> Is there some kind of huge liability question if they ever facilitate giving access to the wrong person?

This is what I was thinking as I read the article. Imagine what will be written about them when they do give iCloud access to an impostor. Depending on what's on their account thieves could dedicate a ton of time to social engineering Apple into recovering the account. The article mentions police reports being "proof", but that doesn't seem like solid evidence considering how easy it could be to fake a police report from one of the tens of thousands of jurisdictions in the US. This is a problem for a lot of industries actually, i.e. banks and death certificates.