"The new policy was not formally announced but appeared sometime over the past few days on Apple's publicly available law enforcement guidelines. It follows the revelation from Oregon Senator Ron Wyden that officials were requesting such data from Apple as well as from Google, the unit of Alphabet (GOOGL.O) that makes the operating system for Android phones."
This sums up Apple's view on privacy. So essentially they were fine handing over the data without warrant until this was exposed. Now that it has gone public they are "revising" the process to make it inline with their competitor Google.
They can care about privacy all they want but if they are legally required to hand something over what are they realistically going to do?
Really their only solution is to make everything end to end encrypted so it is impossible to comply (which they have been slowly making more and more components E2E), but that takes time to do.
I honestly din't know how notifications could realistically be E2E since the source is not an Apple device so they can control it, but maybe it would be possible?
The point here is that by tightening up their guidelines, Apple has tacitly admitted that they previously handed over notification data at times when they were NOT legally required to do so. Otherwise, they wouldn't have tightened up their guidelines.
If you're Apple scale and you have an army of lawyers and a big part of your marketing is that you're the privacy-conscious choice, you shouldn't fuck this up. You should have your lawyers challenge the subpoenas or do whatever has to be done and it's bad for your brand if you don't. It's unfortunate for everyone including Apple that it took Ron Wyden being a gadfly to get them to do what they should have been doing all along (and while it may not have always been about notifications specifically, he's been at this for years).
In an ideal world that is a great ideal, but that is not the world we live in.
My understanding is that before this was made public Apple was under a gag order and could not talk about this. In a situation like that how would Apple be able to bring lawyers into the case to fight it?
> they were NOT legally required to do so.
My understanding is that they very much were forced to do this.
Again I am going to ask, if Apple and Google were under Gag orders realistically what were their options?
To me it sounded like they didn't have any and the only reason we are able to get these protections now is because it's public knowledge.
> My understanding is that before this was made public Apple was under a gag order and could not talk about this. In a situation like that how would Apple be able to bring lawyers into the case to fight it?
Apple has in-house lawyers. Who do you think is advising them on this gag order? They don't need to bring anyone else in to fight it. They already have the resources.
ok, so they can talk to those lawyers. Maybe those lawyers concluded that Apple had no choice and could not fight this.
You're saying they could fight this, I am saying they can't.
Frankly neither of us have evidence either way since until a few days ago this was under a gag order.
But considering they complied, I am more inclined to believe they had to and had no choice.
Both Apple and Google complied with this order for some reason, knowing that when it comes out it will be criticized.
To me the only logical conclusion is that they had no choice but comply and if they consulted with their lawyers they likely came to the same conclusion.
So what has changed that they can require a judges order now and couldn't before? Why was Google apparently able to require a judges order before but Apple couldn't?
Except Google requires an order from a judge, and Apple did not. No one is arguing that the courts can't force Apple or Google to turn over data, but apparently Apple guidelines did not actually require a judge to issue the order.
Even making everything E2E-encrypted doesn't stop any government saying "give us access or your executives go to jail and your products are banned from sale".
End to End encryption means that illegal or covert surveillance is impossible without more work from the company, which makes it easier to say "we can't give you access" when spooks show up.
Obviously they can still send you to jail, but for this grey area "technically maybe kind of legal" surveillance execs at tech companies aren't going to jail for not complying if it's actually illegal.
From most valued company in mankind's history, in US, in 2023?
Keep dreaming, those people are not handled like mere humans, nor are those companies handled like some small family business. Nobody actually responsible went in jail for 2008 financial crisis and it would have been trivial to start pointing fingers at various culprits (but you would need many). Also banning Apple products in US would be a literal political suicide unless they would anger most of US population with something really really bad.
From time to time somebody who wants free publicity for some political goals will venture on some small crusade but otherwise that's simply not how US handles its business currently.
> From most valued company in mankind's history, in US, in 2023?
Yes, because we live in the real world not a corporate cyberpunk dystopia where multinationals are stronger than nation states.
There are many differences between the financial crisis and my hypothetical, but before I list them I will point out that banks were fined (and some ceased trading) and that people did go to jail: https://ig.ft.com/jailed-bankers/
One of the bigger problems leading to the financial crisis is that people heard about the Black-Scholes equation, and the magic words "won the Nobel prize in economics" turned their brains off.
Another big difference is that the governments understand the importance of money, while they very obviously don't understand the importance of encryption.
Another is that the current zeitgeist is that Big Tech is too big and needs to be brought to heel — unlike the bankers, who by the GFC were all asking for (and getting) let off the leash they'd been given since one of the many previous financial crises.
But rather than getting down in the weeds with these comparisons, I would end by noting that when you write:
> Also banning Apple products in US would be a literal political suicide unless they would anger most of US population with something really really bad.
You're assuming I meant the US government. Nope, there's about 200 sovereign nations in this world. Apple's products have suffered or been threatened with sales bans due to non-compliance with the laws in:
Now that the publicly available guidelines were exposed, they changed and Apple didn’t even send a notification to every journalist in the known universe. Time to gather the tin foil hats!
> So essentially they were fine handing over the data without warrant until this was exposed.
They were required by law to both hand over the data and not say anything about it.
Furthermore, disabuse yourself of the notion this instant that you are safe from being spied on by state actors. You are never anonymous on the Internet.
> As with all of the other information these companies store for or about their users, because Apple and Google deliver push notification data, they can be secretly compelled by governments to hand over this information.
"Secretly compelled" sounds illegal on the government side. In democracy if government wants to force you to do something they should go through official, due process, i.e. court warrant.
I mean, what do you want? Should they dig their heels in and stick with the old policy out of some kind of refusal to admit mistakes?
Companies get things wrong. Apple got this wrong. But, as they say, the best time to fix a mistake is before you make it, and the second best time is now.
This sums up Apple's view on privacy. So essentially they were fine handing over the data without warrant until this was exposed. Now that it has gone public they are "revising" the process to make it inline with their competitor Google.