The comments follow two terrorist attacks in London last Saturday, which killed six civilians and injured 48, and a suicide bombing which killed 22 people and injured 116 at an Ariana Grande concert in Manchester on May 22nd. While Apple’s compliance with the UK government isn’t surprising, it does help to clarify its stance on user privacy and surveillance. While the iPhone is encrypted, and iMessage supports end-to-end encryption, it’s likely that Apple still has access to some communications metadata. “Encryption doesn’t mean there’s no information, because it’s likely that metadata exists,” he told Bloomberg. “And metadata, if you’re putting together a profile, is very important.”
Under UK surveillance law, metadata is known as “communications data.” It’s an umbrella term for the circumstances around your conversations — where, when and how you placed a call, or sent an iMessage — but importantly, not the “content” or topic of your discussions. For years, the UK government has been able to send notices that force technology companies to store metadata. A number of public authorities can then request this data should it be necessary and proportionate for the needs of an ongoing investigation. Cook is likely referring to this policy, which was renewed as part of the controversial Investigatory Powers Act last year, in his Bloomberg interview.
Apple took a hard stance last year when the US government requested access to the iPhone 5C used by San Bernadino shooter Syed Rizwan Farook. The device was encrypted and the FBI wanted access in order to proceed with its investigation. The court case was eventually dropped, however the FBI did find a way to circumvent Apple’s protection (it cost them $900,000, however.) Still, it showed a determination by Apple to protect the personal data of its customers. Tim Cook has repeatedly criticised the idea of “backdoors” that would weaken encryption practices and allow officials to access users’ messages and other device data. Communications data is another matter, however.
“The reality is that the cyber attacks on people and governments and … I mean, it’s happening left and right everywhere,” Cook told Bloomberg. “These affect your safety, your security. So it’s not just privacy. It’s not privacy versus security, it’s privacy and security versus security.”