(no title)

The short answer is that it doesn't. The iCloud website only shows devices that are actively uploading their location to Apple, such as iPhones and iPads. AirTags are not shown there, as they use the FindMy network instead (the whole other-devices-find-your-airtags mechanism). This library focuses on the latter.

Apple devices can query your AirTag's location because they sync its shared secrets through the iCloud keychain, which is used to generate temporary keys that can be use to download and decrypt the tag's location.

It’s explained pretty well in link provided in comment your replying to.

The tl;dr is: The information is publicly available in an encrypted form that is only readable by the party with the key.

Think of it like this, when you mark an item as lost you publish a hashed public identification key, if another device detects that key it creates a location report encrypted with your public key and posts it to a public list of encrypted reports, you decrypt the report with your private key.

> The fact that they let law enforcement know when someone is stalking someone with an AirTag shows that the data is available to them.

Not technically correct. Apple devices (and Android phones with the appropriate app) detect if an unknown AirTag is moving with them and makes it home, possibly signalling a stalking attempt.

The heuristics for this happen locally; Apple isn't "aware" of this happening. That said, when you first set-up an AirTag, the serial is tied to your account. Therefore, when you physically find an unknown AirTag and report it to law enforcement, they can then subpoena (or get a warrant?) Apple for information on the AirTag owner's identity.

The serial itself, and any personal identifiers, are not used in the locating process, however.

This is well documented in the paper above, in articles, as well as in reverse engineering efforts.

> they let law enforcement know when someone is stalking someone

Source? That's not a thing