Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

What Apple surrenders to law enforcement when issued a subpoena

Attorney General William Barr with President Donald Trump

Last updated

Apple won't unlock iPhones or other devices for law enforcement, but it can and will provide substantial data about a user when it gets a subpoena. Here's what Apple has access to you from your device — and what it doesn't.

Apple is not going to casually surrender information about any of its users to anyone. However, if law enforcement has a legal warrant or if the company is asked to help following an incident like the San Bernardino shootings, Apple has provided data. It's just that in this case, the data isn't seemingly enough for the authorities — yet it is genuinely the absolute most that Apple is capable of providing.

Short of introducing backdoors into iOS and macOS, as governments around the world regularly request, Apple has less data stored about you than it could because of technical limitations. They are limitations that Apple itself has created, but it's done so in order to protect the privacy of citizens.

Destroying that privacy by forging a backdoor in order to allow access to the data of criminals would destroy it for everyone. Defenders say that this backdoor could be kept secure — but if the NSA can't keep its own penetration tools safe, this seems like a specious claim. At least for the moment, then, and despite Apple's common sense argument, US Attorney General William Barr appears likely to continue pressing Apple for what he knows it cannot give him.

If your Mac or iPhone is taken by police or federal authorities, this is what they can get from that device or from Apple.

What Apple can provide

Apple can give the authorities the details of your iCloud account and access to any of the data that's on there — but that data is likely to be encrypted. Apple publishes a list of what data gets stored on iCloud and which of it is encrypted.

So much of what Apple has is encrypted. Your calendar and contact details are encrypted, for instance, as are your Safari bookmarks, your Notes, Photos, Reminders and so on. It's easier to say what isn't encrypted.

Cellebrite's Universal Forensic Extraction Device, a tool used to acquire data from connected smartphones Cellebrite's Universal Forensic Extraction Device, a tool used to acquire data from connected smartphones

Out of everything from your health data to your photos and contacts, the only data not encrypted is Mail and text messages. That's not the same thing as iMessages: Apple does encrypt iMessages both as they are in transit - transmitted or received - and then when they are on Apple's servers.

Mail is encrypted in transit, but not at rest. "Consistent with standard industry practice," says Apple, "iCloud does not encrypt data stored on IMAP mail servers." There is an option to use encrypted mail, however.

Apple is physically able to give legitimate authorities your data on iCloud as it has the decryption key to much of it, but giving them iMessages means giving them the encrypted iMessages. It's not as if Apple can decrypt them for the government.

Or that's what Apple says, at least. According to data forensics company ElcomSoft, iCloud backups are "inherently much less secure" than users would hope.

"If you have iCloud backups enabled, the encryption key for iMessages will be stored in the backup," the company says in a blog.

"If the "Messages in iCloud" option is enabled, the messages themselves are NOT included in iCloud backups," it continues. "The encryption key, however, will be included and accessible by Apple (like the rest of the iCloud backup) and so available to the law enforcement."

Apple appears to confirm this in its support documentation about Apple Platform Security.

"If the user has enabled iCloud Backup, the CloudKit Service Key used for the Messages in iCloud container is backed up to iCloud to allow the user to recover their messages even if they have lost access to iCloud Keychain and their trusted devices," it says.

If you turn off this iCloud Backup feature, then a new encryption key is generated on your device "to protect future messages." This isn't stored by Apple.

From the iPhone itself

If the device is a modern iPhone, then in theory nothing can be accessed from it. Unless they have the passcode or a suspect unlocks the device for them, there is nothing at all that either law enforcement or Apple can retrieve from the device.

There have been clear exceptions, however, especially with the use of Cellebrite's software and techniques to crack various iPhones. The most recent example of this, however, was the extraction of WhatsApp data from the phone of Lev Parnas — and that was done with his permission and, seemingly, assistance.

US authorities also use a forensic tool called GrayKey, which reportedly can crack any iPhone. However, it does so by guessing the user's six-digit passcode.

Beyond that, you need the numeric passcode or a biometric one like Touch ID or Face ID to unlock the device.

Apple has been through this before

The current requests from law enforcement are not new. In response to previous ones, Apple has taken steps including a fast-track method for authorities to request what data it can provide. And Apple has also published details of what that data can be, at least within the US.

As well as iCloud data, it is possible for authorities with the correct legal backing to obtain details of a user's interactions with Apple services, such as registration information like name and address.

"Apple does not verify this information," says Apple's law enforcement guidelines, "and it may not be accurate."

On provision of the correct information regarding Apple ID and/or device details, Apple may provide iTunes subscription information. Apple can also provide details of transactions at retail or the online Apple Store, and so on.

Apple will also provide mail logs that include date/time stamps and sending/receiving email addresses, again if served with a court order. In this case, the data is only kept by Apple up to 30 days.

Devices are key

Apple says US Attorney William Barr is wrong to claim it has offered no "substantive assistance" to law enforcement. Since it did hand over iCloud data, Apple's position appears to be true.

It's still the case, though, that not even Apple can unlock a user's device. So, data that is stored there and not backed up to iCloud Drive is out of Apple's reach.

Keep up with AppleInsider by downloading the AppleInsider app for iOS, and follow us on YouTube, Twitter @appleinsider and Facebook for live, late-breaking coverage. You can also check out our official Instagram account for exclusive photos.



18 Comments

bbh 134 comments · 18 Years

I, for one, hope I represent the wishes of millions when I say "Bravo Apple". Big Brother's side of 1984 cannot come soon enough for some governments. It is a sad, sad commentary that our government is one of them.

EsquireCats 1268 comments · 8 Years

On top of all of the usual arguments (including the false counter-argument of 'having nothing to hide'.) I have just a simple scepticism: Law enforcement already have enough investigative tools at their disposal, they don't need your phone's data to figure out who you've been speaking with or what you have been planning. Criminal activity leaves plenty of tracks, most of which are more meaningful, easier to follow up upon and fruitfully more detailed than what a could be found in a phone. Criminals who are using their phones to plan criminal activity are also smart enough to avoid directly mentioning the layout of their plans, to cover their tracks and to use additional layers of encryption, which Apple can't help with, no one can.

cpsro 3239 comments · 14 Years


Mail is encrypted in transit, but not at rest. "Consistent with standard industry practice," says Apple, "iCloud does not encrypt data stored on IMAP mail servers." There is an option to use encrypted mail, however.

Where is the option for encrypted mail made available in iCloud?

Soli 9981 comments · 9 Years

Bottom line: If you use an iDevice and a Mac then make sure FoleVault 2 is enabled on your Mac and that all your backups are sent, encrypted, to that Mac, and that each device uses strong passcodes.

I recommend using the long-press on iOS/iPadOS and the Option key on macOS to create a much stronger password.

MisterKit 514 comments · 8 Years

The Authorities have many legal resources to make a case against criminals. Physical evidence. Witness testimony. Surveillance. Law abiding citizens in a free society have a reasonable expectation that our private information remains private.