Now this isn’t a Snowden level leak by any means, nor does it imply or suggest that Apple has access to the content of any privately sent messages, but in today’s age where user privacy is a hot-button issue, it can never hurt to be cognizant of what information might be shared with the police.
According to leaked documents from The Intercept, any time an iOS user begins a text communication, Apple will take note of the target number and see if it corresponds to an iOS device capable of receiving a blue-bubbled iPhone message. While this isn't new information in and of itself, what was not previously known is that every number Apple checks against their iMessage database is kept in a log for 30 days.
"This log also includes the date and time when you entered a number, along with your IP address — which could, contrary to a 2013 Apple claim that 'we do not store data related to customers' location,' identify a customer’s location. Apple is compelled to turn over such information via court orders for systems known as 'pen registers' or 'tap and trace devices,' orders that are not particularly onerous to obtain, requiring only that government lawyers represent they are 'likely' to obtain information whose 'use is relevant to an ongoing criminal investigation.'"To be clear, the logs in question are not stored perpetually on Apple's servers. On the contrary, they are removed and cleared every 30-days, barring of course, a court order that would compel Apple to extend a particular log's existence.
The underlying purpose of these logs, from a law enforcement perspective, is that it provides them with a clearer picture of who a given individual may have been in contact with. In a broader sense, it helps law enforcement authorities establish a communication network for whomever they happen to be investigating.
Commenting on the matter, Apple issued the following statement:
"When law enforcement presents us with a valid subpoena or court order, we provide the requested information if it is in our possession. Because iMessage is encrypted end-to-end, we do not have access to the contents of those communications. In some cases, we are able to provide data from server logs that are generated from customers accessing certain apps on their devices. We work closely with law enforcement to help them understand what we can provide and make clear these query logs don’t contain the contents of conversations or prove that any communication actually took place."As far as privacy issues are concerned, this is hardly something to be worry about or be righteously indignant about. Still, it can never hurt to know exactly what a company knows about its user base and how information may or may not be shared with authorities.