Replies

Carefully, carefully analyze the paragraph about government and backdoors and you’ll see the loopholes possible.

Possible - we’ll not know until we see what secret “national security” court orders they have been handed.

Not to single out Tim or Apple.

Publicly-held, and many privately-held big businesses, and government, and academia, all work for new world order.

My you are a cynic. Sometimes a cigar is just a cigar. . . and sometimes a company is just telling the truth.

I have read the that paragraph, but you also have to understand the technology and how it is used. The owners of the devices encrypt their data to 128 bit encryption with a key only they have. Apple does NOT have this key. To decrypt such a cypher by brute force using a supercomputer of circa 2012, it has been calculated that it would take quite a bit of time. By the time it was completed, I am certain the data would be useless. How much time?

"'DES' is part of a symmetric cryptographic algorithm with a key size of 56 bits that has been cracked in the past using brute force attack. As shown above, even with a supercomputer, it would take 1 billion billion years to crack the 128-bit AES key using brute force attack."—EE Times, How secure is AES against brute force attacks?

Supercomputers may have gotten faster and more powerful in the two years since that article was written, but not that much better that they can improve significantly on that time factor. . . nor has anyone come up with a miraculous algorithm to solve such an encryption by finessing it.

Apple, not having your personal key, cannot decrypt data with a key it does not have. Even a backdoor will not help. Therefore, when your data is uploaded to iCloud it is already 128 bit encrypted. Apple anonymizes it and then further encrypts it with 256 bit encryption for storage for which they DO have the key.

When you request data from your iCloud account it is decrypted back to the 128 bit level and returned to your device where YOU can decrypt it back to usable format using your key.

The only thing they can provide to the government are data that YOU are a customer, for how long, your phone number and your primary and alternate email addresses (three things they most likely already have), and when you've accessed your account, possibly the size of your database, and they may be compelled to hand over your encrypted 128 bit data which Apple has but cannot decrypt, for whatever it is worth. . . but not what is in it. Good luck to the government agency in its attempt to decipher it.

Contrary to myth, the CIA and the NSA are also constrained by the same laws of computer science that hamstring everyone else. i.e. their supercomputer capacity would STILL take a billion billion years to crack the cypher.

Similarly, FileVault on a Mac encrypts the data on any drive you choose to use it on to a similar level of encryption. Without your password, it is not, at our current level of technology, breakable.

Among the data that Apple devices routinely encrypt before sending them to iCloud are:

Photos
Documents in the Cloud
Calendars
Contacts
iCloud Keychain
Backup
Bookmarks
Reminders
Find My iPhone
Find My Friends
iCloud Mail and Notes (encrypted in transit)

if you choose to read something else into these very plainly written statements that Apple has referenced in their corporate financial documents under penalty of Sarbanes-Oxley, then you'll believe nothing in any document that has to be released under penalty of perjury and draconian penalties. The letter Tim Cook wrote and released, being from an officer of a publicly traded company also falls under Sarbanes-Oxley Act of 2002 and if it found to be false, Cook lays himself open to prison time of up to 20 years and personal fines of up to $10 million. He will have made statements of material fact that could adversely impact the value of both the company and the stock. I am certain that Apple's legal beagles went over these statements before they were released. in the seven years between 2002 and 2007 over 1600 corporate executives were prosecuted under Sarbanes-Oxley, and $1 billion dollars in fines were levied. It is not a toothless law.

This is not something that a corporation would lightly obfuscate or leave "loopholes" in their plainly written statements, where someone could come back and file lawsuits when their data is subpoenaed and the company releases data they said they could not, proving that statement a lie. That is exactly what is meant when it was mentioned in their audited Financial Statement about a potential liability relating to privacy statements. The statements must be truthful and accurately followed.

On the other hand, most data the government is after is intercepted by the NSA at the carrier level. . . where it is not heavily encrypted. Phone conversations, texting, and emails in the clear are mined. Google reads customer's emails and mines everything it get's it grubby mitts on, and converts that data to its proprietary data. Google believes that data belongs to Google and the government therefore can subpoena it from its "owner" . . . which, now, is not you, but Google. You are not Google's customer but rather, Google's product, its inventory, subject to subpoena and seizure. Since Apple never asserts ownership over the data, you own it, and custody remains with you. YOU are the custodian of your data. It does make a legal difference which Apple has been arguing, along with the Electronic Frontier Foundation.