Apple Cares About Your Privacy, Unless You Use iCloud
In the end, it's not actually your data to keep
Apple has been lauded this week as crusaders for smartphone privacy, after the federal government compelled the company to install a backdoor into its own software (which Apple promptly denounced).
Despite its refusal, Apple has already divulged a potential trove of private information from the San Bernardino shooter’s phone, which includes the iCloud backups and all associated iCloud data. This is standard practice for Apple, which as a (normally) law-abiding company provides law enforcement with all data relevant to investigations, even extracting information from phones multiple times in the past.
Tim Cook confirmed this protocol in his now-infamous missive “A Message To Our Customers.”
“When the FBI has requested data that’s in our possession, we have provided it. Apple complies with valid subpoenas and search warrants, as we have in the San Bernardino case,” Cook wrote in the letter.
As noted in the court’s original motion, the FBI executed a warrant and obtained iCloud information from Apple, dated until October 19, 2015.
To be clear, there are two concepts in play here: security and privacy. Both are important ideas to consider, but the motivations behind them are separate.
Security is making sure people (the government, Apple, or third parties) don’t have the means to access any device, and privacy is making sure the user data retained on Apple servers are not seen by anyone but the users. In a way, security begets privacy.
This is a different issue than main point of contention between Apple and the federal government, which would be giving the FBI the means to crack a physical device themselves.
Cook also claims in his letter that Apple does keep data secure (which, in this case, is a privacy matter, since it is ensuring whomever has access to data but not integrity of security or encryption).
“For many years, we have used encryption to protect our customers’ personal data because we believe it’s the only way to keep their information safe. We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business,” Cook wrote.
That, by the virtue of the iCloud backups provided to the government, is not entirely true.
In fact, the FBI very well might have data surpassing the October 19 backups mentioned.
iPhones are actually more tied to iCloud than appears on the surface. Users can of course turn of automatic syncing of entire phone backups, and even individual services like syncing notes or future calendar appointments. However, according to a white paper on iOS security released late 2015, other services — i.e. iMessage — use iCloud as an route for data like large messages containing photos and other media.
Depending on iOS version, the method used to send iMessages can only send messages up to 4 KB or 16 KB in size. To be fair, that’s not very large file size limit when sending images or audio or videos. Apple encrypts these with a secure 256-bit key, and sends the communication through iCloud. However, iMessages are queued for delivery in Apply servers, and are stored for up to 30 days on these servers, which means the FBI could have (albeit potentially encrypted) messages from up to the day of the shooting on December 2, 2015.
In the court documents that compel Apple to provide alternative software for the iPhone 5C in question, federal agent Christopher Pluhar vaguely describes what data has actually been recovered from the iCloud services.
“I and other have been able to obtain several iCloud backups for the Subject Device, and I am aware that a warrant was executed to obtain from Apple all saved iCloud data associated with the subject device,” Pluhar writes in his report.
We don’t know that FBI has beyond the vague haze of “all saved iCloud data” and the associated backups before October 19. But based on information about the data the FBI received from the warrant, we can tell they have access to that data, meaning it’s unencrypted to some extent.
The New York Times brings up the same point about unencrypted iCloud backups in its story about Apple CEO Tim Cook’s stance on security.
“Mr. Cook has told colleagues that he still stands by the company’s longstanding plans to encrypt everything stored on Apple’s myriad devices, services and in the cloud, where the bulk of data is still stored unencrypted,” write Katie Benner and Nicole Perlroth.
However, Apple does outline everything that iCloud backs up in the same security document — with every setting turned on, iCloud stores:
- Information about purchased music, movies, TV shows, apps, and books, but not the
- purchased content itself
- Photos and videos in Camera Roll
- Contacts, calendar events, reminders, and notes
- Device settings
- App data
- PDFs and books added to iBooks but not purchased
- Call history
- Home screen and app organization
- iMessage, text (SMS), and MMS messages
- HomeKit data
- HealthKit data
- Visual Voicemail
This is because don’t know which settings the alleged shooter had turned on prior to October 19, or which unintended settings were left on that didn’t fully back up data but instead transmitted data through iCloud. The FBI could also have all of this data as “all saved iCloud data,” as they are only claiming to have iCloud backups (full restore points for the phone) until October 19.
For iPhone users, the San Bernardino case can serve as a wakeup call to where the information you may think only lives on your phone actually goes, and who would have access to that information in case of a court order.
It’s not a terrible thing that Apple has done this, but when thinking about the balance of privacy and security when it comes to Apple’s stance, it’s important to remember that the situation is more nuanced than either Apple or the FBI would care to admit. Also, when storing something on a remote server or cloud, you do lose control of that information.
Apple has not responded to comment.