Apple implements transit encryption for iCloud email to prevent snooping

Posted:
in iCloud edited July 2014
Apple appears to have completed an initiative designed to increase the security of its iCloud email service by adding end-to-end encryption for messages sent from me.com and icloud.com, according to new data from Google's Gmail.




A report from Gmail's security transparency project suggests that at least 95 percent of the messages sent to Gmail from users of iCloud mail is now encrypted, just one month after Apple initially promised that such a change would be forthcoming. The data is current as of July 10, and it is unclear how it may have shifted in the interim.

Apple is using industry-standard Transport Layer Security, or TLS, infrastructure for the encryption. With TLS, both sending and receiving servers as well as the email messages themselves can be verified for authenticity, nearly eliminating the possibility of email being unknowingly intercepted by a third party.

Unfortunately, due to the nature of the public-key cryptography that underpins TLS, both parties must support the feature in order for messages to remain unreadable. Messages sent from iCloud to private mailservers without TLS support, for instance, will still be delivered unencrypted.

The move is the latest in a series of technical alterations and public statements from Apple designed to restore public confidence in the wake of allegations from NSA whistleblower Edward Snowden that the company had cooperated with the U.S. government. Most recently, Apple beat back accusations from Chinese state media that iOS's location tracking functionality could be mined by foreign governments to reveal sensitive information or "even state secrets."

"Apple is deeply committed to protecting the privacy of all our customers," the company said in response. "Privacy is built into our products and services from the earliest stages of design. We work tirelessly to deliver the most secure hardware and software in the world."

Comments

  • Reply 1 of 20
    If one believes that the NSA is eavesdropping on all these large tech companies, is it a stretch to believe that they've compromised PKI?
  • Reply 2 of 20

    Kudos to Apple. However, I wish that Apple Mail was more responsive, quicker to update folder contents, and had a larger client base. I find myself using my mac.com/me.com email address less and less.

  • Reply 3 of 20
    solipsismxsolipsismx Posts: 19,566member
    Edward Snowden needs to be thanked for risking everything to bring about positive change.
  • Reply 4 of 20
    Snowden gave every terrorist a heads up. The only people who should be thanking Snowden are terrorists and anti-American countries. Snowden is a narcissist and now a Putin prostitute.
  • Reply 5 of 20
    vl-tonevl-tone Posts: 337member
    ...

    Unfortunately, due to the nature of the public-key cryptography that underpins TLS, both parties must support the feature in order for messages to remain unreadable. Messages sent from iCloud to private mailservers without TLS support, for instance, will still be delivered unencrypted.

    ...

    Not sure how specific this problem is to "public-key cryptography". By definition, anything encrypted using any kind of method will need both party support for it to work.
  • Reply 6 of 20
    2old4fun2old4fun Posts: 239member
    Quote:

    Originally Posted by anantksundaram View Post

     

    Kudos to Apple. However, I wish that Apple Mail was more responsive, quicker to update folder contents, and had a larger client base. I find myself using my mac.com/me.com email address less and less.


    How/why do the number of clients using a particular service affect your choice?  Question is for my edification only.  Thanks.

  • Reply 7 of 20
    Network externalities.
  • Reply 8 of 20
    when iDevice to iDevice end user to end user (mail to me is encrypted in my public key and their private key which I can use their public key to decrypt) encryption is turned on (or MUA to MUA encryption in the general case), then I think we have achieved something. Apple has the pieces in place... they should just give us a 'trust this AppleID' which gives a key exchange for offline creation/reading. Bada Bing Bada boom.... No more feds reading our mails (unless they get our private keys off our phones... which would be pretty illegal, except in FISA court here in the US... but everything is legal in FISA court... sigh).

    As it stands, MTA to MTA encryption only protects you from (extralegal or otherwise) wire tapping. MUA to MUA protects you from subpoena of your mail server.

    End to End Encryption wouldn't look so suspicious if everyone used it.
  • Reply 9 of 20
    bubffmbubffm Posts: 24member
    >>>Edward Snowden needs to be thanked for risking everything to bring about positive change.

    Yes he deserves a Nobel Price for it and not this other jerk. What was he called again? ah - Obama...
  • Reply 10 of 20
    john.bjohn.b Posts: 2,742member

    "Kudos", my ass.  More like: "It's about damned time!"

     

    Quote:

    Originally Posted by anantksundaram View Post

     

    Kudos to Apple. However, I wish that Apple Mail was more responsive, quicker to update folder contents, and had a larger client base. I find myself using my mac.com/me.com email address less and less.


  • Reply 11 of 20
    mpantonempantone Posts: 2,217member
    Quote:
    Originally Posted by TheOtherGeoff View Post



    when iDevice to iDevice end user to end user (mail to me is encrypted in my public key and their private key which I can use their public key to decrypt) encryption is turned on (or MUA to MUA encryption in the general case), then I think we have achieved something. Apple has the pieces in place... they should just give us a 'trust this AppleID' which gives a key exchange for offline creation/reading. Bada Bing Bada boom.... No more feds reading our mails (unless they get our private keys off our phones... which would be pretty illegal, except in FISA court here in the US... but everything is legal in FISA court... sigh).



    As it stands, MTA to MTA encryption only protects you from (extralegal or otherwise) wire tapping. MUA to MUA protects you from subpoena of your mail server.



    End to End Encryption wouldn't look so suspicious if everyone used it.

    One can already send S/MIME encrypted e-mail from iDevices. S/MIME support was introduced with iOS 5, so it's been around for a while.

     

    Settings > Mail, Contacts, Calendars > Account (pick one) > IMAP (account) > Advanced > S/MIME (toggle on/off)

     

    For additional information, please consult the Apple support document on the topic:

     

    http://support.apple.com/kb/HT4979?viewlocale=en_US&locale=en_US

     

    Admittedly, there is no easy way to enable/disable S/MIME on a per-message basis on an iDevice.

  • Reply 12 of 20
    arlorarlor Posts: 533member
    Quote:

    Originally Posted by bubffm View Post



    >>>Edward Snowden needs to be thanked for risking everything to bring about positive change.



    Yes he deserves a Nobel Price for it and not this other jerk. What was he called again? ah - Obama...

     

    Anybody who invokes any politician's name in their first five posts should probably just have their account closed.

  • Reply 13 of 20
    theothergeofftheothergeoff Posts: 2,081member
    Quote:
    Originally Posted by mpantone View Post

     

    One can already send S/MIME encrypted e-mail from iDevices. S/MIME support was introduced with iOS 5, so it's been around for a while.

    [...]  

     

    Admittedly, there is no easy way to enable/disable S/MIME on a per-message basis on an iDevice.


    Less per message. More per user.   User sends me email... there is a 'magic 'detection they have an AppleID... (their public encryption key is downloaded to my contacts)...   Next time I send them a message, it's encrypted. period.  (yes there are still edge cases, and the old exchange mail webmail.bin file issue will pop its head , but it can work).

     

    around, and insanely great, and implicit in all communications to iUsers is the key.

     

    iMessage to iMessage users... encrypted.  just works.

     

    if that were a feature of iMail (mac, icloud[and the repository for some not on an iDevice to read the message in a webbrowser with a one time key], idevice), Apple could make hay...

  • Reply 14 of 20
    SpamSandwichSpamSandwich Posts: 33,407member
    Quote:

    Originally Posted by Arlor View Post

     

     

    Anybody who invokes any politician's name in their first five posts should probably just have their account closed.


     

    How about in their first 350 posts?

  • Reply 15 of 20
    bubffmbubffm Posts: 24member
    Quote:

    Originally Posted by Arlor View Post

     

     

    Anybody who invokes any politician's name in their first five posts should probably just have their account closed.


     

    Sure, censorship is always a great solution

  • Reply 16 of 20
    chiachia Posts: 714member

    Originally Posted by bubffm View Post

    Sure, censorship is always a great solution

     

    No, but focus is a great solution, as the success of Steve Jobs and Apple will testify.

    It's as much about what you leave out as what you include.

     

    Edward Snowden is relevant to this thread as his actions revealed how the government agencies compromised the security of email services.

    Obama isn't relevant as it's likely the government agency activity would have persisted (continues to persist?) whoever was incumbent in government or indeed, governments.

     

    Another reason why Obama's name isn't relevant is the fact, as I've alluded to above, that email snooping is not unique to just government agencies of the USA, but to other government agencies around the world.

  • Reply 17 of 20
    impalerimpaler Posts: 3member

    Per-message S/MIME is coming with iOS 8.


  • Reply 18 of 20
    vaporlandvaporland Posts: 358member
    arlor wrote: »
    bubffm wrote: »
    >>>Edward Snowden needs to be thanked for risking everything to bring about positive change.


    Yes he deserves a Nobel Price for it and not this other jerk. What was he called again? ah - Obama...

    Anybody who invokes any politician's name in their first five posts should probably just have their account closed.

    Anybody who criticizes political commentary on any forum anywhere should, oh, never mind...

    Someday someone will figure out a way to harness all the energy consumed by blog / forum posts for something useful, like mining bitcoins...

    (clickbait advertising does not count as "useful"...)
  • Reply 19 of 20
    philboogiephilboogie Posts: 7,675member
    impaler wrote: »
    <span style="line-height:1.4em;">Per-message S/MIME is coming with iOS 8.</span>

    That's what I read as well. But why would I want to do that? What is 'wrong' with an all or nothing setting? Would you happen to know and explain me the benefits? TIA
  • Reply 20 of 20
    impalerimpaler Posts: 3member

    Lack of an all or nothing setting really hurts some in the enterprise.  Those in federal government, for instance, don't need to encrypt every email.  Employees here should be signing most/all of them though.  The choice to do so would greatly cut down on people not even signing emails because that would require encryption.  Every business and industry has different requirements; giving the ability to do so will fix the problem that some have.  It's coming, and many are happy.

Sign In or Register to comment.