Tuesday, October 4, 2016

Privacy - Apple Messages and Metadata

     A few days ago, the Intercept published an article about Apple storing and potentially sharing metadata associated with Apple's Messages application on its iOS and MacOS devices with law enforcement agencies. [link] Among the metadata being stored is the date and time of a communication, the number being communicated with, and your IP address.  Much digital ink has been spilled over this relevation.

     The better question is why are people surprised?

     First, Apple needs that metadata for its Messages application to function.

     Second, Apple as a provider of "electronic communication service[s]", much like AT&T or any other wire or electronic communication service provider, would be subject to a pen register or trap and trace device order. See 18 U.S.C. § 3123. These orders allow law enforcement to collect transactional information related to communications (i.e., metadata), but not the communications themselves. Thus, in order to comply with such orders, Apple would have to have a metadata log.

      Perhaps people are surprised because they never understood Apple's various businesses and, thus did not realized that Apple was a provider of electronic communication services.  Or, perhaps they read too much into Apple's statements that it values its customer's privacy, it doesn't read or scan your messages, and that its Messages application was encrypted end-to-end [link 1, link 2].  Or, perhaps they are starting to realize that metadata can be just as enlightening as actual communications.

     What does this mean for other electronic communication services with US operations?  It means that they too are collecting metadata.

- Henry Park

No comments:

Post a Comment