Apple cancelled encrypted iCloud plans after the FBI complained
Apple has reportedly abandoned plans to allow users to end-to-end encrypt iCloud, after getting negative feedback from the FBI.
Apple has long championed itself as a defender of users' data, and a plan to offer end-to-end data encryption would have effectively made a users data completely inaccessible even with a subpoena. That plan has been abandoned, according to sources familiar with the situation.
According to Reuters, Apple had been planning to allow users to fully encrypt backups of their devices in iCloud. The move would have made device data significantly more secure, in an effort to keep users' private information out of the hands of hackers. Even Apple would not be able to unlock the encrypted data.
The report comes following U.S. Attorney General William Barr had demanded Apple help unlock two iPhones thought to be owned by Mohammed Saeed Alshamrani. Alshamrani is suspected to be the shooter at an attack on the Naval Air Station in Pensacola, Florida in December 2019.
The FBI has permission to search the devices, but has sought Apple's assistance in unlocking the smartphones, including one that was reportedly shot by its owner, in a bid to find more evidence. Apple declined to provide more help to unlock the devices beyond what it has already given the investigation, as it would effectively undermine the security of all of its hardware and software for every user.
While Apple would not help unlock Alshamrani's physical phone, they did provide access to data from Alshamrani's iCloud account. Any device backups found in iCloud could have provided contact information, pictures, and texts from iMessage and other messaging apps to the authorities.
However, these plans would later be dropped after the FBI had raised concerns that encryption would make investigations harder. If Apple were to offer end-to-end encryption on iCloud backups, it would note be able to turn over any useful information to authorities in the event of an investigation.
Six sources familiar with the matter said that Apple had buckled to the FBI's demands. A former Apple employee simply stated that "legal killed it, for reasons you can imagine." AppleInsider could not confirm Reuters report.
As it stands, the FBI can search a user's iCloud account without a user's knowledge or consent given a proper court order. In the first half of 2019, U.S. authorities had obtained full device backups of more than 6,000 accounts. Apple turns over data for 90% of the requests it receives. In the second half of 2018, Apple handed over the data for 14,000 accounts by court order.
Apple has long championed itself as a defender of users' data, and a plan to offer end-to-end data encryption would have effectively made a users data completely inaccessible even with a subpoena. That plan has been abandoned, according to sources familiar with the situation.
According to Reuters, Apple had been planning to allow users to fully encrypt backups of their devices in iCloud. The move would have made device data significantly more secure, in an effort to keep users' private information out of the hands of hackers. Even Apple would not be able to unlock the encrypted data.
The report comes following U.S. Attorney General William Barr had demanded Apple help unlock two iPhones thought to be owned by Mohammed Saeed Alshamrani. Alshamrani is suspected to be the shooter at an attack on the Naval Air Station in Pensacola, Florida in December 2019.
The FBI has permission to search the devices, but has sought Apple's assistance in unlocking the smartphones, including one that was reportedly shot by its owner, in a bid to find more evidence. Apple declined to provide more help to unlock the devices beyond what it has already given the investigation, as it would effectively undermine the security of all of its hardware and software for every user.
While Apple would not help unlock Alshamrani's physical phone, they did provide access to data from Alshamrani's iCloud account. Any device backups found in iCloud could have provided contact information, pictures, and texts from iMessage and other messaging apps to the authorities.
However, these plans would later be dropped after the FBI had raised concerns that encryption would make investigations harder. If Apple were to offer end-to-end encryption on iCloud backups, it would note be able to turn over any useful information to authorities in the event of an investigation.
Six sources familiar with the matter said that Apple had buckled to the FBI's demands. A former Apple employee simply stated that "legal killed it, for reasons you can imagine." AppleInsider could not confirm Reuters report.
As it stands, the FBI can search a user's iCloud account without a user's knowledge or consent given a proper court order. In the first half of 2019, U.S. authorities had obtained full device backups of more than 6,000 accounts. Apple turns over data for 90% of the requests it receives. In the second half of 2018, Apple handed over the data for 14,000 accounts by court order.
Comments
How about us non-US people; what’s our level of (legal) protection as things stand rn?
Rant: More people need to understand the tech they use. Half the hand wringing wouldn't exist if we did. Not picking on you. Just using your quote as a jump off point.
/end rant
This may be of interest to some on the shift in expectations and privacy rights: www.youtube.com/watch?v=efs3QRr8LWw
I firmly believe that all data in iCloud *is* encrypted today, right now, but in such a way where Apple holds the keys. That way, if the data centers ever got physically compromised, the stored data is encrypted, similar to FileVault on Macs.