Apple implements transit encryption for iCloud email to prevent snooping
Apple appears to have completed an initiative designed to increase the security of its iCloud email service by adding end-to-end encryption for messages sent from me.com and icloud.com, according to new data from Google's Gmail.
A report from Gmail's security transparency project suggests that at least 95 percent of the messages sent to Gmail from users of iCloud mail is now encrypted, just one month after Apple initially promised that such a change would be forthcoming. The data is current as of July 10, and it is unclear how it may have shifted in the interim.
Apple is using industry-standard Transport Layer Security, or TLS, infrastructure for the encryption. With TLS, both sending and receiving servers as well as the email messages themselves can be verified for authenticity, nearly eliminating the possibility of email being unknowingly intercepted by a third party.
Unfortunately, due to the nature of the public-key cryptography that underpins TLS, both parties must support the feature in order for messages to remain unreadable. Messages sent from iCloud to private mailservers without TLS support, for instance, will still be delivered unencrypted.
The move is the latest in a series of technical alterations and public statements from Apple designed to restore public confidence in the wake of allegations from NSA whistleblower Edward Snowden that the company had cooperated with the U.S. government. Most recently, Apple beat back accusations from Chinese state media that iOS's location tracking functionality could be mined by foreign governments to reveal sensitive information or "even state secrets."
"Apple is deeply committed to protecting the privacy of all our customers," the company said in response. "Privacy is built into our products and services from the earliest stages of design. We work tirelessly to deliver the most secure hardware and software in the world."
A report from Gmail's security transparency project suggests that at least 95 percent of the messages sent to Gmail from users of iCloud mail is now encrypted, just one month after Apple initially promised that such a change would be forthcoming. The data is current as of July 10, and it is unclear how it may have shifted in the interim.
Apple is using industry-standard Transport Layer Security, or TLS, infrastructure for the encryption. With TLS, both sending and receiving servers as well as the email messages themselves can be verified for authenticity, nearly eliminating the possibility of email being unknowingly intercepted by a third party.
Unfortunately, due to the nature of the public-key cryptography that underpins TLS, both parties must support the feature in order for messages to remain unreadable. Messages sent from iCloud to private mailservers without TLS support, for instance, will still be delivered unencrypted.
The move is the latest in a series of technical alterations and public statements from Apple designed to restore public confidence in the wake of allegations from NSA whistleblower Edward Snowden that the company had cooperated with the U.S. government. Most recently, Apple beat back accusations from Chinese state media that iOS's location tracking functionality could be mined by foreign governments to reveal sensitive information or "even state secrets."
"Apple is deeply committed to protecting the privacy of all our customers," the company said in response. "Privacy is built into our products and services from the earliest stages of design. We work tirelessly to deliver the most secure hardware and software in the world."
Comments
Kudos to Apple. However, I wish that Apple Mail was more responsive, quicker to update folder contents, and had a larger client base. I find myself using my mac.com/me.com email address less and less.
Not sure how specific this problem is to "public-key cryptography". By definition, anything encrypted using any kind of method will need both party support for it to work.
Kudos to Apple. However, I wish that Apple Mail was more responsive, quicker to update folder contents, and had a larger client base. I find myself using my mac.com/me.com email address less and less.
How/why do the number of clients using a particular service affect your choice? Question is for my edification only. Thanks.
As it stands, MTA to MTA encryption only protects you from (extralegal or otherwise) wire tapping. MUA to MUA protects you from subpoena of your mail server.
End to End Encryption wouldn't look so suspicious if everyone used it.
Yes he deserves a Nobel Price for it and not this other jerk. What was he called again? ah - Obama...
"Kudos", my ass. More like: "It's about damned time!"
Kudos to Apple. However, I wish that Apple Mail was more responsive, quicker to update folder contents, and had a larger client base. I find myself using my mac.com/me.com email address less and less.
when iDevice to iDevice end user to end user (mail to me is encrypted in my public key and their private key which I can use their public key to decrypt) encryption is turned on (or MUA to MUA encryption in the general case), then I think we have achieved something. Apple has the pieces in place... they should just give us a 'trust this AppleID' which gives a key exchange for offline creation/reading. Bada Bing Bada boom.... No more feds reading our mails (unless they get our private keys off our phones... which would be pretty illegal, except in FISA court here in the US... but everything is legal in FISA court... sigh).
As it stands, MTA to MTA encryption only protects you from (extralegal or otherwise) wire tapping. MUA to MUA protects you from subpoena of your mail server.
End to End Encryption wouldn't look so suspicious if everyone used it.
One can already send S/MIME encrypted e-mail from iDevices. S/MIME support was introduced with iOS 5, so it's been around for a while.
Settings > Mail, Contacts, Calendars > Account (pick one) > IMAP (account) > Advanced > S/MIME (toggle on/off)
For additional information, please consult the Apple support document on the topic:
http://support.apple.com/kb/HT4979?viewlocale=en_US&locale=en_US
Admittedly, there is no easy way to enable/disable S/MIME on a per-message basis on an iDevice.
>>>Edward Snowden needs to be thanked for risking everything to bring about positive change.
Yes he deserves a Nobel Price for it and not this other jerk. What was he called again? ah - Obama...
Anybody who invokes any politician's name in their first five posts should probably just have their account closed.
One can already send S/MIME encrypted e-mail from iDevices. S/MIME support was introduced with iOS 5, so it's been around for a while.
[...]
Admittedly, there is no easy way to enable/disable S/MIME on a per-message basis on an iDevice.
Less per message. More per user. User sends me email... there is a 'magic 'detection they have an AppleID... (their public encryption key is downloaded to my contacts)... Next time I send them a message, it's encrypted. period. (yes there are still edge cases, and the old exchange mail webmail.bin file issue will pop its head , but it can work).
around, and insanely great, and implicit in all communications to iUsers is the key.
iMessage to iMessage users... encrypted. just works.
if that were a feature of iMail (mac, icloud[and the repository for some not on an iDevice to read the message in a webbrowser with a one time key], idevice), Apple could make hay...
Anybody who invokes any politician's name in their first five posts should probably just have their account closed.
How about in their first 350 posts?
Anybody who invokes any politician's name in their first five posts should probably just have their account closed.
Sure, censorship is always a great solution
Sure, censorship is always a great solution
No, but focus is a great solution, as the success of Steve Jobs and Apple will testify.
It's as much about what you leave out as what you include.
Edward Snowden is relevant to this thread as his actions revealed how the government agencies compromised the security of email services.
Obama isn't relevant as it's likely the government agency activity would have persisted (continues to persist?) whoever was incumbent in government or indeed, governments.
Another reason why Obama's name isn't relevant is the fact, as I've alluded to above, that email snooping is not unique to just government agencies of the USA, but to other government agencies around the world.
Per-message S/MIME is coming with iOS 8.
Anybody who criticizes political commentary on any forum anywhere should, oh, never mind...
Someday someone will figure out a way to harness all the energy consumed by blog / forum posts for something useful, like mining bitcoins...
(clickbait advertising does not count as "useful"...)
That's what I read as well. But why would I want to do that? What is 'wrong' with an all or nothing setting? Would you happen to know and explain me the benefits? TIA
Lack of an all or nothing setting really hurts some in the enterprise. Those in federal government, for instance, don't need to encrypt every email. Employees here should be signing most/all of them though. The choice to do so would greatly cut down on people not even signing emails because that would require encryption. Every business and industry has different requirements; giving the ability to do so will fix the problem that some have. It's coming, and many are happy.