Deleted Apple ID, subpoena, data

> It seems Apple does retain information from permanently deleted accounts

The devil, as is so often the case, in the details.

Before I go too far, let me clarify that I don't have specific inside information here, but have a reasonable understanding of the industry and Apple's position.

What's missing here is the specific data in question.

In this quoted statement, yes - Apple do retain some data related to your account, but this mostly falls to accounting - they know what they've charged your credit card, for example. They need to keep that for financial accounting data, refunds, etc.

Also, if they have been issued a subpoena or warrant for your data, they are obligated to keep that data available for law enforcement - this 'preservation of records' is the same that any company is required to do. Conceptually this would include your iCloud Drive data, photos, messages data, Safari history, etc., and anything else synced to iCloud.

That does not mean that Apple deliberately keep your data around. They also don't keep it if you delete your account and there is no outstanding warrant - If Apple are not aware of a law enforcement request for your data, they're not going to keep it around.

Counter to that, your data may not immediately be deleted. For the volume of data that Apple store, it's impractical to delete individual files instantly. Instead, data is marked as deleted, and some process eventually comes along and deletes the files from disk. Typically this could be 30 days or more after you ask to delete data. It's logically deleted (marked as deleted and will not be served up to client requests, but the files may still exist for some time.

Now, for this data there are two further considerations - one is that, technically, Apple admins could access the files (under court order), but data is encrypted at rest and when you delete your iCloud account, the encryption key should be deleted immediately. Since this is outside of your iCloud Drive it doesn't have the same delete lag, and without the encryption key, the files on disk are essentially useless. So even if Apple were issued a subpoena, and some admin was able to extract the files from the disk, without the key there is no practical way to extract data from the files.

So what does this all mean? Ultimately, Apple, like most cloud providers, run an 'eventual consistency' model where there is a lag between files are logically deleted vs. actually deleted from disk. The logical controls account for the vast majority of use cases, but at the end of the day, by the time you know you have law enforcement coming after your data, it's probably already too late for you cover your tracks. You have to be 30+ days ahead of the law.

Greetings dmaximus1981,

When you delete an Apple ID account, the data associated with that Apple ID is no longer accessible by Apple, or anyone else. You can learn more here:

How to delete your Apple ID account - Apple Support

Deleting your Apple ID is permanent. After your account is deleted, Apple can't reopen or reactivate your account or restore your data. If you aren’t planning to use your account for now but may consider returning to it in the future, we recommend temporarily deactivating your account (where available) instead of deleting it.

Take care.

No - assuming the access code was sent to your device (iPhone, iPad, Mac, etc.), that's just part of two-factor authentication used to validate the request - think of it as Apple just checking to make sure it's you who's asking to delete the account/data.

The encryption key would typically be a much larger, alphanumeric (or hexadecimal) key - e.g. e38aj4d02jdie-powi0392-dmihtpesmx-92wpp2ismfmmk - in other words, something that's not memorable (to humans, at least), and far more unique than a 6-digit number (which, after all, has only 1,000,000 possible combinations, guaranteeing multiple users would have the same key).

As far as this key is concerned, it's generated at random when you create your AppleID account. It's stored on your devices and not directly accessible to Apple, meaning that Apple shouldn't be able to decrypt the data without the key (or access to your devices).

Just bear in mind that no encryption method (except, possibly, quantum encryption) is 100% guaranteed, secure. While Apple's model is well regarded, it is thought that several nation-state organizations (think KGB (or whatever they're called now), Mossad, CIA, etc.) have the resources to break encryption, but you have to be a reasonably high target on their list for them to bother.

That's because it's how this was designed. If you want to delete your info, you can. If you want to deactivate your account for some time, you can. But deleting it is permanent. This is mentioned in the article above:

"Can I use the primary email address for my deleted Apple ID account to create a new Apple ID or with another existing Apple ID account?

No, once your Apple ID is deleted, you can't use the email address that you used with it to create a new Apple ID. In addition, you can't use that email address with another existing Apple ID except as a rescue email. Also, if your primary Apple ID email address is with a Custom Email Domain, it can never be reused to create an Apple ID after your Apple ID is deleted, even if the domain ownership changes.

What happens if I change my mind after I have requested that my account be deleted?

While your request is being processed, you can contact Apple Support with the unique alphanumeric access code you received, and we’ll help you cancel your request. After your account is deleted, Apple can't cancel the request, reopen your account, or restore your data."

You can also review the info here: Understand and control the personal information that you store with Apple - Apple Support

Thanks.

dmaximus1981 wrote:

If an Apple ID is permanently deleted (to include cloud, etc.), can the now deleted data (and texts) still be retrieved by subpoena in civil/legal matters?

Technical issues aside, you really need to discuss this with your lawyer, as courts can take a very dim view of acts that might be construed as willful destruction of evidence, and this thread can quite possibly be submitted as evidence.

Hey there dmaximus1981,

I think that statement answers your question. Apple does make a best effort to delete all personal data from your account but it looks like there are some requirements for certain information to be kept, strictly for financial purposes and legal reasons. 

Take care.