Last Week on My Mac: Can you keep a secret?

Best businesses are built around incontrovertible truths, which for Apple currently means privacy and its protection. Last week Tim Cook spoke plainly about Apple’s stance, declaring “We believe that privacy is a fundamental human right.”

It’s not as if competitors such as Google can argue against that; all they can do is hope that it goes away. Given the relentless series of huge breaches of security and privacy, all Apple has to do is keep its nose clean.

I’m also sure that Tim Cook’s words are welcomed by everyone who uses macOS, iOS, Apple hardware, software and services. Apple can of course afford to make this bold stand, as – unlike most of its competitors – it doesn’t generate its revenue from our private data.

Tim Cook’s four essential principles of privacy protection are equally clear and forthright; here I’d like to focus on two. The second is that “users should always know what data is being collected from them and what it’s being collected for.” The fourth is that “everyone has a right to the security of their data. Security is at the heart of all data privacy and privacy rights.”

Coincident with this summary of what he said to a meeting of privacy regulators in Brussels last week, we have here been discussing Apple’s latest instrument in data security and privacy protection: the DataVault. I stumbled across one in Mojave’s solution to the previous vulnerability in the macOS QuickLook cache, and with invaluable information provided by anonymous comments, gained insight into its power and effect.

The logical extension of Mojave’s other new privacy protection, data in these DataVaults is locked away from all bar a select few Apple-signed processes with the appropriate entitlement. In the case of the QuickLook cache, this is surely just what’s needed. It’s a cache built by QuickLook for its own private use: why should anyone else ever want to peek inside it?

The counter argument runs that, because it’s your private data, you should have access to it too. As it’s ephemeral and not shared with anyone, it falls outside Tim Cook’s four principles, and begs a fifth, proposing that a user should also have the right of access to data which is only ever held in their own ‘control’.

That fifth principle would pose Apple a great many problems. For all its candid approach to the private data which we share with it, its operating system and devices accumulate large amounts of private data which remain undocumented, even for developers. The comment to my article about the QuickLook cache, for instance, cited another new DataVault which appears to contain transcripts of what you have said to Siri. Shouldn’t we have a right to access to that too?

The answer depends on how we define this right of privacy. For Apple or any other operating system vendor to document clearly every file which contains unshared private data would be an immense task. It’s hard to come up with any fundamental argument as to why that should happen, much as I’d like it to.

It’s also the case that giving a user access to all private data held on their Mac or iOS device would inevitably weaken its protection. If you can view the contents of your QuickLook cache, or Siri transcripts, then that opens the possibility that malware could, either by invoking the same mechanism, or by finding a vulnerability in these increasingly complex levels of protection.

If the contents of DataVaults aren’t encrypted, but it is only their access which is tightly regulated, then they are likely to remain accessible to forensic investigators and anyone capable of examining an image of the macOS startup volume. That would have the unintended consequence that the only actors able to examine the contents of your QuickLook cache or Siri transcripts are those most users would least want to be able to do so.

Apple is very good at informing us of what data it collects, and what it uses those data for. But if security is truly at the heart of all data privacy and its rights, then surely we need to know – in practical terms at least – what that security is, and what it protects. DataVaults don’t appear to be have been even mentioned in passing in Apple’s documentation for users or developers, and what Apple has so far released about TCC’s more general privacy protection remains scant and incomplete.

Tim Cook’s speech is a milestone in the recognition of the fundamental importance of privacy as a basic right. But his four principles are only starting points for further debate. If Apple intends being a champion, then it needs to keep us better informed, and to discuss more than to dictate.