What Apple surrenders to law enforcement when issued a subpoena

Posted:
in General Discussion edited June 2020
Apple won't unlock iPhones or other devices for law enforcement, but it can and will provide substantial data about a user when it gets a subpoena. Here's what Apple has access to you from your device -- and what it doesn't.

Attorney General William Barr with President Donald Trump
Attorney General William Barr with President Donald Trump


Apple is not going to casually surrender information about any of its users to anyone. However, if law enforcement has a legal warrant or if the company is asked to help following an incident like the San Bernardino shootings, Apple has provided data. It's just that in this case, the data isn't seemingly enough for the authorities -- yet it is genuinely the absolute most that Apple is capable of providing.

Short of introducing backdoors into iOS and macOS, as governments around the world regularly request, Apple has less data stored about you than it could because of technical limitations. They are limitations that Apple itself has created, but it's done so in order to protect the privacy of citizens.

Destroying that privacy by forging a backdoor in order to allow access to the data of criminals would destroy it for everyone. Defenders say that this backdoor could be kept secure -- but if the NSA can't keep its own penetration tools safe, this seems like a specious claim. At least for the moment, then, and despite Apple's common sense argument, US Attorney General William Barr appears likely to continue pressing Apple for what he knows it cannot give him.

If your Mac or iPhone is taken by police or federal authorities, this is what they can get from that device or from Apple.

What Apple can provide

Apple can give the authorities the details of your iCloud account and access to any of the data that's on there -- but that data is likely to be encrypted. Apple publishes a list of what data gets stored on iCloud and which of it is encrypted.

So much of what Apple has is encrypted. Your calendar and contact details are encrypted, for instance, as are your Safari bookmarks, your Notes, Photos, Reminders and so on. It's easier to say what isn't encrypted.

Cellebrite's Universal Forensic Extraction Device, a tool used to acquire data from connected smartphones
Cellebrite's Universal Forensic Extraction Device, a tool used to acquire data from connected smartphones


Out of everything from your health data to your photos and contacts, the only data not encrypted is Mail and text messages. That's not the same thing as iMessages: Apple does encrypt iMessages both as they are in transit - transmitted or received - and then when they are on Apple's servers.

Mail is encrypted in transit, but not at rest. "Consistent with standard industry practice," says Apple, "iCloud does not encrypt data stored on IMAP mail servers." There is an option to use encrypted mail, however.

Apple is physically able to give legitimate authorities your data on iCloud as it has the decryption key to much of it, but giving them iMessages means giving them the encrypted iMessages. It's not as if Apple can decrypt them for the government.

Or that's what Apple says, at least. According to data forensics company ElcomSoft, iCloud backups are "inherently much less secure" than users would hope.

"If you have iCloud backups enabled, the encryption key for iMessages will be stored in the backup," the company says in a blog.

"If the "Messages in iCloud" option is enabled, the messages themselves are NOT included in iCloud backups," it continues. "The encryption key, however, will be included and accessible by Apple (like the rest of the iCloud backup) and so available to the law enforcement."

Apple appears to confirm this in its support documentation about Apple Platform Security.

"If the user has enabled iCloud Backup, the CloudKit Service Key used for the Messages in iCloud container is backed up to iCloud to allow the user to recover their messages even if they have lost access to iCloud Keychain and their trusted devices," it says.

If you turn off this iCloud Backup feature, then a new encryption key is generated on your device "to protect future messages." This isn't stored by Apple.

From the iPhone itself

If the device is a modern iPhone, then in theory nothing can be accessed from it. Unless they have the passcode or a suspect unlocks the device for them, there is nothing at all that either law enforcement or Apple can retrieve from the device.

There have been clear exceptions, however, especially with the use of Cellebrite's software and techniques to crack various iPhones. The most recent example of this, however, was the extraction of WhatsApp data from the phone of Lev Parnas -- and that was done with his permission and, seemingly, assistance.

US authorities also use a forensic tool called GrayKey, which reportedly can crack any iPhone. However, it does so by guessing the user's six-digit passcode.

Beyond that, you need the numeric passcode or a biometric one like Touch ID or Face ID to unlock the device.

Apple has been through this before

The current requests from law enforcement are not new. In response to previous ones, Apple has taken steps including a fast-track method for authorities to request what data it can provide. And Apple has also published details of what that data can be, at least within the US.

As well as iCloud data, it is possible for authorities with the correct legal backing to obtain details of a user's interactions with Apple services, such as registration information like name and address.

"Apple does not verify this information," says Apple's law enforcement guidelines, "and it may not be accurate."

On provision of the correct information regarding Apple ID and/or device details, Apple may provide iTunes subscription information. Apple can also provide details of transactions at retail or the online Apple Store, and so on.

Apple will also provide mail logs that include date/time stamps and sending/receiving email addresses, again if served with a court order. In this case, the data is only kept by Apple up to 30 days.

Devices are key

Apple says US Attorney William Barr is wrong to claim it has offered no "substantive assistance" to law enforcement. Since it did hand over iCloud data, Apple's position appears to be true.

It's still the case, though, that not even Apple can unlock a user's device. So, data that is stored there and not backed up to iCloud Drive is out of Apple's reach.



Keep up with AppleInsider by downloading the AppleInsider app for iOS, and follow us on YouTube, Twitter @appleinsider and Facebook for live, late-breaking coverage. You can also check out our official Instagram account for exclusive photos.

Comments

  • Reply 1 of 18
    bbhbbh Posts: 134member
    I, for one, hope I represent the wishes of millions when I say "Bravo Apple". Big Brother's side of 1984 cannot come soon enough for some governments. It is a sad, sad commentary that our government is one of them.
    FLMusicMisterKitearlygeekwatto_cobra
  • Reply 2 of 18
    On top of all of the usual arguments (including the false counter-argument of 'having nothing to hide'.) I have just a simple scepticism: Law enforcement already have enough investigative tools at their disposal, they don't need your phone's data to figure out who you've been speaking with or what you have been planning. Criminal activity leaves plenty of tracks, most of which are more meaningful, easier to follow up upon and fruitfully more detailed than what a could be found in a phone. Criminals who are using their phones to plan criminal activity are also smart enough to avoid directly mentioning the layout of their plans, to cover their tracks and to use additional layers of encryption, which Apple can't help with, no one can.
    edited January 2020 FLMusicwatto_cobra
  • Reply 3 of 18
    cpsrocpsro Posts: 3,205member

    Mail is encrypted in transit, but not at rest. "Consistent with standard industry practice," says Apple, "iCloud does not encrypt data stored on IMAP mail servers." There is an option to use encrypted mail, however.
    Where is the option for encrypted mail made available in iCloud?
    razorpitFileMakerFellerwatto_cobra
  • Reply 4 of 18
    SoliSoli Posts: 10,038member
    Bottom line: If you use an iDevice and a Mac then make sure FoleVault 2 is enabled on your Mac and that all your backups are sent, encrypted, to that Mac, and that each device uses strong passcodes.

    I recommend using the long-press on iOS/iPadOS and the Option key on macOS to create a much stronger password.
    watto_cobra
  • Reply 5 of 18
    The Authorities have many legal resources to make a case against criminals. Physical evidence. Witness testimony. Surveillance. Law abiding citizens in a free society have a reasonable expectation that our private information remains private.
    bestkeptsecretwatto_cobra
  • Reply 6 of 18
    What if I jokingly said in an Apple Note that I killed Jimmy Hoffa. Is this sufficient evidence to send me to jail?
    watto_cobra
  • Reply 7 of 18
    cpsrocpsro Posts: 3,205member
    lkrupp said:
    cpsro said:
    iCloud Backup is not to be trusted. In my adult life, I've never seen a more untrustworthy DoJ as we have now.
    I guess you weren’t around when J. Edgar Hoover was head of the FBI. 
    Oh, were you an adult then?
    anantksundaram
  • Reply 8 of 18
    mknelsonmknelson Posts: 1,128member
    Soli said:
    Bottom line: If you use an iDevice and a Mac then make sure FileVault 2 is enabled on your Mac and that all your backups are sent, encrypted, to that Mac, and that each device uses strong passcodes.

    I recommend using the long-press on iOS/iPadOS and the Option key on macOS to create a much stronger password.
    They can go to court and subpoena a password. AFAIK US courts have ruled against forcing you to use your biometrics.
  • Reply 9 of 18
    macguimacgui Posts: 2,367member
    mknelson said:
    They can go to court and subpoena a password. AFAIK US courts have ruled against forcing you to use your biometrics.
    I think you're wrong on both counts. I don't believe anybody can legally force you, in the US, to surrender your password. And US court have indeed ruled you can be physically be forced to use your biometrics to open your phone.

    There is no SCOTUS decision yet on whether physical force is allowable to use your biometrics against yourself. So most any court is free to rule for or against doing so. As it stands, in some states your blood can forcibly be drawn by medical personnel without a warrant, incident to arrest for DUI. Few medical people will do so but it's allowable, and some states allow the arrest and charging for refusing to draw blood. So drink and drive carefully. Better yet do one or the other but not both.
    svanstromwatto_cobra
  • Reply 10 of 18
    hentaiboyhentaiboy Posts: 1,252member
    Soli said:
    Bottom line: If you use an iDevice and a Mac then make sure FoleVault 2 is enabled on your Mac and that all your backups are sent, encrypted, to that Mac, and that each device uses strong passcodes.

    I recommend using the long-press on iOS/iPadOS and the Option key on macOS to create a much stronger password.
    Bottom line: If your Mac or iPhone is taken by police or federal authorities, then you shouldn't have been doing bad $h1t in the first place. 
  • Reply 11 of 18
    iqatedoiqatedo Posts: 1,824member
    hentaiboy said:
    Soli said:
    Bottom line: If you use an iDevice and a Mac then make sure FoleVault 2 is enabled on your Mac and that all your backups are sent, encrypted, to that Mac, and that each device uses strong passcodes.

    I recommend using the long-press on iOS/iPadOS and the Option key on macOS to create a much stronger password.
    Bottom line: If your Mac or iPhone is taken by police or federal authorities, then you shouldn't have been doing bad $h1t in the first place. 
    In the 1930s in Germany and other parts of Europe, just being Jewish was 'bad $h1t'. Who decides?
    earlygeekanantksundaramrazorpitRayz2016svanstromapres587appleinsideruserwatto_cobra
  • Reply 12 of 18
    SoliSoli Posts: 10,038member
    hentaiboy said:
    Soli said:
    Bottom line: If you use an iDevice and a Mac then make sure FoleVault 2 is enabled on your Mac and that all your backups are sent, encrypted, to that Mac, and that each device uses strong passcodes.

    I recommend using the long-press on iOS/iPadOS and the Option key on macOS to create a much stronger password.
    Bottom line: If your Mac or iPhone is taken by police or federal authorities, then you shouldn't have been doing bad $h1t in the first place. 
    That assumes that you mean that for all gov’ts (and I guarantee you that your beliefs and social actions are in violation of some legal entity somewhere), that you don’t believe citizens should have a right to privacy, and that you believe that these tools aren’t going to be used by bad actors.

    "It is not that I have something to hide... I've got nothing I want you to see"
    watto_cobra
  • Reply 13 of 18
    I think law enforcement has demonstrated over and over again that they can't be trusted to protect our civil liberties. Ever since the Patriot Act, they've run roughshod over our right to privacy and security all in the name of fighting terrorism. Not only that, but there are also those instances where FBI laptops have been stolen, servers have been hacked, etc. There's no way they can be trusted with a pinky-swear that they will not abuse their access to our devices via a backdoor, or that they won't leave the Master Password on a sticky-note on one of their monitor screens, or just have it dropped off in a dumpster when their office is cleaned.

    The other part of this is that US law often sets a precedent for other regimes and governments. If Apple is forced to build a backdoor into their devices in the US, they will have to do it for other countries as well, and there are some governments that will definitely use that access to spy on and round up any dissenters or to shut down protests.
    anantksundaramrazorpitwatto_cobra
  • Reply 14 of 18
    razorpitrazorpit Posts: 1,796member
    I think law enforcement has demonstrated over and over again that they can't be trusted to protect our civil liberties. Ever since the Patriot Act, they've run roughshod over our right to privacy and security all in the name of fighting terrorism. Not only that, but there are also those instances where FBI laptops have been stolen, servers have been hacked, etc. There's no way they can be trusted with a pinky-swear that they will not abuse their access to our devices via a backdoor, or that they won't leave the Master Password on a sticky-note on one of their monitor screens, or just have it dropped off in a dumpster when their office is cleaned.

    The other part of this is that US law often sets a precedent for other regimes and governments. If Apple is forced to build a backdoor into their devices in the US, they will have to do it for other countries as well, and there are some governments that will definitely use that access to spy on and round up any dissenters or to shut down protests.
    The Patriot Act made things easier, but government has been snooping long before that. People have this misconception that one particular administration over another has their best interests in mind. Government only cares about its interests. All those people collecting a government paycheck are not going to do something that would put themselves out of work.
    bbhwatto_cobra
  • Reply 15 of 18
    jdwjdw Posts: 1,363member
    In short, none of us should be using iCloud backups.
    Solisvanstromwatto_cobra
  • Reply 16 of 18
    Joer293Joer293 Posts: 29unconfirmed, member
    I have to bring some reality to this thread. All electronic devices can be cracked, for a price. There are no exceptions, civilian or military. Fed agencies with the funds can and do get through citizen grade iPhones on the regular. Reducing security only affects the discovery price.  The big picture debate is really about who should pay for the forensics and legal discovery efforts. Lawyers generally feel companies, innocent citizens and criminals should pay for the forensics and discovery the lawyer wants. Companies and citizens (and governments being investigated)  believe the opposite. They do not get reimbursed for the expenses.  On the other hand lawyers get reimbursed for everything they do. Expenses can be very very high for discovery. The same goes for every corporate legal discovery. Government lawyers want the ability to collect exorbitant fees and get their discovery work done for free by someone else. I laugh when people think Trump wants Apple to decrypt things for helping solve cases. Trump and all government agents want the price of discovery to go down. What people should be asking is why Trump won’t authorize the agencies that can crack it to lend a hand to other agencies. 
  • Reply 17 of 18
    bbhbbh Posts: 134member
    hentaiboy said:
    Soli said:
    Bottom line: If you use an iDevice and a Mac then make sure FoleVault 2 is enabled on your Mac and that all your backups are sent, encrypted, to that Mac, and that each device uses strong passcodes.

    I recommend using the long-press on iOS/iPadOS and the Option key on macOS to create a much stronger password.
    Bottom line: If your Mac or iPhone is taken by police or federal authorities, then you shouldn't have been doing bad $h1t in the first place. 
    What a specious, ridiculous comment. You are apparently not familiar with the concept of "innocent until proven guilty". An accusation does not mean you have done any "bad $h1t" . There are too many sheep just dying to be shorn of their liberties in our country. Sad.
    watto_cobra
  • Reply 18 of 18
    bbhbbh Posts: 134member

    jdw said:
    In short, none of us should be using iCloud backups.

    At least not for permanent backups. And, that one is easy to fix. There are numerous small, fast, large capacity drives available for permanent backup at home. Just use the cloud for temporary storage until you can offload it to your permanent storage.
Sign In or Register to comment.