Among the privacy policies outlined by Apple in a new privacy policy webpage on Wednesday is an iOS 8 feature that makes it technically impossible for the company to decrypt a device to harvest user data, even if law enforcement agencies request it…

In a document (PDF link) meant to guide law enforcement officers in requesting user information, Apple notes that it no longer stores encryption keys for devices with iOS 8, meaning agencies are unable to gain access even with a valid search warrant. This includes data store on a physical device protected by a passcode, including photos, call history, contacts and more.

“Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data,” Apple said on its new webpage dedicated to privacy policies. “So it’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.”

The safeguards do not apply to other services including iCloud, however, meaning any data stored offsite is fair game for government seizure. Still, the security implementation will likely be seen as a step in the right direction, especially given the current political climate following revelations of governmental “snooping” activities.

Overdue. As Edward Snowden suggested, encryption is still one of the best ways to frustrate government snooping.



  1. tdkyo says:

    As someone who is not well versed into the Security business, I am pretty darn sure that Security Now’s Steve Gibson said that technically Apple had the means (Not directly but via some method – sorry for not being precise, the explanation was full of technical vocabs/concepts beyond my abilities) to decrypt user’s data. I believe he called Apple is totally wrong on their claim on this.

  2. Murray says:

    Was Gibson talking about iOS7 or one of the betas of iOS8?

    • Shaunvis says:

      Pretty sure Gibson was talking about 7. Apple is not dumb enough to make a claim like this that could be proven wrong instantly by the community.

      • Russ says:

        I think the point (of Gibson’s reporting) is that while Apple may be doing all that it “can” to block government snooping, users shouldn’t delude themselves into thinking that those protections are absolute. iMessage uses public key encryption, but Apple operates the key store, and thus could easily be compelled to inject a government-issued public key into the conversation, giving the the government access.

        In reality, there’s not much users can ever do to completely protect themselves in any closed environment, since government can always compel a company to deliver specially-crafted software in the guise of a routine “software update”. Even an open-source environment isn’t immune– you thereoretically could check the provenance of every bit of software you download, but who could actually afford to do that?

        The solution will be legal, not technical. What I always find strange is that there are several common-sense protections that we citizens could have demanded, yet nobody seems to have suggested:

        1: A law that, overriding all others, which compels companies to notify the target of any surveillance after a reasonable period (let’s say– a year). If we haven’t collected the evidence we need against a suspect by then… then, face it, we’re never going to.

        2: The notification must contain all necessary information for the surveillance target to take legal action against any government agency (or individual agents) who violated any person’s privacy. This includes the original order, contact information for the requesting agency, nature of the surveillance, and a copy of all information delivered to the agency.

        So, if you’re a government agent and want to invade someone’s privacy, you’d better be pretty sure that the surveillance is warranted. If you’re catching crooks or terrorists, you’ll have our thanks. If, on the other hand, the snooping wouldn’t stand up to a jury’s scrutiny, be prepared to pay up.

    • Tim says:

      What they are saying is that hardware not able to run ..8.. will not get the protection. So, quite a few years back. Still, it sounds to me like why Yahoo! suspended my accounts and asks for a valid cell number for *my security*…

  3. Captain Obvious says:

    pedro’s life would have no meaning if Apple went out of business.

    • jpfitz says:

      When pointing out the obvious obfuscation from mac or any company holding and distributing your “private” info is useless then Pedro wouldn’t comment on the subject. That’s how I see it.

  4. AdmFubar says:

    or so apple claims…riiiight?

    • Tim says:

      New Guy (??); You must take out the ‘www’ by hand ( I know, retarded, for sure) — perhaps it is part of the bot/spam filter or some shit. Who Knows? In past times, a mod *might* fix it for you..

      Now, pedro doesn’t do it out of spite because ‘Opera’ goes ahead and displays them with a click instead of a cut-‘n’-paste.

      Though, ‘pedro’ now writes good so that I suspect he’s been black-bagged and replaced by an Indian tech support functionary…

  5. MikeN says:

    Apple has on its board Al Gore who was pushing the Clipper chip so the government can tap all phone calls.

    This is a calculated way to get people to use Apple thinking it is secure, when in fact they are getting all the data. Watch for a high profile prosecution against Apple, just to publicize that they are no giving data to the government.

  6. MikeN says:

    Now Google is claiming they do it too. Even more suspicious as they exist solely to get hold of your data to scan and make money off it.

  7. jpfitz says:

    I find this very funny. A top smart phone maker professes that they encrypt and nobody can have the key. Apple is the supreme gatekeeper, ha.

    “The lady doth protest too much, methinks”

  8. MikeN says:

    The picture reminds me of The Following. Don’t worry, I jumped off the ship quickly. How that got to a second season is beyond me.

  9. Big Brother lives in the Cloud says:

    Apple THEN:

    http://youtube.com/watch?v=8UZV7PDt8Lw

    Apple NOW:

    https://apple.com/icloud/

    No need to store your data safe at home, on a secure, unconnected device. Trust Big Brother.

    Oh the irony!!

    • MikeN says:

      Note the ending, “We Shall Prevail.”
      They were really predicting Obama.

  10. Ah_Yea says:

    B-A-C-K-D-O-O-R

    Or pay a $250,00 per day fine the Government was going to punish Yahoo with.

    It’s all a marketing ploy to give Fanboys a reason to buy new Apple toys.

    “Your old phone or tablet probably isn’t going to run Apple’s latest operating system nearly as well as on the new iPhone 6 and 6 Plus. If you upgrade on an old iPhone, it might become slightly slower and more cumbersome. You might notice some frustrating visual stuttering, a poor old dog straining under the stress of learning new tricks.”
    http://bits.blogs.nytimes.com/2014/09/18/upgrading-to-ios-8-on-an-old-phone-prepare-for-trouble-but-do-it-anyway/

    Sounds a LOT like Microsoft’s upgrade strategy.

    New boss same as the old boss.

  11. audiodragon says:

    Nobody should have secrets!

  12. Data Rat says:

    Cyanogenmod (a replacement OS for certain Android devices) has had this for YEARS! Even Android users are able to encrypt locally stored data, though I do admit that it’s still a major pain in the ass to enable/use.

    Nice try Apple. Bullshitting the public (and your bitch the Washington Post) once again to buy into your lies and your over priced crap that continues to lag behind in technology. (Taking other people’s technology and wrapping it with still other people’s technologies is hardly very innovative other than the wrapping part.) Maybe you thought this was new or some sort of improvement now that someone has FINALLY made an idiot button people can press. So congrats on that button.

    Not storing encryption keys locally is hardly anything to be boasting about. Sooner or later, those keys have to be accessed in order to read any encrypted data. Storing encryption keys in the cloud may make it harder for some stupid cop who’s probably more interested in sniffing underwear than packets. And it’s not like ANY cell phone user really knows what’s going on with his/her own WiFi or cell data. They all still think places like iCloud or Drop Box are secure. That’s a laugh!

    Pssssst! Data (like off site encryption key data) still has to be TRANSMITTED which might very likely include nodes run by the NSA or even that police vehicle that just pulled you over. Using passwords like “password” or “qwerty” are almost too simple even for a stupid cop to correctly guess at — no “keys” needed! And if you somehow think Google is keeping you safe… well, you’re just an idiot.

    Maybe if Apple made their iBone out of Play-Dough or something people might think that’s new too — and Apple could make another financial killing.

  13. MikeN says:

    Now the data is encrypted. But to be useful it has to be decrypted. How is this decryption done? Is it just that you have to unlock your phone? Either way, the decryption key must be held on the phone right?

    • jpfitz says:

      “Apple did not respond to requests for comment on this story. But the AES key in each iPad or iPhone “is unique to each device and is not recorded by Apple or any of its suppliers,” the company said in a security-related white paper. “Burning these keys into the silicon prevents them from being tampered with or bypassed, and guarantees that they can be access only by the AES engine.””

      http://technologyreview.com/news/428477/the-iphone-has-passed-a-key-security-threshold/

      • MikeN says:

        So the government can ust read the key off the IPhone then?

        • jpfitz says:

          Read the comments at the end of the article. The commenters are more tech savvy than the tech writer.

          The police, and ABC’s can access the data with software designed to hack.

        • jpfitz says:

          Goes to prove you can’t believe ever thing you read. The link, it was more of a tease, I know you know different.


0

Bad Behavior has blocked 6732 access attempts in the last 7 days.