
Apple’s Commitment to Customer Privacy - nier
http://www.apple.com/apples-commitment-to-customer-privacy/
======
quaunaut
Okay, a few things I'm just plainly getting pissed off about every time I see
these threads.

* Bitching about the words "direct access": Guess what, these are words, they have a meaning. They're saying that the government can't view the database directly, they can't determine what they get to see, and they don't get to pull it up whenever the fuck they feel like it. And guess what? That means something. I swear, everyone obsessing over the words "direct access" goes on record as one of the most idiotic things a lot of really smart people get obsessed about.

* Most of these companies are effectively saying they're agreeing to subpoenas, with the one difference being that NSA warrants can't be reported by the companies involved. This is still infinitely more tame than the previous claims that the Guardian has been walking back this last week(let alone the entirely ridiculous argument Snowden put out there saying they can 'watch your thoughts form as you type', which gets even more funny when you consider the only service listed that transmits your typed data is GMail).

* There is a lot to be concerned about here- no mistake about it. But right now, there's a lot more holes in Snowden & Co's story than the opposite. It's still troubling, the attitude taken by some of those at the highest echelons of government, on the whole subject- but the accusers have a lot of explaining to do, if you've been paying attention.

~~~
stiff
Ad. 1 I think you are missing the point - "not providing direct access" is a
bit like Bill Clinton saying he did not have sex with Monica Levinsky, if some
company sends some institution a complete database dump of all customer
personal data it is not "direct access to the servers" but it is just as bad
in terms of privacy implications, so the phrase means nothing in the end.

~~~
necubi
Are you bothering to read these things, or just searching for the term "direct
access" and calling it a day?

From the statement:

"Regardless of the circumstances, our Legal team conducts an evaluation of
each request and, only if appropriate, we retrieve and deliver the narrowest
possible set of information to the authorities. In fact, from time to time
when we see inconsistencies or inaccuracies in a request, we will refuse to
fulfill it."

From Google's:

"Until this week’s reports, we had never heard of the broad type of order that
Verizon received—an order that appears to have required them to hand over
millions of users’ call records. We were very surprised to learn that such
broad orders exist. Any suggestion that Google is disclosing information about
our users’ Internet activity on such a scale is completely false. "

What about that is weasely or unclear to you? They categorically deny
providing broad data to the government. Of course they can't say they don't
provide any access, because they're obligated by law to comply with warrants.
But the accusation was that they provide direct access (those words that you
all are so obsessed with appear in the Guardian article), with the implication
that the NSA can just go and take whatever data it wants with no oversight.

Unless you believe that Apple, Google, et al. are just plain lying, that is
clearly not the case.

~~~
vidarh
Notice that the paragraphs immediately before that specifically talks about
data passed to law enforcement and plays down the type of requests, after the
paragraph before that talks about national security.

Since when would anyone start to lump NSA in with "law enforcement". The focus
on law enforcement in general in that statement is curious since that's not
really what all the noise has been about.

Maybe their PR team are just a bunch of buffoons that have still not realised
that these statements gets dissected, but it is rather odd that they when
releasing a statement to try to stem criticism based on their previous choice
of words again choose wording that is so ambiguous

In fact, if I were to trust this (and I can't decide if I should), my main
reason for trusting them is that I'm wondering if they wouldn't just flat out
lie and give a much stronger denial if they are in fact feeding the NSA with
tons of data.

~~~
jpalomaki
I think the rules said the companies are not allowed to disclose the exact
amount of FISA requests. Instead they need to bundle them together with other
requests from law enforcement.

~~~
vidarh
They are not saying they are bundling them together - they are saying these
are requests from law enforcement. It could just be a sloppy PR department,
who knows.

~~~
amirmc
Since multiple PR depts are saying largely the same thing, I'm inclined to
believe this is what they've been informed they can release.

------
evadne
> For example, conversations which take place over iMessage and FaceTime are
> protected by end-to-end encryption so no one but the sender and receiver can
> see or read them. Apple cannot decrypt that data.

I don’t know, then, why when I do an iCloud restore on a brand new device, all
existing messages are recovered. Is this a way to recover all past messages
that’s not really addressed, if I can still recover all historical messages
after replacing all devices connected to an iCloud account at once?

Cursory links:

[http://security.blogoverflow.com/2012/09/qotw-34-imessage-
wh...](http://security.blogoverflow.com/2012/09/qotw-34-imessage-what-
security-features-are-present/)

[https://github.com/meeee/pushproxy](https://github.com/meeee/pushproxy)

[http://imfreedom.org/wiki/IMessage](http://imfreedom.org/wiki/IMessage)

~~~
atirip
Hmm, if they are encrypted with your password and Apple does only store hash
of that password for login and encrupted messages then everything is ok? I
assume that when you change your iCloud password, the old messages are not
visible anymore. Anybody to verify that?

~~~
nknighthb
> _I assume that when you change your iCloud password, the old messages are
> not visible anymore._

I'm not sure why that would be true.

I posit that such a system _could_ work like this:

* An asymmetric keypair (e.g. RSA or ECC) is generated and stored on Apple's servers. The private key is encrypted with the user's password, which is not retained by Apple except in a hashed form.

* When a device is added, the private key is decrypted using the password and sent to the device.

* When your password is changed, either A) the private key is decrypted with the original password, and re-encrypted with the new password, or B) the private key is decrypted, used to decrypt all data, thrown away, and a new keypair is generated, with which all data is then re-encrypted.

It is, of course, obvious that Apple could, in theory, capture your plaintext
password somewhere in there and use it to decrypt messages.

There are ways around this, such as devices doing the key decryption locally
and only ever sending a derived/hashed form of your password to the server,
and using a different derived/hashed form for encryption.

However, since you can log in to iCloud and Apple's store with your Apple ID
in a browser, there is still no effective defense against Apple capturing your
plaintext password (unless you care to perform a detailed inspection of a
bunch of JavaScript every single time you load any content from Apple's
servers).

~~~
atirip
But this is totally different thing. One is what some company stores by their
IT design and then what some agency can require of that data. Second is
whether some agency can force/ask some company to do more, to do active spying
by that agency spec. So for example, if company X does not log locations, can
NSA force them to start doing that? What else can NSA by law force private
company X to do? Can they for example force CEO to stalk user Y by foot? If
they can not do that, how can they force to develop IT-systems to do that? So
when NSA ask to turn location tracking on, and company Y refuses, then what?
CEO goes to jail?

~~~
nknighthb
Yes, I was responding to what your first comment said, which is, indeed,
entirely unrelated to what you've now brought up.

Did your first comment not say what you meant?

~~~
atirip
Did, did, i just responded to your (and some other respondents) remarks that
Apple _could_ do something they said they are not doing (like catching plain
passwords). The fact is when company really-really wants to stalk you, they
can.

------
oleganza
I'll put this note here.

If you are being angry at Apple, Google, Microsoft and others for being
dishonest about managing your data, you are being dishonest yourself.

Apple does not have army of policemen, courts, flying drones, space programs,
military operations all over the world and monopoly on finance, education,
roads, telecommunications and other important areas.

Government has. Whatever shit government forces other people to do to you is
entirely government responsibility. Apple can and will happily operate and be
nice to privacy without NSA intrusion. But the nature of NSA is that Apple
_must_ comply under threat of violent coercion and also must play whatever
game NSA makes them to play (e.g. maintain secrecy of the warrants).

If you are angry, your _entire_ anger should be forwarded towards the
government — the monopoly of violence masking itself with a "common good" and
"social contract" and making nasty things all over the world at your expense.
If you are angry at your fellow citizens because of that kind of shit, you are
being manipulated into a civil war by people with power.

~~~
josteink
_If you are being angry at Apple, Google, Microsoft and others for being
dishonest about managing your data, you are being dishonest yourself._

I'll admit to being disappointed, but I will say this: I'm not angry. What it
all boils down to is trust. Do I _trust_ you to keep my sensitive data secure?

Given the recent events and disclosures we've had regarding the exteme over-
reach of the US intelligence agencies, it's very easy for me to say: No, I
don't. Not anymore.

I cannot trust any US-based, US-operated or operated-elsewhere-US-owned
subsidiary to keep my data secure.

That's not your fault, but it _is_ your problem, because I will be taking my
data and business elsewhere. And you cannot regain my trust until your country
improves its privacy outlook, so for your own sake, I would start lobbying if
you already haven't.

~~~
snitko
Lobbying doesn't solve something like that. For any company, potential
problems with a government are more dangerous than losing some of its
customers - because government, if it wishes so, can cause this company to
lose a lot more money or shut down completely. It's not companies' problem
that they are forced to give up your privacy, it is precisely your problem,
because you supposedly gave this system of governance legitimacy.

~~~
josteink
_It 's not companies' problem that they are forced to give up your privacy, it
is precisely your problem, because you supposedly gave this system of
governance legitimacy._

Just for clarity: I suspect you mistake me for a US citizen. I'm not.

~~~
snitko
Doesn't matter. Just because some guy revealed US government spies on people
doesn't mean it's only the US who do this. Every government does this to the
extent of its capabilities (example:
[https://news.ycombinator.com/item?id=5830994](https://news.ycombinator.com/item?id=5830994)).
It's the system, not some particular government. If you vote, whoever you vote
for - you're giving this system legitimacy. Don't be mistaken by thinking some
governments are nobler than others. Some are better at appearing nobler or
worse at doing bad things. But they all will try and coerce businesses into
doing things they want given the opportunity.

That's why taking your business out of one jurisdiction to another hardly
solves the problem. The source of the problem is the system of governance, not
unjust businesses.

------
doctorpangloss
Apple's statement about iMessage security is inaccurate.

Apple signs your device's certificate used for secure iMessage communications.
Apple can always generate a new certificate for you and provide access to its
root keys to impersonate you and read subsequent messages.

While it has forward secrecy, iMessage, and indeed no PKI encryption system,
is secure from a rogue root authority.

~~~
szc
I think you misunderstand asymmetric encryption. you have also confused the
two uses of asymmetric encryption;

(a) to prove identity -- a digital signature (b) to provide confidentiality --
encryption

If the _secret_ part of an asymmetric key is generated on a device and it
lives and dies on that device, Apple doesn't have it -- the device does.
Messages encrypted using the public part of that key can only be decrypted
with a device that has the key.

Your augment regarding PKI encryption systems is flawed. You don't need or
care about a "root authority" to provide confidentiality. If your assertion
is/was true, how can or does PGP work? (Hint: signing _only_ affects
identification and authenticity of a message)

~~~
defap
_If the secret part of an asymmetric key is generated on a device and it lives
and dies on that device, Apple doesn 't have it -- the device does. Messages
encrypted using the public part of that key can only be decrypted with a
device that has the key._

But he wasn't describing a technique for decoding messages that have already
been sent. He's only claiming an attack on future messages.

With control of the CA, the attacker can just advertise a bogus public key for
the victim in the key server, giving him access to future messages. He can now
intercept and relay.

~~~
szc
Future messages would need to be encrypted using the new key.

If the protocol announces when a new key is added to the "encryption set" how
can you get away with that?

(when you add a new device to iMessage all the other devices "see" the new
device being added and tell you about it).

It would be great to see a comparison between OTR and iMessage.

~~~
fpgeek
> (when you add a new device to iMessage all the other devices "see" the new
> device being added and tell you about it)

And who writes the software on those devices that tells you about the new key
again?

Based on what I'm reading, absent physical access to one of the devices
authorized for using iMessage at the time, past iMessages should be safe. But,
given the apparent ease of adding new authorized devices, tapping future
iMessages sounds like it wouldn't be hard.

------
nwh
> For example, conversations which take place over iMessage and FaceTime are
> protected by end-to-end encryption so no one but the sender and receiver can
> see or read them. Apple cannot decrypt that data.

I don't see how this can possibly be true.

I can sign into iMessage on my MacBook, and then into the same account on my
iPhone and see the same messages. The only shared secret between the devices
is my password, which means that the private keys must be derived directly
from them. As Apple sees my password in plaintext fairly regularly, this is
almost next to useless in situation where they are forced to reveal private
messages by a government.

Given that the client still can't even keep messages in chronological order
(even after the update), I severely doubt their encryption is implemented
correctly either.

~~~
danielsju6
Actually the devices share a key bag, the popup notifying you when other
devices are using your iMessage information comes up during this exchange. The
fact that the messages don't immediately show up on other devices and can be
out of order speaks to this P2P cryptographic style.

You can search for analysis of their protocol, I've done some dissection and
it's pretty solid.

~~~
smackfu
How does this address the concern though? Since a user only needs a password
to access past sent messages, the security is only as strong as that
password... and Apple can pretty easily circumvent any password related
security since they are the ones verifying it.

~~~
danielsju6
True, you only need your password to issue a new key set to the keybag; you
can actually monitor the protocol for devices that are distributed your
decryption keys (including Apple if they were spying) and you get a popup on
each device alerting you to this. It is possible Apple could create a back
door for them to issue a certificate set to your keybag without your
permission but that would be a can of worms for them, I'm actually comforted
by the fact that they'd much prefer to keep end-to-end encryption for their
own liability.

~~~
nwh
I wouldn't for a second trust that Apple /doesn't/ have the ability to do
this.

------
beloch
Apple, Jobs especially, has historically been somewhat cozy with Washington.
For the sake of argument, let's say that, hypothetically, Apple is doing work
for the NSA beyond what they've admitted to.

1\. Apple is a famously compartmentalized and secretive organization. If
Google, Facebook, Microsoft, etc. could keep what they were doing a secret
until the whistle was blown on them, Apple can too.

2\. So far, the whistle has not been specifically blown on Apple.

3\. The worse it is, the less likely Snowden had access to it.

4\. An admission of guilt would shake trust in Apple as badly as being exposed
by a whistle blower, so there's no motivation to do the former in order to
prevent the latter.

If Apple's gotten their hands dirty, they're not going to admit to it. I'm not
accusing Apple of anything. I'm just pointing out that this press release is
utterly and totally meaningless unless you _trust_ the NSA and people working
with them not to lie to you.

I may sound paranoid but, in a country where the government has given itself
the power to coerce companies into spying and legally prevent them or their
employees from revealing the truth, there is no room for trust. It is not
possible to trust the statements of any U.S. corporation as long as the U.S.
government clings to this power. Obama may be trying to sell the U.S. public
on the idea that the safety gained is worth the privacy lost, but the real
issue is the death of trust.

~~~
rdouble
Steve Jobs was never cozy with Washington. There's no evidence that he ever
interacted with anyone in Washington. Apple didn't even have any lobbyists
until Tim Cook became CEO.

[http://www.bloomberg.com/news/2013-05-21/apple-chief-
talks-t...](http://www.bloomberg.com/news/2013-05-21/apple-chief-talks-taxes-
in-pushback-to-heat-in-washington.html)

~~~
amirmc
"Apple didn't even have any lobbyists until Tim Cook became CEO."

I don't think that's true. From personal anecdote, I've met one of Google's
European lobbyists and during the conversation he spoke about how his
counterparts in Apple worked. If they had people in Europe, I'm sure they had
them in the US. Perhaps they don't spend much on lobbying but it seems almost
foolish _not_ to have people on the ground when you're as big a company as
Apple. If only to keep an ear to the ground regarding political winds (who
wants to be blindsided by regulatory changes?).

Edit: This doesn't mean they were 'cozy' with anyone, I'm just pointing that
they likely existed.

~~~
rdouble
I interpreted the article to mean that the lobbyist Cook hired was the first
one, but I guess it doesn't really say that. It does say that Apple maintained
a very low profile in Washington until recently, and still spends about 1/4
what Facebook does in lobbying.

------
djf1
"The most common form of request comes from police investigating robberies and
other crimes, searching for missing children, trying to locate a patient with
Alzheimer’s disease, or hoping to prevent a suicide."

Such a broad range of things included in 'the most common form of request'
really reduces the power of the statement.

~~~
gkoberger
On the contrary, I think the point is that they're all relatively mundane
compared to "uncovering terrorist plots!", which has been the alleged
motivating factor behind this whole situation.

------
andrewljohnson
Notice how Apple's PR strategy always involves waiting. They never speak up
until after the main fury has died down. It's like when a person is being
yelled at, sucks it up, waits 20 seconds, and then calmly responds.

It worked in Antennagate, and they are catching a lot less flak for their
statement than Google and Facebook, who stepped into the melee right away.

------
Sealy
I read that as. "The US government told us to say this (in order to reassure
our customers...)"

~~~
speeq
Me too. Every statement I've read from various companies seem to be the same.

------
josephlord
_" From December 1, 2012 to May 31, 2013, Apple received between 4,000 and
5,000 requests from U.S. law enforcement for customer data. Between 9,000 and
10,000 accounts or devices were specified in those requests, which came from
federal, state and local authorities and included both criminal investigations
and national security matters."_

This looks pretty good (assuming it is honest) with only one possibility for a
big weasel worded escape which if they are using they might as well lie.

It doesn't say "information was requested" or "information was provided" for
only 9,000-10,000 devices but that only that number were _specified_. If there
were orders that didn't specify devices and accounts (e.g. all messages
globally). It might be that this is to cover the fact that those communicating
with the specified devices would have some information revealed or it might be
that the "specifed devices" figure is misleading.

If anything these numbers are suspiciously small (once the local police
department regular investigations are removed). Unless there is a significant
breadth to the requests you have to wonder if the FBI (and NSA/CIA for non-
citizens) are doing enough targeted requests to track real suspects. Following
this line of reasoning you could conclude that they don't need to!

~~~
Zr40
> It doesn't say "information was requested" or "information was provided" for
> only 9,000-10,000 devices but that only that number were _specified_.

Actually, it does say that: "were specified _in those requests_ ".

~~~
josephlord
I don't think that I explained well enough.

The number "specified" may be less than those information is provided on in
the resulting report. "All devices in the US" does not specify any devices but
it includes rather a lot.

In a more limited way a request for a specific users details could also
include traffic information about first level contacts (and possibly more -
try seven degrees and see how few requests you can make to get all the
company's details).

Now a plain reading of "all the devices in America" would suggest that it
specified millions of devices but the NSA like their wordplay and they might
only mean when specific devices are requested rather than included in another
request.

Note that Yahoo doesn't mention the number of accounts specified. Possibly
they thought that might be too misleading.

[1] [http://yahoo.tumblr.com/post/53243441454/our-commitment-
to-o...](http://yahoo.tumblr.com/post/53243441454/our-commitment-to-our-users-
privacy)

------
eightyone
Don't we already know that Yahoo fought hard against PRISM? Why are all of
these companies lying so blatantly by saying they've never heard of it?

~~~
brown9-2
Because the government doesn't tell companies required to provide them
information under FISA what the NSA calls their in-house analysis software.

------
natch
"Apple cannot decrypt that data"

Right. No doubt true.

But there is a catch... and this is a big catch.

Even if the key generated on a device lives and dies on a device, it can still
be an insecure key if it is generated by an insecure process like
concatenating a well-generated but short (low number of bits) key with an
escrowed, possibly public-key encrypted, "LEA" (law enforcement access) key.

~~~
szc
Skipjack is dead, extinct.

If this were true, it would be possible to find it by disassembling iOS. There
would also be a suspicious "unexplained" payload that accompanied anything
that was encrypted with a symmetric key.

~~~
acqq
Interestingly enough, famous "_NSAKEY" was found only after Microsoft forgot
to remove the symbolic debug info of the internal code of the DLLs:

[http://web.archive.org/web/20000617163417/http://www.crypton...](http://web.archive.org/web/20000617163417/http://www.cryptonym.com/hottopics/msft-
nsa/msft-nsa.html)

I believe the second key remained to exist, only as "KEY2"

------
geuis
All of your friends say to you, "Your girlfriend is cheating on you." Some of
your friends you trust very deeply. Some only moderately so. But you love your
girlfriend. You think about some inconsistencies in her behavior in the last
few months which makes you suspicious. But on the other hand, her explanations
make sense and have supporting evidence of their own. Do you choose to believe
a group of your friends, or your significant other?

We all guess how this story plays out, as it often has before. The friends are
right. Some of the friends don't even know each other, so its confirmation
from different points of origin. The girlfriend does something stupid and gets
caught in her lie. You feel stupid for believing her, break up, move on with
life, etc.

But what about the cases where the opposite is true.

It turns out that several of your friends actually have a few friends in
common that they don't know about. One of them starts a rumor that gets slight
confirmation by a couple of random events: The girlfriend is seen talking to a
guy from college she was friends with. She is overheard on the subway late at
night in a heated argument with someone about her boyfriend. Stuff like that.

The same stories build up and mutual association of close friends tell you
that she's up to no good. You choose to confront her, and in either situation
you believe her explanations or you think she is lying, when in fact she is
telling you the truth.

I know this is an odd allegory. I think that what I'm trying to say is that we
are now at a point where reasonable people will start making choices such as
either "The government is watching everything I say online" or "The government
is only doing routine requests for mostly good causes". People who are more
conspiracy minded, myself included, start choosing the "watching everything I
say" argument, while other folks take the "mostly good causes" approach.

We've now seen at least 5-6 of these public announcements from companies like
Apple, Facebook, and Google that more or less are saying the same thing. They
respond to legitimate government requests but push back against seemingly
illegitimate ones. And on top of that, the requests are small in number in the
10-20k range.

We can either say that a) the NSA/FBI are only doing moderate numbers of
requests and not wholesale collecting and monitoring us like 1984 on steroids,
or that b) they're collecting more information about us than they care to let
on and all of our worst 1984-esque fears are coming to pass.

To any readers of this that read anything else I write, I'll say this: I lean
towards the latter.

I am an admitted layman (don't ask me to do advanced math), but I try to stay
informed about the directions that technology is leading us and its effects on
society. I'm what you might loosely call a "Singulitarian" in that I feel
justified in stating the transformative effects of technology over the next
20-100 years will be far different than anything we've ever experienced
before. We're already in the low end of the hockey stick.

I see that right now, including the last few years and a few years into the
future, we are living in the 1984 Orwellian state. A little bit gentler and a
lot shinier, but basically 1984. But this won't last. Right now the NSA is
building a massive data center in Utah,
[http://www.sltrib.com/sltrib/politics/56461026-90/nsa-
data-u...](http://www.sltrib.com/sltrib/politics/56461026-90/nsa-data-utah-
center.html.csp). That gives them the ability to capture and store more data
than there are stars in the sky. But this is only temporary. As with all
technology, this eventually will scale out to be accessible to all of us.

What is 1984 like when its 2084 but the State is everyone you know and
possibly everyone in the world?

So it summarizes like this (note my distaste for TLDR):

Many large companies are spouting the same line right now. We only cooperate
with legal government requests, and there aren't that many requests.

This has been going on for two weeks and like all humans, we're getting burned
out. Most of us will decide one way or another that the government is spying
on us and move on. We'll either not care of be slightly more cautious of what
we say/do online. Not that it will help. Either way, your next paycheck is
coming, rent is due, oh a bachelor party!, look at the shiny Google/Apple
thing!

I don't claim to have an answer. I'm not going to change much of what I do
online. I'm not a violent revolutionary, though I'm beginning to think its
time for US Govt 2.0 through more peaceful means.

Anyway, if you made it to the end of this congratulations. If you're in SF,
buy me a beer and I'll continue at length.

~~~
hobbes
> I'm not going to change much of what I do online. I'm not a violent
> revolutionary

The problem with this whole scenario is not how you view yourself, but how the
government views you. They define if we are a threat, not ourselves.

~~~
RexRollman
And look who has been defined a threat in the past: civil rights leaders,
protesters, and those with political differences.

------
eightyone
Why are these companies only publishing requests from the last six months?
That seems like a rather short time span.

~~~
smackfu
Presumably because that's all the government authorized them to say.

------
iandundas
> Any government agency requesting customer content must get a court order

This doesn't count for much given that they use secret courts, though.

------
quantumpotato_
"Between X and X+N" requests/devices".. why can't they say the exact amount?

------
esolyt
I was really hoping not to see the phrase "direct access" this time.

~~~
pilif
But we get another statement that iMessages is end-to-end encrypted. Apple
continues to state that, but there's also some evidence to the contrary. Like
newly authorized devices being able to somehow retrieve the chat history.

Someone more capable than I should really investigate iMessages.

~~~
r3m6
"Apple can not decrypt it" \- does it mean somebody else can? Or is it
encrypted at a level that is virtually unencryptable with today's technology?

~~~
natch
It could mean somebody else can, because of key escrow and partial key escrow.
Even if the key is generated on the device and stays on the device, you have
to look at how the key is generated. With key escrow, the messages can be
secure against attacks by everyone except those who have the escrowed portion
of the key.

~~~
szc
And to do that you _must_ _also_ transmit the escrowed part of the key in the
protocol -- which is 100% detectable as a blob of " _extra_ but seemingly
unnecessary data".

Do you see that? Does anybody see that? Has anybody seen that?

------
ForFreedom
They should have a comment box for people to comment.

------
mr_spothawk
"We don't offer backdoor access for our hardware either."

whew... so glad to see that in there :)

~~~
brisance
"You'll have to find it yourself or get a court order." :)

------
aet
Worthless statement...

------
throwaway10001
_Apple has always placed a priority on protecting our customers’ personal
data, and we don’t collect or maintain a mountain of personal details about
our customers in the first place. There are certain categories of information
which we do not provide to law enforcement or any other group because we
choose not to retain it._

This is why Facebook and Google are a nightmare scenario for privacy, they
retain everything and then some to profit from it. If they have it (and boy do
they have info on users,) NSA and FBI can easily obtain it, all in one place.

~~~
RexRollman
That is because, at the end of the day, Facebook and Google are advertising
companies and Apple is not.

