Connect with us

Latest Posts

Apple says it prioritizes privacy. Experts say gaps remain | Technology

Published

on

ADVERTISEMENT

Advertisements

For years, Apple has carefully nurtured its reputation as a staunch privacy champion among data-hungry tech companies looking for growth.

In cross-platform ad campaigns, the company has told consumers that “what happens on your iPhone, stays on your iPhone,” and has linked its products to security with slogans like “Privacy. This is iPhone.”

But experts say that while Apple sets standards when it comes to hardware and in some cases software security, the company can do more to protect user data from falling into the hands of police and other authorities.

In recent years, US law enforcement agencies have increasingly used data collected and stored by technology companies in investigations and prosecutions. Experts and civil liberties advocates have raised concerns about authorities’ extensive access to consumers’ digital information, warning that it could violate Fourth Amendment protections against unreasonable searches. These concerns only grew when protected behaviors such as access to abortion became criminalized in many countries.

“The more a company like Apple can do to position itself either not to receive law enforcement requests or to be able to say it cannot comply with them using tools like end-to-end encryption, the better,” said Caitlin Seely George, Campaigns Manager and Managing Director at Apple. Digital Advocacy Fight for the Future, “Being for the Company”.

Apple gives data to law enforcement 90% of the time

Apple's latest transparency report indicates that it only denied law enforcement requests for data 3.6% of the time.
Apple’s latest transparency report indicates that it only denied law enforcement requests for data 3.6% of the time. Photo: Joel Samad/AFP/Getty Images

Apple receives thousands of law enforcement requests for user data annually, and overwhelmingly cooperates with them, according to its transparency reports.

In the first half of 2021, Apple received 7,122 US law enforcement requests for the account data of 22,427 people. According to the company’s most recent transparency report, Apple delivered a certain level of data in response to 90% of requests. Of those 7,122 requests, the iPhone maker challenged or denied 261 requests.

The company’s positive response rate is very much in line, sometimes just slightly higher than peers like Facebook and Google. However, both companies have documented requests from the authorities much more than those made by the iPhone manufacturer.

In the second half of 2021, Facebook received nearly 60,000 law enforcement requests from US authorities and generated data in 88% of cases, according to the company’s latest transparency report. In the same period, Google received 46,828 law enforcement requests affecting more than 100,000 accounts and handed over a certain level of data in response to more than 80% of requests, according to the search giant’s transparency report. That’s more than six times the number of law enforcement requests Apple received in a similar time frame.

That’s because the amount of data Apple collects about its users pales in comparison to other players in the space, said Jennifer Gulbeck, a professor of computer science at the University of Maryland. She noted that Apple’s business model relies less on marketing, advertising, and user data – processes that rely on data collection. “It’s only natural that they don’t have the use to perform analytics on people’s data in the same way that Google and many other places do,” she said.

Apple’s detailed draft guidelines outline what and how data authorities can obtain — a level of detail, the company says, that is in line with best practices.

Despite “secure” devices, iCloud and other services pose risks

But there are still significant gaps, privacy advocates say.

While iMessages between Apple devices are end-to-end encrypted, preventing anyone but the sender and receiver from accessing them, not all information backed up to iCloud, Apple’s cloud server, has the same level of encryption.

iCloud Content, as found in a Customer Account, can be turned over to law enforcement in response to a search warrant, according to Apple’s law enforcement guidelines. This includes everything from detailed logs of the time, date, and recipient of emails sent in the past 25 days, to your stored “photos, documents, contacts, calendars, bookmarks, Safari history, Map search history, messages, and iOS device backups.” A device backup on its own may include photos and videos in your camera roll, device settings, app data, iMessage, business chat, SMS, and MMS [multimedia messaging service] Messages and Voicemail,” according to Apple.

Golbeck is an iPhone user but chooses not to use iCloud because she is concerned about the vulnerability of the system to hacks and law enforcement requests. “I’m one of those people, if someone asked if they should get an Android or an iPhone, I’d like, OK, the iPhone would be more secure than Android, but the bar is pretty low,” she said.

“[Apple’s] The devices are the most secure on the market,” said Albert Fox Kahn, founder of the Surveillance Technology Watch Project, a privacy rights organization. But the company’s policies on iCloud data also worry him: “I have to spend a lot of time opting out of the things they are trying to push Automatically towards their use that is supposed to make my life better, but actually puts me at risk.

“As long as Apple continues to limit privacy to the issue of hardware design rather than looking at the entire life cycle of data and considering the full range of threats from government surveillance, Apple will fall short,” he said.

Kahn said it was a double standard that was already evident in Apple’s stance on its most notorious privacy case, the 2015 mass shooting in San Bernardino, California.

At the time, Apple refused to comply with the FBI’s request to create a backdoor to access the locked iPhone. The company argued that the security bypass could be exploited by hackers as well as law enforcement officials in future cases.

But the company said in court filings that if the FBI hadn’t changed the phone’s iCloud password, it wouldn’t need to create a backdoor because all the data would have been backed up and therefore available via a subpoena.

In fact, until that point, the company said, Apple had “already provided all the data it had regarding the attackers’ accounts.”

Apple CEO Tim Cook previously said that iPhone messages are only secure if they're sent between iPhones.
Apple CEO Tim Cook has previously said that iPhone messages are only secure if sent between iPhones. Photo: Sean Theo/EPA

“They were pretty clear that they weren’t willing to break into their iPhones, but they were eager to break into their iCloud backup,” Kahn said.

Apple said in a statement that it believes privacy is a fundamental human right, and argued that users are always given the ability to opt out when the company collects their data.

“Our products include innovative privacy technologies and technologies designed to reduce the amount of data that we — or anyone else — can access,” said Apple spokesperson Trevor Kinkade, adding that the company is proud of new privacy features like app tracking transparency and Mail privacy protection, which give users more To control what information is shared with third parties.

“Whenever possible, data is processed on the device, and in many cases we use end-to-end encryption. In cases where Apple collects personal information, we are clear and transparent about this, and we tell users how their data is used and how to opt out at any time. “.

Kincaid added that Apple reviews all legal requests and is obligated to comply when they are valid, but emphasized that the personal data Apple collects is limited to the start. For example, the company encrypts all health data and does not collect device location data.

People are ‘largely unaware of what is happening with their data’

Meanwhile, privacy advocacy organizations such as the Electronic Frontier Foundation (EFF) are urging Apple to implement comprehensive encryption for iCloud backups.

“When we say they’re better than everyone else, it’s an indictment of what other people are doing, and it’s not necessarily that Apple is particularly good,” said Erica Portnoy, EFF technical expert.

Portnoy gives Apple credit for its default protection for some services like iMessage. In some ways, some of the default settings could be a little better [than other companies]It’s nothing,” she said. But she noted that messages are only secure if they’re sent between iPhones.

George, whose organization Fight for the Future has launched a campaign to push Apple and other companies to better secure their messaging systems, unless messages are end-to-end encrypted.

It’s a problem the company can solve, for example, by adopting a Google-powered messaging system called Rich Communication Services (RCS), George said. She said the system is not in itself end-to-end but supports encryption, unlike SMS and MMS, and will allow Apple to secure messages between iPhone and Android devices.

At the Code 2022 technology conference, Apple CEO Tim Cook indicated that the company did not plan to support RCS, arguing that users did not say this was a priority. But they “don’t know what RCS is,” said George. “If Apple really doesn’t want to use RCS because it comes from Google, they can come to the negotiating table with other solutions to show a goodwill effort in protecting people’s messages.”

Kinkade said consumers are not asking for another messaging service because there are many crypto offerings out there, such as Signal. He also said that Apple is concerned that RCS is not a modern or coded by default standard.

Golbeck, who owns the TikTok channel on privacy, says people are “largely unaware of what’s happening with their data” and “think they have some privacy that they don’t.”

“We don’t really want to turn our private devices into state surveillance tools,” Gulbek said.

ADVERTISEMENT

Click to comment

Leave a Reply

Your email address will not be published.

Trending

Advertisements

Copyright © 2022 strongbat.com. Theme by The Nitesh Arya.