Apple Shared User Data With Governments, Says WikiLeaks Email

"Please know that Apple will continue its work with law enforcement," reads an email from Apple's vice president of Environment, Policy and Social Initiatives, who reports directly to CEO Tim Cook, according to new documents this week on WikiLeaks. An anonymous reader writes: In the email the Apple executive writes "we work closely with authorities to comply with legal requests for data that have helped solve complex crimes. Thousands of times every month, we give governments information about Apple customers and devices, in response to warrants and other forms of legal process. We have a team that responds to those requests 24 hours a day." The email was addressed to Clinton campaign chairman John Podesta.

But the context is missing, and could show a larger attempt to soften Hillary Clinton's position on encryption. While Jackson writes that at Apple, "We share law enforcement's concerns about the threat to citizens," she later writes "Strong encryption does not eliminate Apple's ability to give law enforcement meta-data or any of a number of other very useful categories of data."
The email also compliments Clinton for her "principled and nuanced stance" on encryption in a December debate against Bernie Sanders. Clinton had said "maybe the backdoor is the wrong door, and I understand what Apple and others are saying about that. But I also understand, when a law enforcement official charged with the responsibility of preventing attack...well, if we can't know what someone is planning, we are going to have to rely on the neighbor... I just think there's got to be a way, and I would hope that our tech companies would work with government to figure that out."

Re:

[dprimary]

Because Apple announced this last year. This is only news to the people that don't pay attention in the first place.

Re: why am i not surpised

[MachineShedFred]

Yeah, how dare they comply with legal court orders rather than risk contempt fines and sanctions!

Re:

[currently_awake]

The US government doesn't give American corporations the choice of saying no. This is why American Corp = Untrustworthy.

Re:

[ahabswhale]

The provide data when warrants are issued. They don't get a choice in the matter. Every other company does the same thing.

Re:

[AHuxley]

AC US Constitutional protections are not a series of blocked tubes to work around to spy on people.
Color of law does not get around the US Constitution.

Re:

[BlueStrat]

Constitution restriction doesn't apply here as actions are done under authorized warrant for law enforcement. That is explicitly allowed.

*Individual*, very specific, and narrow warrants yes, but not general warrants, they are expressly forbidden.

However, our current crop of politicians, bureaucrats, federal judges, and TLAs seem to be of the opinion that they can violate the US Constitution with impunity by waving a 'national security' flag around. Sorry, but national security, illegal drug traffickers, child porn, copyright infringement, etc etc...none of these trump the Constitution and civil rights.

Government no longer honors the limitati

Re:

[superwiz]

but not general warrants, they are expressly forbidden.

You may think so. And it may have been the writers' intent. But the decision about what The Constitution means is relegated to (usually) 9 individuals (currently 8). I am going to go ahead and assume (despite the thin veil of anonymity) that you are not one of those individuals. And until their majority states otherwise in a court case, the choice to use such warrants remains available to the executive.

Re:

[BlueStrat]

but not general warrants, they are expressly forbidden.

You may think so. And it may have been the writers' intent. But the decision about what The Constitution means is relegated to (usually) 9 individuals (currently 8). I am going to go ahead and assume (despite the thin veil of anonymity) that you are not one of those individuals. And until their majority states otherwise in a court case, the choice to use such warrants remains available to the executive.

Oh, I'm aware that the federal government is using general warrants in complete violation of the US Constitution while trying to avoid any cases making it to a SCOTUS ruling, at least until they have the court comfortably packed with friendly justices.

That is the danger of allowing 9 politically-appointed, unelected individuals to be the ultimate power to "interpret" the Constitution, as what the definition and scope of "interpretation" is and encompass

Re:

[AK Marc]

Your desires of what should and shouldn't be done don't affect what is done.

Re: why am i not surpised

[Anonymous Coward]

No. Two-faced liars spewing a totally different hue of vomit in public than the shit they spray with Hillary in private.

All evil motherfuckers. All criminals. All corrupt.

Re: why am i not surpised

[Type44Q]

But at least they're brave. ;)

Re:why am i not surpised

[BLKMGK]

Since when does metadata equal them giving up access to the device? Metadata is things like what IP it last checked an iTunes account with or how many IOS devices you have. Yes, you ARE an idiot.

Re:

[Anonymous Coward]

"any of a number of other very useful categories of data"
Phone number ?
Customer who bought the phone , their name, and address ?
Credit card used to buy the phone ?
Balance on their iTunes account ?
Last time it was accessed ?

There is a heap of data Apple has which does NOT include any data that is on the phone, and when given a valid warrant, Apple and every other company in the world will comply and hand over that data.

This is entirely consistent with Apples stance on protecting user privacy, by encrypting t

Re:

[Wraithlyn]

LOL try harder to hear what you want to hear.

"a number of other very useful categories of data" != "everything".

Re:

[AutodidactLabrat]

Yes, it means everything.
What I like to call "Bartcop's razor" went something like this
Any 'mistake' that adds to the wealth, power or prestige of any corporation
WILL be repeated unless there is a strong disincentive (like prison) to stop it
So yes, "a number of" means EVERYTHING!

Re:

[Anonymous Coward]

Metadata doesn't exist, all data is data.
The government doesn't really care if you just asked for direction, if you are in contact with someone they don't like you are a criminal.

They even kill people just based on "meta"-data.
Ex-CIA director – We kill people based on metadata [veteranstoday.com]
And here is a YouTube clip if you think that veteranstoday just made it up.
Former NSA boss: "We kill people based on metadata" [youtube.com]

Re:

[Anonymous Coward]

Since when does metadata equal them giving up access to the device? Metadata is things like what IP it last checked an iTunes account with or how many IOS devices you have. Yes, you ARE an idiot.

You know what else is metadata?
The key that data has been encrypted with.

That is right, it's just data about the data, not the actual data itself.

Re:

[bmo]

Metadata is more useful.

Contents of email, chats, voicemail, etc., are less important than who you talked to, when, and where. The number of times you communicate with someone says how important they are. It tells people who your friends really are, in spite of what you /say/ about your friends. If $JOE_FBI asks you about $RANDOMPERSON and you say "I don't know $RANDOMPERSON" and the metadata says you talked to $RANDOMPERSON 8 times last week, that's significant. Metadata is also more searchable and com

Faith-based security

[Anonymous Coward]

Closed source encryption = faith-based security.

Re:

[Anonymous Coward]

same as open source encryption, unless you happen to be a mathematical and code genius. similar amounts of eyes review all of them as their are very very few who have the necessary skills to do so.

Re:

[Alain Williams]

I am not a mathematical genius, but I know of some who are and that they have looked at the open source code and said that they are happy. This does not guarantee that they have not overlooked something, but is much better than the closed source scenario where only a few have seen the code - and I do not know who those few are or who they work for.

Re:

[wvmarle]

More importantly:

Closed source crypto: those that have seen the code are restricted by NDAs and usually on the payroll of whoever developed and deploys the encryption. These people have various reasons not to speak out on any potential issues, including back doors. You'll have to wait for a Snowden or Mannings to step up and reveal any issues.

Open source crypto: everyone, including "the enemy" and others with vested interests to break it and reveal exploits can see and analyse the code. They are not bound b

Re:

[Vasheron]

Kerchoff's Principle essentially states that the security of a cryptographic system should depend only upon the secret key and not on the secrecy of the system itself. Indeed in the book Cryptography Engineering, the authors claim that they have reviewed may secret cryptographic systems and all of them had flaws.

Re:

[Anonymous Coward]

Closed source encryption = faith-based security.

Unless you audit everything yourself, you're employing faith based security.

They respond to warrants?!

[BLKMGK]

Total surprise! It's why they've made sure they can't get through their own crypto...

Re:They respond to warrants?!

[Lisandro]

That was my exact first thought. I'm far from an Apple fanboy, but why the hell is the story framed to sound like they're surreptitiously sharing customer data with the NSA or something

Re:

[Feral Nerd]

That was my exact first thought. I'm far from an Apple fanboy, but why the hell is the story framed to sound like they're surreptitiously sharing customer data with the NSA or something

Because that way they get more clicks as the members of the self appointed Apple critics brigade pile in here to vent their rage?

Re:

[ArtemaOne]

I came here to see if anyone had posted this. None of this is even story-worthy. If they have the information they must respond to a warrant.

Re:They respond to warrants?!

[BLKMGK]

Exactly! Metadata is things like IP addresses of logins or names of accounts. These are things they have to have in order to operate and it's not something they can deny a valid warrant. AOL, Google, Yahoo!, and many many other companies respond to these requests. But if they cannot get at the data they cannot turn it over. Some companies, like Yahoo! apparently, give way more than others but if they couldn't get to the data they couldn't and Apple claims they no longer can. Put a good password on your account, your backups, and good grief don't use the cloud. How hard is that? Non-story unless they can show that Apple is breaking the most recent crypto...

Re:

[willy_me]

You can safely forget about that after the calls are concluded

This is the point of encryption. They never have the unencrypted data so there is nothing to forget. If they have the information at any point in time, authorities produce a warrant requiring them to remember that information. This is why the metadata is fair game - the provider (Apple in this case) requires it to operate. But the data contents (email, documents, etc.) are never decrypted by the provider and remain secure.

Re:

[ljw1004]

Put a good password on your account, your backups, and good grief don't use the cloud. How hard is that?

How hard is that? ... pretty much impossible. Don't get me wrong. I used to use my own personal linux server for documents and photos and music. Went through three machines over fifteen years, always with RAID, always with offsite backups. I wrote a frontend to let me browse photo thumbnails quicker than google drive or onedrive.

But it was too hard to meet reasonable family needs. Too hard to share photos with (non-technical) family members. To hard to automatically upload photos+videos from my phone. Too s

Re:

[BLKMGK]

I use some cloud services - photo sharing, email, things like that, if someone sees my vacation pics I don't care. What I don't do is upload a backup of my phone to the cloud. It's stored locally and it's password protected. Yes, the password could be cracked but end of the day I don't save anything earth shattering in it and I've raised the bar significantly - no fappening for me!

Likewise system backups are done locally as is media storage - my storage has grown over the years and been upgraded as needed.

Re:

[BigBuckHunter]

This is the third clickbait Anti-Apple article today. They had the google vulnerability disclosure article and yet another MacBook Pro pooh-pooh article. Apple has always cooperated with LEA warrants and will continue to do so.

Re:

[tlhIngan]

This is the third clickbait Anti-Apple article today.

It's because Apple made the news earlier this week with a product announcement. This brings out all the haters because you know what? Apple stuff leads to ad clicks. So click-bait articles about Apple, especially since Apple is in the news, means lots of ad money.

It's what journalism has evolved into on the Internet - whatever you can do to trick users into clicking your articles for ads. Gawker might have been the first to formalize it from the get-go -

Re:

[dissy]

Apple has already publicly stated exactly this during the FBI lawsuit that clearly no one paid any attention to.

They stated they have and will continue to honor legally issued warrants for data on a specified customer.

What they will not do is hand over data for all customers at once without a warrant, and they would not remove their customers encryption leaving them vulnerable to attack by basically everyone.

Those last two are what the FBI demanded, and failed to sue Apple over.
In fact during the lawsuit Ap

Re:

[Anonymous Coward]

I did a quick review of their iMessage protocol. It uses old and weak cryptographic primitives, and provides no forward and/or future secrecy. You also have to trust Apple to serve the correct public keys. I wouldn't be surprised if the NSA can crack it.

Re:

[BLKMGK]

Because the order was overly broad and was requesting that they build software for the FBI that could potentially be used for additional cases sans warrant. Apple was cooperating with them until the FBI requested that, in fact Apple was cooperating with them prior to receiving a warrant because they understood that this case was of importance for public safety - then the FBI asked for the keys to the candy store and Apple shut them down.

Missing context

[Anonymous Coward]

But the context is missing

That's the whole problem with all of these WikiLeaks emails. We see people shooting messages back and forth but we have no idea what conversations may have led up to, or occurred as a result of, each email. A lot of them are snippets of news articles and other research, looking for opinions and bouncing ideas around. We don't know what decisions were or weren't made based on most of this stuff because we're only seeing a small window into a much larger operation.

"If one would give me six lines written by th

Re:

[MightyMartian]

No it isn't good enough. Injecting cynicism isn't a replacement for context.

Re:

[Anonymous Coward]

And it is amazing how people automatically take the content of these leaks as 100% authentic? How hard would it be for those releasing the information to make a few changes here and there to support their political ideology? Those releasing the WikiLeaks documents as well as those releasing the Snowden information have proved beyond a shadow of a doubt they are using these leaks to drive their political platform. Snowden stole millions of documents but only a small percentage has been released by the gate

Re:

[AHuxley]

AC fake emails don't make party political workers quit.
AC "How hard would it be for those releasing the information to make a few changes here and there to support their political ideology?"
Smart people in the press have some really great experts for that. They look at every word, sentence, name, date, format, font and write up reports.
If anything had been added, altered or changed the press would have found it.
The media world wide has a long institutional memory of been offered altered or fake or hist

Re:

[Sax Russell 5449D29A]

How hard would it be for those releasing the information to make a few changes here and there to support their political ideology?

Extremely hard. Like AHuxley there pointed out, the emails are signed by domain keys and you and me, and everybody else, can validate the authenticity and integrity of every email that has the DKIM. To say that they would have forged an email in a way that still validates through a DKIM validator, WikiLeaks (or some other party) would've had to have stolen Google's and other domains' private DKIM keys. Mind you that these keys are *extremely* well protected, especially on Google's services.

That being said,

it needs to be in your own hands.

[Anonymous Coward]

If you give ANY large corporation data about yourself, they can and will disclose that data to the feds, and a lot of the time to advertisers too.

The only way past all this is to take matters into your own hands. End to end encryption, so no one in the middle CAN disclose the contents. Do not use services that depend on centralized servers. Run your own servers if you have to for your friends and family to use for IM/vidchat/etc.

Stop centralizing the internet, and this will be less of a problem. We're h

Re:

[AHuxley]

Re Or add to the basket every day.
Take up landscape photography. Buy a few books about one time pads online with a credit card and ensure all privacy settings are wide open during the search for a few well written books that review well. Download or buy some steganography apps.
At the end of every email you send on an Apple computer or device add a very small creative photo banner.
Create a small photo of a typed one time pad text and use steganography to hide a new one in every image. With a just few em

Where is your God now?

[RubberDogBone]

Well, this one is for all you Apple fans who jumped up and down and breathlessly supported Apple over the Santa Barbara phone case.

The company you cherished and supported and defended and swore could do no wrong.... was stabbing you in the back and selling you down the river the whole time.

Ha Ha Ha Ha Ha

The truth is, big companies like Apple don't get to become big companies like Apple unless they sell out LONG before they get that big. They've ALL sold out. They ALL happily hand over your data all th

Re:

[ArtemaOne]

You sound ridiculous. Do you know what the US Government would do to a corporation that denied assistance to legal warrants from the judicial branch?

Re: Where is your God now?

[Bing Tsher E]

The same thing any government would do. But it's appealing to act like a few special companies refuse. It could even become a bit of marketing hype for a company to pretend they refuse. Or even that they're special somehow and have designed their system to make impossible not to refuse. All within a shroud of secrecy, and behind closed-source software and trade secrets, of course...

Re:Where is your God now?

[AHuxley]

Re "Do you know what the US Government would do to a corporation .. "
"The One Telco Exec Who Resisted The NSA Has Been Released From 4+ Years In Jail" (Sep 27th 2013)
https://www.techdirt.com/artic... [techdirt.com]
This news just adds to the PRISM decryption and other issues that US brands seem to offer assistance with.
https://en.wikipedia.org/wiki/... [wikipedia.org]
If its important encrypt well away from any and all Apple products, send the communications.
Anonymity is hard to ensure but at least people can get their privacy back from Apple and the mil/gov.

Re:

[superwiz]

Uhm... go to court? It's what's happening to Microsoft. They are refusing to give access to data stored in Ireland. For now, at least, the issue is in the hands of the courts.

Re:

[ArtemaOne]

Right, Ireland. You just made it off topic, but I don't have mod points.

Re:

[superwiz]

Sorry, in which way does MS vs DOJ situation not fit the description "what the US Government would do to a corporation that denied assistance to legal warrants from the judicial branch?"

Re:

[ArtemaOne]

The word "legal" is the key here. They're trying to get something from Ireland, which is more than questionable in terms of legality.

Re:

[superwiz]

The courts have final word in what is legal because their opinion of the meaning of the law is binding. You haven't mentioned why the hypothetical company would deny such government request. If it did so on the basis of a questionable legality of the warrant, the government would do what I originally said they would do. They would go to court.

Not news

[Anonymous Coward]

Yeah, this isn't news. Anyone who followed the San Bernardino case knows the sticking point with Apple wasn't handing over user data to the FBI - they already handed over the guy's iCloud backups, after all - it was being required to write new code.

Essentially once it became clear that they weren't going to be able to get into the device without having to - gasp - do some software development, they balked. But up until that point, they were happily helping the FBI try and access that iPhone.

Apple never has

Re:

[bloodhawk]

holy fuck. I hate apple more than most but you sound like a fucking retard. All companies are required to respond to legal warrants, Including Microsoft, Google and Any open source based companies or organisations. grow the fuck up.

wikileaks must be fore this

[gumbi west]

I'm confused, isn't wikileaks pro-sharing? Isn't that all they do?

it's the law

[YesIAmAScript]

What did you think they did?

They make changes to make it impossible to turn over your data. But that will never be the case for some kinds of data, like when you last accessed your account, etc.

Re:

[fred911]

It's not with disclosure by warrant, it's disclosure by " other forms of legal process". I don't know of any other form of legal process that permits release or use of any user data without the user's express permission (including "metadata").

Not a huge Apple fan...

[Zontar The Mindless]

...but the headline is a bit clickbait-y.

How about you let us make our own judgements?

In this case, the facts seem to be that Apple follows the law, and that it's reluctant to enable a back door.

In other news...

[jmcvetta]

In other news, water is wet, the pope is catholic, and bears shit in the woods.

This just in!

[jodido]

In what must be the biggest surprise story of the week, Apple, a big corporation, acts like a big corporation. Jokes aside, the government is *Apple's* government, not yours. Like it's Exxon's or Monsanto's, or Koch whatever. It's called capitalism, a lot of you say you like it, so don't get all outraged when capital rules. And you don't.

Apple fanbois pot calling kettle black

[juniorkindergarten]

To all the Apple fanbois:

You're the pot calling the kettle black! You jumped all over Blackberry when they worked with governments.

Looks good on ya!

not nuanced enough

[superwiz]

The subtle difference between sharing data and writing a non-existent program to access data inside a device when no such program currently exists remains the key. Of course, Apple shares data which they have and can provide when they get subpoenas. They probably do it even without subpoenas under the assumption that the government is a good-faith actor. But such assumption was not enough (as far as we know) to force Apple to write a program which would have made hacking into their own devices possible.

Not entirely news

[cfalcon]

I was going to say it isn't really news- but it sort of is. The new part is that Apple is using their stance as a defense in emails to powerful people. The old part is that (a) Apple has metadata that is available to them and (b) Apple shares everything that they can with any government that asks. Apple will deliver, when given a lawful order, metadata, anything that isn't encrypted, and anything that they can decrypt. This includes everything in icloud.

This should, frankly, not be a surprise, but if yo

Deja vu all over again - Scooter

[thunderclees]

Citizen 4 had already shown in a leaked document (a PowerPoint of all things) that Apple, Facebook, Micro$oft, Google amongst others were already on the alphabet mafia payroll.

Re:

[Alain Williams]

I don't know why the parent is moderated troll. If you want to be secure that is the correct assumption to make: be it true or false. The only safe machines are the one that you control - physically; nothing in the cloud can be 100% trusted.

However: there are levels of trust; how much of a target are you, how dangerous/important are your secrets ? For most of us most vendor/... security is sufficient since we are unlikely to be of interest to government spooks. But: get active politically, or in a trade uni