Thursday, 18 September 2014

Apple's new privacy policy locks out law enforcement, but not completely



Privacy issues have come to forefront of the tech world thanks to recent controversies over how corporations share our information with the government. In December of 2013, Apple formally denied working with the NSA to help spy on the phones of iPhone users, but worries remain among some users that their devices aren't secure from various forms of law enforcement.


Apple's new privacy policy should put an end to those worries, thanks to both changes in its security practices and statistics released by the company about how often information is requisitioned by law enforcement. If you're worried about security, Apple's answer is to install iOS 8. Under iOS 8, all of your information is locked behind your personal passcode.


Unlike manufacturers of Android devices, Apple is unable to bypass your passcode and access your device, putting the company in an ideal situation for denying search warrants for your information. Apple claims that with iOS 8 it is technically impossible for the company to comply with government warrants to data extraction without your personal passcode.


Of course, better security isn't absolute security; Apple is still required by law to turn over user data that is stored on services such as iCloud with a proper subpoena. Backups of photos, emails, and more can be requested by law enforcement if they're stored on your iCloud account rather than your device. Third party apps that store information in the cloud will have their own rules about sharing information.


Apple's privacy policy also doesn't address the possibility of the police using other methods to access your device. If authorities are already in possession of your device, there's nothing to stop them from entering random passwords in an attempt to guess yours. If you're honestly worried about someone cracking your phone, make sure you use a strong customized password or use Touch ID, and be sure to Settings > Touch ID & Passcode > Erase Data to enabled -- that will erase data on your device after 10 failed passcode attempts.


Jonathan Zdziarski, a professional forensic scientist and iOS application penetration testing consultant has put together a comprehensive article naming the ways law enforcement can work around your security if they have your device. If you're looking for an extra layer of security for any reason, it's well worth a read.


Apple's new privacy guidelines are a step in the right direction of putting the concerns of its users first. Just remember, even if Apple can't give the authorities your information, there are always ways around it. Make sure you have your bases covered if you're worried.




No comments:

Post a Comment