Roger Fingas
Despite strong encryption — and claims that it "doesn't scan your communications" or "store data related to customers' location" — Apple is saving some metadata from iMessage and other apps and sharing it with law enforcement agencies, according to a new report.
In a document about Apple's iMessage system obtained by The Intercept, the Florida Department of Law Enforcement's Electronic Surveillance Support Team noted that when users enter a phone number into iMessage, metadata is periodically uploaded to Apple servers to check whether a text should be routed through iMessage or standard SMS. This material includes not just phone numbers but the date and time of the lookup, and the querying user's IP address.
While the data doesn't include message contents, or even reveal when conversations happened, it could potentially be used to identify who a person is associating with, and/or trace an IP address back to a real-world location.
Responding to The Intercept, Apple acknowledged the data collection, saying that it retains logs for 30 days and hands them over when served with a valid legal request. Because these orders can sometimes be extended in 30-day blocks, though, it's possible that some people are being tracked for longer durations.
"When law enforcement presents us with a valid subpoena or court order, we provide the requested information if it is in our possession," Apple said in an official statement. "Because iMessage is encrypted end-to-end, we do not have access to the contents of those communications. In some cases, we are able to provide data from server logs that are generated from customers accessing certain apps on their devices. We work closely with law enforcement to help them understand what we can provide and make clear these query logs don't contain the contents of conversations or prove that any communication actually took place."
Apart from Messages, the company didn't specify which apps are uploading metadata.
Though Apple is often considered more invested in privacy than other high-tech corporations like Google, it has regularly complied with data searches by U.S. law enforcement and spy agencies. In 2013 it was implicated in the National Security Agency's PRISM program, found to be gathering customer data en masse from a number of American tech companies, including people not suspected of any crime. Apple denied providing "direct access" to its servers, or even hearing about the program.
William Gallagher
Charles Martin
Marko Zivkovic
Mike Wuerthele
Malcolm Owen
Andrew Orr
Christine McKee
20 Comments
Fair enough...proper channels are being performed to get this data and its not infringing on privacy IMO. As long as theirs a valid reason to see this and a proper court order is given I see now reason why Apple would put up a fight in this case.
And before someone says it...this is COMPLETELY and UTTERLY different from the iPhone 5c case with the FBI. Not even close!
Yes I agree as well. I see nothing that Apple did wrong here and working with Law enforcement like this when they have a valid subpoena is a good thing. The headline of this article was dubious though but it was designed to make me click it and read it. I mean it could have said "Apple continues to be a responsible company and works with Law Enforcement". Well, you get my drift...current headline makes them seem like that are divulging private information...
A much better review sans click bait is, http://www.imore.com/imessage-metadata-and-law-enforcement-what-you-need-know
I think that’s fair too, but the headline still reads as bad press for Apple so I give it two days until Dilger posts a long-winded story chronicling Apple’s revolutionary work in encryption, starting from April 1, 1976. Work your magic, Apple PR boy.