Skip to Main Content
PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

Apple Still Has a Privacy Problem

The company has taken some laudable steps toward protecting its customers' privacy, but recently revealed DOJ data seizures remind us that Apple needs to work harder.

By Max Eddy
June 16, 2021

On June 10, The New York Times reported that the Trump Department of Justice (DOJ) sought information from Apple regarding two of the then-president’s most prominent critics, who also happened to be members of Congress. Days later, the Times reported that the DOJ also sought information from Apple regarding former White House counsel Donald McGahn. It's an uncomfortable reminder that Apple has given data to law enforcement thousands of times, and that it holds lots of sensitive data to give. 

Transparently Troubling

In its most recent transparency report, which covers January to June of 2020, Apple said it handed over user data to US law enforcement 2,590 times. Apple says this could include (but is not limited to) photos, emails, contacts, calendars, and iOS device backups. Impressively, there were 9,872 requests for data in that period, with the US being responsible for 5,861 of those requests.

To Apple's credit, we can only ponder these numbers because Apple supplies them in the first place. And, in fairness, Apple is not alone in its disclosures. Google, the search giant and operator of the world's most popular mobile OS, reported that in the same period of 2020 it turned over at least some user data 83% of the time. Apple reported that it responded with at least some data 87% of the time.

To someone who writes a lot about privacy, these are eyebrow-raising figures. In the world of VPNs—which I cover for PCMag—disclosing any information is unusual, as is having any significant information to disclose in the first place. ProtonVPN's stance of "as we do not have any customer IP information, we could not provide the requested information" is more the norm. The creators of Signal Private Messenger take a similar position and have actively worked to ensure that customer data isn't available to hackers, law enforcement, or Signal itself.

Granted, most privacy-focused companies are tiny by comparison to titans like Apple and Google. However, these companies have designed their products to gather as little information as possible, and to ensure that whatever information they do retain isn't accessible to them or anyone else. Apple needs to follow this model now more than ever.

Is Apple Really a Champion of Privacy?

In the last few years, Apple embraced privacy as not just a good practice, but also good marketing. It has added a lock-out feature to make it harder for law enforcement to force iPhone owners to unlock their devices with biometrics. Don't like Alexa or the Google Assistant listening to your every utterance? Apple says that its on-device voice recognition can match the competition without sending recordings out for processing.

It's Surprisingly Easy to Be More Secure Online
PCMag Logo It's Surprisingly Easy to Be More Secure Online

Apple has taken an aggressive approach to protecting user privacy from advertising, both on its devices and when its customers are browsing the web. Apple will generate fake email addresses to help you cut down on spam. The company has made it easier to see what apps are monitoring you, and given consumers more tools to rein in that monitoring. The fact that Facebook objects to some of these changes has always struck me as a sign that Apple is doing the right thing.

Most dramatic, perhaps, was when Apple was put under pressure to unlock the iPhone of suspects who carried out a mass shooting in San Bernardino, CA. Apple refused, and it was a rare moment of unanimous support across the industry. 

Outlook: iCloudy

Those were high points, but there have been low points as well. Apple caved to pressure to remove an app used by Hong Kong protestors. Of much broader note is that fact that Apple still doesn't encrypt its iCloud backups. In January of 2020, Reuters reported that Apple had actually pondered encrypting iCloud backups and had even told the feds it was going to do so. This apparently never came to pass, for reasons that are unclear. 

iCloud backups are mentioned explicitly in Apple's transparency report as being among the kinds of data it currently provides to law enforcement. These contain most, if not all, of the information on an iPhone or iPad. Macs may also be set to back up data there, too. An iCloud backup can, optionally, include data from Apple's Messages app, which is encrypted end-to-end—except in backups. That may be a chilling revelation for users who assume their Messages data is always secure. Google, interestingly, does encrypt its backups.

The Reuters article presents several possibilities for why Apple reversed course on encrypting backups. Perhaps Apple wanted to play ball with the FBI. Perhaps the iPhone maker foresaw the headaches of angry consumers unable to retrieve their data after forgetting a password. Or perhaps Apple worried that encrypting backups could lead to legislation that would place intrusive limits on encryption—an ongoing struggle.

Real Courage

There is surely a complicated calculus going on inside Apple's steel and glass doughnut about customer privacy. But what is clear is that the current system is not working. There's too much data available, and there are a staggering number of legal requests for customer data. Finally, as the recent flurry of questionable requests from the DOJ demonstrates, the potential for abuse is all too present.

Apple may not be in a position to fight every request for information that it receives, but it can follow the example of privacy-focused companies and simply make user information irretrievable to anyone except users. While it was questionably "courageous" for Apple to do away with the headphone jack, the company has a chance to show real courage and protect its customers at the same time.

Like What You're Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.


Thanks for signing up!

Your subscription has been confirmed. Keep an eye on your inbox!

Sign up for other newsletters

TRENDING

About Max Eddy

Lead Security Analyst

Since my start in 2008, I've covered a wide variety of topics from space missions to fax service reviews. At PCMag, much of my work has been focused on security and privacy services, as well as a video game or two. I also write the occasional security columns, focused on making information security practical for normal people. I helped organize the Ziff Davis Creators Guild union and currently serve as its Unit Chair.

Read Max's full bio

Read the latest from Max Eddy