In light of recent news about Apple not securing iCloud backups with end-to-end encryption, a question I’ve already seen is: If Apple does hand over my data to the FBI, are they obligated to notify me?

Legal Process

And the answer is: It depends. From Apple’s Legal Process Guidelines [PDF]:

Apple will notify customers/users when their Apple account information is being sought in response to legal process from government, law enforcement, or third parties, except where providing notice is explicitly prohibited by the legal process itself, by a court order Apple receives (e.g., an order under 18 U.S.C. §2705(b)), by applicable law or where Apple, in its sole discretion, believes that providing notice creates a risk of injury or death to an identifiable individual, in situations where the case relates to child endangerment, or where notice is not applicable to the underlying facts of the case.

Here’s a list of iCloud data that Apple can hand over:

  • Subscriber information, like name, physical address, email address, phone number, and IP connection logs (which are retained up to 30 days).
  • Mail Logs, which include records of incoming and outgoing communications such as time, date, sender email addresses, and recipient email addresses.
  • Other iCloud content, which can include My Photo Stream, iCloud Photos, iCloud Drive, contacts, calendars, bookmarks, Safari browsing history, maps search history, messages, iOS device backups. It does note that Apple doesn’t retain data after it’s deleted from its servers.
  • Find My iPhone. This data seems to be limited. Device location data is stored locally on the device, and Apple can’t retrieve it. Nor can Find My iPhone be turned on remotely.
  • Sign-on logs with IP addresses.
  • FaceTime. This data is limited as this service is end-to-end encrypted.
  • iMessage. This data is limited as this service is end-to-end encrypted. Message contents can’t be shared, but metadata can be shared, which can still be put to use.

I plan to put together a list of secure alternatives to Apple services.

Further Reading

[Apple Cancels iCloud Encryption Plan Due to FBI]

[How to Protect Compromised Private Keys]

Subscribe
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

2 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
John Kheit

Great article, super informative. Thanks Andrew!

bbh

Don’t get lost in this skirmish over iCloud data. The “war” is over IOS and iPhone “back doors”. The iCloud issue is ridiculously simple. Buy a cheap high capacity hard drive and don’t use iCloud if you are that concerned about THAT data.

I believe Apple is making an effort to appease our government with this iCloud assistance so as to keep the real issue (YOUR IPHONE) at bay. Kudos to Apple.