Apple’s new encryption for iPhones and iPads locks out government without a warrant
Apple (NasdaqGS: AAPL – news) is rolling out new privacy protections for iPhones and iPads, with a new system that makes it impossible for the company to unlock a device even with a warrant.
Apple’s privacy terms updated late Wednesday indicate that under its new mobile operating system, iOS 8, the company will not have access to customer passwords.
“Your personal data such as photos, messages (including attachments), email, contacts, call history, iTunes content, notes, and reminders, is placed under the protection of your passcode,” says the new policy on Apple’s website.
“Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data. So it’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.”
The iOS 8 operating system is available on the iPhone 6, which goes on sale Friday, and can be installed on many existing iPhones and iPads.
The update comes in the wake of revelations of massive government surveillance programs that sweep up data from computers and other devices.
Leaked documents from former National Security Agency contractor Edward Snowden have highlighted concerns about the role of major tech firms in these programs.
Apple’s chief executive Tim Cook said the company is dedicated to protection of personal data.
“Our business model is very straightforward,” he said in a message to Apple users.
“We don?t build a profile based on your email content or web browsing habits to sell to advertisers. We don?t ‘monetize’ the information you store on your iPhone or in iCloud.”
– ‘Awesome for privacy’ –
The move comes as Apple and other tech firms have come under scrutiny for how much information is handed over to law enforcement and intelligence agencies.
Apple said it complies with legitimate court orders and other legal requests, but said it was committed to protecting user privacy.
“We have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will,” Cook said.
The privacy update comes following a leak of nude celebrity photos from Apple’s iCloud storage. The tech giant said its cloud servers were not breached, but that celebrities had their passwords stolen or fell victim to schemes to give up their passwords.
Privacy activists praised the effort and said it may encourage others to follow Apple’s lead.
“This is very awesome for privacy,” said Joseph Hall, chief technologist at the Washington-based Center for Democracy and Technology.
“This is an important assurance for people. It’s not security just some of the time, it’s security all of the time.”
Hall added that the move is “good for the industry, because there is a real deficit of trust” after the incident affecting celebrity photos.
On Google Android devices, Hall added, the pattern-unlock code provides little security but that an optional personal code is encrypted and offers similar protection to that offered by Apple.
“But it’s not the default for Android, and the default is important because most people don’t change that,” he said.
– Outstanding issues –
Marc Rotenberg, president of the Electronic Privacy Information Center, said it was “good news for Internet users and iPhone users that their screen lock cannot be compromised.”
But Rotenberg said other privacy issues still need to be addressed, notably how Apple handles personal data for its HealthKit system for fitness monitoring.
“The issue is the flow of user data to the app developers,” Rotenberg told AFP. “Apple has created a platform that can allow for the transfer of sensitive medical data.”
Jeffrey Chester at the Center for Digital Democracy also expressed caution.
Chester said Apple “did the right thing” with its new encryption but that its partnerships with banks, retailers and others are cause for concern.
“Apple at the moment is serving as a data collection ‘middleman,’ as it builds a new business as a financial and health data supplier,” he said.
Apple also released its “transparency report” on government data requests, and some observers noted that its prior claim that it had not been subject to certain national security queries was missing.
The tech website GigaOm first reported that Apple deleted its statement that it “never received an order under Section 215 of the USA Patriot Act.”
Apple received some 20,000 law enforcement requests from around the world in the six months ending June 30.
The company noted however that it “has not received any (court) orders for bulk data.”