back to article Apple's Cook: We have never allowed g-men access to Apple servers

Apple has made some amendments to its privacy policy, and has used the occasion to run an open letter from CEO Tim Cook explaining the changes. Taking a swipe at Google and others, Cook tells the world that since Apple's income is products, not profiles, “we don’t build a profile based on your email content or web browsing …

  1. This post has been deleted by its author

  2. SuccessCase

    Better from the Reg, at least you are reporting the positive move taken, though you seem rather reluctant, avoiding the fact there is now much wholly unequivocal language used. This is very good for users.

    http://www.apple.com/privacy/privacy-built-in/

    Additionally Apple have confirmed that as of iOS8 all means for non users to gain access to data on the device are fully removed. So only users, not Apple, can grant access to law enforcement agencies.

    And with masterful obfuscation, The Register make no mention of Tim Cook's most unequivocal statements (which as as legally binding as a privacy statement) and comparing the the Privacy Policy with an older one state:

    "Actually, the changes are mostly trivial."

    Which means, actually, it always was far stronger than Apple has been given credit for (few actually reads these things - when it comes to the privacy clauses, I do) and far stronger than anything offered by their competitors. Google's business model, of course, requires they know everything about you.

    [edited from original post as The Reg have pointed to the source. The letter from Tim Cook and other material is worth a read as the language is unequivocal in a way rarely seen amongst the major tech companies].

    1. Anonymous Coward
      Anonymous Coward

      "...always was far stronger than Apple has been given credit for..."

      The appearing fact that you believe what Apple states here reassures the governments forceful tactics. However, since you believe a forced lie, is my statement a lie? Sorry, ignore that question, for I'm standing behind my P.A.T.R.I.O.T. and you WILL believe my statement.

      What's the difference between a winner and a loser in a race? The winner didn't get caught.

      1. SuccessCase

        While there are reasons to be cynical about any big business, in my experience CEO's of public listed companies don't lie. If there is something they don't want you to know, they will simply avoid the subject or present other facts they want you to have but that aren't what you want to know. When a CEO says something unequivocal, you can be sure he has got assurances from his various EVP's and managers what he is saying is completely accurate. When the CEO asks, everyone jumps and all those I have worked for have spent their time being extremely careful to curate the data they are given so they represent it to best advantage but crucially, without ever lying. Don't forget for a CEO to mislead the market is a criminal offence.

        1. Anonymous Coward
          Anonymous Coward

          They can lie simply because they know it is impossible for the average joe to find out either way

        2. Anonymous Coward
          Anonymous Coward

          re: your experience.

          in my experience CEO's of public listed companies don't lie

          <boggle>

          I can only assume that your experience does not come from *this* planet.

        3. O RLY

          "CEO's (sic) of public (sic) listed companies don't lie"

          A few counterexamples:

          Dennis Kozlowksi, Tyco international

          Kenneth Lay, Enron

          There are many more one could select as well.

    2. JeffyPoooh
      Pint

      "So only users, not Apple, can grant access to law enforcement agencies."

      So not even Apple can unlock your iPhone if you're screwed-up the lock code?

      What if you forgot your code? What if you entered your desired code incorrectly, and now have no idea what you've accidentally typed? What if your iPhone is unlocked and some joker locks it on you for laughs? Your data is safe, but beyond your own reach? Ideal for drug dealers, but suboptimal for most users.

      I assume that an iPhone can be reset to factory clean, so that a hopelessly locked iPhone can at least have the hardware rescued, if not the data? Don't tell me that the locked hardware becomes landfill...

      I await clarification for the details that I might have misunderstood. And thank you.

      1. Mike Bell

        Re: "So only users, not Apple, can grant access to law enforcement agencies."

        What if you forgot your code? What if you entered your desired code incorrectly, and now have no idea what you've accidentally typed? What if your iPhone is unlocked and some joker locks it on you for laughs? Your data is safe, but beyond your own reach?

        Forgot password/device disabled

        You have to enter the same lock code twice, like you are often required to do when setting up a password.

        You have to enter the existing lock code before you can set a new one.

        ...and relax.

      2. lotus49

        Re: "So only users, not Apple, can grant access to law enforcement agencies."

        If you manage to lock yourself out of your phone, you are an idiot and you deserve to have to wipe your data. I don't see how it's Apple's responsibility or business to save people from their own foolishness.

  3. 45RPM Silver badge

    It seems to me that users who are worried about the security implications of an ever more connected world have two choices.

    1.) Roll your own cloud solution and hope that the open source code that you use hasn't been altered in any way by the NSA or <insert nefarious agency of your choice here>. Code reviewing all that isn't practical for most people, and hosting on your own server isn't guaranteed because you're relying on the trustworthiness of code that the server runs. I love Linux, and I love my Synology - but I don't have massive confidence that Synology's cloud software is secure, regardless of where the actual bits are stored.

    2.) Trust in Apple - and hope that Microsoft follows suit. Google and Facebook, and so forth never will - their business models are predicated on the information that they can gather about you, so it wouldn't be in their best interests. Personally, I do trust in Apple. They've never given me any reason to doubt them, and I'm confident that they won't start now. And look at it his way, if Tim Cook was lying it would be the biggest scandal in the history of the industry, and Apple would be wiped out overnight. There's too much at stake for this not to be true.

    I'm sure that Microsoft will up the ante on this - and, for the record, I'd trust them too.

    1. RTNavy

      Microsoft is actually considered under "Contempt of Court" for not releasing data in an Ireland data center to the US Government since they claim non of the data is from the US, and releasing the data is then a violation of European Union Laws....So they are standing up to the US Legal system in a different fashion that just claiming the servers blocking Government actions.

  4. Anonymous Coward
    Anonymous Coward

    The detail's not as wonderful as the blog

    If you actually read their privacy policy, it's not really that different from other companies'. It even allows for using your personal information to "improve" advertising, which you might have got the impression was an evil thing that Apple doesn't do.

    As for the "we never will" when it comes to allowing government access, he used some very narrow language, limiting the scope to access to Apple's servers. However more generally, this applies (my emphasis in bold):

    "It may be necessary − by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence − for Apple to disclose your personal information. We may also disclose information about you if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate."

  5. Breen Whitman

    “we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will.”

    Translation: "We do."

    1. BristolBachelor Gold badge
      Coat

      They don't need to. The government come knocking at the door, and Apple just hands over everything. However, they haven't put a back-door in anything, nor given access to their servers; hence no lie. Call me a cynic.

      1. Anonymous Coward
        Anonymous Coward

        Why should they?

        Why would Apple want to hand things over without some sort of law (whether known or subject to a NSL) forcing them to? Nothing to gain and a lot to lose if it becomes known.

        Given the attention that Snowden has put on the government's data collection on citizens, much of it negative, Apple is merely acting in their own self interest by trying to protect the privacy of their users as much as possible. They have to follow the law, and we may not agree on what the law should be, but they certainly have no reason go beyond what the law requires, and very good reason not to.

        For all the whining about how Apple overcharges for their products, most people don't think too closely about the basic difference in how Apple and Google make their money. Tim Cook is right to point that out, and wake up some of the people who dreamily believe that Google is a good guy on your side, versus nasty Apple who isn't. In truth, neither is on your side, they're both on their own side, but Apple's interests and your interests of privacy coincidence a helluva lot more closely than Google's interests and your interests of privacy, that's for damn sure.

    2. Anonymous Coward
      Anonymous Coward

      “we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will.”

      I believe this. I also believe that while it sounds reassuring, it provides no guarantees.

      When deemed necessary, Apple will, on behalf of the government, just go in through a front door which has been in the product or service from day one.

  6. Alan Denman

    All their own work

    "“we have never worked with any government agency from any country to create a backdoor in any of our products or services."

    Indeed, Apple do it all themselves.

  7. Vimes

    One problem with this: FISAAA section 702. That and other laws render any privacy policy and/or assurances from Cook meaningless.

  8. bigtimehustler

    Errr, is it just me or did they just say they don't sell information to advertisers accept for iAd, which means they do sell the information to advertising except for that rather smaller product range they exclude because iAd is for advertisers.

  9. Anonymous Coward
    Anonymous Coward

    Err, actually, he cannot deliver that promise.

    We have also never allowed access to our servers. And we never will.

    First of all, it's implicit in their own privacy policy that they will if required by authorities, and that is indeed the key issue: Apple may fight like the devil against access like MS is trying, but unless the law changes it will not be able to say no to a properly executed legal demand, for 2 reasons:

    - it would be acting in defiance of law. It doesn't matter how much $$ you have, if you don't follow the law you are in principle operating illegally

    - it could be interfering with an active criminal investigation. Let's take the emotional cases politicians like to use: active investigations into child porn, narcotics or the big Open Sesame for any US company, terrorism. Not only don't you want to become the CEO to admit you've interfered with a lawful investigation - if things go pear shaped during the time you're fighting this you'll have to explain to the victims what happened. Nobody will understand that you were merely fighting for people's rights.

    This is not stating that I wouldn't want this to be different, but under US law, Apple is really not in a position to say no, no US company is. If it wants to be (or at least have the conditions of transparency and due process re-established), it ought to get together with MS and maybe the ACLU and start cleaning up the problems in law.

    Small challenge: some other well funded players may disagree with turning back the clock as their revenue depends on it.

    1. Yet Another Anonymous coward Silver badge

      Re: Err, actually, he cannot deliver that promise.

      1, He doesn't need to. Apple doesn't own the mobile network his phones are on and the networks have been more than happy to bend over to offer access.

      2, He doesn't need to install a backdoor if he hands over copies of the keys as required by the patriot act in the US and RIPA in the UK

      3, Add in all the same "truths" we got from other cloud suppliers. Technically they aren't OUR servers, we lease them or they are owned by a subsiduary. We don't allow access to our servers - but they do have a copy of the feed. We don't allow access to the feds, but we do supply them with anything they want through their own web portal

  10. This post has been deleted by its author

    1. Yet Another Anonymous coward Silver badge

      Re: Glorious news

      >Round of applause to Sir Tim,,,,,,, if any of this is real.

      If this is real then all enemy agents/terrorists/drug dealers/child prostitution ring operators and even double-glazing salesmen need to do is buy an iShiny and they will be completely immune from the $Bns spent by the CIA/FBI/NSA/Police ?

  11. RTNavy

    Glorious Leader

    Who needs access to the servers when "they" can listen to the data streams to and from the servers to begin with?

  12. Version 1.0 Silver badge

    "Well you'd expect him to say that ..." - MRD

    If you've two brain cells to rub together then you know he's lying - under current USA law the government can demand access to the servers and forbid him to speak about it.

    1. Vimes

      Re: "Well you'd expect him to say that ..." - MRD

      I'm not quite so sure that anybody can be forced as such to tell a lie - just hide the truth.

      http://www.theguardian.com/technology/2013/sep/09/nsa-sabotage-dead-mans-switch

      (Note the 'FBI has not been here' notice aspect of the link above)

    2. Anonymous Coward
      Anonymous Coward

      Re: "Well you'd expect him to say that ..." - MRD

      in fact there is some speculation that Apple have unleashed the ferocity of a FISA/USA_PATRIOT Warrant Canary on us.

      2013 https://www.eff.org/deeplinks/2013/11/apples-first-transparency-report-gets-warrant-canaries-right

      2014 https://gigaom.com/2014/09/18/apples-warrant-canary-disappears-suggesting-new-patriot-act-demands/

      missing is “Apple has never received an order under Section 215 of the USA Patriot Act. We would expect to challenge such an order if served on us.”

      1. Josh 14
        Trollface

        Re: "Well you'd expect him to say that ..." - MRD

        "missing is “Apple has never received an order under Section 215 of the USA Patriot Act. We would expect to challenge such an order if served on us.”

        I'm assuming that they have such a friendly working relationship with the various intelligence agencies of the US and allied powers that they have never needed to be officially requested, but rather were asked over tea or a pint of bitter if there was anything interesting that they'd like to share...

  13. Anonymous Coward
    Anonymous Coward

    Clever use of language.

    Never "allowed" them to access servers, but they have been forced to by law.

  14. Anonymous Coward
    Anonymous Coward

    Alas all reassurances are worthless these days.

    He can only tell us about the stuff he isn't legally forbidden from telling us by NSLs or other such mechanisms.

  15. Josh 14
    Black Helicopters

    Redefine "G" men

    Since this is Apple that we are talking about, I'm assuming that they redefined this to iMen, and trademarked it retroactively.

    They also are working constantly with their embedded iMen to better the data snooping user experience and facilitate a smoother data extraction, and to ensure that the interface has sufficient number of curves in its implementation.

  16. Vic

    We have also never allowed access to our servers. And we never will.

    Given the strength of the Patriot Act et al., I don't believe him.

    Vic.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like