Apple says incapable of decrypting iOS 8 user data, even for government agencies

Posted:
in General Discussion edited May 2015
Among the privacy policies outlined by Apple in a new privacy policy webpage on Wednesday is an iOS 8 feature that makes it technically impossible for the company to decrypt a device to harvest user data, even if law enforcement agencies request it.




As noted by The Washington Post, iOS 8 marks a new, more aggressive stance in protecting customer data from prying eyes, as Apple engineered an encryption system even it is unable to break.

In a document (PDF link) meant to guide law enforcement officers in requesting user information, Apple notes that it no longer stores encryption keys for devices with iOS 8, meaning agencies are unable to gain access even with a valid search warrant. This includes data store on a physical device protected by a passcode, including photos, call history, contacts and more.

"Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data," Apple said on its new webpage dedicated to privacy policies. "So it's not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8."

The safeguards do not apply to other services including iCloud, however, meaning any data stored offsite is fair game for government seizure. Still, the security implementation will likely be seen as a step in the right direction, especially given the current political climate following revelations of governmental "snooping" activities.

In an open letter to consumers posted on Apple's new privacy policies webpage, CEO Tim Cook reaffirmed the company's stance on personal data, saying the company does not allow server backdoors and only handles with legitimate requests backed by the proper authorities.

"I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services," Cook wrote, adding, "We have also never allowed access to our servers. And we never will."
«1345

Comments

  • Reply 1 of 87
    THis is an awesome claim Android will never be able to make.
  • Reply 2 of 87
    The safeguards do not apply to other services including iCloud, however, meaning any data stored offsite is fair game for government seizure. Still, the security implementation will likely be seen as a step in the right direction, especially given the current political climate surrounding government "snooping."

    What about iCloud backups?
  • Reply 3 of 87
    A little disingenuous of Cook since almost all of this data is duplicated in iCloud, that is within the government's reach.
  • Reply 4 of 87

    Cool, iOS 8, the system for terrorists!

  • Reply 5 of 87
    iaeen wrote: »
    What about iCloud backups?

    Did you bother to read the story?
  • Reply 6 of 87
    justbobf wrote: »
    A little disingenuous of Cook since almost all of this data is duplicated in iCloud, that is within the government's reach.

    You too... Read the story.
  • Reply 7 of 87

    What part of the story that you read did you not understand? "The safeguards do not apply to other services including iCloud, however, meaning any data stored offsite is fair game for government seizure."

  • Reply 8 of 87
    Doesn't work for iCloud backups but that's still more secure than any other [B]consumer smartphone[/B] platform.

    Update: added clarification I was referring to "consumer smartphone platforms" (iOS, Android, Windows Phone) as it apparently wasn't clear enough to some despite the context of the article...
  • Reply 9 of 87

    What it comes down to is this. Anything you store in the cloud is lawfully accessible by any government agency with a warrant (and as we have found out with the NSA lately, without a warrant). iCloud Keychain, credit cards, photos, everything. It's up to the user, who almost everyone taps on "Accept" when "reading" the license agreement to be responsible.

  • Reply 10 of 87

    Maybe the 128GB phones will be more popular for those who don't want any cloud storage and government snooping. Right now, the iPhone with iOS 8 sounds like the most secure data device in the entire world.

  • Reply 11 of 87

    Is it accurate to say that device encryption on iOS 8 now works like OS X FileVault, where the encryption key is derived entirely from the user's input? The article seems to suggest that Apple was previously able to grant device access to law enforcement without brute-forcing the user's password. How was the key derived in previous versions of iOS?

  • Reply 12 of 87
    adamcadamc Posts: 572member
    Quote:

    Originally Posted by bdkennedy1 View Post

     

    What it comes down to is this. Anything you store in the cloud is lawfully accessible by any government agency with a warrant (and as we have found out with the NSA lately, without a warrant). iCloud Keychain, credit cards, photos, everything. It's up to the user, who almost everyone taps on "Accept" when "reading" the license agreement to be responsible.


    You need not back up to cloud if you want your information to stay confidential.

     

    Perhaps it is pertaining to iMessages more than anything else.

  • Reply 13 of 87
    Quote:

    Originally Posted by Lolliver View Post



    Doesn't work for iCloud backups but that's still more secure than any other platform.

    You are overstating your case rather dramatically. It's simply ridiculous to claim the Apple Platform is "more secure than any other platform" without being more specific about what the hell you are talking about. Seems that security is not your home turf.

  • Reply 14 of 87
    slurpyslurpy Posts: 5,141member
    Quote:

    Originally Posted by Taniwha View Post

     

    You are overstating your case rather dramatically. It's simply ridiculous to claim the Apple Platform is "more secure than any other platform" without being more specific about what the hell you are talking about. Seems that security is not your home turf.


     

    Uh, chill the hell out. I'm sure he was implying "consumer" platform, ie. a platform a normal person would conceivably use. You know, compared to Android/Windows phone devices? If you disagree with his statement, then please, enlighten us as to more secure platforms, instead of mocking him. The point is, if you care about security/privacy, choosing an iPhone as a smartphone is probably a better bet than anything else. 

  • Reply 15 of 87
    Did you bother to read the story?

    Take into account that, if Apple has the capability to reset your password without loss of encrypted backup data, it means that Apple has full access to backup data. Plain and simple.
  • Reply 16 of 87
    justbobf wrote: »
    A little disingenuous of Cook since almost all of this data is duplicated in iCloud, that is within the government's reach.
    Not everyone uses the cloud for backups - my current backup (via hard wire was ~50 gigs). My DSL speeds are too slow to make cloud backups a realistic choice. I have very little data on the cloud - I pick and choose what info I am willing to risk. I don't know what most people do, but, unless I'm missing something, every Apple customer has the ability to limit their exposure..
  • Reply 17 of 87
    trydtryd Posts: 135member

    If you are concerned about backups of your iOS device on iCloud, just keep your backups local to your computer.

  • Reply 18 of 87
    Quote:

    Originally Posted by iaeen View Post





    What about iCloud backups?

     

    iCloud backups are also encrypted. Thus Apple cannot decrypt them.

    Even on your Mac or PC, when backing up your iPhone, you have the option to encrypt your backup.

    Apple does not have access to your key and can't decrypt your data.

  • Reply 19 of 87
    Quote:

    Originally Posted by bdkennedy1 View Post

     

    What it comes down to is this. Anything you store in the cloud is lawfully accessible by any government agency with a warrant (and as we have found out with the NSA lately, without a warrant). iCloud Keychain, credit cards, photos, everything. It's up to the user, who almost everyone taps on "Accept" when "reading" the license agreement to be responsible.


     

    BUT... Apple cannot help the government decrypt your data.  Your data is encrypted.  So long as you choose a strong password, the government will have a difficult time getting your data without your consent.  That is the whole point of encryption.

  • Reply 20 of 87
    tenlytenly Posts: 707member
    bradipao wrote: »
    Take into account that, if Apple has the capability to reset your password without loss of encrypted backup data, it means that Apple has full access to backup data. Plain and simple.

    That's a good point. How does this actually get handled? If the backup file were encrypted with the same encryption they are claiming is used on the physical phone, you wouldn't be able to restore it if a password reset had occurred in-between backup and restore. And if it's not the same encryption, then it doesn't matter how strongly the data is encrypted on the device...the iCloud backup would be available to law enforcement with a proper warrant...
Sign In or Register to comment.