Apple Still Has Plenty of Your Data for the Feds

Improved Apple encryption is a welcome step toward thwarting the surveillance state. But it seriously oversold Apple's commitment to privacy.

In a much-publicized open letter last week, Apple CEO Tim Cook pledged to protect user privacy with improved encryption on iPhones and iPads and a hard line toward government agents. It was a huge and welcome step toward thwarting the surveillance state, but it also seriously oversold Apple’s commitment to privacy.

Yes, Apple launched a tough-talking new privacy site and detailed a big improvement to encryption in its mobile operating system iOS 8: Text messages, photos, contacts, and call history are now encrypted with the user’s passcode, whereas previously they were not. This follows encryption improvements by Apple’s competitors Google and Yahoo.

This isn’t the first time that Apple has oversold the security of its products.

But despite these nods to privacy-conscious consumers, Apple still strongly encourages all its users to sign up for and use iCloud, the internet syncing and storage service where Apple has the capability to unlock key data like backups, documents, contacts, and calendar information in response to a government demand. iCloud is also used to sync photos, as a slew of celebrities learned in recent weeks when hackers reaped nude photos from the Apple service. (Celebrity iCloud accounts were compromised when hackers answered security questions correctly or tricked victims into giving up their credentials via “phishing” links, Cook has said.)

While Apple’s harder line on privacy is a welcome change, it’s important to put it in context. Yes, a leading maker of smartphones, tablets, and laptops is now giving users better tools to lock down some of their most sensitive data. But those users have to know what they’re doing to reap the benefits of the new software and hardware — and in particular it helps if they ignore Apple’s own entreaties to share their data more widely.

How Apple locks down your data

Although Apple was listed as an October 2012 addition to NSA’s PRISM program in documents leaked by former NSA contractor Edward Snowden, Cook denied that his company has ever worked with any government to provide special ways to circumvent its security systems.

“I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services,” Cook wrote in his open letter. “We have also never allowed access to our servers. And we never will.”

The most prominent privacy improvement Apple made to its products last week is a new encryption feature built-in to iOS 8.

Since the iPhone 3GS, all iOS devices have supported encrypting personal data such as text messages, photos, emails, contacts, and call history. If you set a passcode it would be used to encrypt some, but not all, of the data on your device. Apple was still able to decrypt some of the data without knowing your passcode.

If law enforcement confiscated your phone and wanted to snoop at certain types of its data, all they would have to do is serve Apple a warrant and to get a copy of said data. A version of Apple’s Legal Process Guidelines for U.S. Law Enforcement dated May 7th, 2014 explains:

Please note the only categories of user generated active files that can be provided to law enforcement, pursuant to a valid search warrant, are: SMS, photos, videos, contacts, audio recording, and call history. Apple cannot provide: email, calendar entries, or any third-party App data.

But if you’re using iOS 8, at least some of that personal data is encrypted using your passcode, namely SMS, photos, contacts, and call history. In their Government Information Requests page, Apple brags that this new feature makes it technically unfeasible to comply with this government request to retrieve such data from an Apple devices:

On devices running iOS 8, your personal data such as photos, messages (including attachments), email, contacts, call history, iTunes content, notes, and reminders is placed under the protection of your passcode. Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data. So it’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.

How Apple makes your data more vulnerable

The improved encryption in iOS 8 is a great move towards protecting consumer privacy and security. But users should be aware that in most cases it doesn’t protect your iOS device from government snoops.

While Apple does not have the crypto keys that can unlock the data on iOS 8 devices, they do have access to your iCloud backup data. Apple encrypts your iCloud data in storage, but they encrypt it with their own key, not with your passcode key, which means that they are able to decrypt it to comply with government requests.

In order to fully enjoy the benefits of keeping your crypto key private, you should also turn off iCloud syncing for any data that you consider private. For example, if you’d like to keep your contact list safe from prying eyes, you might turn off iCloud syncing of contacts. However in this case privacy comes at a price: if your iPhone breaks and you get a new one, Apple won’t be able to restore all of your contacts for you.

But there’s another risk that comes with relying on your passcode for the security of your device: 4-digit PINs are not that hard to guess. Even if you don’t use one of the most commonly used passcodes, weak passcodes are vulnerable to brute force attacks (when the attacker guesses every possible passcode until she finds one that works). For iOS 8’s encryption to really work, you’re better off using a longer passcode that includes letters, numbers, and symbols. And that, of course, makes unlocking your phone a pain. On some devices, you can use Apple’s fingerprint reader to ameliorate that pain, but security researchers have repeatedly shown that the reader can be defeated.

Then there’s the question of video and audio recordings. Apple did not indicate if that personal data is now encrypted with the user passcode (it was not previously). The company did not respond to a request for comment on that question.

This isn’t the first time that Apple has oversold the security of its products. Shortly after the PRISM revelations were published in The Washington Post and The Guardian, Apple denied that it was part of the program and issued a statement claiming that “conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them. Apple cannot decrypt that data.” But security researchers showed that Apple could indeed eavesdrop on iMessage conversations without the user knowing.

The future

Regardless, Apple’s attempts to bring end-to-end encryption to iMessage are leaps ahead of some other popular messaging services, such as Facebook messaging, which doesn’t do anything to prevent Facebook itself from reading your conversations. At least not yet. At the moment, privacy seems to be enjoying a resurgence; since the Snowden revelations began, both Google and Yahoo have started to build end-to-end encryption into their email services, making them less vulnerable to government requests for data as well. What remains to be seen, for Apple and all the others, is how deep beneath the surface, and into their own infrastructure, tech giants will be willing to go. For Apple, as for its competitors, there is still plenty of work to be done.

Photo: Vincent Yu/AP

Join The Conversation