Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Releases Guidelines for Law Enforcement Data Requests
- Thread starter MacRumors
- Start date
- Sort by reaction score
Tell that to the scores of conservative groups that have been unlawfully targeted by the IRS. The government isn't retaining all surveilled data and storing it for later use to prevent terrorist attacks. It could care less about the terror being inflicted on the border states in the south by the waves of illegal democrat voters invading for example. Forgive me if I am skeptical of the so-called protection afforded me by spying on everyone in the US. We daren't profile the one group that seeks to undermine and do the most harm to us - even after they destroyed our World Trade Centers. We can't profile the one group that continues killing our troops and scores of innocent civilians overseas. No, this government is doing far more harm to our Constitution and liberties to pursue its own agenda than the Patriot Act ever did.
Meanwhile, I certainly do not trust what Apple or any other company has to say about the data they are already giving up to the Feds. This PR announcement (among others) is smoke and mirrors. The NSA and U.S government already have access to anything you do in iCLoud, your cellphone, your webcam, your PC, your laptop, and even your car. They certainly have all encryption algorithms and the ability to decrypt email, cloud storage, etc...
The current out-of-control, lawless government should be working for us, not the other way around. It's not a matter of having something to hide. It's a matter of Constitutional protection as American citizens. It's about limiting the power of centralized government. The 4th and 10th ammendments mean something. I just wish more children today were studying them and more people would actually read them.
The fact that Apple can still extract all that information from Passcode-locked phones is not cool and I think unacceptable. If I put a passcode lock on my phone, I want ALL information locked. SMS, call history, photos, videos, audio recordings, etc. That's the stuff I probably want protected the most. Not just from law enforcement, but from anybody, any hacker. If Apple has the tools to do this at Cupertino, you know there's hackers and jailbreakers out there that have the same know-how and ability.
Just for clarification, I'm not a criminal and I'm not somebody that's a major target for hackers, but I would like to know that if I passcode lock something, it's going to stay secure. With Android, if you put the funky pattern lock on, I'm pretty sure nothing is accessible.
Just for clarification, I'm not a criminal and I'm not somebody that's a major target for hackers, but I would like to know that if I passcode lock something, it's going to stay secure. With Android, if you put the funky pattern lock on, I'm pretty sure nothing is accessible.
You get it... Sadly, most others don't. The gov't we have now is all about deception, and in the end, has a desire of control. Where are the incentives, and what are the intentions???
(Agenda 21 is around the corner.)
Funny thing is - we all talk about the problem of "bullying" going on in schools nationwide, when we all know who the true bully is... Worldwide it's the U.S. gov't, and nationwide, it's the same peeps, but most citizens would not tread those waters.
United we stand, divided we fall.
No, it was not encrypted if you had implemented a passcode.
But, it was not a database of the user's locations. It was a database of the estimated locations of WiFi access points that were "heard" by the phone.
The database was populated by a request to Apple's servers: "Hey, I heard this WiFi station's MAC address, where is it?". The location was saved in the database, so the next time the phone heard the MAC address, it could get the location from the local database. It was intended to be a cache.
The purpose? When you start an application that uses the GPS, the GPS receiver needs an approximate position to quickly acquire the signals from the GPS satellite constellation. A better starting position provides a faster time to "lock". Knowing the location of a nearby WiFi station gives you a better location than knowing the location of a nearby cell tower. It's how you can get a good position from your GPS in a second or two, vs. 10-15 seconds.
The problem? The cache of positions was supposed to be purged after a certain time period. The entries were time-stamped, apparently for this purpose. But, the purge algorithm was apparently never tested, and it continued to accumulate WiFi locations forever.
When I found out about this, I found the database in my iPhone backup and dumped it. I had written a Python script to plot the locations where pictures were taken (using the EXIF data in the photos) and generate a Google Map page with place markers at location. I adapted it to the WiFi location database and generated a page.
Zooming in and looking at places where I knew I had been, I could see that it wasn't tracking MY location. It was recording locations around me. For instance, I ride my bike along a trail adjacent to houses. The locations in the database were points on either side of the trail, but not on the trail. I had never been in the adjacent neighborhoods, and the points were well outside the CEP (circular error probable) that is shown on mapping applications by the light blue sphere or circle.
Looking at the other entries in the database rows, it was pretty obvious they were MAC addresses. I even looked up a few of them on-line, and identified the manufacturer of the WiFi access point.
----------
I think you should google the phrase: "Three felonies a day". This is an estimate of the number of crimes the average person unwittingly commits.
I'll also suggest some reading about Lavrenti Beria, who once (in)famously said: “Show me the man and I’ll find you the crime.”
Agreed. And don't expect a statement from Apple regarding such NSA programs to mean much either. They have literally no choice if served with a NSL. They are required to deny participation/knowldge of it and to comply.
The key to fixing this issue, besides politics, is to build systems that prevent the possibility of compliance with a NSL. This requires minimizing control of devices and minimizing storage of customer data, neither of which any of the big companies will or can do in a meaningful way.
That said, I like what Apple is doing here.
Niether is the FBI, by the way. This year they announced that their primary mission is no longer law enforcement, it's national security. Uh oh?
Last edited:
Doesn't the NSA have a specific class of IPs? Can't Apple just block that class of IPs from the NSA from servers that contain customer data (iCloud) and not customer data from the Apple Store (so they can still make purchases).
Obviously they can connect to another network to run attacks, but these would be more one-off's and that IP can be easily blocked temporarily.
Obviously they can connect to another network to run attacks, but these would be more one-off's and that IP can be easily blocked temporarily.
Is there a source to this? I know they were trying to get SMS data too, which is why they went to Apple.
It's the opposite. If you are doing nothing wrong, you have everything to hide, because it's absolutely none of the government's business.
That's why search warrants exist. The government needs to prove that something you're doing is their business before they can look.
Regarding your last paragraph: This is a secret federal agency. Are you sure that weird is not = guilty?
Dale
Everybody has something to hide. But putting that aside, it's not about whether or not people have something to hide. It's about whether or not the government has a reason to know absolutely everything about you. The requirement is on them to prove they need this information. We are not required to prove we need privacy. We get privacy as a natural right, and that privacy can only be breached with probable cause.
At least, that's how it's supposed to work. That's what the founders intended.
What the NSA and other government agencies in the executive branch are doing is ripping up the 4th Amendment, and claiming they have to because there's a bogeyman that wants to hurt you. What's more, they're setting the precedent that they can rip up any part of our constitution, at any time, just because they feel like it. Is that a precedent you want set?
What's more, the thing doesn't work! Other than some "LOVEINT" conducted by some corrupt employees at the NSA to illegally spy on their girlfriends or husbands, showing us that they can't be trusted with this power, what has PRISM actually successfully accomplished? It didn't stop the Boston Marathon bombings. It didn't stop Edward Snowden from fleeing the country with massive amounts of stolen intelligence. There are plenty of public examples of NSA incompetence, and PRISM not protecting us, and absolutely zero evidence that they've done anything well or actually protected us. If we really want to have a conversation about changing our constitution and giving up our freedoms, it needs to be a public one. All the NSA offers is some vague "well this stopped some threats" with no details to prove they're not making it all up. It's up to them to prove they need this power, and that it actually works as intended. It's not up to us to prove we need them not to. Absolutely nobody here needs to justify their desire for privacy.
Spot on. The Constitution is a default-deny document. Unfortunately, the government has changed the root pasword to "National Security".
You are 100% correct Sir or Mam!!!
It's a lot of subjective intentions with objective bad intelligence having a power trip to create even more awful subjective/relative policies with yet again, subjective intentions. A circus that rivals any circus on earth is now here... on our own soil... voted by our own people.
If the gov't had a chance of being trusted by its people... it went bye byes with this clown.
All everyone can pray for is... the next subjective deceptive policy to garner a vote. Actually, you don't have to pray or "hope" for it... it will just be assumed and/or anticipated.
(Can't wait for the new health tracker by Apple... I hope Tim and Apple show up the gov't, and don't assist in any health surveillance that I am sure our gov't objectively wants with their subjective intentions.)
I think you have hit this dead right.
In PR terms this sounds great.
However, I am sure, as you suggest every word has been expertly chosen, and not just an off the cuff statement.
Many times things are not what they seem.
Like the person saying how their company "gave all it's profits to charity" yes, after taking your $100,000 salary from sales of items people thought they were buying for a good cause.
Or the Company shedding jobs as they took a $1,000,000 loss this year.
Not actually saying, they only made $10,000,000 profit, but had planned to make $11,000,000 so they can say it's a 1 million loss.
The more information they have on a person, the more likely they are to think that person is doing something wrong, just by misunderstanding or accident.
Let's say you buy a book online about how to make meth. Are you just a curious biochemist who is interested in it academically, or are you the next Heisenberg? Heck, maybe you're actually a screenwriter, trying to make the next Breaking Bad television show. If the government is looking at all your online activity, and you've got a perfectly legal and socially acceptable interest in the subject matter, you might still be targeted anyway, put on a list somewhere in a computer. That trip you took to Mexico for an innocent vacation with your family is now analyzed by some computer program and the DEA is listening to all your phone calls, and the phone calls of everyone you know, and the phone calls of everyone they know, too. Drugs are often used to fund terrorism, so the FBI are now investigating your religious affiliations and political affiliations. Maybe there's a single individual at your church who's signed up for a newsletter put out by a hate group, or maybe he or she protested outside an abortion clinic one time. Maybe somebody with a similar name or nickname to you also once wrote a threatening letter. Some analyst or computer program might think you're not only making drugs, but using those drugs to fund bomb-making to blow up a synagogue or hospital.
When DHS hauls you in for questioning, even if it's all cleared up before an arrest warrant is issued or you go to trial, won't you, as somebody who did absolutely nothing illegal, feel just a little bit angry? Like maybe the government should've spent all its time and resources on going after people they had probable cause to investigate? It's one thing to be harassed because of some anonymous tip or a mixed up street address. Accidents happen, and sometimes the police kick down your door, shoot your dog, and only after they've got you in handcuffs with a gun to your head realize the crack house is on 123 Main Street, not 321 Main Street. That's fine. But it's another entirely to have it happen to you because you "fit a pattern" or "had a social connection" because the government is gathering data on everybody, without having to even suspect anybody first, much less prove that suspicion has grounds.
And let's say, somebody imagines the above scenario. Even if it's unlikely, even if they don't expect it would result in any actual harm, what sort of chilling effect does that have on their own behavior? Do they start worrying about who their friends' friends are, and maybe don't hang out with their new friendly classmate from a foreign country? Do they not engage in the freedom of expression or the press (either producing or consuming), because they're worried about being connected to something illegal, just by accident? Do they stop themselves from searching for something on Google because their keywords might have more than one meaning, or fit some sort of pattern with past searches they made, or even just somebody with the same IP address made a year ago? Even if the government doesn't overtly oppress you with PRISM and other programs, it still oppresses you if you self-censor out of fear or doubt.
The government is not 100% effective and 100% competent. I shouldn't have to say that, and I certainly hope it's obvious to everybody, but I said it anyway. Knowing that the government has flaws, that the people who work in it are humans that can be corrupt or make mistakes, the government needs to be restricted in how much it can accidentally or intentionally screw you over. How much power over you would you give to any human being? Would you give them more or less power over you, knowing that their actions are done in secret? How about in secret with no oversight?
Last edited:
Here's a warning - a heads-up!
Thats all fine except, local law enforcement now use a device that emits a fake cell tower signal causing all phones (especially iphones) with in range of the false tower signal, to link to their StingRay device, (google it). LAPD is the worst as they employ this device in helicopters more over the last year since the supreme court ruled it was legal in a particular case in New York, so long as the phone is turned on however, what was not fully understood at the time, is the amount of data this covert data gathering device can access, like web search history, contacts and even listen in on any calls all done with no one ever knowing except the helicopters overhead if they are not parked quietly nearby. This device even tracks movement and plots it on a chart over time to map and tracks ones movement then fed to a database at their central data center. So Apples privacy efforts are completely lost as this big loop hole of pen & trap devices like StingRay can covertly penetrate your device and even employ the microphone to listen to what goes on while inside your home or office. Need aps that detect and identify incomeing data requests through cell towers or other signals linking to it.
Thats all fine except, local law enforcement now use a device that emits a fake cell tower signal causing all phones (especially iphones) with in range of the false tower signal, to link to their StingRay device, (google it). LAPD is the worst as they employ this device in helicopters more over the last year since the supreme court ruled it was legal in a particular case in New York, so long as the phone is turned on however, what was not fully understood at the time, is the amount of data this covert data gathering device can access, like web search history, contacts and even listen in on any calls all done with no one ever knowing except the helicopters overhead if they are not parked quietly nearby. This device even tracks movement and plots it on a chart over time to map and tracks ones movement then fed to a database at their central data center. So Apples privacy efforts are completely lost as this big loop hole of pen & trap devices like StingRay can covertly penetrate your device and even employ the microphone to listen to what goes on while inside your home or office. Need aps that detect and identify incomeing data requests through cell towers or other signals linking to it.
Whoa...any phone on the network has to behave the same with regard to cell tower connections. Why would an iPhone be any different?
Pen and Trap Trace
Yes, but once the network is in place, the iPhones internal environment is easily navigable by these covert devices. I recall reading it was more the iphone 4 that was most vulnerable, or was it the 5. I am looking for more detail to specifically answer your question but can’t seem to locate the article at the moment that I read a few years ago. I think another reason is the phones can still be accessed or tracked when turned off unless you remove the battery. You can not remove the iphone battery.
more info on the topic
http://www.techdirt.com/blog/?tag=fourth+amendment
Yes, but once the network is in place, the iPhones internal environment is easily navigable by these covert devices. I recall reading it was more the iphone 4 that was most vulnerable, or was it the 5. I am looking for more detail to specifically answer your question but can’t seem to locate the article at the moment that I read a few years ago. I think another reason is the phones can still be accessed or tracked when turned off unless you remove the battery. You can not remove the iphone battery.
more info on the topic
http://www.techdirt.com/blog/?tag=fourth+amendment
Last edited:
Perhaps you didn't read the guidelines.
Basically, Apple is saying that they WILL GIVE law enforcement ANY AND ALL data that they are CAPABLE of extracting... ALONG WITH all of your iTunes information and purchases... including when and where you connected to any Apple servers.
"Unless they legally forbid us from doing so, which is basically a certainty after this announcement."