Apple has published its transparency report [PDF] from 2020. It gives information about what kinds of requests it receives from governments and private parties for user data.
2020 Apple Transparency Report
What caught my eye was Zack Whittaker’s tweet. As he notes there are a couple of new things Apple added to the report. For the first time, the company has been responding to National Security FISA content requests for iCloud data.
Second, Apple has confirmed “in certain instances customers’ iCloud content, such as stored photos, email, iOS device backups, contacts or calendars, [is shared] in response to a valid emergency request. This isn’t new, we assumed this, but good to have in clear print.”
As Mr. Whittaker notes, the reason those in security assumed this is because iCloud content, under most conditions, is not end-to-end encrypted. I explored this in my article about Apple Notes. Apple encrypts most data in transit and at rest. With an iCloud Backup your encryption keys are stored in the cloud.
This means that Apple can potentially help you recover your data if you forget your password, for example. But it also means that with a subpoena, Apple can hand over your data to law enforcement. It’s good that Apple is now transparent about this in its documentation.