Re: surely the lesson here is...
DougS. Have you seen the security white paper published here:
It makes for an interesting read and the very fact Apple are now being so open about their security infrastructure speaks volumes. Security experts seem to agree it is really rather good, which perhaps shouldn't be surprising for a company of their resources.
Again The Register are continuing the rather dubious trend of quoting commercial security "experts" with a vested interest in seeing the Sky as falling because they sell Sky-fall protection products. Having said that what Katalov has said is accurate, but it is what he has omitted that is interesting.
Look again at the list given in the article:
"The "Information Available From Apple" section reveals all sorts of information is potentially accessible from the manufacturer through this route, for example:
device registration information,
customer service records,
Apple retail store transactions,
Apple online store purchases,
iCloud: subscriber information, mail logs, email content, photo stream, documents, contacts, calendar, bookmarks and iOS device backups and
In general it seems Apple want to be out of the business of overseeing your information. It is simply not where their money is made and it is a point where they now see they can differentiate themselves from Google. But for sure there remain some important caveats.
Before the caveats, the good news:
- iMessage converstations. Apple have made it entirely clear these are encrypted and they do not have the key.
- Encrypted back-ups. iOS8 now encrypts backups by default, using your PIN to add entropy to the encryption key. This may not appear sufficient as most user PINs are only four digits, but the encryption key is supplemented by a local device encryption keys, copies of which (on my reading of the white paper I've linked too) it seems Apple do not keep. I could be wrong. I'm not too bad on such matters and I trust myself I have not misread the document, but I'm not enough of an expert to be prepared to state categorically and for all that my reading is correct - so check the document and make your own mind up. Or if you don't have the tech chops but still want categoric ask Mr Schneier.
- iCloud mail. Apple do not encrypt iCloud mail, but then again, unless it is encrypted your mail is available to be read by all the servers it traverses, so there is little to be gained by encrypting it for storage, except for a protection from the NSA/Law officers being able to conveniently access it from place as distinct from have to work to catalogue it as it is delivered in the clear over "open" infrastructure.
- Apple iOS and Mail products support the use of SMIME encryption. So this is an option. Of course, unfortunately, SMIME is little used because of the hassle verified and secure key exchange implies for users. It remains a highly effective option however and decryption keys will only be stored on the local system and messages decrypted dynamically if it is used (so the messages stored on iCloud won't be readable by Apple or law enforcement).
- iWork office suite. The iWork office suite offers Numbers, Pages and Keynote apps. Documents created in these apps can be encrypted with a local secret (password). Since the datafiles are stored encrypted, the synchronised files will also be stored, on the iCloud servers, encrypted in a form inaccessible by Apple or officialdom.
This will NOT apply if you share your documents with others using the iCloud sharing service (which supports collaboration). Apple will necessarily require machine access to the documents to support this. Similarly if you open encrypted documents in the web interface. Pressumably, at least while the document is open, you are granting Apple at minimum machine access to the unencrypted document.
- Location information. Apple have made it very clear they do not store your location information except briefly when you use networked apps that require use of it. They have to be taken on trust on this one. However generally when a CEO of a public listed company faces an inconvenient truth he will most usually simply avoid discussing it. The fact Tim Cook has been prepared to state categorically Apple do not store location data is, IMO, a very good sign.
The fact is, for Apple to be legally protected, they need to warn of all possible sources of disclosure, hence the list of bullet points for what they can access. When they say:
"iCloud: subscriber information, mail logs, email content, photo stream, documents, contacts, calendar, bookmarks and iOS device backups and location information"
My read is they are not pointing out the subtleties and simply stating the binary data is available. *Some of this will be encrypted and inaccessible to them. Indeed a lot of it, if you are minded to protect yourself that way*
"device registration information,
customer service records,
Apple retail store transactions,
Apple online store purchases,"
Really this shows the list is one that is legally a covering action. They absolutely and positively *need* to have all that information as part of the service they are delivering. They are obliged to keep accounting records of all the transactions as any business is. So none of these can fairly be called a "black mark"
It is easiest for Apple to err on the side of caution and not over promise.
- Any collaborative sharing will render documents accessible to Apple.
- We have to take their word on encryption keys and lack of access to iMessage conversations
- Photos. They are not going to be encrypted and contain location data.
- Contacts, Calendar, Bookmarks - I have no reason to suppose they are stored on Apple servers in anything other than an in the clear format.
Overall, I think this is pretty good for a mainstream, mainly consumer commercial service with cloud integration and really if you want more, you really should be looking at dedicated security solutions. The improvements I would like to see are encryption of stored email and documents by default (even though email would likely have been transacted in the clear and iWork docs can be optionally encrypted by the user) and encryption by default for photos, calendar and contacts as stored in iCloud. Good start though and one Google cannot match without damaging their revenue sources.