But most iPhone and Mac computer owners back up their iMessages, photos, and other content to Apple’s iCloud, where the company can retrieve them for banned users or authorities. This also left the material open to hackers who cheated customers of their passwords, increasing the potential for embarrassment and even extortion.
Apple representatives said that these threats, and the increasing attempts to compromise cloud service providers, have made end-to-end encryption in the cloud the best option for those who care most about security.
The FBI wanted to unlock the iPhone of the San Bernardino shooter. Turned out to be a little-known Australian company.
The move is likely to spark protests from several governments, some of which may take legislative or judicial action or block Apple from accessing their markets. Top law enforcement officials in the US, Britain and other democracies have criticized strong encryption, and some have passed laws they can use to try to force companies to cooperate against their customers.
Late Wednesday, the FBI said it was “deeply concerned about the threat posed by end-to-end encryption and user access-only encryption.”
“This hinders our ability to protect the American people from criminal acts that range from cyberattacks and violence against children to drug trafficking, organized crime and terrorism,” the office said in an emailed statement. In this age of cybersecurity and the demand for “security by design,” the FBI and law enforcement partners need “legal access by design.”
Apple said the encryption option will be available to public software testers immediately, to all US customers by the end of the year, and to other countries starting next year. It added that it may not reach every country by the end of 2023.
Apple’s move follows similar steps by other companies and organizations that have caught up on privacy or gone further.
Facebook’s WhatsApp is the most widely used encrypted messenger, and it started offering encrypted backup a year ago. Signal, which develops the protocol used by WhatsApp and others, does not allow cloud backups to prevent improper access. Google offers encrypted backups, though it’s unclear how popular the service is.
After hacking into cloud service providers, more and more companies are insisting on controlling the decryption keys themselves. Apple will now make this option available to consumers as well.
Privacy experts were pleased with Apple’s announcement.
“This is amazing,” said Meredith Whitaker, president of Signal, an encrypted chat app. There has been enough pressure and enough narrative work that they see the aspect of history taking shape. It’s really incredible. “
Turning slow is likely to be a particularly effective tool for law enforcement. In the six-month period covered by Apple’s latest transparent report, the company said it has turned over users’ content for legal reasons 3,980 times, mostly in the US and Brazil. It said legal requests for all types of account data, including just identifying information, had doubled in two years to more than 20,000.
In China, Apple has come under fire for not doing more to protect iPhone users who are already heavily censored. During the recent wave of protests against the strict coronavirus restrictions, Apple has limited the use of AirDrop, which people have been using to share videos and other large files at close range. iCloud data is stored in China on servers controlled by a local company.
Apple had intended to offer fully encrypted iCloud storage several years ago, according to FBI agents and Apple employees at the time. The FBI objected, and Apple brushed off the idea rather than face a public battle.
Despite the hype, iPhone security is no match for NSO spyware
Instead, it chose specific categories of data that would be isolated from outside hackers, including passwords, payment data, and health. Now, everything can be stored securely except for email, calendar and contact functions that need to handle multiple providers.
Apple will require users to set up a recovery key or name someone else who can help them gain access if they are locked out. This person, the account holder, and Apple must be involved in the redemption process.
In a second victory for privacy advocates, Apple said it had dropped a plan to scan users’ photos for pedophilia images. The company paused that plan shortly after its announcement last year, as security experts argued it would intrude on a user’s device privacy and be vulnerable to abuse.
Apple also said on Wednesday that it was making iPhones compatible with physical security keys that would connect to the phone so consumers could prompt them to access their accounts from the new devices. In this way, phishing attackers who steal passwords and usernames will not be able to enter.
#Apple #iCloud #backups #fully #encrypted