Surveillance Firm Says Apple Is 'Phenomenal' For Law Enforcement (appleinsider.com) 34
Secret recordings of a surveillance firm's presentation show how much iCloud data Apple surrenders to law enforcement with a warrant -- though it's Google and Facebook that can track a suspect to within three feet. Apple Insider reports: PenLink is a little-known firm from Nebraska which earns $20 million annually from helping the US government track criminal suspects. PenLink also sells its services to local law enforcement -- and it's from such a sales presentation that details of iCloud warrants has emerged. According to Forbes, Jack Poulson of the Tech Inquiry watchdog attended the National Sheriff's Association winter conference. While there, he secretly recorded the event.
During the presentation, PenLink's Scott Tuma described how the company works with law enforcement to track users through multiple services, including the "phenomenal" Apple with iCloud. Apple is open about what it does in the event of a suboena from law enforcement. It's specific about how it will not unlock iPhones, for instance, but it will surrender information from iCloud backups that are stored on its servers. "If you did something bad," said Tuma, "I bet you I could find it on that backup." Tuma also says that in his experience, it's been possible to find people's locations through different services, although not through iCloud. "[Google] can get me within three feet of a precise location," he said. "I cannot tell you how many cold cases I've helped work on where this is five, six, seven years old and people need to put [the suspect] at a hit-and-run or it was a sexual assault that took place." It's also possible for law enforcement and firms like PenLink which help them, to get location data from Facebook and Snapchat. [...]
During the presentation, PenLink's Scott Tuma described how the company works with law enforcement to track users through multiple services, including the "phenomenal" Apple with iCloud. Apple is open about what it does in the event of a suboena from law enforcement. It's specific about how it will not unlock iPhones, for instance, but it will surrender information from iCloud backups that are stored on its servers. "If you did something bad," said Tuma, "I bet you I could find it on that backup." Tuma also says that in his experience, it's been possible to find people's locations through different services, although not through iCloud. "[Google] can get me within three feet of a precise location," he said. "I cannot tell you how many cold cases I've helped work on where this is five, six, seven years old and people need to put [the suspect] at a hit-and-run or it was a sexual assault that took place." It's also possible for law enforcement and firms like PenLink which help them, to get location data from Facebook and Snapchat. [...]
FUD campaign carries on (Score:5, Insightful)
A subpoena issued by a judge forces someone to disclose all the information they have.
There's no "REALLY Privacy-focused, VERY protective of its customers, SUPER resistant to subpoenas, just DOESN'T comply".
There's no "REALLY welcoming, VERY eager to fuck over customers, SUPER compliant, is just BEGGING to comply"
You comply or you go to jail.
Now ask why the "Apple refused to help unlock a phone" news never comes up for Google.
Re:FUD campaign carries on (Score:5, Insightful)
The fact that iCloud subpoenas catch any criminals at all demonstrates how stupid most criminals are. But it also does demonstrate a major problem with relying on the cloud: crooked politicians can easily acquire the data of dissidents and opponents. Unfortunately, if Apple were to allow you to encrypt that data so no one would have access to it but you, governments would immediately pass legislation to make this and any semblance of privacy illegal.
What we really need are some new Constitutional amendments. Privacy needs to be defined as a right, we need to strengthen 4th Amendment rights by explicitly barring broad surveillance, and we need to guarantee that using cryptography can never be considered criminal and you cannot compel a citizen to hand over encryption keys.
Does that mean a lot more criminals will get away with crime? Of course it does. That's the price we pay for not living like a high tech ant colony the way the Chinese do. Unpunished crime is better than totalitarianism.
Re: (Score:3)
Then host the backup yourself. iPhones still let you do local backups, with optional encryption (highly recommended as iOS will refuse to backup some items if the backup isn't encrypted - things like passwords and such are not backed up if it isn't encrypted).
You can make the iPhone not use iCloud at all.
Re: (Score:2)
What we really need are some new Constitutional amendments. Privacy needs to be defined as a right
As long as copyright exists your constitution doesn't matter, the software industry has been hacking our PC's on an industrial scale since 1997 with the advent of ultima online, when garriot pulled the networking code out of PC RPG's and rebranded them mmo's to confuse a dumb and idiotic public to steal games for profit.
Nowhere is this more in evidence then guild wars 1. The "MMO" you only pay once for. suspiciously, like Neverwiner nights (2002) where you are allowed to host your own multiplayer game.
Then
Re: (Score:2)
The fact that iCloud subpoenas catch any criminals at all demonstrates how stupid most criminals are. But it also does demonstrate a major problem with relying on the cloud: crooked politicians can easily acquire the data of dissidents and opponents..
Well, it's a nice Sunday School version of the concern.
You know what happens when a product becomes "phemonenal" for law enforcement?
The Data becomes The Truth.
Understand that truly corrupt people will now work to manufacture fake data about their opponents. And sadly in the future, everyone will believe it.
Re: (Score:2)
Re: (Score:1)
Sure, but what's the business case for making your cloud service attractive to people who want to avoid subpoenas?
Re: (Score:2)
They could easily do the same in icloud by having it encrypted with keys only accessible to the device
In many cases, that’s exactly what Apple has done with iCloud. iMessage? End-to-end encrypted. Apple doesn’t have the keys. Photos? Encrypted such that Apple can’t access them by default (Apple has tools that allow you to publish photos to the web or otherwise share them publicly, at which point all bets are obviously off). Likewise with a lot of other stuff. But what they’re doubtless talking about here is iCloud Backup, which is an entirely different beast because its most importan
Re:FUD campaign carries on (Score:4, Informative)
Re: FUD campaign carries on (Score:2)
How is that a FUD campaign? The guy doing the presentation doesn't want you to not buy iPhones, as that would actually harm his business. That would be like saying a company that sells Xbox mod chips is just running an anti-xbox FUD campaign. Don't be a moron.
Re: (Score:2)
A subpoena issued by a judge forces someone to disclose all the information they have.
Warrants/subpoenas are so easy to obtain in the 2022 USA that they no longer mean anything with respect to civil rights. If a judge approves 100 straight warrants that turn up nothing, there is no mechanism to hold either them, or the people who request the warrants, accountable. Without end-to-end encryption, the information is open to government with little effort.
Judges rarely if ever get criticized for approving warra
Re: (Score:2)
That's a false dichotomy. Apple doesn't pay you to defend their megacorporation so why bother?
Everybody knows the problems for privacy are key escrow and lack of e2ee. Apple doesn't want to create a secure and private cloud - they certainly could if they wanted to.
Signal does the crypto things correctly and the algorithms are widely implemented. Use Signal instead of iMessage unless you're sure you're not doing anything that could be criminalized retroactively next month (e.g. journalism).
Don't store reus
Re: (Score:2)
AFAIK, your passwords in Keychain are one of the few things in iCloud that are E2EE, and Apple doesn't keep the key.
Re: (Score:2)
Partly because Google separately encrypts different bits of data, e.g. your Chrome browser settings, history and bookmarks are encrypted with a separate key that never leaves your computer.
Your Android device backups are the same.
If they get a legal request for the data they can't supply it. That's what Apple should do.
Re: (Score:2)
What cell phone store can you buy a Google phone from? You can only buy Google phones from Google's website, they're not as popular as iPhones or other Android phones.
where's "today's internet is broken" guy? (Score:1)
innocent until proven guilty (Score:2)
Does PenLink even try to measure the number of cases in which they share information of innocent people?
I'd bet that vast majority of the information PenLink shares with law enforcement is completely benign. Yet those people will be investigated, and their personal information shared with many who have no need to know.
Would be an interesting measurement. Also (Score:2)
It would be interesting to know how many people aren't arrested/charged and how many aren't convicted after the cops see the info.
It would also be interesting if we could compare how many WOULD HAVE been arrested, except the phone data shows they weren't there - it provides the alibi.
My experience, which may defer from the highly unusual cases that make the national news, is that judges are generally pretty good about probable cause and the other fourth amendment requirements. When they get a warrant to sea
Re: (Score:2)
A geofence is a dragnet and can at best provide circumstantial evidence. 'But your phone was there' isn't the strongest argument and doesn't prove anything. Same with 'but my phone wasn't there'.
Re: (Score:2)
I don't know, if a suspect, let's call him JO, says "I was nowhere near my ex's house. I was home all night", but his phone and car drove over to her house at the same time she was killed, to me that casts significant doubt on his story.
On the other hand, if you say "I was at Walmart", and your phone was at Walmart and your debit card was used at Walmart, I'm going to proceed with the investigation based on the high probability you were at Walmart.
Re: (Score:2)
Yeah right, or they just go with 'it is always the boyfriend/husband/male significant other' and build a case to show that - with whatever they can come up with no matter how weak. JO is suspect number 1 no matter if he was involved or not, no matter what his phone records show.
And tomorrow: Any kind of "undesirable" (Score:1)
That does include political opponents or different belief and also people who just do not donate enough to the "right" causes. This is a stepping stone into a nice surveillance state. And before you claim the eternally stupid "I have nothing to hide", it is also bad for the economy as people always looking over their shoulder (which _will_ happen) cannot focus on their work very well.
Not unexpected (Score:2)
Anyway, lesson that should have been known for criminals is, if you plan to break the law, donâ(TM)t use cloud services and only use often trashed burner phones
This is an intentional compromise (Score:5, Informative)
Apple worked really hard to secure the phone well. And when your phone is JUST the phone, it's very hard to get into without the passcode. All that works really well. Every law enforcement agency all the way up to the FBI was pissed, and there was real talk a few years ago about mandating backdoors.
And Apple, years ago, would sorta admit that they needed to secure iCloud more.
And then they went ... quiet about that.
If you were paying attention you've known for years that the uncomfortable compromise has been: it's ok to keep the phones that secure as long as you hand over the backups on request.
If you are worried ... turn off your iCloud backup and back your phone up to you Mac with an encrypted backup.
But this ... this has been obvious FOR YEARS to anybody who paid attention.
Re: (Score:2)
Everybody knows that Microsoft is part of PRISM, but tell them that Apple is also part of the global panopticon and they LOSE THEIR MINDS
The truth is you can't trust basically any devices with any code outside your control, that includes firmware and microcode. A cellphone is a computer within a computer by its very nature (because of the baseband processor) and nobody lets you have that code until a modem is very outdated.
And I am delighted to report... (Score:3)
I have exactly zero personal information in Apple's cloud, except probably information about a couple of free apps I've acquired. My backups are on my computer, nowhere else. My calendar is over at ProtonMail. Two of my three iPhones don't have SIM cards and never leave the house. They're handy douche canoes for thirsty corporations like Google that demand a phone number for two factor authentication.
I'm no genius, and I'm sure I've slipped up, but I'll fix privacy mistakes the moment they come to my attention. My default position is that corporate North America can kiss my rosy ass.
Iphones are phenomenal (Score:2)
"If you did something bad," said Tuma, "I bet you I could find it on that backup."
Just switch off backup when you're living a life of crime.
Cops are stupid;fortunately criminals are stupider (Score:2)
So for most of the time we do see criminals caught - or at least the knuckle dragging ones. But the bright ones? Capitol Hill is their preferred location, I suspect...
Re: (Score:2)
"So for most of the time we do see criminals caught - or at least the knuckle dragging ones. But the bright ones? Capitol Hill is their preferred location, I suspect..."
And even them are sometimes caught by their phones.
Why do people take their phone to do their crimes?
Are they taking an Uber to and from the crime scene?
Not so secret (Score:2)