Apple granted Andrew Griffin of the Independent interview time with executives — including Craig Federighi — and access to their testing facilities, as they explained their privacy and security model. I appreciated Federighi’s reaction to the recent emphasis on privacy by Google and Facebook. But this, I think, is something of a dodge:
Federighi says that the location data is stored in matters less when the amount of information collected is minimised, and any that is is stored in ways that stop people from prying into it.
“Step one, of course, is the extent that all of our data minimisation techniques, and our keeping data on device and protecting devices from external access – all of these things mean that that data isn’t in any cloud in the first place to be accessed by anyone,” he says. By not collecting data, there is no data for officials in China or anywhere else to read or abuse, Apple claims.
This claim goes uncontested by Griffin, but it’s wrong. All iCloud data created by Chinese users is stored in China; even the iCloud user agreement for Chinese users is between the user and GCBD, not the user and Apple. Also, Apple’s software actively encourages customers to use iCloud services from a few moments after they power up a device for the first time. It is therefore misleading, at best, to state that Apple collects less data. The company may not collect behavioural data to the same extent as its competitors, but that does not apply to user-provided data.
The next paragraph is similarly misleading:
What’s more, Federighi argues that because the data is encrypted, even if it was intercepted – even if someone was actually holding the disk drives that store the data itself – it couldn’t be read. Only the two users sending and receiving iMessages can read them, for example, so the fact they are sent over a Chinese server should be irrelevant if the security works. All they should be able to see is a garbled message that needs a special key to be unlocked.
End-to-end encryption that allows decryption only by the sending and receiving parties is not universally applied to data stored in iCloud. While iCloud data is stored in encrypted formats, the vast majority of the keys are held by Apple and those files can be decrypted by request. Again, this claim is not subjected to further questioning in this story.
Update: After re-reading this, it’s clear that my disputes are with the reporter’s explanations, not Federighi’s. For example, in the second quote, there is no quote from anyone at Apple, and Griffin seems confused by the different kinds of encryption that are possible. In the first quote, Griffin is overly reductive.