Apple cancelled encrypted iCloud plans after the FBI complained

Posted:
in General Discussion edited June 2020
Apple has reportedly abandoned plans to allow users to end-to-end encrypt iCloud, after getting negative feedback from the FBI.

Apple abandons backup encryption plans after FBI steps in


Apple has long championed itself as a defender of users' data, and a plan to offer end-to-end data encryption would have effectively made a users data completely inaccessible even with a subpoena. That plan has been abandoned, according to sources familiar with the situation.

According to Reuters, Apple had been planning to allow users to fully encrypt backups of their devices in iCloud. The move would have made device data significantly more secure, in an effort to keep users' private information out of the hands of hackers. Even Apple would not be able to unlock the encrypted data.

The report comes following U.S. Attorney General William Barr had demanded Apple help unlock two iPhones thought to be owned by Mohammed Saeed Alshamrani. Alshamrani is suspected to be the shooter at an attack on the Naval Air Station in Pensacola, Florida in December 2019.

The FBI has permission to search the devices, but has sought Apple's assistance in unlocking the smartphones, including one that was reportedly shot by its owner, in a bid to find more evidence. Apple declined to provide more help to unlock the devices beyond what it has already given the investigation, as it would effectively undermine the security of all of its hardware and software for every user.

While Apple would not help unlock Alshamrani's physical phone, they did provide access to data from Alshamrani's iCloud account. Any device backups found in iCloud could have provided contact information, pictures, and texts from iMessage and other messaging apps to the authorities.

However, these plans would later be dropped after the FBI had raised concerns that encryption would make investigations harder. If Apple were to offer end-to-end encryption on iCloud backups, it would note be able to turn over any useful information to authorities in the event of an investigation.

Six sources familiar with the matter said that Apple had buckled to the FBI's demands. A former Apple employee simply stated that "legal killed it, for reasons you can imagine." AppleInsider could not confirm Reuters report.

As it stands, the FBI can search a user's iCloud account without a user's knowledge or consent given a proper court order. In the first half of 2019, U.S. authorities had obtained full device backups of more than 6,000 accounts. Apple turns over data for 90% of the requests it receives. In the second half of 2018, Apple handed over the data for 14,000 accounts by court order.
«134

Comments

  • Reply 1 of 69
    I understand compromise, but come on. This just makes iCloud a less desirable platform.
    kkqd1337bloggerblogdysamoriaagilealtitudeuraharaGilliam_BatesSpamSandwichelijahgcaladanianols
  • Reply 2 of 69
    *sigh*

    How about us non-US people; what’s our level of (legal) protection as things stand rn?
    cornchipGilliam_BatesFLMusicelijahgFlytraplostkiwicaladanianolswatto_cobra
  • Reply 3 of 69
    All this does is drive customers to companies that do offer encrypted cloud storage, just as was the case with ITAR regulations concerning SSL support in browsers during the Clinton Administration. It undermines American businesses by preventing them from offering a service that is competitive with their foreign competitors.
    FLMusiclostkiwicaladaniandarkvaderwatto_cobra
  • Reply 4 of 69
    I understand compromise, but come on. This just makes iCloud a less desirable platform.
    How does it make iCloud a less desirable platform?  It's not like Apple is removing encryption from iCloud.  It's never been encrypted and it performs as it always has.  No one is losing any functionality.  You are no less protected than you were before this article was written.  Remember, we're talking about iCloud backups.

    Rant: More people need to understand the tech they use.  Half the hand wringing wouldn't exist if we did.  Not picking on you.  Just using your quote as a jump off point.
    /end rant
    edited January 2020 llama
  • Reply 5 of 69
    So, they want access to our data! 
    bloggerblogcornchipurahara
  • Reply 6 of 69
    YP101YP101 Posts: 130member
    The non-US people will follow their own country rules & law. Like China, forget it.

    The company can not protect you when law ask them to turn over. Apple was unique case that they said they can't unlock themselves.
    I wonder iCloud protect by password and 2 factor code that can't break in by NSA nor FBI.

    Since bad people live among us, soon most of people will fed up and ask big brother rules.
    Most of big companies can't control and can't protect user's information(look at the recent breaches.) there is no ground, that companies keep saying we will protect the user information from harmful people. Because it simply take too much money and their own employee keep taking short cut.

    I heard Microsoft start using bio authentication for their employee so they don't have to remember password and recent passwords. Just using face and finger prints.

    When if this bio metric password hacked then we will get chip on hand.
    And when it happens law will change like when you broke the law, your rights will be revoked.
    FileMakerFellerwatto_cobra
  • Reply 7 of 69
    gordygordy Posts: 1,004member
    One more reason Apple should revisit local network storage.  I'm not a fan of photos, etc., being in the cloud anyway, and I wish the ecosystem allowed users more flexibility in their offline/backup storage options.
    rob53dysamoriauraharacincymacelijahgpscooter63lostkiwidarkvaderleftoverbacon
  • Reply 8 of 69
    I have long hoped Apple might offer customers an easy distributed cloud option within the server app, perhaps akin to owncloud.org long on my to do list, and improve the ease of S/MIME certificate email encryption in mail, for the rest of us...

    This may be of interest to some on the shift in expectations and privacy rights: www.youtube.com/watch?v=efs3QRr8LWw
    edited January 2020 longpathFileMakerFellerappleinsideruserdarkvader
  • Reply 9 of 69
    sdw2001sdw2001 Posts: 17,538member
    So, they want access to our data! 
    In some situations, yes.  Like with a warrant or subpoena.  
    dysamoriawatto_cobra
  • Reply 10 of 69
    Rayz2016Rayz2016 Posts: 6,771member
    If true, then bad show, Apple.
    cornchipGilliam_Batescaladaniandarkvader
  • Reply 10 of 69
    Aw great, I hope “reportedly” means a rumor that isn’t actually true. Thanks, FBI, for hindering our privacy.
    edited January 2020 cornchipdarkvaderwatto_cobra
  • Reply 12 of 69
    SoliSoli Posts: 10,028member
    I understand compromise, but come on. This just makes iCloud a less desirable platform.
    How does it make iCloud a less desirable platform?  It's not like Apple is removing encryption from iCloud.  It's never been encrypted and it performs as it always has.  No one is losing any functionality.  You are no less protected than you were before this article was written.  Remember, we're talking about iCloud backups.

    Rant: More people need to understand the tech they use.  Half the hand wringing wouldn't exist if we did.  Not picking on you.  Just using your quote as a jump off point.
    /end rant
    Apple advertises how they're all about privacy and security to *gasp* attract customers that care about privacy and security, and then it comes out that Apple's very own iCloud service doesn't allow for the privacy any and security they expected. You really don't see that as a sticking point for those Cloud users?
    bloggerblogcornchipmuthuk_vanalingamagilealtitudeGilliam_Bateselijahglostkiwidarkvader
  • Reply 13 of 69
    In other words, don't back up your device(s) to iCloud. Problem solved. I never have and never will. I back up my phone directly to the computer, via encrypted backups. And my internal disk and both Time Machine disks are encrypted as well. My data is mine and mine alone.
    dysamoriaFileMakerFellercaladaniandarkvaderwatto_cobra
  • Reply 14 of 69
    coolfactorcoolfactor Posts: 1,803member
    I think there's a distinction to be made here. We're talking "end-to-end" encryption – where only the user holds the keys, not Apple.

    I firmly believe that all data in iCloud *is* encrypted today, right now, but in such a way where Apple holds the keys. That way, if the data centers ever got physically compromised, the stored data is encrypted, similar to FileVault on Macs.

    cornchipFileMakerFellerStrangeDayswatto_cobra
  • Reply 15 of 69
    sdw2001sdw2001 Posts: 17,538member
    I think this is probably a reasonable decision by Apple.  They need to be able to comply with subpoenas and warrants, which DOJ should have to get to unlock devices like they're requesting.  The issue I have is that I don't think there is a court order in the Pensacola case.  There needs to be one.  
    watto_cobra
  • Reply 16 of 69
    It is essentially a back door to our data
    bloggerblogagilealtitudeGilliam_Batescaladaniandarkvader
  • Reply 17 of 69
    Mike WuertheleMike Wuerthele Posts: 6,153administrator
    sdw2001 said:
    I think this is probably a reasonable decision by Apple.  They need to be able to comply with subpoenas and warrants, which DOJ should have to get to unlock devices like they're requesting.  The issue I have is that I don't think there is a court order in the Pensacola case.  There needs to be one.  
    There are several court orders in that case.
    muthuk_vanalingamFLMusic
  • Reply 18 of 69
    razorpitrazorpit Posts: 1,796member
    andyring said:
    In other words, don't back up your device(s) to iCloud. Problem solved. I never have and never will. I back up my phone directly to the computer, via encrypted backups. And my internal disk and both Time Machine disks are encrypted as well. My data is mine and mine alone.
    Do you sync data between devices using iCloud functionality?
    dysamorialongpathwatto_cobra
  • Reply 19 of 69
    This brings up another issue.  Users (businesses) really need alternatives to iCloud.  They’re out there but I don’t think they’ve ever been mentioned on AI.  I’ve used Acronis on servers and PCs and there products have worked well.  They do have a mobile app...
    Gilliam_Batesleftoverbacon
  • Reply 20 of 69
    mjtomlinmjtomlin Posts: 2,428member
    Apple already encrypts your data just as every other online storage service does. 

    They just happen to have the key to decrypt it. 

    If you’re that paranoid, you can encrypt your own data before you put on iCloud. Apple cannot decrypt that and hand it over. 
    edited January 2020 caladanianwatto_cobra
Sign In or Register to comment.