Apple endorses federal privacy legislation at U.S. Senate hearing
In a U.S. Senate committee hearing Wednesday, Apple's vice president of software technology, Guy "Bud" Tribble, stated Apple's support for legislation, while agreeing that the Federal Trade Commission should hold regulatory authority.

At a hearing of the Senate Committee on Commerce, Science, and Transportation in Washington Wednesday, Tribble testified alongside representatives of Alphabet/Google, Amazon, Twitter, AT&T, and Charter Communications. Throughout, Tribble expressed support for the idea of privacy legislation itself, and gave either qualified or unqualified yesses to most proposals put forward by most Senators.
"I am honored to be with you for this important hearing and to convey Apple's support for comprehensive federal privacy legislation that reflects Apple's longheld view that privacy is a fundamental human right," Tribble said in his opening statement.
"To Apple, privacy means much more than having the right to not share your personal information. Privacy is about putting the user in control when it comes to that information," Tribble continued. "That means that users can decide whether to share personal information and with whom. It means that they understand how that information will be used. Ultimately, privacy is about living in a world where you can trust that your decisions about how your personal information is shared and used are being respected. We believe that privacy is a fundamental human right, which should be supported by both social norms and the law."

"These concepts have guided our design process for years because privacy is a core value at Apple, not an obligation or an aftermarket add-on," Tribble said.
Tribble also made a point of pushing for any new privacy legislation to not place undue burdens on app developers.
"We have an app store with 6 million developers in the U.S., some are small and medium-sized businesses, and [we hope that] the burden will not be on them as to record-keeping, to make sure it's not overburdensome for that class of companies," Tribble said in his testimony. He added that Apple had earlier worked with the Office of the National Coordinator for Health IT (ONC) to help create a "model privacy notice" for app developers in the health space who may not have access to a full legal team, and would interested in coming up with those sorts of solutions in the future.
Tribble agreed with most of the other executives present that the FTC should handle most enforcement for the new privacy regime.
"Apple agrees that the FTC should get the resources they need a part of comprehensive legislation," he said.
Mentioned throughout the hearing was that both the European Union that invoked the General Data Protection Regulation, and the state of California have both passed privacy laws, both of which some tech companies believe are too stringent. The executives discussed whether the federal law will preempt the local one, as well as what disclosures will be required for data sharing.
Facebook was not part of the hearing, although CEO Mark Zuckerberg had testified before the same committee in April.
Broadcast on C-SPAN 3 and streaming online, the hearing was not what would be considered a high-profile proceeding. It was notably non-contentious, although some Republican senators, including Ted Cruz of Texas and Cory Gardner of Colorado, asked pointed questions about Google's China policy near the end of the hearing. Cruz also asked Google chief privacy officer Keith Enright whether Google is working to censor conservatives from search results.
Committee Chairman John Thune (R-S.D.) said at the end of the two-and-a-half-hour proceeding that it was likely the first of multiple "conversations going forward" as the committee works on legislation.

At a hearing of the Senate Committee on Commerce, Science, and Transportation in Washington Wednesday, Tribble testified alongside representatives of Alphabet/Google, Amazon, Twitter, AT&T, and Charter Communications. Throughout, Tribble expressed support for the idea of privacy legislation itself, and gave either qualified or unqualified yesses to most proposals put forward by most Senators.
"I am honored to be with you for this important hearing and to convey Apple's support for comprehensive federal privacy legislation that reflects Apple's longheld view that privacy is a fundamental human right," Tribble said in his opening statement.
"To Apple, privacy means much more than having the right to not share your personal information. Privacy is about putting the user in control when it comes to that information," Tribble continued. "That means that users can decide whether to share personal information and with whom. It means that they understand how that information will be used. Ultimately, privacy is about living in a world where you can trust that your decisions about how your personal information is shared and used are being respected. We believe that privacy is a fundamental human right, which should be supported by both social norms and the law."

"These concepts have guided our design process for years because privacy is a core value at Apple, not an obligation or an aftermarket add-on," Tribble said.
Tribble also made a point of pushing for any new privacy legislation to not place undue burdens on app developers.
"We have an app store with 6 million developers in the U.S., some are small and medium-sized businesses, and [we hope that] the burden will not be on them as to record-keeping, to make sure it's not overburdensome for that class of companies," Tribble said in his testimony. He added that Apple had earlier worked with the Office of the National Coordinator for Health IT (ONC) to help create a "model privacy notice" for app developers in the health space who may not have access to a full legal team, and would interested in coming up with those sorts of solutions in the future.
Tribble agreed with most of the other executives present that the FTC should handle most enforcement for the new privacy regime.
"Apple agrees that the FTC should get the resources they need a part of comprehensive legislation," he said.
Mentioned throughout the hearing was that both the European Union that invoked the General Data Protection Regulation, and the state of California have both passed privacy laws, both of which some tech companies believe are too stringent. The executives discussed whether the federal law will preempt the local one, as well as what disclosures will be required for data sharing.
Facebook was not part of the hearing, although CEO Mark Zuckerberg had testified before the same committee in April.
Broadcast on C-SPAN 3 and streaming online, the hearing was not what would be considered a high-profile proceeding. It was notably non-contentious, although some Republican senators, including Ted Cruz of Texas and Cory Gardner of Colorado, asked pointed questions about Google's China policy near the end of the hearing. Cruz also asked Google chief privacy officer Keith Enright whether Google is working to censor conservatives from search results.
Committee Chairman John Thune (R-S.D.) said at the end of the two-and-a-half-hour proceeding that it was likely the first of multiple "conversations going forward" as the committee works on legislation.
Comments
Facebook and Google must HATE this.
https://www.elcomsoft.com/eppb.html
Isn't that cute. The troll wants to come out and play. What, exactly, does Elcomsoft have to do with privacy? And what does Facebook and Google vacuuming up mountains of data to monetize and make money have to do with Apple?
Or were just sitting around waiting for some article you could spam your link to?
And, btw, that tool you link to explicitly states that it needs your Apple ID and password in order to get at iCloud data. The only thing it can do without that is attempt to extract data from local backups.
Facebook? Correct, they were not there and won't be testifying in this hearing.
For those interested in what all the companies had to say:
https://www.c-span.org/video/?451963-1/google-apple-amazon-tech-companies-testify-data-privacy
I understand local storage has many concerns as well, yet the simple default to offload all data to a central target or 'resource' seems just bizarre logic to me...
I don't care what the policy, EULA or business interests are of Apple at the moment of the day (subject to change), yet more the general logic of so much existing in some foreign land server with the nature and stability of governance in place at the moment...
And the link - no I have no connection, although it surely was easy to find, and raised the question of security settings by default sending so much off site... They do in fact qualify the intent as not to hack, but for recovery, for those that want to rely on such...
...and I am a mac user, and only own mac hardware, just to set the flaming fanboys straight...
Nope: https://support.apple.com/en-us/HT202303
It's for simplicity and convenience. I have three Macs, an iPhone, an iPad, and an Apple Watch. It would be a nightmare trying to manually sync messages, mail, photos, contact information, music, passwords, etc between all those devices. iCloud solves that problem.
But this goes beyond just cloud storage. Personal information also extends to information about what I'm doing on my devices, the places I go with them, etc. Who is allowed what access to that information after its collected? And could such information be directly identified with myself or my devices? Apple's policy on such data collection is here: https://www.apple.com/privacy/approach-to-privacy/
Yet as intimated it isn't current Apple representations that raise questions...
https://foreignpolicy.com/2015/06/01/section-215-patriot-act-expires-surveillance-continues-fisa-court-metadata/
How many will want to trust any US based cloud service given the more recent regulatory and political landscape...?
It sounds like your concerns would be alleviated if you did a bit more reading on Apple's privacy policy and more about cloud technology generally. May I suggest you start with apple.com/privacy?
What do you think all the discussion about China and and iCloud was about?
"No one else, not even Apple, can access end-to-end encrypted information"
If your device encrypts the information and then sends it to an iCloud server where it's stored in that exact same encrypted format, Apple cannot decrypt it. Apple does not have the private encryption key your device used to encrypt the data. Apple would only be able to decrypt the data if you sent it without encryption to the iCloud server where they used their own private encryption key to encrypt it before storing it.
There is one exception, however, noted on that page:
"Messages in iCloud also uses end-to-end encryption. If you have iCloud Backup turned on, your backup includes a copy of the key protecting your Messages. This ensures you can recover your Messages if you lose access to iCloud Keychain and your trusted devices. When you turn off iCloud Backup, a new key is generated on your device to protect future messages and isn't stored by Apple."
So iCloud Backups do include the encryption key used to encrypt your messages. Which, in turn, means that Apple would be able to decrypt those if requested to do so by law enforcement. So turn iCloud Backup off if you truly want to be sure Apple can't decrypt any of your data.
Now, as for what Apple does with iCloud in China, that's a different story. If/when a government mandates that a cloud service be able to decrypt all of the data stored on it, then special provisions need to be put in place to ensure that. But that's not the case in the US (yet).