An article published Wednesday by the Intercept reveals new details of how Apple works with law enforcement when faced with a court order. Though this new information does not come as much of a surprise, it calls Apple’s privacy posturing into question, and comes amidst other revelations that make it particularly troubling.
The new revelations have to do with Apple’s Messages app, as Sam Biddle of the Intercept reports:
Every time you type a number into your iPhone for a text conversation, the Messages app contacts Apple servers to determine whether to route a given message over the ubiquitous SMS system, represented in the app by those déclassé green text bubbles, or over Apple’s proprietary and more secure messaging network, represented by pleasant blue bubbles, according to the document. Apple records each query in which your phone calls home to see who’s in the iMessage system and who’s not.
This log also includes the date and time when you entered a number, along with your IP address — which could, contrary to a 2013 Apple claim that “we do not store data related to customers’ location,” identify a customer’s location. Apple is compelled to turn over such information via court orders for systems known as “pen registers” or “trap and trace devices,” orders that are not particularly onerous to obtain, requiring only that government lawyers represent they are “likely” to obtain information whose “use is relevant to an ongoing criminal investigation.” Apple confirmed to The Intercept that it only retains these logs for a period of 30 days, though court orders of this kind can typically be extended in additional 30-day periods, meaning a series of monthlong log snapshots from Apple could be strung together by police to create a longer list of whose numbers someone has been entering.
Again, given that Apple was included in the list of companies accessible to the National Security Agency’s PRISM program when it was exposed in 2013, this is not so surprising. What makes it newsworthy, however, is Apple’s subsequent posturing as a staunch defender of privacy.
“Phone companies routinely hand over metadata about calls to law enforcement in response to pen register warrants,” Biddle reports. “But it’s noteworthy that Apple is able to provide information on iMessage contacts under such warrants given that Apple and others have positioned the messaging platform as a particularly secure alternative to regular texting.”
Indeed, these latest revelations come in the wake of Apple’s high-profile “fight” with the Federal Bureau of Investigation, in which Apple refused to assist the FBI in unlocking the phone used by an alleged mass shooter in San Bernardino, California, claiming it would compromise its incredibly secure password protection technology. But not everyone bought the official story of what really went down between Apple and the FBI. NSA whistleblower Edward Snowden, for one, has said the FBI’s claims of helplessness in that case were “bullshit.”
The latest revelations about Apple’s Messages app are another blow to the company’s trustworthiness, which could have implications beyond the iPhone. Earlier this week, for example, prior to publication of the Intercept‘s article, it was reported that the Apple Watch may soon be able to “track sleeping patterns and fitness levels.” Given that the lie exposed by the Messages app article related specifically to Apple’s location tracking, this could be cause for concern. “It’s not certain how the sleep tracking would work (most likely through motion),” Engadget reports, “but the watch would gauge your fitness by recording the time it takes for your heart rate to drop from its peak to its resting level.” If such information became available to police it would seemingly represent a serious privacy violation, with little legitimate value to law enforcement, but the possibility of this happening seems increasingly likely.
When it comes to saying one thing and then doing another, though, Apple may not be the worst offender. News of issues related to the Messages app broke the same day as a major Associated Press investigation into nationwide law enforcement abuse of confidential databases.
“Police officers across the country misuse confidential law enforcement databases to get information on romantic partners, business associates, neighbors, journalists and others for reasons that have nothing to do with daily police work,” the investigation found.
“Criminal-history and driver databases give officers critical information about people they encounter on the job. But the AP’s review shows how those systems also can be exploited by officers who, motivated by romantic quarrels, personal conflicts or voyeuristic curiosity, sidestep policies and sometimes the law by snooping. In the most egregious cases, officers have used information to stalk or harass, or have tampered with or sold records they obtained.”
Given that the new revelations about Apple’s Messages app originated with documents from a state police agency, the Florida Department of Law Enforcement’s Electronic Surveillance Support Team, rather than some top-level federal agency like the NSA, it seems clear that Apple’s Messages metadata is likely available to a similar range of law enforcement agencies as those found abusing more conventional databases by the AP. Like every other form of electronic communication, the best assumption to make when using an Apple device is that if the government (or any other sufficiently sophisticated actor, for that matter) really wants your information, they’ll find a way to get it.