Apple Releases Guidelines for Law Enforcement Data Requests

Discussion in ' News Discussion' started by MacRumors, May 7, 2014.

  1. MacRumors macrumors bot


    Apr 12, 2001

    In a new legal resources page posted on its website Wednesday night (via 9to5Mac), Apple outlined its guidelines regarding requests for customer data from from U.S. law enforcement agencies, specifying what information the company can and can not retrieve from devices upon the receipt of a search warrant or legal notice.

    Regarding the extraction of data from passcode locked iOS devices, Apple states that it may only retrieve information from its own first party apps, which includes SMS messages, photos, videos, contacts, audio recording, and call history. However, Apple can not provide access to email, calendar entries or third-party app data. The company says the data extraction process itself can only be performed on devices in "good working order" at its Cupertino, California headquarters.

    Apple will also assist law enforcement in returning lost iPhones to their rightful owners, agreeing to contact the customer of record and have them contact law enforcement to get their property back pending available information.

    The new page follows a report from The Washington Post last week which stated that the company would begin notifying its users of secret personal data requests from law enforcement. Apple has become increasingly concerned about privacy matters since the discovery of PRISM, a secret intelligence program ran by the NSA.

    CEO Tim Cook was noted as saying that the NSA would have to "cart [Apple] out in a box" before it could access the company's servers, as Apple also hired certified privacy professional Sabrina Ross last month to oversee the protection of consumer data.

    Article Link: Apple Releases Guidelines for Law Enforcement Data Requests
  2. XboxMySocks macrumors 68020


    Oct 25, 2009
    This is actually rather impressive. Good for them
  3. macrumors 68000

    May 25, 2012
    Yea they are really pushing this.
  4. chabig macrumors 68040

    Sep 6, 2002
    It's very impressive. Remember the internet uproar of a few years ago when Apple was accused of tracking users' GPS locations? Here's what the guidelines have to say about that:

    I suppose the tech blogs will fall over themselves scrambling to apologize to Apple, right?
  5. JoEw macrumors 65816


    Nov 29, 2009
    I actually dont remember this, article?
  6. Soy Cowboy macrumors newbie

    Jun 17, 2011
    The NSA is not a law enforcement agency. This announcement is nice, but it doesn't address the larger issue of government surveillance.
  7. snprintf, May 7, 2014
    Last edited: May 7, 2014

    snprintf macrumors member

    Apr 20, 2014
    "The company says the data extraction process itself can only be performed on devices in "good working order" at its Cupertino, California headquarters. "

    I'm assuming they have to crack the encryption there. Or at least hoping :eek:


    The user you are quoting didn't summarize it correctly, or at least not completely. Since iOS 4 and until this was discovered, iOS was saving the user locations to an unencrypted (not sure whether it was encrypted if you used a passcode) file stored locally on the device and synced to the computer as part of the backup. You were able to download an application called iPhoneTracker and see your movement history. The accusation was that Apple was sending this data to servers, but no evidence of that was found.

    MacRumors reported on it at some point, but I can't find it. Here's a different article:
  8. FreeState macrumors 68000


    Jun 24, 2004
    San Diego, CA
    Yep, per the document they have to hand deliver or ship the phone to CA to have it extracted (after a search warrant has been issued that is).
  9. H2SO4, May 7, 2014
    Last edited: May 8, 2014

    H2SO4 macrumors 68040

    Nov 4, 2008
    Ok but just be careful;
    No, Apple does not track geolocation of devices. is not the same as
    No, Apple has not and does not secretly track geolocation of devices.

    I very much suspect that the article will be worded very carefully, (as with any company legal statement), that allows them to do more than first appears.
    The article links to another there separate documents and I don't mind betting that there will be some contradictions amongst them.
    Lastly these are for US enforcement agencies, what's to stop them moving the data overseas and then allowing access, (Extraordinary Data Rendition anybody)?
  10. snprintf macrumors member

    Apr 20, 2014
    Careful, some of those (like the second one) are for iOS 7's "frequent locations" feature that you can easily opt out of in the settings. That's different from the other, pre iOS 7 news where it was revealed that locations were secretly saved to a plain text file and synced to the computer.
  11. Zxxv macrumors 68030

    Nov 13, 2011
    So you use 3rd party apps then. ?

    wow security is easy these days.

    and disable touch ID else they'll just put your finger on....acidently :D

    Apple still needs a oh crap security lock. Like pressing the lock button 3 times or home button 5. Something that pass codes locks the device instantly.
  12. bigandtasty macrumors 6502


    Dec 26, 2006
    who cares
  13. Jacquesvw macrumors regular

    Sep 12, 2012
    In the Oscar Pistorius murder trial Apple provided the Whatsapp message data to the South African police after taking the phones to Cupertino, so I don't buy that they cannot provide third-party app data. (These phones had pass codes enabled.)
  14. thaifood macrumors 6502

    Jun 8, 2011
    This is good that there are some transparent guidelines to this issue.

    However, at the end of the day, there is no real point in being paranoid if the government looks into you. If you honestly have nothing to hide then there shouldn't be an issue.

    I personally would not care if some NSA analyst read my text messages. I've got nothing to be guilty of. They might think I'm a bit weird though.
  15. zipa macrumors 65816

    Feb 19, 2010
    They can't guarantee access to such data, since it might be encrypted or stored off the phone. Obviously they can retrieve whatever is stored in plain text on the device itself.
  16. Jacquesvw macrumors regular

    Sep 12, 2012

    Thanks for the clearing that up. I misunderstood and thought they cannot retrieve such data at all.
  17. zipa macrumors 65816

    Feb 19, 2010
    Don't take that as any official statement, but that is why I imagine that such a clause exists.
  18. callea macrumors regular


    Jul 26, 2011
    How is it possible?
    File system is crypted AES 256 on code locked iPhones, isn't it??

    If the iPhone is 4 digit locked there is no problem for a brute force attack.
    But when is it locked by a strong password?
    How Apple can decrypt AES 256 data??
    Is there any kind of backdoor?
  19. tobian macrumors member


    Jun 23, 2007
    Prague, CZE
    sadly, Apple joined NSA surveyllance just after Jobs death. ask yourself why
  20. satcomer macrumors 603


    Feb 19, 2008
    The Finger Lakes Region
    Because Steve was known for pushing his people to do better. I bet he would have had Apple's Lawyers crawling all over these request and that would scared No Such Agency to think twice act their typical intimidation racket. So in other words Steve would say something like "Mine are bigger than yours."

  21. zipa macrumors 65816

    Feb 19, 2010
    This should clear things up a bit:
  22. callea macrumors regular


    Jul 26, 2011
    Thanks a lot, it's very interesting.
    But I read that IOS 7 has Data Protection enabled by default for all applications even for those not natively supporting it by developer.

    So I thought Data Protection in IOS 7 was the equivalent of File Vault 2 in OSX.

    Now I'm very confused...:confused:
  23. gnasher729 macrumors P6


    Nov 25, 2005
    The encryption cannot be _cracked_. The only chances to get into a newish iOS device is to guess the passkey. Only software that is signed by Apple can access the hardware bits that would try a passkey. For example, if you enter your passcode 1234 then the code that runs is software signed by Apple which sends it to the hardware to try out (and can lock you out if you try to often). Apple can create a different version of that software that tries keys as quickly as possible _and sign it_. If you or the NSA wrote that kind of software, you couldn't sign it with Apple's keys and therefore it wouldn't work. Checking keys takes about 100ms per key and requires the iOS device to work, so the NSA cannot do that using a dozen supercomputers.


    Don't jailbreak your phone :D


    Apple (and nobody but Apple) can try out passcodes at a rate of about 10 per second. Without you typing them in. 8 digits + letters is about uncrackable. For four digits, the police has to give Apple your phone and a search warrant. It should be obvious that it is possible to read the data without cracking AES, because that happens every time _you_ enter your passcode.


    Not "secretly saved". Apple has a database of cell tower and WiFi hotspot locations that is used to determine your location, and part of that got stored on your phone so you can reuse it without downloading it again. And backup backed up your phone. There was nothing "secret" about it. You should use encrypted backups anyway, which is just a switch in the iTunes user interface. So this feature is turned off now, and your 3G data bill will go up a bit.


    That accusation was obviously made, but it was stupid beyond ridiculous. The data that was found _came from Apple's servers_. There was no need to send it to Apple's servers, because Apple always had that data. Here's what happens:

    You are in some unknown place. You want to know where you are. You ask your iPad or iPod Touch without GPS, or phone with no GPS reception. The device spots a WiFi hotspot or cell tower. It sends a message to Apple's servers: "I see this WiFi hotspot. Where am I? " Apple's server returns the location and a list of nearby hotspots and cell towers so that the device doesn't need to contact Apple again. That list was stored. Can you see how if Apple wanted to spy on you they wouldn't use that list on your device? Because it was Apple who sent it to you in the first place?

    It's like accusing the locksmith who just changed your locks that he stole the keys from your pocket to duplicate them and put them back. It's stupid. If he wanted a copy of your keys, he wouldn't need to do that, because he's the man who made the keys in the first place.
  24. crackbookpro macrumors 65816


    Feb 25, 2009
    Om nom nom nom
    Ethics... Apple has them(always did, except for the design & manu days of the glass on the back of the iPhone 4/4s) and SJ always knew Tim would uphold them. Tim is/was probably more ethical than Steve in many avenues - just my opinion though.

    You/we buy Apple because the products are bad@ss, but we/I/you remain loyal because the Apple co is ethically & ultimately working to give you the "best" and they will never stop.

    Because of... Ethics.

    This is impressive, and most co's would not do what Apple does for it's customers and ownself.

Share This Page