Apple promises privacy - but not on iCloud

Breaking down Apple's fight with the FBI
Breaking down Apple's fight with the FBI

In its fight with the FBI, Apple argues that the privacy and security of customers' devices is paramount. But the company still profits by storing much of that data in a way that's accessible to both itself and law enforcement.

Apple's stance on privacy and security applies only if you don't back up your data to iCloud.

Apple says it can't provide information that's stored on iPhones because it doesn't have access to people's passcodes. Opening the door to those phones for law enforcement could make your personal information vulnerable, Apple argues.

But if you back up to iCloud, Apple does keep the key to those "backed up" emails, photos, personal notes, contacts and calendar events.

"iCloud is not private from the government or Apple. iCloud is just someone else's computer," said Jonathan Zdziarski, a computer security expert who specializes in Apple products.

Apple CEO Tim Cook's recent open letter to customers says: "We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business."

However, Apple aggressively pushes customers to backup iPhone content to iCloud, where that data is exactly within Apple's reach.

The iCloud service is offered by default on newly activated devices. Store employees automatically connect new customers' devices to iCloud. And even if you decline to save photos outside your phone, there are frequent pop-up pleas to change your mind.

Apple's iCloud service is a major selling point for the company. It's a convenience that allows customers to track lost or stolen iPads and iPhones, restore damaged devices, and keep lots of music and photos that don't fit on the device.

apple icloud setup
If you want the information on your iPhone to be totally private -- from everyone -- don't use iCloud.

Apple declined to provide the total number of current iCloud users. But back in early 2013, Apple said it had more than 300 million iCloud users. A 2014 analysis by intelligence firm Asymco estimated that Apple was making $4 billion per year from 500 million iCloud accounts.

In the first half of 2015, police agencies around the globe asked to explore 4,472 Apple customer accounts, according to the company. Apple disclosed data to police on 1,886 them, of which 1,407 were provided to law enforcement in the United States.

In these instances, Apple gave investigators contents of customer iCloud, iTunes and Game Center accounts.

Apple didn't always turn over the information. It objected 401 times in all. The statistics show that it was more willing to work alongside investigators in the United States, where it discloses information 81% of the time. By comparison, it only acquiesced 30% of the time in Asia and 53% in Europe, the Middle East, India and Africa.

These statistics come from "transparency reports" that technology firms like Apple (AAPL), Facebook (FB) and Google (GOOGL) publish to inform the public about the extent of government surveillance in the modern era.

iCloud is a matter of convenience

This is a case of convenience versus security, several computer scientists told CNNMoney. And in this case, Apple is choosing what's incredibly convenient for the customer. You can forget your password anytime, because Apple keeps the key to unlock your data.

"Most people prefer to have a backup in case the password gets lost," said Susan Landau, a mathematician and privacy expert.

In addition, ditch iCloud, and you'll miss out on all the things that make Apple products so appealing, namely, that they work together and communicate seamlessly. iCloud data sharing is what lets you start texting on your iPhone and continue the conversation on your laptop. You can listen to your music collection on your iPad at home or your iPhone on the go.

In reality, Apple doesn't need access to provide that convenience.

"Privacy is privacy. Apple shouldn't have access to either [the device or iCloud] if this is about privacy," said Lance James, chief scientist at cybersecurity firm Flashpoint.

There could be another option, but Apple doesn't offer it.

In the same way Apple doesn't hold the key to your device, Apple could choose to not hold the key to iCloud.

But that would mean that if you forget your password, the data is locked forever.

"Nobody would be able to recover it, ever. Not you, not the FBI, not your heirs when you die," said Ross Anderson, a security engineering professor at the University of Cambridge.

Apple won't say if it's working on tweaking iCloud so that customers keep the only key to unlock it. But a company representative said that improvement would indeed fit Apple's business model so far.

That Apple employee noted that iMessage (texting) and FaceTime (video chatting) programs are entirely encrypted end-to-end, which means that even Apple can't spy on those conversations.

An FBI agent told CNNMoney that Apple's iCloud access seems like a double standard that destroys its current privacy argument.

But there is a key difference.

"At least you have the choice," said American Civil Liberties Union attorney Esha Bhandari. "You can choose not to backup to the cloud."

CNNMoney Sponsors