approved, would, among other things, ask the Board ‘to enact a policy to use technical methods and other best practices to protect user data.’”

An eligible shareholder has notified us of his intent to propose a resolution at the Annual Meeting that, if approved, would, among other things, ask the Board ‘to enact a policy to use technical methods and other best practices to protect user data.’ This shareholder proposal is referred to as the ‘Floor Proposal.’ … If the Floor Proposal is presented at the Annual Meeting, then to the extent permitted by applicable rules, the proxy holders will have, and intend to exercise, discretionary voting authority under Rule 14a-4(c) under the Exchange Act to vote AGAINST the Floor Proposal.
(bold face ours, capitalization Apple’s)

Apple gave no indication why it would vote against a resolution to follow best practices recommended by industry technical experts and the Electronic Frontier Foundation to protect users.

Apple has likewise been conspicuously silent about a very serious internet security flaw, increasingly referred to as GoToFail, that was on all Apple mobile devices running iOS 6 or iOS 7 from September 2012 until last Friday, February 21st 2014, and which was on all Macintosh laptops and desktops running Mavericks OSX until the Tuesday before the meeting.  Apple has received growing criticism that, while it has now released upgrades that resolve the flaw, it has not alerted users or provided any info describing how GoToFail may have compromised their data. The flaw allows any machine on the same network as an Apple customer to impersonate any site, whereafter the Apple user may then enter password information or unwittingly hand over control of their machine.

Experts on Apple and security have noted that within weeks of GoToFail’s silent introduction in 2012, the NSA reported internally that Apple had joined the PRISM bulk surveillance program providing “direct access” to Apple users’ data. These experts could not rule out complicity by Apple, perhaps under gagged National Security Orders. Although National Security Letters were ruled unconstitutional in March of last year, Apple privacy officer Jane Horvath declined to answer whether it is still cooperating with new orders. Apple’s most recent transparency report says it may have cooperated with more than 200 such requests just between January and June of last year. 

While the shareholder presenting the Spy Lockout resolution on Friday referred specifically to the importance of following best security practices and to the GoToFail crisis, Apple CEO Tim Cook declined to comment or take questions on GoToFail or Spy Lockout at the meeting.

Shareholders Employ Floor Proposal Tactic

The Spy Lockout resolution was led by Apple shareholders affiliated with Restore the Fourth, a national constitutional rights organization aimed at defending the 4th Amendment’s guarantee that government search requires a specific warrant and bulk surveillance without suspicion is unconstitutional, through its Bay Area chapter Restore The Fourth SF.

Ordinarily shareholder proposals are submitted for consideration through a proxy system that allows shareholders to vote by mail in advance of the meeting. The Spy Lockout initiative, begun after the deadline for a normal 2014 proxy proposal, was submitted instead as an urgent Floor Proposal and voted on only by a few hundred shareholders present at Friday’s meeting – to provide information, as a non-binding poll, and to spur debate with shareholders and directors.

This resolution, presented by Apple shareholder and Restore the Fourth SF national liaison David Levitt, was received warmly by shareholders present, earning a rare round of applause, as did a Human Rights Committee resolution that was also overruled.

While Bloomberg reported Apple Investors Reject All Shareholder Proposals, it misleadingly reported that shareholders had overwhelmingly rejected the proposal. But in fact under the unusual Floor Vote procedure for Spy Lockout, when Apple estimated the vote tally, the only shareholders who had voted against Spy Lockout were Apple directors – through their discretionary power to cast votes on behalf of shareholders who had tossed their ballots in the trash and did not attend the meeting.

In other words, though a vast majority of the shareholders who considered the proposal supported it, they were silently overruled by the directors without discussion or explanation.

Apple avoided discussion and debate by declining to call on Dr. Levitt during the question period and excluding any description of Spy Lockout resolution content from the official meeting Agenda.  Whereas the Jan 10 proxy document and ballots summarized the proposal as “a policy to use technical methods and other best practices to protect user data,” in the Agenda document distributed to shareholders and the press it appeared only as “Floor Proposal.”  Evidently in the midst of the newly revealed GoToFail internet security negligence crisis, reminding the press that Apple is doubling down to vote AGAINST “best practices to protect user data” was not something the firm was eager to mention, advertise or discuss.

Dr. Levitt’s remarks, below, emphasized that an end to unconstitutional surveillance may be more readily achieved by technical means, and corporations seeking the trust of their customers, than by legislation.

Apple Spy Lockout shareholder remarks
(plain text shows prepared remarks; italics show improvisation upon news of Wozniak’s endorsement of Spy Lockout)

I’m David Levitt, a fellow shareholder.  I’m introducing the Spy Lockout proposal to regain our users’ trust, which has been shaken ever since Apple was implicated in the NSA’s bulk surveillance programs last June.

The Spy Lockout plan is simple common sense for any company truly committed to data security.  Adopt best practices for security and encryption, as recommended by experts like the Electronic Frontier Foundation. Keep third party equipment off our networks.  Investigate and stop invasions of user privacy.  And when cooperating with police, require a warrant of limited duration, for a specific person or thing, instead of bulk collection.

The Spy Lockout proposal isn’t in your shareholders’ proxy materials.  By the September proxy deadline, we hadn’t yet learned how providers are threatened and coerced into breaking the law.  Internet providers like Lavabit were still gagged.

So today the full set of Apple shareholders can’t vote to compel Apple’s directors to implement a Spy Lockout.  Apple’s directors will have to do it themselves, as a matter of both conscience and wise business practice.  This is too urgent to wait another year.

Business leaders have successfully stood up to overreaching government power before.  The McCarthy era Hollywood blacklist was ended not by our government, but by brave movie makers willing to challenge it.

In 1960 Universal Studios and the producers of Spartacus dared to include blacklisted writer Dalton Trumbo’s name on the movie, and almost instantly the government run blacklist that had ruined so many innocent lives was over.  And then Spartacus went on to make more money than any other movie in history.

Apple can follow a similar path – leading our industry’s escape from vast, wasteful surveillance that has invaded every home in America without catching a single terrorist.  Apple can earn back the trust of users the world over, and reap well deserved financial rewards.

It starts with having the courage to protect our constitution when our government won’t.

I should mention that I just got a message from Woz – Steve Wozniak, the co-founder of Apple – and he’s strongly in favor of the Spy Lockout.  Apple should defend the constitution – especially when the government won’t.  He’s looking forward to participating in a press release.  We’re praying this won’t be a divisive battle between the original Apple values of courage and anti-totalitarianism, versus a new Apple that’s more about cowardice or complicity.  With a growing GoToFail security scandal, it makes no sense for Apple to reject a proposal for hardened security.

Join me in voting for the Spy Lockout today.
[general applause from audience]