Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple to Launch a Global Law Enforcement Web Portal to Streamline Data Requests by End of 2018 [Updated]
- Thread starter MacRumors
- Start date
- Sort by reaction score
If you are using any product where it interacts with the internet, the user/customer is a product. The only difference here is that that Google depends on a large portion of its revenue on customer data (greater than 50% I believe) and Apple depends less on user/customer data for its revenue (less than 20% I believe).
Do you really believe as an Apple user you are not a product to them, how do you believe you are getting recommendations for TV Show, Movies, Games, Music, Apps, etc from Apple. Do you believe Apple is taking guesses here by spinning a wheel as to what may interest you. Wake-up, Amazon and other companies do the same thing. If you choose not to believe or accept it does not change the fact that you are a product.
Or make the Requesters smarter.If you need online training for people to use your website, make your website better.
Now which do YOU think is more practical?
Apple PR at it's best. Either they DO have our data and have been lying to us all these years, or they don't and are opening up a portal for officers to request empty files.
Anything stored in the cloud is something Apple can and will give away to the authorities. I don't understand why people are so surprised about this.
They may be encrypting it, but they are not encrypting it using the keys on your iphone/ipad/mac. Encrypting it while retaining the keys whether at rest or in transit is worthless.
Saying something is encrypted gives the end-user a nice warm feeling of reassurance, however having weak encryption that can be easily broken by law enforcement agencies is what is concerning.
Apple can advertise that it is using 256bit encryption, when any an agency such as NSA can easily break that is working on 512bit encryption. In this scenario the law enforcement are ahead of the encryption game, vice companies willfully keeping pace with encryption technology.
It is a slippery slope, no back door needed if the encryption is compromised to begin with. Next Apple will incorporate 512bit encryption when government agencies are working on 1024bit encryption. It is a dance, where it is legal however there are compromises.
It seems you haven't read the article, or the thread. The nature and scope of the information they have is specified and the types and numbers of requests are reported. They haven't lied about that.
https://www.apple.com/privacy/transparency-reports/
https://www.apple.com/legal/privacy/law-enforcement-guidelines-us.pdf
The problem with that is that they are encrypting using their keys, not your keys as they do on iOS (or potentially macOS). Encrypting it while retaining the keys is worth as little as encrypting your iPhone or iPad and then sending the keys to Apple to retain.
Ever hear of a thing called corrupt law enforcement officers, I am not saying their are all corrupt. I am saying there are some bad actors that can abuse their power nad authority. We already know politicians are corrupt and will use anything in their power to get re-elected for personal gain while outright lying about receiving compensation.
Or maybe you live in a world with rose tinted eye wear.
I suspect that comes down to troubles in syncing the data between multiple devices and/or the iCloud.com website - the actual web interface to your mail, calendar, photos, and such (this is perhaps something that could be redesigned in order to keep more of the data encrypted with user-only keys). Possibly also to deal with customers who come in with a recently destroyed phone and need to restore their iCloud backup onto a new phone but they don't remember their password - Apple has a page/service for resetting your password for your AppleID; if your iCloud backups were encrypted (only) with your Apple ID, in such situations, every non-metadata bit of your information (backup contents, iMessages, photos, calendar, notes/reminders, etc.) would be scrapped. I'm not saying that the way Apple's doing it is ideal (if that is, indeed, what they're doing), but I can see how there'd be compelling reasons to do so.
Last edited:
It's not worthless. Only they can decrypt it. However I already said I'd like to see them encrypt it in such a way that they can't. I found some suggestion they were doing just that in 2016, but not much afterward.
https://9to5mac.com/2016/02/25/appl...hone-security-to-counter-fbi-unlock-requests/
Apple is using that encryption key to train Siri on user requests. Any local stored data on the device is secure, however send that to Apple and now there is a level of compromise.
I was thinking about it after I posted and I agree. There's some technical challenge there. Hopefully not an insurmountable one, and one they are working on removing.
This is rhetorical right? A tech company fixing its own website or teaching thousands of people around the globe they are 'using it wrong'... hmm.
Yup, just like Google, Facebook, Microsoft, Amazon etc etc. In short no better than any other company so why the high regard for them?
Apple is using current State of the Art Encryption. In a very real sense, they can do no better than this. And in the end, considering the sheer amount of data they are encrypting, it quickly becomes a matter of diminishing returns time-wise, to start using gigantic keys.
Face it: If the NSA has got your encrypted data, you might as well consider it cleartext. However, if some rando LEO has it, then THEIR decryption capabilities are generally FAR less advanced.
This is true IF they are using their keys to encrypt it.
Instead of using Apple's keys, all iCloud data (plus backups of an iOS device) should be encrypted on the device using a key derived from the device key - iPhone, iPad or Mac, whatever. Then the data can be shipped to Apple. Apple can re-encrypt it there while at rest or in transit (e.g. ssl etc) if they wish (doesn't hurt to do so) but then Apple does not have the keys to provide to anyone. Sure, they can provide the raw data, but the keys are on your device.
It is the same principle they apply to iOS - the device is encrypted using keys that are retained on the device which can be unlocked with various methods of authentication on the device.
Just as you don't provide your iOS device keys to anyone, Apple shouldn't be able to provide the keys to information from that device.
At minimum give people the option to do so. Otherwise, saying it is "encrypted" is pretty meaningless when Apple has the keys and can release them - under court order, an employee stealing them, negligence, someone hacking their servers etc.
When Apple does that they become an even larger target. Sure, someone could try to hack my phone, but in the end they have my data. If they hack, pay off an employee etc, they get access to 1.3 billion (per Apple as of January 2018) iOS devices. Plus potentially Macs. That is a huge target with a huge payoff if successful.
Because they don't collect information "just because". You ELECT to hand-over data to Apple. Hint: You don't HAVE to. I don't. AFAICT, Apple has ZERO of my photos, emails, unencrypted iMessages, etc, because I ELECT to "Opt Out" of iCloud services across ALL my Apple devices.
Anything stored on iCloud is encrypted using Apple's keys. It's one of the reasons (apart from the price) I don't use it and store all my backups and photos locally.
That is not true at least as far as the state-of-the-art computer science community is concerned. Unless someone has solved P=NP and managed to keep it quite even a quantum computer won't be a lot of help there. Or unless someone is using something like the Dual_EC_DRBG with a NSA etc embedded backdoor and the algorithms used are non-proprietary, mitigating that risk.
Apple can do better - don't use keys they control. As above that makes them a huge target for crooks and governments (perhaps redundant). If someone in country X can figure out which employees have access to the keys and I offer them $100 million in an anonymous bank account for a printout or screenshot, there will certainly be a large number of people who won't take the offer, but it only takes one person to take it and then EVERY iCloud backup etc is vulnerable.
You know what, that's a fun argument. "I don't have to use a computer therefore no-one has any computer based information on me" /s.
I mean you are entirely right if you're saying as soon as "X" uses "Y" then according to T&Cs they choose to give their info to "Z" but if they're not happy with that then don't.