But where does it say that Apple actually DECRYPTS the data before handing it over?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple to Launch a Global Law Enforcement Web Portal to Streamline Data Requests by End of 2018 [Updated]
- Thread starter MacRumors
- Start date
- Sort by reaction score
Seems we have different definitions to what “being the product”. Does apple’s revenue depend on me buying hardware from them or them having access to my digital life and then delivering ads?
If it’s the former then I am not the product. Apple’s revenue does not depend on my personal information.
So therefore, to Apple I am not the product.
That was the point. They are using their keys so everything is vulnerable. Apple needs to use keys other than their own.
I'm actually a little surprised at this. I was under the impression that iCloud data was end-end encrypted.
But then again, I OPT-OUT of using iCloud for ANYTHING across all my Apple devices. Seems like I made the wise choice...
[doublepost=1536253757][/doublepost]
You are conflating some stuff there, buddy.
I don't say that NO ONE has info on me. I use Gmail for some stuff, FFS! ;-)
I just said APPLE doesn't, AFAICT, have any ICLOUD data "on me" to "hand over".
I wish that was the case, but...
Given (a) it is court ordered, and (b) Apple states they retain the keys for data stored there if Apple only provided the encrypted data while retaining the keys, they would be in contempt of court and subject to sanctions. The only way that they could avoid providing the decrypted information was with the defense of impossibility - which is a defense against a contempt of court proceeding.
Just look what they say and compare this with regard to iOS devices:
For all devices running iOS 8.0 and later versions, Apple is unable to perform an iOS device data extraction as the data typically sought by law enforcement is encrypted, and Apple does not possess the encryption key.
with this:
Apple retains the encryption keys in its U.S. data centers.
...
The following information may be available from iCloud:
iii. Email Content and Other iCloud Content. My Photo Stream, iCloud Photo Library, iCloud Drive, Contacts, Calendars, Bookmarks, Safari Browsing History, Maps Search History, Messages, iOS Device Backups
iCloud stores content for the services that the subscriber has elected to maintain in the account while the subscriber’s account remains active. Apple does not retain deleted content once it is cleared from Apple’s servers. iCloud content may include email, stored photos, documents, contacts, calendars, bookmarks, Safari browsing history, Maps Search History, Messages and iOS device backups. iOS device backups may include photos and videos in the Camera Roll, device settings, app data, iMessage, Business Chat, SMS, and MMS messages and voicemail. All iCloud content data stored by Apple is encrypted at the location of the server. When third-party vendors are used to store data, Apple never gives them the keys. Apple retains the encryption keys in its U.S. data centers. iCloud content, as it exists in the subscriber’s account, may be provided in response to a search warrant issued upon a showing of probable cause.
Expecting Apple to start hearing the phrase "for reasons of national security" which essentially throws the back door wide open. The world is moving in a dangerous direction.
Never used the icloud, and now...never will.
Never used the icloud, and now...never will.
Well, this article only covers the request for stored cloud data. It seems clear that Apple have worked hard on other aspects of privacy, especially device privacy and web privacy: -
- Secure Enclave since iPhone 5s making it impossible to retrieve keys. This was well ahead of the competition
- Class leading biometrics
- Hardware accelerated AES encryption since the 5s making a truly secure fast remote wipe possible.
- The public and controversial refusal to backdoor iOS under legal pressure
- iMessage is truly end to end encrypted and cannot be intercepted by anyone, including Apple (if you don’t back up messages to iCloud they cannot be read by anyone, ever)
- FaceTime is truly end to end encrypted and cannot be intercepted by anyone, including Apple
- Early on Do Not Track
- Early on Cross Site Tracking
- iOS 12 has a whole slew of technologies to reduce the ability to fingerprint and track, both active (informing the user and requesting consent) and passive (silent anonymisation)
- Improved password management and 3rd party password management integration
- Constant improvements to in-hand device attacks
- The very design and nature of iOS itself
I mean it’s pretty clear that security and privacy are things that Apple spends a lot of time thinking about and working on.
[doublepost=1536254327][/doublepost]
This portal changes nothing. The same legal requests that were required yesterday, and the year before, and the year before etc. are still required today and in the future. If it’s truly a concern for you, you should not use any Cloud storage as they are all subject to the same requirements.
what ya talkin' bout? Apple has always given your data to the government upon request. Nothing new here.
This is the beginning of the end, if all people think like this, slowly and gradually you give up your life.
As for the terrorists, how many people die of terrorist attack annually, not a lot, if nobody would be afraid of terrorists there wouldn't even be terrorist attacks.
I am a travelled guy, been in place like Pakistan, Iran, Mexico, El Salvador amongst many more, most of them are relatively safe, Iran for instance is one off the best places I have been to while El Salvador was certainly not the safest place on earth but stayed in towns which were both beautiful and safe.
As if the states is safe.
I travelled on a pushbike for 5 years, after two years without any problems I decided to visit home in Europe, I had to camp before I got back to my hometown, guess what, I got hassled the first night in Europe.
You are just paranoid, the world is a lot more beautiful and less hostile than you think, get out there, you might change your mind.
The bottom line is, if you're worried about this sort of thing, you shouldn't own a cellphone. Any cellphone. Hell, you probably shouldn't even be on the internet right now.
What is missing here is how Apple will verify that any given request is legal.
Also this is a great portal for hackers to concentrate on.
Also this is a great portal for hackers to concentrate on.
I was thinking the same thing. Apple was fooled before by social hackers...no less.
Good! Right now, if you're in law enforcement and you want to send a request or court order to Apple, there's a lot of pages you have to dig through to find out how to send the request or court order. A web portal, such as the one Facebook has (http://www.facebook.com/records/) or any number of banks maintain, makes it easier for law enforcement to get their request or court order to Apple.
This does not change the likelihood of your data being unlawfully disclosed though. This is not a backdoor. It's just a portal to submit lawful requests that can be denied if not in compliance with the law.
This does not change the likelihood of your data being unlawfully disclosed though. This is not a backdoor. It's just a portal to submit lawful requests that can be denied if not in compliance with the law.
Maybe, but not necessarily....
My take on this, given all of what Apple has said and done until now? I think they're trying to justify keeping strong encryption on their devices and a stance that they won't aid law enforcement or government in essentially breaking those security measures as a way to obtain information.
This is the flip-side of all of that; saying "Look... just because we want to ensure integrity of our passwords and encryption doesn't mean we're trying to help criminals get away with stuff. If you get court ordered search warrants and the like, we have a process so we can work within those legal parameters, without you needing to try to crack our hardware or software."
That wouldn't be a back door at all. More like a front door with a security guard in front of it who will let you through, even if you're not a "regular customer", but only if you have the right papers and justification to get in.
My take on this, given all of what Apple has said and done until now? I think they're trying to justify keeping strong encryption on their devices and a stance that they won't aid law enforcement or government in essentially breaking those security measures as a way to obtain information.
This is the flip-side of all of that; saying "Look... just because we want to ensure integrity of our passwords and encryption doesn't mean we're trying to help criminals get away with stuff. If you get court ordered search warrants and the like, we have a process so we can work within those legal parameters, without you needing to try to crack our hardware or software."
That wouldn't be a back door at all. More like a front door with a security guard in front of it who will let you through, even if you're not a "regular customer", but only if you have the right papers and justification to get in.
Funny how some people are concerned with privacy and yet they post so freely of everything of what they do on the social media. It's simple. If you committed, committing or planning to commit a crime, then expect to find yourself under a microscope.
2012 for one:
https://mashable.com/2012/08/05/hacker-icloud/#VUlEbgBTLuqd
Obviously it is more difficult with 2FA etc now, but the principle is the same. With enough time and effort eventually social engineering can work.
Gigabit is now available where I live. Maybe I'll just build my own web server. Too bad you can't opt to have core iOS services run on your own machine. Imagine if you could just run a single or family user iCloud Web Service license for a one time $499 fee. I'd be all over that. Just install iCloud services on your own box. Might not be as redundant (fire, tornado) and wouldn't have a CDN but I'm usually not too far from home and the privacy would be worth it.
They should be, after all no company is above the law. It's much more beneficial for any company to be "friends" or be in good terms with the gov/current administration than to be an annoyance to them.