“Apple said Wednesday night that it is making it impossible for the company to turn over data from most iPhones or iPads to police — even when they have a search warrant — taking a hard new line as tech companies attempt to blunt allegations that they have too readily participated in government efforts to collect user information,” Craig Timberg reports for The Washington Post.
“The move, announced with the publication of a new privacy policy tied to the release of Apple’s latest mobile operating system, iOS 8, amounts to an engineering solution to a legal quandary,” Timberg reports. “Rather than comply with binding court orders, Apple has reworked its latest encryption in a way that prevents the company — or anyone but the device’s owner — from gaining access to the vast troves of user data typically stored on smartphones or tablet computers.”
“Apple once maintained the ability to unlock some content on devices for legally binding police requests but will no longer do so for iOS 8, it said in the new privacy policy,” Timberg reports. “‘Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data,’” Apple said on its Web site. ‘So it’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.'”
One important note: your data is basically absolutely secure and private now only if you are not using iCloud.
Apple still has the key for your iCloud data to ensure recoverability of your data if you forget your password.
The best solution in the future would be offering opt-out option with Apple not having keys for your iCloud data at all at the expense you being never able to recover your data if you forget password.
For now, there is no such option yet, but if you can live without iCloud syncing and archiving functionality, you can be nearly perfectly safe in your privacy since it would take forever to brute-force your iPhone/iPad if government or other bad guys would want to see your data.
Actually Apple offers two step verification for iCloud accounts and Apple IDs (often the same account). With two step verification Apple can not help you recover your password. They give you a key that you can use and if you ever lose it, no one can reset your password.
Apple has the keys to your iCloud data, they even write it in the latest security statement. Two-factor verification does not change this fact at all, it is about providing password/recovery for you or a third-party, and failing in one of the factors will break your ability to recover your data only for you, not for Apple. It is just matter of policy, not feasibility.
But, as I wrote, there is road to the future with option where Apple would not have keys at all (no matter how many step verifications takes).
How much of an idiot are you. Apple generates the unlock key and gives it to you. You must provide them with that key. They don’t have it. Without it, neither they or anyone else has any chance in any reasonable time to get your data. It’s estimated brute force on a 128 bit encryption would take something over two billion years to break. . . with a modern supercomputer of circa 2012.
What part of “Apple just said they don’t have your keys at all,” do you fail to understand?
That is not true, ders. You upload your encrypted data to icloud, not unencrypted data. Apple anonymizes it further, adds additional 256 bit encryption for which they do have a key, and stores it until you require access. It is then unencrypted and your encrypted data is returned to your device which will then apply your key and do the final description. Apple does not have that key, and cannot get it. You don’t know what you are FUDing about.
A user’s personal responsibility does not eliminate the need for the manufacturer/service provider from providing security and privacy. The problem is that there is no law protecting consumers — after all, the same large corporations that own legislatures around the world also are the ones who want all your data. You know, to keep you “safe” and to provide you “relevant information”.
Foisting excessive responsibility on companies you have chosen to deal with would be unreasonable.. Part of a person’s responsibility for security and privacy starts at that choice. Some of Siri’s capabilities make me wonder how much of what you tell Siri is actually secure.. (e.g. remembering your relationships, the searches you request it to make, etc.) Basically you choose to stay or go based on your tolerance to the amount of privacy you give up for the value of the services you receive.
Read the article: “Apple will still have the ability — and the legal responsibility — to turn over user data stored elsewhere, such as in its iCloud service, which typically includes backups of photos, videos, e-mail communications, music collections and more. Users who want to prevent all forms of police access to their information will have to adjust settings in a way that blocks data from flowing to iCloud.”
The way I read it data backed up on your device is good, and on your computer if encrypted is good as well. The iCloud information can be accessed.
The only encryption you’re going to see in iCloud (so far) is what you yourself provide BEFORE uploading the data. The easy way Apple provide for doing this is to create an encrypted sparsedisk or better yet sparse bundle disk image, create a nasty unguessable key for it, keep the key in your head ONLY, toss your data onto the disk image then upload that disk image. Encrypted disk images can be created inside Apple’s Disk Utility found in the Utilities folder of every Mac.
As for ‘trust no one’, client side encrypted backup services to the cloud that do NOT share client keys with the server, there are a few different services that qualify. Arq, SpiderOak, Carbonite and BackBlaze (which I currently use) are all options. With time, there will be more.
I guess for the first time ever NO ONE but you will be responsible for your device’s data access but you. No tech help to recover any data on the device, simply factory reset and gain access to what ever you were able to sync elsewhere. Double edged sword there. 😛
Getting average people to understand backing up data is tough enough. I tell folks, plain and simply and cold, if you don’t back up, you get what you deserve when your drive fails. Try explaining tracking cookies and encryption to average folks and you realize you’re attempting to talk through impenetrable fog. This really is the point where technology leaps high over the heads of most folks. Then they turn on the technology and blame it for messing up their lives.
It’s even worse when the technology is entirely out of their hands and it really does turn on them and wreck their lives thanks to worthless IT doofuses. Just today, Home Depot tentatively admitted that maybe 56 MILLION customer accounts have been stolen thanks to their ignoring the malware attacks on Windows XP Embedded run POS (point of sale) devices. Scan your card on infected machines and you’ve been PWNed. There is no excuse for this abuse of people’s lives by way of bad technology by way of bad technologists.
Off on a rant. Sorry. But that’s what I see going on.
House… Hmmm. It takes a locksmith 3 seconds with a pump gun to unlock my house. 5 seconds with a slim Jim for my car. And, yes, many banks keep a copy of your SD box key.
If you’re not doing anything wrong then you should have nothing to hide. If you close the curtains in your house at night, you must be committing a crime. /s
I close my curtains at night as a selfless act of community service. There is nothing worse than the sound of a peeping Tom shrieking while running down an alley after seeing me with my shirt off. lol
This is pure rubbish! The suggestion that the desire for privacy means you have something to hide is utterly ridiculous. Do you want the police rummaging through your closets whenever they feel like it just because nothing illegal is hidden there? Get a clue, moron.
On the contrary, the conservative trusts people far more than the left. We trust people to make their own decisions without government overseers, regulation, and control.
The bullshit argument “If you’ve got nothing to hide, you’ve got nothing to fear” has been foisted on victim citizens since the creation of the first totalitarian state. The most infamous recent perpetration of the bullshit was by former Google CEO Eric T. Mole (alias ‘Eric Schmidt’). His rendition:
If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place
Wikipedia provides a discussion of this bullshit statement here:
MDN also uses lots of new or invented acronyms that flummox plenty of us and aren’t going immediately going to show up anywhere on the search engines. The best search results end up with links right back to MDN.
I wonder how much of this decision was “FIGHT THE POWER!” and how much was “How can we get the government agencies to leave us the hell alone?” Make it impossible for the company to unlock a phone, and they don’t have to worry about being asked to unlock phones.
Those who say “Apple is helping the Terrorists!!!” smacks of the people who complained about those who hid Jews from the Nazis in the 1930’s and 1940’s Europe.
If we give up our freedoms in the interests of security from the terrorists, becoming a police state, out of fear, then the terrorists have achieved their objective. . . They’ve spread terror. And we’ve become less than we were. We are no longer free.
I, for one, am willing to accept risk in the world for freedom. I will watch out for me, and thee.
Actually, they are. In democracies, the liberties granted in their constitutions were only achieved after much negotiation and amendments. And any decent constitution has a mechanism for updating it — a reality that few people seem to realize when they pine for the old days. Change & progress is inevitable, and it is up to a civilization to keep its guiding principles updated accordingly. For example: when the US constitution was written, political parties and corporations did not exist. Now these legal entities have taken over the governing mechanisms of the nation and caused gridlock and divisionism that is literally tearing the nation apart. The constitution is long overdue for amendments to correct these faults: eliminate gerrymandering, eliminate “person” status for corporations, and ensure that all elections are instant-runoff electronic voting funded and organized by the government, not by two self-serving and corrupt political parties that eliminate all independent ideas and candidates from participation.
The Constitution does not give us our rights; it only helps guarantee them. No change to the Constitution can ever deny us our rights. They are indeed nonnegotiable.
1- Ciivil liberties are intrinsic to all people. If you are religious call it god given. If you are an agnostic like me, call it intrinsic.
2- All government authority is given to it by the people. It is not given by the government- it is given TO the government. We have the right to take it back, sometimes by means the government may not be happy with.
3- The national government and all subordinate governments have a responsibility to protect and respect the intrinsic rights of the citizen. No responsibility is higher- even national security.
Most lawyers and many government officials will laugh at you if you tell them this, but this is the system founded by our basic law. The bullshit opinions of secret courts are illegal as are judicial review decisions pulled out of some justice’s ass -for example, corporate personhood. This shit goes on because Joe/Jane 6 pack let it go on.
Apple goes for the jugular of competitors with a slow but well planned and executed strategy to undermine the raison d’être of the competitor. First Microsoft, now Google.
Google’s raison d’être is exploitation of personal information for profit. For Microsoft it was exploitation by monopoly
“‘Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data,’” Apple said on its Web site. ‘So it’s not technically feasible for us to respond …”
See, what’s being said is that *Apple* can’t bypass your code, but their competitors can!!! The nuance is important!
Lol, like Google has any incentive at all to protect a user’s information. The user’s info IS their product/service.
One important note: your data is basically absolutely secure and private now only if you are not using iCloud.
Apple still has the key for your iCloud data to ensure recoverability of your data if you forget your password.
The best solution in the future would be offering opt-out option with Apple not having keys for your iCloud data at all at the expense you being never able to recover your data if you forget password.
For now, there is no such option yet, but if you can live without iCloud syncing and archiving functionality, you can be nearly perfectly safe in your privacy since it would take forever to brute-force your iPhone/iPad if government or other bad guys would want to see your data.
Got a link to any info on this? This is how it used to be but I thought it had changed
Here’s a link:
http://www.washingtonpost.com/business/technology/apple-will-no-longer-unlock-most-iphones-ipads-for-police-even-with-search-warrants/2014/09/17/2612af58-3ed2-11e4-b03f-de718edeb92f_story.html
Actually Apple offers two step verification for iCloud accounts and Apple IDs (often the same account). With two step verification Apple can not help you recover your password. They give you a key that you can use and if you ever lose it, no one can reset your password.
Apple has the keys to your iCloud data, they even write it in the latest security statement. Two-factor verification does not change this fact at all, it is about providing password/recovery for you or a third-party, and failing in one of the factors will break your ability to recover your data only for you, not for Apple. It is just matter of policy, not feasibility.
But, as I wrote, there is road to the future with option where Apple would not have keys at all (no matter how many step verifications takes).
How much of an idiot are you. Apple generates the unlock key and gives it to you. You must provide them with that key. They don’t have it. Without it, neither they or anyone else has any chance in any reasonable time to get your data. It’s estimated brute force on a 128 bit encryption would take something over two billion years to break. . . with a modern supercomputer of circa 2012.
What part of “Apple just said they don’t have your keys at all,” do you fail to understand?
I just read your comment so now that is is on the internet, it must be true. If someone says it on the internet, we all know it is absolutely true.
Ya know . . . on the internet = TRUE, right?
That is not true, ders. You upload your encrypted data to icloud, not unencrypted data. Apple anonymizes it further, adds additional 256 bit encryption for which they do have a key, and stores it until you require access. It is then unencrypted and your encrypted data is returned to your device which will then apply your key and do the final description. Apple does not have that key, and cannot get it. You don’t know what you are FUDing about.
This. Is. Spectacular.
It will be nteresting to see how Google or Amazon respond. Their whole business model is built around accessing your data and selling it to others.
timbo
China Inc. will not be pleased.
It should always have been a matter of personal responsibility, not a manufacturer’s obeisance.
A user’s personal responsibility does not eliminate the need for the manufacturer/service provider from providing security and privacy. The problem is that there is no law protecting consumers — after all, the same large corporations that own legislatures around the world also are the ones who want all your data. You know, to keep you “safe” and to provide you “relevant information”.
Foisting excessive responsibility on companies you have chosen to deal with would be unreasonable.. Part of a person’s responsibility for security and privacy starts at that choice. Some of Siri’s capabilities make me wonder how much of what you tell Siri is actually secure.. (e.g. remembering your relationships, the searches you request it to make, etc.) Basically you choose to stay or go based on your tolerance to the amount of privacy you give up for the value of the services you receive.
How is this affected if you backup your data to your computer? And iCloud? Are those also encrypted, and cannot be accessed?
Read the article: “Apple will still have the ability — and the legal responsibility — to turn over user data stored elsewhere, such as in its iCloud service, which typically includes backups of photos, videos, e-mail communications, music collections and more. Users who want to prevent all forms of police access to their information will have to adjust settings in a way that blocks data from flowing to iCloud.”
The way I read it data backed up on your device is good, and on your computer if encrypted is good as well. The iCloud information can be accessed.
The only encryption you’re going to see in iCloud (so far) is what you yourself provide BEFORE uploading the data. The easy way Apple provide for doing this is to create an encrypted sparsedisk or better yet sparse bundle disk image, create a nasty unguessable key for it, keep the key in your head ONLY, toss your data onto the disk image then upload that disk image. Encrypted disk images can be created inside Apple’s Disk Utility found in the Utilities folder of every Mac.
As for ‘trust no one’, client side encrypted backup services to the cloud that do NOT share client keys with the server, there are a few different services that qualify. Arq, SpiderOak, Carbonite and BackBlaze (which I currently use) are all options. With time, there will be more.
I guess for the first time ever NO ONE but you will be responsible for your device’s data access but you. No tech help to recover any data on the device, simply factory reset and gain access to what ever you were able to sync elsewhere. Double edged sword there. 😛
Getting average people to understand backing up data is tough enough. I tell folks, plain and simply and cold, if you don’t back up, you get what you deserve when your drive fails. Try explaining tracking cookies and encryption to average folks and you realize you’re attempting to talk through impenetrable fog. This really is the point where technology leaps high over the heads of most folks. Then they turn on the technology and blame it for messing up their lives.
It’s even worse when the technology is entirely out of their hands and it really does turn on them and wreck their lives thanks to worthless IT doofuses. Just today, Home Depot tentatively admitted that maybe 56 MILLION customer accounts have been stolen thanks to their ignoring the malware attacks on Windows XP Embedded run POS (point of sale) devices. Scan your card on infected machines and you’ve been PWNed. There is no excuse for this abuse of people’s lives by way of bad technology by way of bad technologists.
Off on a rant. Sorry. But that’s what I see going on.
Oh and ARR! It’s Talk Like A Pirate Day!
Send Tim Cook to Gitmo!
Oh, my head hur
BOOM
And I still find it amazing that people think this idea is horrible, if you check out the comments section on the article.
Do you give the government an extra set of keys when you buy a house? Or car? Or safe deposit box?
Sheesh.
House… Hmmm. It takes a locksmith 3 seconds with a pump gun to unlock my house. 5 seconds with a slim Jim for my car. And, yes, many banks keep a copy of your SD box key.
So, what are you saying?
Bravo!! This is a very smart Apple-style response to a maddening issue. Resolved, period. Fantastic strategy on Tim’s part.
If you’re not doing anything wrong then you should have nothing to hide. If you close the curtains in your house at night, you must be committing a crime. /s
I close my curtains at night as a selfless act of community service. There is nothing worse than the sound of a peeping Tom shrieking while running down an alley after seeing me with my shirt off. lol
I have nothing to hide. You can see anything you like but I could become a criminal if I let you see in public. (Indecent Exposure)
This is pure rubbish! The suggestion that the desire for privacy means you have something to hide is utterly ridiculous. Do you want the police rummaging through your closets whenever they feel like it just because nothing illegal is hidden there? Get a clue, moron.
Sarcasm not detected, young padewan?
The force is weak in you
the best thing about right wing is not trusting government
The best thing about the left wing is trust in people
The worst thing about cars is rust in engines
On the contrary, the conservative trusts people far more than the left. We trust people to make their own decisions without government overseers, regulation, and control.
omalansky, you remind me of me as a newbie.
“/s” means the comment author is being SARCASTIC.
The bullshit argument “If you’ve got nothing to hide, you’ve got nothing to fear” has been foisted on victim citizens since the creation of the first totalitarian state. The most infamous recent perpetration of the bullshit was by former Google CEO Eric T. Mole (alias ‘Eric Schmidt’). His rendition:
If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place
Wikipedia provides a discussion of this bullshit statement here:
http://en.wikipedia.org/wiki/Nothing_to_hide_argument
I don’t think I am a newbie but thanks for the /s explanation. I had no clue and I think at one time I tried to google it without success.
MDN also uses lots of new or invented acronyms that flummox plenty of us and aren’t going immediately going to show up anywhere on the search engines. The best search results end up with links right back to MDN.
I wonder how much of this decision was “FIGHT THE POWER!” and how much was “How can we get the government agencies to leave us the hell alone?” Make it impossible for the company to unlock a phone, and they don’t have to worry about being asked to unlock phones.
——RM
So Apple is helping the the terrorists!!!
If you have nothing to hide, why do you care that the authorities can search your phone? Only criminals or terrorists hide behind the 4th Amendment!
Sarcasm! If you believe the above statements then you should start a campaign to repeal the 4th amendment.
Those who say “Apple is helping the Terrorists!!!” smacks of the people who complained about those who hid Jews from the Nazis in the 1930’s and 1940’s Europe.
If we give up our freedoms in the interests of security from the terrorists, becoming a police state, out of fear, then the terrorists have achieved their objective. . . They’ve spread terror. And we’ve become less than we were. We are no longer free.
I, for one, am willing to accept risk in the world for freedom. I will watch out for me, and thee.
Why should Apple cooperate with Govt’ DOJ and pseudo judges seek to screw Apple any way possible.
Civil liberties are not negotiable.
Actually, they are. In democracies, the liberties granted in their constitutions were only achieved after much negotiation and amendments. And any decent constitution has a mechanism for updating it — a reality that few people seem to realize when they pine for the old days. Change & progress is inevitable, and it is up to a civilization to keep its guiding principles updated accordingly. For example: when the US constitution was written, political parties and corporations did not exist. Now these legal entities have taken over the governing mechanisms of the nation and caused gridlock and divisionism that is literally tearing the nation apart. The constitution is long overdue for amendments to correct these faults: eliminate gerrymandering, eliminate “person” status for corporations, and ensure that all elections are instant-runoff electronic voting funded and organized by the government, not by two self-serving and corrupt political parties that eliminate all independent ideas and candidates from participation.
The Constitution does not give us our rights; it only helps guarantee them. No change to the Constitution can ever deny us our rights. They are indeed nonnegotiable.
Our system is predicated upon a number of things:
1- Ciivil liberties are intrinsic to all people. If you are religious call it god given. If you are an agnostic like me, call it intrinsic.
2- All government authority is given to it by the people. It is not given by the government- it is given TO the government. We have the right to take it back, sometimes by means the government may not be happy with.
3- The national government and all subordinate governments have a responsibility to protect and respect the intrinsic rights of the citizen. No responsibility is higher- even national security.
Most lawyers and many government officials will laugh at you if you tell them this, but this is the system founded by our basic law. The bullshit opinions of secret courts are illegal as are judicial review decisions pulled out of some justice’s ass -for example, corporate personhood. This shit goes on because Joe/Jane 6 pack let it go on.
Apple goes for the jugular of competitors with a slow but well planned and executed strategy to undermine the raison d’être of the competitor. First Microsoft, now Google.
Google’s raison d’être is exploitation of personal information for profit. For Microsoft it was exploitation by monopoly
Wait!
Read more carefully:
“‘Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data,’” Apple said on its Web site. ‘So it’s not technically feasible for us to respond …”
See, what’s being said is that *Apple* can’t bypass your code, but their competitors can!!! The nuance is important!
/s
Nice catch! You must be a lawyer.
Nope, but I stayed at a Holiday Inn Express recently!