Go Back   MacRumors Forums > Mac Community > Community Discussion > Politics, Religion, Social Issues

Reply
 
Thread Tools Search this Thread Display Modes
Old Jun 17, 2013, 09:22 AM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
Apple Releases Statement on Customer Privacy and Law Enforcement Requests for Customer Data




In the wake of a public revelation of "PRISM", a top secret intelligence gathering program run by the U.S. National Security Agency in which Apple was reportedly among a number of companies providing the government with direct access to user data, Apple has now issued a "Commitment to Customer Privacy" statement addressing the issue.

According to Apple, no agency has direct access to customer data, and each request for data by law enforcement is evaluated by Apple's legal team to determine the legitimacy of the claim.
Quote:
From December 1, 2012 to May 31, 2013, Apple received between 4,000 and 5,000 requests from U.S. law enforcement for customer data. Between 9,000 and 10,000 accounts or devices were specified in those requests, which came from federal, state and local authorities and included both criminal investigations and national security matters. The most common form of request comes from police investigating robberies and other crimes, searching for missing children, trying to locate a patient with Alzheimer's disease, or hoping to prevent a suicide.

Regardless of the circumstances, our Legal team conducts an evaluation of each request and, only if appropriate, we retrieve and deliver the narrowest possible set of information to the authorities. In fact, from time to time when we see inconsistencies or inaccuracies in a request, we will refuse to fulfill it.
Apple goes on to note that there are certain categories of information that it does not provide to law enforcement, either because the company never stores it in the first place or is unable to decrypt it. Specifically, Apple notes that iMessage and FaceTime conversations are unable to be decrypted by Apple and that customer location data, Maps searches, and Siri requests are not stored by Apple in any form that could be tied to a specific user.

Note: Due to the political nature of the discussion regarding this topic, the comment thread is located in our Politics, Religion, Social Issues forum. All MacRumors forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Article Link: Apple Releases Statement on Customer Privacy and Law Enforcement Requests for Customer Data
MacRumors is offline   0 Reply With Quote
Old Jun 17, 2013, 09:25 AM   #2
furi0usbee
macrumors 6502a
 
Join Date: Jul 2008
Hey wait, what about my FileVault password that I let Apple store... in case I forget.. does the NSA get that? I guess I'm creating a new FileVault and not giving Apple access to "hold" it for me.

Bryan
__________________
YouTube - Apple iPhone Support Hotline (Actual Phone Call Recording)
MacBook Pro 15" (Retina) 2.3GHz i7 / 8GB RAM  iPad mini (AT&T) (16GB)
furi0usbee is offline   2 Reply With Quote
Old Jun 17, 2013, 09:28 AM   #3
Onimusha370
macrumors 6502
 
Join Date: Aug 2010
fascinating stuff
Onimusha370 is offline   1 Reply With Quote
Old Jun 17, 2013, 09:29 AM   #4
osofast240sx
macrumors 68020
 
osofast240sx's Avatar
 
Join Date: Mar 2011
It's the carriers that store your information not apple.
osofast240sx is offline   0 Reply With Quote
Old Jun 17, 2013, 09:30 AM   #5
arcite
macrumors 6502a
 
arcite's Avatar
 
Join Date: Sep 2009
Location: Cairo, trapped in a pyramid with my iphone
And this is why I'll never use the cloud, nor FB, nor upload sensitive data that is unencrypted. Once it's on the 'net, anyone can get it.

TRUST NO ONE!
__________________
Late 2010 13' Macbook Pro ---- iPad 3
arcite is offline   15 Reply With Quote
Old Jun 17, 2013, 09:30 AM   #6
spacehog371
macrumors regular
 
Join Date: Dec 2003
Quote:
Originally Posted by furi0usbee View Post
Hey wait, what about my FileVault password that I let Apple store... in case I forget.. does the NSA get that? I guess I'm creating a new FileVault and not giving Apple access to "hold" it for me.

Bryan
By allowing Apple to store it, they have access to it and would be able to give it to Law Enforcement. As you stated, the solution is to disable it and then re-enable it and don't use the option to allow Apple to hold the key in case you lose it.

----------

Quote:
Originally Posted by osofast240sx View Post
It's the carriers that store your information not apple.
If Apple can't decrypt the information, the carriers can't either.
spacehog371 is offline   1 Reply With Quote
Old Jun 17, 2013, 09:32 AM   #7
SandboxGeneral
Moderator
 
SandboxGeneral's Avatar
 
Join Date: Sep 2010
Location: The New World
Last week's podcast on TWiT.tv, Security Now, Steve Gibson detailed how the NSA is obtaining data and how companies themselves are not participating or cooperating with them outside of court orders and requests.

Basically, they're tapping into the fiber optic feeds at the ISP level and splitting the light waves off (hence the term Prism) to their own routers and equipment. This is all done upstream of companies like Apple and Google. So the NSA is getting that data before it ever makes it's way to Apple, Google et al...

Skip ahead to about 57:31 to get the technical details of this.

__________________
"Gee, I've been on this diet only ten minutes and I've already lost something, my sense of humor."
SandboxGeneral is offline   16 Reply With Quote
Old Jun 17, 2013, 09:32 AM   #8
DBZmusicboy01
macrumors 6502
 
Join Date: Sep 2011
George orwell!!!!
DBZmusicboy01 is offline   2 Reply With Quote
Old Jun 17, 2013, 09:32 AM   #9
kot
macrumors regular
 
Join Date: Sep 2011
Quote:
Originally Posted by spacehog371 View Post
By allowing Apple to store it, they have access to it and would be able to give it to Law Enforcement. As you stated, the solution is to disable it and then re-enable it and don't use the option to allow Apple to hold the key in case you lose it.

----------



If Apple can't decrypt the information, the carriers can't either.
AFAIK before the key is sent to Apple, it is encrypted with your "secret answers" so if you forget them, no Apple will be able to help you, all your data is lost.
kot is offline   0 Reply With Quote
Old Jun 17, 2013, 09:33 AM   #10
CristobalHuet
macrumors 65816
 
CristobalHuet's Avatar
 
Join Date: Jan 2008
Location: Montreal
Apple bashing incoming in 3, 2...
__________________
13" MacBook Air 2.13Ghz Core 2 Duo/4GB RAM/256GB SSD (2010) + 24" Apple LED Cinema Display
32GB iPhone 5, Black
64GB Wi-Fi iPad mini, Black
CristobalHuet is offline   2 Reply With Quote
Old Jun 17, 2013, 09:34 AM   #11
spacehog371
macrumors regular
 
Join Date: Dec 2003
Quote:
Originally Posted by SandboxGeneral View Post
So the NSA is getting that data before it ever makes it's way to Apple, Google et al...
There is no one on earth with the computing power necessary to break the encryption Apple uses. The same encryption is in use by the military, banks, etc. They may be getting the data scrambled, but they can't decrypt it.
spacehog371 is offline   0 Reply With Quote
Old Jun 17, 2013, 09:37 AM   #12
troop231
macrumors 601
 
troop231's Avatar
 
Join Date: Jan 2010
Thumb resize.
troop231 is offline   4 Reply With Quote
Old Jun 17, 2013, 09:38 AM   #13
SandboxGeneral
Moderator
 
SandboxGeneral's Avatar
 
Join Date: Sep 2010
Location: The New World
Quote:
Originally Posted by spacehog371 View Post
There is no one on earth with the computing power necessary to break the encryption Apple uses. The same encryption is in use by the military, banks, etc. They may be getting the data scrambled, but they can't decrypt it.
While that is true, PGP when used properly is virtually un-crackable, that doesn't stop the NSA from gathering the data and storing it.

There is plenty of un-encrypted data flowing through ISP's that is being gathered and easily analyzed.
__________________
"Gee, I've been on this diet only ten minutes and I've already lost something, my sense of humor."
SandboxGeneral is offline   4 Reply With Quote
Old Jun 17, 2013, 09:40 AM   #14
DesertEagle
macrumors 6502a
 
DesertEagle's Avatar
 
Join Date: Jan 2012
Location: /home @ 127.0.0.1
Will the Keychain be encrypted in iCloud? How about my iWork docs?
DesertEagle is offline   0 Reply With Quote
Old Jun 17, 2013, 09:41 AM   #15
arcite
macrumors 6502a
 
arcite's Avatar
 
Join Date: Sep 2009
Location: Cairo, trapped in a pyramid with my iphone
Quote:
Originally Posted by SandboxGeneral View Post
While that is true, PGP when used properly is virtually un-crackable, that doesn't stop the NSA from gathering the data and storing it.

There is plenty of un-encrypted data flowing through ISP's that is being gathered and easily analyzed.
Of course, the vast majority of people have nothing to hide, as they aren't doing anything particularity interesting, nor illegal. However Meta-data analysis is becoming increasingly powerful and useful in deriving useful information from the chaos.
__________________
Late 2010 13' Macbook Pro ---- iPad 3
arcite is offline   0 Reply With Quote
Old Jun 17, 2013, 09:43 AM   #16
inlinevolvo
Banned
 
Join Date: Jul 2012
Interesting times we are living in. Zeitgeist comes to mind...
inlinevolvo is offline   0 Reply With Quote
Old Jun 17, 2013, 09:44 AM   #17
whooleytoo
macrumors 603
 
whooleytoo's Avatar
 
Join Date: Aug 2002
Location: Cork, Ireland.
Send a message via AIM to whooleytoo
Unless they state how many requests they refused, it's a bit meaningless. If they received ~4,000 and only refused a handful, it doesn't mean much.

I doubt if even Apple has the will or resources to scour through thousands of data access requests and give them any kind of meaningful review.
__________________
Mac <- Macintosh <- McIntosh apples <- John McIntosh <- McIntosh surname <- "Mac an toshach" <- "Son of the Chief"
whooleytoo is offline   0 Reply With Quote
Old Jun 17, 2013, 09:44 AM   #18
osofast240sx
macrumors 68020
 
osofast240sx's Avatar
 
Join Date: Mar 2011
Quote:
Originally Posted by spacehog371 View Post
By allowing Apple to store it, they have access to it and would be able to give it to Law Enforcement. As you stated, the solution is to disable it and then re-enable it and don't use the option to allow Apple to hold the key in case you lose it.

----------



If Apple can't decrypt the information, the carriers can't either.
Are u 100% sure?
osofast240sx is offline   0 Reply With Quote
Old Jun 17, 2013, 09:45 AM   #19
Thunderhawks
macrumors 68020
 
Join Date: Feb 2009
Quote:
Originally Posted by troop231 View Post
Thumb resize.
Lots of appropriate songs on it for that situation too:

1. "Speak to Me"
2. "Breathe"
3. "On the Run"
4. "Time"
5. "The Great Gig in the Sky"
Side 2
1. "Money"
2. "Us and Them"
3. "Any Colour You Like"
4. "Brain Damage"
5. "Eclipse"
__________________
It's ready, when it's ready !
"Any fool can criticize, condemn and complain and most fools do." Benjamin Franklin
Thunderhawks is offline   2 Reply With Quote
Old Jun 17, 2013, 09:46 AM   #20
charlituna
macrumors G3
 
charlituna's Avatar
 
Join Date: Jun 2008
Location: Los Angeles, CA
Quote:
Originally Posted by furi0usbee View Post
Hey wait, what about my FileVault password that I let Apple store... in case I forget.. does the NSA get that? I guess I'm creating a new FileVault and not giving Apple access to "hold" it for me.

Bryan
Paranoid much. They would only give it up under a verified warrant etc.

You brewing meth or something to get law enforcement on your back? No, then they won't get a warrant for your information
__________________
Return of the Non Tech's Wish List
(She's family so I'm biased )
charlituna is offline   0 Reply With Quote
Old Jun 17, 2013, 09:47 AM   #21
iceterminal
macrumors 68000
 
iceterminal's Avatar
 
Join Date: May 2008
Location: Dallas Tx.
What I noticed is that they say they have their "legal team" review each request. Which is nice. However, did anyone else notice they didn't even state one time they required a warrant for the information?

Nope. They just said "we looked at it and said sure". No warrant needed for them to give up personal information. Regardless of the situation, Apple is saying they are the judge and jury.

Scares the hell out of me.
__________________
The amount of material possessions one owns should not qualify them as a successful or just person.

The only worth these items have is the one you give them.
iceterminal is offline   6 Reply With Quote
Old Jun 17, 2013, 09:48 AM   #22
SandboxGeneral
Moderator
 
SandboxGeneral's Avatar
 
Join Date: Sep 2010
Location: The New World
Quote:
Originally Posted by osofast240sx View Post
Are u 100% sure?
If the encryption is using PGP, then yes, one can be about as certain as gravity that it's protected. PGP has been pounded on for years by all the "experts," and it's never been broken. However, anything is possible and I'd say there is a 99.999999% certainty that it's safe.

Quote:
PGP Security quality
To the best of publicly available information, there is no known method which will allow a person or group to break PGP encryption by cryptographic or computational means. Indeed, in 1996, cryptographer Bruce Schneier characterized an early version as being "the closest you're likely to get to military-grade encryption."[1] Early versions of PGP have been found to have theoretical vulnerabilities and so current versions are recommended. In addition to protecting data in transit over a network, PGP encryption can also be used to protect data in long-term data storage such as disk files. These long-term storage options are also known as data at rest, i.e. data stored, not in transit.

The cryptographic security of PGP encryption depends on the assumption that the algorithms used are unbreakable by direct cryptanalysis with current equipment and techniques. For instance, in the original version the RSA algorithm was used to encrypt session keys. RSA's security depends upon the one-way function nature of mathematical integer factoring.[2] Similarly, the symmetric key algorithm used in PGP version 2 was IDEA, which might at some point in the future be found to have previously undetected cryptanalytic flaws. Specific instances of current PGP or IDEA insecurities (if they exist) are not publicly known. As current versions of PGP have added additional encryption algorithms, the degree of their cryptographic vulnerability varies with the algorithm used. In practice, each of the algorithms in current use are not publicly known to have cryptanalytic weaknesses.

New versions of PGP are released periodically and vulnerabilities are fixed by developers as they come to light. Any agency wanting to read PGP messages would probably use easier means than standard cryptanalysis, e.g. rubber-hose cryptanalysis or black-bag cryptanalysis i.e. installing some form of trojan horse or keystroke logging software/hardware on the target computer to capture encrypted keyrings and their passwords. The FBI has already used this attack against PGP[3][4] in its investigations. However, any such vulnerabilities apply not just to PGP but to all encryption software.

In 2003 an incident involving seized Psion PDAs belonging to members of the Red Brigade indicated that neither the Italian police nor the FBI were able to decrypt PGP-encrypted files stored on them.[5]

A more recent incident in December 2006 (see United States v. Boucher) involving US customs agents and a seized laptop PC which allegedly contained child pornography indicates that US government agencies find it "nearly impossible" to access PGP-encrypted files. Additionally, a judge ruling on the same case in November 2007 has stated that forcing the suspect to reveal his PGP passphrase would violate his Fifth Amendment rights i.e. a suspect's constitutional right not to incriminate himself.[6][7] The Fifth Amendment issue has been opened again as the case was appealed and the federal judge again ordered the defendant to provide the key.[8]

Evidence suggests that as of 2007, British police investigators are unable to break PGP,[9] so instead have resorted to using RIPA legislation to demand the passwords/keys. In November 2009 a British citizen was convicted under RIPA legislation and jailed for nine months for refusing to provide police investigators with encryption keys to PGP-encrypted files.[10]
__________________
"Gee, I've been on this diet only ten minutes and I've already lost something, my sense of humor."

Last edited by SandboxGeneral; Jun 17, 2013 at 10:03 AM. Reason: Adjusted formatting
SandboxGeneral is offline   2 Reply With Quote
Old Jun 17, 2013, 09:48 AM   #23
charlituna
macrumors G3
 
charlituna's Avatar
 
Join Date: Jun 2008
Location: Los Angeles, CA
Quote:
Originally Posted by SandboxGeneral View Post
Last week's podcast on TWiT.tv, Security Now, Steve Gibson detailed how the NSA is obtaining data and how companies themselves are not participating or cooperating with them outside of court orders and requests.
Or his guess on how. Since they aren't likely to have released this detail to the public 'for security reasons'
__________________
Return of the Non Tech's Wish List
(She's family so I'm biased )
charlituna is offline   0 Reply With Quote
Old Jun 17, 2013, 09:48 AM   #24
notabadname
macrumors 65816
 
notabadname's Avatar
 
Join Date: Jan 2010
Location: Cincinnati
Most notable that no iMessage or FaceTime data is decrypted, and no location data, map data or SIRI requests can be tied to users. That satisfies my basic needs for privacy.
__________________
"Audaces fortuna iuvat"
notabadname is offline   0 Reply With Quote
Old Jun 17, 2013, 09:48 AM   #25
gnasher729
macrumors G5
 
gnasher729's Avatar
 
Join Date: Nov 2005
Quote:
Originally Posted by furi0usbee View Post
Hey wait, what about my FileVault password that I let Apple store... in case I forget.. does the NSA get that? I guess I'm creating a new FileVault and not giving Apple access to "hold" it for me.

Bryan
You didn't read anything, did you?

But go ahead. Waste your time.

Or maybe you could switch on your brain: Even with the FileVault key, how would Apple access data on your computer? FileVault only matters if your computer is turned on. And when your computer is turned on, _you_ enter the FileVault password, and the data on the drive is readable. For this to make any difference, the NSA would have to get your hard drive and then get the keys.

Or maybe you could for a moment forget your paranoia. These keys don't store themselves, someone has to write code for it. And that person is a highly intelligent software developer, who with 99% certainty wouldn't just follow orders (maybe they would; I'm not American, so maybe American people are wimps without a backbone who just do as they are told, I hope they are not). It's the kind of thing that is hard to achieve and impossible to keep secret. And how exactly would doing this benefit Apple?
gnasher729 is offline   0 Reply With Quote


Reply
MacRumors Forums > Mac Community > Community Discussion > Politics, Religion, Social Issues

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Apple Will Begin Notifying Users of Information Requests from Law Enforcement MacRumors Politics, Religion, Social Issues 124 May 13, 2014 10:28 AM
Apple Releases Guidelines for Law Enforcement Data Requests MacRumors MacRumors.com News Discussion 67 May 9, 2014 05:13 PM
Apple Hires Privacy Counsel to Oversee Protection of Customer Data MacRumors Mac Blog Discussion 13 Mar 27, 2014 03:47 AM
New App Bypasses Snapchat Screenshot Notifications; Snapchat Details Law Enforcement Requests MacRumors iOS Blog Discussion 29 Oct 29, 2013 03:24 PM
Intelligence Program Gives US Government Direct Access to Customer Data on Apple Servers [Update: Apple Denies] MacRumors Politics, Religion, Social Issues 460 Jun 18, 2013 12:06 PM

Forum Jump

All times are GMT -5. The time now is 01:59 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC