At the same time, if that state actor happens to be China, Apple will just give the government access to your iCloud data. Not all state actors are equally within Apple's striking range.
It is worth mentioning that things like National Security Letters exist in the US. It is also the US who made Apple back off of encrypting iCloud backups E2E.
I wish we were more willing to cite our own government(s) as the bad actors here, rather than pretending that we have to reach for China/Russia/North Korea to find the kind of behavior Apple is attempting to protect its users against here.
Not to mention the CLOUD (Clarifying Lawful Overseas Use of Data) Act, which was enacted following a case in 2014 where Microsoft refused to hand over emails stored in the EU (an Irish data centre, in that case) on foot of a domestic US warrant.
The CLOUD Act expressly brings data stored by US-based companies anywhere in the world under the purview of US warrants and subpoenas.
This has always been the law. Common law courts have been issuing court orders that require you to take actions in foreign countries, even in violation of foreign law, for as long as it's been a legal question. The CLOUD Act actually introduced some additional safeguards and allows judges to consider the seriousness of the foreign law violation and weigh it against the importance of the court getting access to the foreign-stored data.
You unfortunately need something like this because otherwise people will just hide documents, money, stolen property, etc. in foreign countries out of reach of US courts, even if they are US persons and corporations.
It isn't just pro-government. Imagine you are a criminal defendant and there is evidence proving your innocence in a foreign server controlled by an American person or company. This rule makes sure you can legally compel that entity to go get the data, the laws of that other country be damned, so you can present your defense.
While extra-territoriality is not a new concept, it’s absolutely false to say that the CLOUD Act didn’t grant sweeping new powers to US courts. That’s a truly absurd claim that makes me question whether you’re commenting in good faith?
It was passed because in the Microsoft v. US case, the Supreme Court was expected to affirm the long-standing law on this: that in response to a U.S. court order, Microsoft had to hand over user data from Irish servers, Irish law be damned.
Such a blunt rule was considered a little too harsh, and a potential source of international problems, so Congress passed a law softening the rule and allowing judges more discretion in considering the burdens of complying with the order. The law had the effect of making the Supreme Court case moot.
Sorry that the truth is more nuanced than you’d like it to be.
There is nuance, but in the opposite direction. Microsoft did not adhere to the original court order, and fought it to the supreme court, where it was undecided when the CLOUD Act came into force and a new warrant was issued for the data held in Ireland.
It is unambiguously an expansion of Government powers. You're the first and only person I've ever come across who has argued the opposite. It's such a ridiculous thing to write that I am wondering if you're trolling me?
>There is nuance, but in the opposite direction. Microsoft did not adhere to the original court order, and fought it to the supreme court, where it was undecided when the CLOUD Act came into force and a new warrant was issued for the data held in Ireland.
What part of this do you think is incompatible with the fact that almost everyone expected Microsoft to lose the case?
And in fact, Microsoft, Apple, and Google lobbied for the CLOUD Act.
So maybe instead of accusing people of bad faith, you should have a little humility and open-mindedness to improving your understanding of the world. Believe it or not, techie discussion forums and Wired are not reliable sources of legal information, so that would explain why you're so misinformed.
It's part of the reason that Privacy Shield collapsed and why the US isn't considered to offer adequate protection to EU residents. It's currently being both litigated (as more and more EU country data protection agencies make individual rulings that specific instances of transfers of personal data to US companies are unlawful) and the subject of intense political negotiation between the EU and US.
Most companies affected are currently awaiting the results of these processes, because following the current precedent to it's logical conclusion, it appears unlawful to transfer any personal data of an EU resident to a US-based company (even if that data remains physically in the EU or another adequate country). That would obviously have catastrophic consequences for the current status quo, so it's hard to believe that a compromise won't be found to avoid it.
However, it's also hard to see a compromise unless the United States exempts EU data subjects from the CLOUD Act, which seem unlikely. Hard to know where it'll go.
> However, it's also hard to see a compromise unless the United States exempts EU data subjects from the CLOUD Act, which seem unlikely. Hard to know where it'll go.
Bureaucrats are capable of breathtaking sophistry when it makes their jobs easier. If red was illegal but convenient they’d make a policy that red was actually green and argue it was until they were blue in the face.
It's not entirely clear yet who wins, but the current issues with Google Analytics in the EU seem to be partially related. Some countries have come to the conclusion that GA can't be legal if Google US has access to the data.
Nothing stops Apple from offering e2ee backups, and in fact they do this for certain data backed up to iCloud (health data for example.)
But your iMessage data...well there, your ass is hanging out in the breeze. In fact, I'm not sure it's possible to log into an iPhone with your Apple ID and not have an iCloud backup immediately fire off, which means your private encryption keys hit iCloud and stay there until it is purged according to their data retention policies. And we have no idea what those policies actually are; those keys made end up stored forever.
> Nothing stops Apple from offering e2ee backups, and in fact they do this for certain data backed up to iCloud (health data for example.)
Almost all users can't handle this; to support people, you need to be able to recover their account when they've lost every single password and proof of identity they possibly can. It's not a backup if you can't restore it.
> In fact, I'm not sure it's possible to log into an iPhone with your Apple ID and not have an iCloud backup immediately fire off
You are correct there’s a bit of dark pattern going on here, but it is possible (to the extent the code does what it says of course). To be extra sure I have a custom lockdown MDM profile to disallow iCloud backups, as well as a number of other nefarious things like analytics, and whenever I get a new device, I first DFU restore it to the latest iOS image to ensure software (post bootrom) isn’t tampered with, then activate and install the MDM profile via a Mac and only then I interact with the device and go through setup.
The only persistent connection Apple has that I can think of to implement such a concept is for push notifications. Which would be a massive security hole if a HTTP response to that daemon was capable of bypassing the lock screen, secure enclave etc.
And the logical question is if they had such a system why would they bother triggering an iCloud Backup when they could ask the device to specifically hand over certain information e.g. Messages. Which at least could be done quietly over Cellular.
> Which would be a massive security hole if a HTTP response to that daemon was capable of bypassing the lock screen, secure enclave etc.
I mean, Apple has killswitches for every iPhone they ship. I wouldn't be the least bit surprised if that suite of tools also included settings management (MacOS has such a thing built-in, fwiw).
Yes, this is Apple protecting you against extralegal state actor threats. There's not really much Apple can do to protect you against the laws of your own country.
Because they are complying with Chinese laws regarding data localization in the country and have been known to work with China (recently YMTC chip deal, previously in a major unreported deal that was unearthed a little while ago) in order to get market access.
"Apple is moving some of the personal data of Chinese customers to a data center in Guiyang that is owned and operated by the Chinese government. State employees physically manage the facility and servers and have direct access to the data stored there; Apple has already abandoned encryption in China due to state limitations that render it ineffective."
I really dislike that there is so much social control :( In theory is to protect you. In practice it can and is misused in so many ways that it should not be even allowed without a judge authorization.
You're kind of missing the point. The Chinese government has unlimited social control. Even if there was some sort of written law in China requiring judicial oversight, that wouldn't limit social control because the judiciary is just a rubber stamp.
Apple has abandoned encryption for everyone in iCloud. You cannot encrypt anything except a limited subset of your device's data (Apple Health data, mostly.)
That may be true, but Reuters reported that Apple had a plan for it (which means they felt it was workable) and dropped it due to pressure from FBI/DOJ.
Also, there are many users who would benefit from e2ee iCloud backups who are not targets of NSO Group-type attacks, so I don't think it makes sense to make it only available in "Lockdown Mode".
I was all prepared to answer this with "so Reuters reporting something makes it true?", only to discover that, in fact, Reuters reported no such thing.
Reuters makes two claims:
1) The FBI talked to Apple (duh)
2) An unannounced plan to implement fully E2EE backups was no longer discussed with the FBI at their next meeting
Both of those things might be true! Reuters isn't known for just making stuff like this up, like, say Bloomberg, but the article specifically says:
"When Apple spoke privately to the FBI about its work on phone security the following year, the end-to-end encryption plan had been dropped, according to the six sources. Reuters could not determine why exactly Apple dropped the plan."
So we've got an unannounced product, which the FBI didn't like, which Apple stopped talking to the FBI about (according to some leakers at the FBI).
This does not add up to "Apple dropped plans due to pressure from [the] FBI/DOJ". It adds up to "secretive company discusses plans with secretive agency, and some stuff about that conversation leaked".
I would suggest that if you're doing anything illegal in the country you're staying in, turn off icloud sync at the least, and best policy is don't use an iphone but use an android with an open source operating system like graphene OS
> In Apple's defense E2E encryption also makes it a lot easier to get locked out of your photos and device backups.
This is likely the real reason E2E hasn't been done yet. I would wager Apple deals with orders of magnitude more people who are locked out of their phones than the number impacted by the lack of E2E backups. Trusted recovery contact added in the last iOS version is a step in a direction of providing some way to implement E2E, and still give people a way to recover.
