In Silicon Valley â if not Washington â Apple is being hailed for digging in its heels on a court order requiring it to aid the Federal Bureau of Investigation in gaining access to an an iPhone used by one of the attackers in the December mass shooting in San Bernardino, Calif.
Timothy D. Cook, Appleâs chief executive, emphasized on Tuesday in a letter to customers that helping the F.B.I. essentially hack into one of the companyâs own phones would be a dangerous precedent. Whatâs more, Apple said it would have to create new software to do this.
But while company executives have embraced the notion that Apple is no longer able to intervene for law enforcement when investigators want access to an iPhone, it has repeatedly cooperated with court orders for access to online services like its iCloud.
That may sound like hypocrisy, but to people familiar with how Appleâs products and services work, it is simply a matter of technology.
ICloud is an Internet service Apple customers can use to back up information that is stored on their devices. It is helpful if your phone, tablet or computer is lost or badly damaged. And it, like other online services, is a gold mine for law enforcement â as the government spying revelations by the former National Security Agency contractor Edward J. Snowden showed.
Every few months for the last few years, tech giants like Facebook, Google, Microsoft and Twitter have published transparency reports, which are lists of instances in which a company turned over data on users at the behest of a court order in the United States or other countries.
In its most recent report, covering the first six months of 2015, Apple received nearly 11,000 requests from government agencies around the world regarding information on roughly 60,000 devices. Apple provided some data in roughly 7,100 of those requests, the report said.
The company has stated repeatedly that it would hand over data to comply with a court order when it is technically able to do so. And as that report indicates, it has. Often.
But the operative phrase to understand the difference between Appleâs cooperation and its resistance is âtechnically able.â
In the fall of 2014, with an update to its iOS software, Apple switched off its ability to retrieve data from its phones and tablets. By doing this, Apple tried to take itself out of the equation when law enforcement is looking for access to a phone. In essence, the company could no longer fulfill a request if it was technically unable to do so.
ICloud is a different story. Apple encrypts that data on its servers and holds on to the key, which it uses to gain access to the data when it is required to do so by a court order.
There are practical reasons for managing security in the cloud differently from on an iPhone. ICloud exists, in part, to save backups in the event that, say, you drop your phone in a swimming pool. Apple needs to have that key to get your data back for you.
It is not so easy for a company to take away its ability to gain access to your information when that companyâs ability to retrieve your information is the reason you are using its service.
âTheyâre a consumer-focused company, not a defense contractor,â said Steven M. Bellovin, a professor of computer science at Columbia University. âIf someone loses their phone or forgets their password, they still want to be able to get their data back.â
That could soon change. Just as Apple has updated encryption practices for devices â like FileVault, which protects a Macâs start-up disk, for example â the company plans to strengthen encryption on other products, said two senior Apple executives, who spoke on the condition of anonymity because the plans are not public.
That could include iCloud, if Apple can figure out a consumer-friendly way to keep the data under lock and key â a key Apple wouldnât be able to use â without making it inconvenient for people who need to retrieve backups.
That is no simple feat. Apple would have to find a way to let users retrieve their own data safely even without the companyâs help, while keeping out hackers and other sorts of data thieves.
There is reason to be cautious about mucking with iCloudâs security. In 2014, for example, a number of private photos were stolen from the iCloud accounts of celebrities like the actress Jennifer Lawrence. Apple said the episode was not a result of any widespread attack on the companyâs software products. But it was a cautionary note for consumers of the service.
None of this iCloud discussion would apply to iMessage, Appleâs proprietary text messaging service. It uses technology called end-to-end encryption, which means messages sent using iMessage cannot be intercepted and decrypted. Only the sender and receiver, and not Apple, have the keys to read such messages. Apple retains encrypted iMessages on its servers until they are read by the user or expire after several days.
For now, the best bet to protect your personal information from snoops may be to keep it off iCloud â and the many, many apps that may pass or store unencrypted information through data centers. It is safer on your device.
Just try not to drop your phone in a swimming pool.