Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
63,195
30,136



applelogo.png
In a new legal resources page posted on its website Wednesday night (via 9to5Mac), Apple outlined its guidelines regarding requests for customer data from from U.S. law enforcement agencies, specifying what information the company can and can not retrieve from devices upon the receipt of a search warrant or legal notice.

Regarding the extraction of data from passcode locked iOS devices, Apple states that it may only retrieve information from its own first party apps, which includes SMS messages, photos, videos, contacts, audio recording, and call history. However, Apple can not provide access to email, calendar entries or third-party app data. The company says the data extraction process itself can only be performed on devices in "good working order" at its Cupertino, California headquarters.

Apple will also assist law enforcement in returning lost iPhones to their rightful owners, agreeing to contact the customer of record and have them contact law enforcement to get their property back pending available information.

The new page follows a report from The Washington Post last week which stated that the company would begin notifying its users of secret personal data requests from law enforcement. Apple has become increasingly concerned about privacy matters since the discovery of PRISM, a secret intelligence program ran by the NSA.

CEO Tim Cook was noted as saying that the NSA would have to "cart [Apple] out in a box" before it could access the company's servers, as Apple also hired certified privacy professional Sabrina Ross last month to oversee the protection of consumer data.

Article Link: Apple Releases Guidelines for Law Enforcement Data Requests
 

chabig

macrumors G4
Sep 6, 2002
11,173
8,857
It's very impressive. Remember the internet uproar of a few years ago when Apple was accused of tracking users' GPS locations? Here's what the guidelines have to say about that:

Does Apple store GPS information that can be produced under proper legal process?

No, Apple does not track geolocation of devices.

I suppose the tech blogs will fall over themselves scrambling to apologize to Apple, right?
 

JoEw

macrumors 68000
Nov 29, 2009
1,583
1,291
It's very impressive. Remember the internet uproar of a few years ago when Apple was accused of tracking users' GPS locations? Here's what the guidelines have to say about that:



I suppose the tech blogs will fall over themselves scrambling to apologize to Apple, right?

I actually dont remember this, article?
 

Soy Cowboy

macrumors newbie
Jun 17, 2011
23
1
The NSA is not a law enforcement agency. This announcement is nice, but it doesn't address the larger issue of government surveillance.
 

snprintf

macrumors member
Apr 20, 2014
69
0
"The company says the data extraction process itself can only be performed on devices in "good working order" at its Cupertino, California headquarters. "

I'm assuming they have to crack the encryption there. Or at least hoping :eek:

----------

I actually dont remember this, article?

The user you are quoting didn't summarize it correctly, or at least not completely. Since iOS 4 and until this was discovered, iOS was saving the user locations to an unencrypted (not sure whether it was encrypted if you used a passcode) file stored locally on the device and synced to the computer as part of the backup. You were able to download an application called iPhoneTracker and see your movement history. The accusation was that Apple was sending this data to servers, but no evidence of that was found.

MacRumors reported on it at some point, but I can't find it. Here's a different article: http://readwrite.com/2011/04/20/your_iphone_is_tracking_your_every_move#awesm=~oDEifIqXRLH5hV
 
Last edited:

FreeState

macrumors 68000
Jun 24, 2004
1,738
115
San Diego, CA
"The company says the data extraction process itself can only be performed on devices in "good working order" at its Cupertino, California headquarters. "

I'm assuming they have to crack the encryption there. Or at least hoping :eek:

Yep, per the document they have to hand deliver or ship the phone to CA to have it extracted (after a search warrant has been issued that is).
 

H2SO4

macrumors 603
Nov 4, 2008
5,625
6,924
It's very impressive. Remember the internet uproar of a few years ago when Apple was accused of tracking users' GPS locations? Here's what the guidelines have to say about that:



I suppose the tech blogs will fall over themselves scrambling to apologize to Apple, right?

Ok but just be careful;
No, Apple does not track geolocation of devices. is not the same as
No, Apple has not and does not secretly track geolocation of devices.

I very much suspect that the article will be worded very carefully, (as with any company legal statement), that allows them to do more than first appears.
The article links to another there separate documents and I don't mind betting that there will be some contradictions amongst them.
Lastly these are for US enforcement agencies, what's to stop them moving the data overseas and then allowing access, (Extraordinary Data Rendition anybody)?
 
Last edited:

snprintf

macrumors member
Apr 20, 2014
69
0

Careful, some of those (like the second one) are for iOS 7's "frequent locations" feature that you can easily opt out of in the settings. That's different from the other, pre iOS 7 news where it was revealed that locations were secretly saved to a plain text file and synced to the computer.
 

Zxxv

macrumors 68040
Nov 13, 2011
3,558
1,104
UK
Regarding the extraction of data from passcode locked iOS devices, Apple states that it may only retrieve information from its own first party apps, which includes SMS messages, photos, videos, contacts, audio recording, and call history. However, Apple can not provide access to email, calendar entries or third-party app data. The company says the data extraction process itself can only be performed on devices in "good working order" at its Cupertino, California headquarters.

So you use 3rd party apps then. ?

wow security is easy these days.

and disable touch ID else they'll just put your finger on....acidently :D

Apple still needs a oh crap security lock. Like pressing the lock button 3 times or home button 5. Something that pass codes locks the device instantly.
 

thaifood

macrumors 6502
Jun 8, 2011
310
96
This is good that there are some transparent guidelines to this issue.

However, at the end of the day, there is no real point in being paranoid if the government looks into you. If you honestly have nothing to hide then there shouldn't be an issue.

I personally would not care if some NSA analyst read my text messages. I've got nothing to be guilty of. They might think I'm a bit weird though.
 

zipa

macrumors 65816
Feb 19, 2010
1,442
1
In the Oscar Pistorius murder trial Apple provided the Whatsapp message data to the South African police after taking the phones to Cupertino, so I don't buy that they cannot provide third-party app data. (These phones had pass codes enabled.)

They can't guarantee access to such data, since it might be encrypted or stored off the phone. Obviously they can retrieve whatever is stored in plain text on the device itself.
 

zipa

macrumors 65816
Feb 19, 2010
1,442
1
Thanks for the clearing that up. I misunderstood and thought they cannot retrieve such data at all.

Don't take that as any official statement, but that is why I imagine that such a clause exists.
 

callea

macrumors regular
Jul 26, 2011
190
122
Italy
How is it possible?
File system is crypted AES 256 on code locked iPhones, isn't it??

If the iPhone is 4 digit locked there is no problem for a brute force attack.
But when is it locked by a strong password?
How Apple can decrypt AES 256 data??
Is there any kind of backdoor?
 

satcomer

Suspended
Feb 19, 2008
9,115
1,973
The Finger Lakes Region
sadly, Apple joined NSA surveyllance just after Jobs death. ask yourself why

Because Steve was known for pushing his people to do better. I bet he would have had Apple's Lawyers crawling all over these request and that would scared No Such Agency to think twice act their typical intimidation racket. So in other words Steve would say something like "Mine are bigger than yours."

 

gnasher729

Suspended
Nov 25, 2005
17,980
5,565
"The company says the data extraction process itself can only be performed on devices in "good working order" at its Cupertino, California headquarters. "

I'm assuming they have to crack the encryption there. Or at least hoping :eek:

The encryption cannot be _cracked_. The only chances to get into a newish iOS device is to guess the passkey. Only software that is signed by Apple can access the hardware bits that would try a passkey. For example, if you enter your passcode 1234 then the code that runs is software signed by Apple which sends it to the hardware to try out (and can lock you out if you try to often). Apple can create a different version of that software that tries keys as quickly as possible _and sign it_. If you or the NSA wrote that kind of software, you couldn't sign it with Apple's keys and therefore it wouldn't work. Checking keys takes about 100ms per key and requires the iOS device to work, so the NSA cannot do that using a dozen supercomputers.

----------

Thanks a lot, it's very interesting.
But I read that IOS 7 has Data Protection enabled by default for all applications even for those not natively supporting it by developer.

So I thought Data Protection in IOS 7 was the equivalent of File Vault 2 in OSX.

Now I'm very confused...:confused:

Don't jailbreak your phone :D

----------

How is it possible?
File system is crypted AES 256 on code locked iPhones, isn't it??

If the iPhone is 4 digit locked there is no problem for a brute force attack.
But when is it locked by a strong password?
How Apple can decrypt AES 256 data??
Is there any kind of backdoor?

Apple (and nobody but Apple) can try out passcodes at a rate of about 10 per second. Without you typing them in. 8 digits + letters is about uncrackable. For four digits, the police has to give Apple your phone and a search warrant. It should be obvious that it is possible to read the data without cracking AES, because that happens every time _you_ enter your passcode.

----------

Careful, some of those (like the second one) are for iOS 7's "frequent locations" feature that you can easily opt out of in the settings. That's different from the other, pre iOS 7 news where it was revealed that locations were secretly saved to a plain text file and synced to the computer.

Not "secretly saved". Apple has a database of cell tower and WiFi hotspot locations that is used to determine your location, and part of that got stored on your phone so you can reuse it without downloading it again. And backup backed up your phone. There was nothing "secret" about it. You should use encrypted backups anyway, which is just a switch in the iTunes user interface. So this feature is turned off now, and your 3G data bill will go up a bit.

----------

The accusation was that Apple was sending this data to servers, but no evidence of that was found.

That accusation was obviously made, but it was stupid beyond ridiculous. The data that was found _came from Apple's servers_. There was no need to send it to Apple's servers, because Apple always had that data. Here's what happens:

You are in some unknown place. You want to know where you are. You ask your iPad or iPod Touch without GPS, or phone with no GPS reception. The device spots a WiFi hotspot or cell tower. It sends a message to Apple's servers: "I see this WiFi hotspot. Where am I? " Apple's server returns the location and a list of nearby hotspots and cell towers so that the device doesn't need to contact Apple again. That list was stored. Can you see how if Apple wanted to spy on you they wouldn't use that list on your device? Because it was Apple who sent it to you in the first place?

It's like accusing the locksmith who just changed your locks that he stole the keys from your pocket to duplicate them and put them back. It's stupid. If he wanted a copy of your keys, he wouldn't need to do that, because he's the man who made the keys in the first place.
 

crackbookpro

macrumors 65816
Feb 25, 2009
1,096
0
Om nom nom nom
This is actually rather impressive. Good for them

Ethics... Apple has them(always did, except for the design & manu days of the glass on the back of the iPhone 4/4s) and SJ always knew Tim would uphold them. Tim is/was probably more ethical than Steve in many avenues - just my opinion though.

You/we buy Apple because the products are bad@ss, but we/I/you remain loyal because the Apple co is ethically & ultimately working to give you the "best" and they will never stop.

Because of... Ethics.

This is impressive, and most co's would not do what Apple does for it's customers and ownself.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.