I’ve written before about how the government could unjustly subpoena Apple for your iCloud backups to receive a copy of literally everything on your phone at any given moment. I knew the threat was very real, but I was forced to write about it in a mostly hypothetical manner because there wasn’t a great example to point toward. Now, we have an example.
Steve Kovach, writing for CNBC:
Apple said it received a subpoena from a federal grand jury on Feb. 6, 2018. According to Apple, the subpoena requested data that belonged to a seemingly random group of email addresses and phone numbers. Apple said it provided the identifiers it had for some of the requests from the DOJ, but not all of the requests were for Apple customers.
Katie Benner, Nicholas Fandos, Michael S. Schmidt and Adam Goldman, reporting for The New York Times:
All told, the records of at least a dozen people tied to the committee were seized in 2017 and early 2018, including those of Representative Adam B. Schiff of California, then the panel’s top Democrat and now its chairman, according to committee officials and two other people briefed on the inquiry. Representative Eric Swalwell of California said in an interview Thursday night that he had also been notified that his data had been subpoenaed.
Prosecutors, under the beleaguered attorney general, Jeff Sessions, were hunting for the sources behind news media reports about contacts between Trump associates and Russia. Ultimately, the data and other evidence did not tie the committee to the leaks, and investigators debated whether they had hit a dead end and some even discussed closing the inquiry.
Kovach, again:
Because of a nondisclosure order signed by a federal magistrate judge, Apple could not notify the people that their data was subpoenaed. The so-called gag order lifted on May 5, which is why Apple only recently alerted the affected users. According to Apple, the subpoena did not provide details on the nature of the investigation.
[…]
Microsoft on Friday told CNBC it received a similar subpoena from the DOJ.
The DOJ doesn’t play fair here. Not only in this specific instance, which was egregious because it represents a Watergate-level instance of a President spying on his political enemies (and at least one member of his own administration, apparently), but in general. At any time, you could receive the same notice from Apple that they had been forced to give the government all your data years ago, and that they’re just now allowed to tell you about it. The Department of Justice has operated with impunity in this arena even before Trump’s corrupt impulses and arm twisting got added into the mix, and they need to be reeled in. The accounts they demanded access to were not government accounts. They were personal iCloud accounts belonging to elected officials, their aides, and even more outrageously, their family members, including their kids.
The DOJ knows this is outrageous, and they don’t like having this conversation. They don’t want you to cause a fuss over your civil liberties or privacy, so they put Apple under a gag order, forbidding them from telling you that they were forced to give the government your data until several years have passed. The incident we’re learning about now actually occurred in 2018, but Apple was just now allowed to inform those whose accounts had been violated. This is egregious. Our elected officials need to hear from us, loud and clear, that despite living in a post-9/11 world and a Facebook surveillance state, we still value our privacy, and are willing to protect it with our votes.
Political pressure may be one of our most effective tools, in fact, because the very small number of tools that are currently available to us are partially effective at best. For example, my suggestion from last year of disabling iCloud backups to safeguard your iMessage decryption key remains useful to protect your messages, but it’s a bit of a hassle and a risk, and it only protects your messages. There’s nothing you can do (besides pulling out of iCloud altogether) to protect data like your photos, notes, voice memos, contacts, your backups, and your iCloud Drive files. But there is something Apple could do.
They need to give us the option to encrypt the entire contents of our iCloud account. Of course, doing that comes with more risk, so they should make sure customers are informed about the risk of data loss and the greater responsibility they would have to protect and maintain their own access to their accounts, and let users opt-in only if they want to. But I bet a lot of users would opt in. Financially, I think Apple could offer this as a free option for customers without much overhead, but they could even charge more for it if they wanted to, whether by rolling it into an iCloud+ tier or charging a separate fee. I’d pay for it, and I’m sure a lot of other people would too, from power users, to privacy advocates, to those working with exceptionally sensitive data. Their most loyal customers and promoters care about this, but Apple currently gives them no good options. Whether it comes down to a paid iCloud service or not, Apple must stand up for their users here.
Perhaps, though, Apple just needed an example; maybe this story about the DOJ (and the gag order expiring) is what they were waiting on. My hope is that they wanted to wait for an incident like this that they could point to to rally public support for end-to-end encrypted iCloud data, despite government objections. It would make some amount of sense, to help sustain themselves (PR-wise and legally) against the gale-force winds that are sure to come from the peeping toms that comprise the law enforcement and investigative communities. It’s basically a redo of the showdown between the Apple and the FBI over the San Bernardino shooter’s iPhone, but with Apple taking a more reactive step forward (whereas last time, they were just refusing to take a step backward). Again, I hope that is the case. And if it is, then Apple needs to know that their customers have their back and will support them through this change and the fight that would ensue.But whether that’s the case or not, we all need to let them know we’re concerned about government overreach, and that we want the option to have ALL the contents of our iCloud accounts protected by end-to-end encryption. Feel free to whip something up yourself, or copy and paste the prompt below into Apple’s iCloud Feedback portal.
Hi. I’m reaching out because I’m concerned about the extreme government overreach we’ve recently learned about regarding subpoenaed iCloud account data. I don’t think it’s right that a government agency can seize private user data without permission or notice.
I’m concerned that there’s no truly secure way to use iCloud. I want the option to have ALL of my iCloud data (including backups, contacts, photos, and everything else) protected by end-to-end encryption. Privacy is a fundamental human right, and Apple users value that right. I believe Apple truly values that right as well, and that’s why I’m hopeful that you’ll soon provide users with an option to protect all of their data with end-to-end encryption.