I think it is safe to assume that when Apple complies with a FISA demand for user data from the US military intelligence community, they are expected to produce 100% of the data that they have for the requested user.

I made no such claim about Apple not being compelled.

I did strongly imply, however, that being aware of this gaping privacy issue that is pointed at them, gun to the head style, that it is massively irresponsible for them to collect as much user data as they do, pretending it will be safe, when in reality they function as a repository of a tremendous amount user data that is available to the government at any time without a warrant.

It is fair to say that as a result of these laws they are part of the vertically integrated surveillance state.

They know this, and the fact that they continue to collect and store as much data about their users and their users activity and travel as they do makes them complicit in the surveillance.

If Apple cared about the privacy of their users, they wouldn't have failed to fix their encryption backdoor (iCloud Backup), and they wouldn't be building a giant trove of activity history for every single Apple user that can be accessed on demand without a warrant. They also wouldn't have put special iCloud servers where the CCP can easily spy on them.

"Compelled by law" is a dodge. They didn't have to create the circumstance where they had the data in the first place.

On a side note: would you please stop cross-examining so many of my comments? It feels like you've singled me out for harassment. Your comment history doesn't indicate you do this to anyone else. In this instance you seem to be arguing against something I didn't even say. Please stop.

1. My understanding is that FISA requests data using warrants. So your statement that Apple divulges this information without a ‘warrant’ would be false if this is correct.

2. You once again repeat the outright lie that Apple is collecting a person’s travel history.

All you are actually referring to is that they receive TCP connections and so know people’s IP addresses. Just like anyone else who operates any web service.

In an earlier comment on this thread, you more honestly state that IP addresses can be used to infer coarse location data. This is correct.

As we have discussed before, it’s a lie to claim that Apple is recording people’s travel history, because you have no evidence that these recordings are in fact being made. Only that they could be.

It’s entirely possible that they never actually do perform geolocation on the log data, and that they scrub or anonymize IP addresses before storing them longer term. They state that they use such practices in general.

I can’t prove that they use these practices with this data, so it would be a lie to say I know they don’t record people’s travel history, just as it is a lie every time you say they do.

Please either provide evidence or stop repeating this lie.

As far your comment that “Compelled By law is a dodge”.

It’s not a dodge - either they are compelled by law, or they are not.

You didn’t actually answer that question, I note. Not answering a question seems more obviously like a dodge!

You gave the impression that they are not compelled by law, but I don’t think that is true.

Also, this raises the question, what is being dodged?

If Apple were giving out information about users without being compelled by law, then that would be a strong indicator that they didn’t care about privacy, but I don’t think this is true.

As to ‘building a giant trove of activity history” about users - Aside from your lie about Apple recording people’s travel history, what ‘Activity History’ are you referring to here?

It’s true that there could be a more sophisticated E2E mechanism to place most user data beyond Apple’s ability to provide it when compelled.

It’s also true that iCloud backups are not secure.

Users who have reason to be concerned about this should not opt-in to these backups.

Apple should definitely provide a way for backups to be E2E encrypted.

There is an unproven assertion that they haven’t done this due to pressure from the FBI. This may be true.

It’s also true that your complaint about holding user data applies to almost every single YC company, and almost every single web service* .

Perhaps you have some examples of companies that handle things the way I think we’d both like? I can’t think of a good one.

There are obvious usability issues and technical challenges that need to be overcome in order to apply E2E to all data at rest.

Even when they do roll it out, I expect it to be opt-in and progressive, much as FDE was rolled out slowly over many years. Users will need to make decisions to sacrifice things like the web versions of apps.

The risk of data loss if handled incorrectly is much higher than the chance of innocently being one of the 30,000 people you say are targeted by FISA.

This is not to downplay the concern. I think it’s very important that this problem be solved and I think Apple should be one of the leaders in solving it.

Again, if you have an example of someone who has already solved all of these problems, that would be helpful

Let’s not pretend this is trivial to do at scale.

The fact that they haven’t solved problems that nobody else has solved either, is really evidence of very little.

Also you say it’s safe to assume that FISA warrants require all data a provider has on a user. Is it? Do we have any evidence of that? I’m sure some requests are blanket requests, but do we know that they all are? Many could be superficial requests to eliminate or include people from one pool or another.

> My understanding is that FISA requests data using warrants.

Your understanding is wrong. The classified (and, statistically speaking, rubber stamp) FISA court issues demands under the authority claimed by FISA Amendments Act (FAA) section 702, which is designed to target foreign surveillance subjects and thus under current public understandings would not require a warrant ("because foreign"). FISA surveillance orders are not warrants and do not require probable cause and are not subjected to any unclassified oversight.

However, the FISA court has a special, secret interpretation of the FISA Amendments Act (FAA) that they believe entitles them to use it to spy on everyone without a warrant as soon as the data enters or leaves the US, even if the communication is by and between solely US persons. Edward Snowden gave this as the reason he came forward about the PRISM program (PRISM being the internal, classified NSA codename for FAA702 data collection).

The large tech companies process so many of these warrantless FISA spying orders each year that they have special interfaces for the FBI/IC to request and download the data. This is what was meant by the reporting that said "direct from the servers" [of tech companies].

They don't have root on the machines, but they have programmatic access to download data for any user without a warrant. It may or may not require an approval click on the service provider side, but, in any case, that doesn't much matter.

> It’s entirely possible that they never actually do perform geolocation on the log data, and that they scrub or anonymize IP addresses before storing them longer term. They state that they use such practices in general.

It doesn't matter whether they run geolocation on the IP logs; logging the IPs is collecting a coarse tracklog regardless of whether they store it as such or not.

Second try: Please stop calling me a liar, and I'd appreciate it if you'd stop replying to every single one of my comments on this topic to cross-examine me, which is explicitly against the site rules. I'm not going to engage with you any further; I request the same from you.

Thanks for explaining the FISA part. I deliberately didn’t claim certainty on whether these legally compelled requests counted as warrants because I didn’t know for sure.

> It doesn't matter whether they run geolocation on the IP logs; logging the IPs is collecting a tracklog regardless of whether they store it as such or not.

The weasel words here are ‘as such’.

If they substitute the IP address with an anonymous identifier after ingestion, without having first performed geolocation then they have not recorded the location data, and they do not have a record of the location data.

I realize you don’t want to be critiqued, but it’s clear that you don’t have any evidence that Apple is actually storing location data on people.

You only have an explanation as to how they could potentially be storing it.

On almost every post regarding Apple, you insert alarming sounding statements like “Apple is recording your travel history”.

You must know that you don’t actually know this for sure, and yet you persist in inserting this falsehood over and over again.

Liar is a strong term, but if you had actual evidence for the claim you are making, you’d have presented it by now.

When you make the claim as if it was a truth, when you know you really don’t know for sure, I think it’s fair to say you are lying.

Perhaps the first time it could have been that you were just mistaken or making incorrect assumptions, but at this point it seems deliberate.

It’s true that I’ve challenged you on this a couple of times. It’s simply not true that I have replied to every one of your comments on this topic.

As I pointed out earlier, elsewhere on this thread you pointed out that IP addresses can leak coarse location data. I didn’t respond to that.

As for ‘cross-examining’ you, I agree that is against the site guidelines, however I don’t see myself as doing that to you in general. The site needs to have some way of distinguishing between cross-examination and challenging outright lies.

It would seem weird to tolerate polemics which veer into misinformation as comments, and yet not allow this to be challenged.

I’m curious why it’s so important to insert this particular idea about Apple into the conversation?

It seems especially weird when we’re taking about cellphones, whose location is of course logged by cell companies and is definitely accessible to both law enforcement and other government agencies.