Apple Actively Working to 'Double Down' on iCloud Encryption

[MacRumors]

Apple is working to further harden iCloud security so that even it won't be able to access user information stored on its data servers, The Wall Street Journal has reported.

According to yesterday's report, which cites "people familiar with the matter", Apple executives are actively considering how to bolster iCloud encryption without inconveniencing users.

Currently, encrypted data kept on the cloud service is accessible by Apple using a key, which is used for restoring account information if, for example, a user forgets their password. Apple's access also allows the company to provide relevant information it has to law enforcement agencies that approach it with proper, legal requests.

However, Apple appears to be concerned that keeping a copy of the key means it could be compromised by hackers or that the company could be legally compelled to turn it over to governments.

The news contrasts with a report earlier this month suggesting that Apple viewed privacy and security issues differently between physical devices that can be lost and its iCloud service.

However, according to The Wall Street Journal, an Apple spokesperson pointed to comments made by senior VP of software engineering Craig Federighi in reference to the company's fresh concerns. "Security is an endless race—one that you can lead but never decisively win," he wrote in a March 6 opinion piece in The Washington Post. "Yesterday's best defenses cannot fend off the attacks of today or tomorrow."

iCloud backups contain user iMessages and texts, content purchase history, photos and videos, device settings, app data, voicemail password, and health data. Any steps Apple takes to close off access to these backups are likely to further antagonize law enforcement authorities, especially given the company's current fight with the FBI over the latter's demand for help to unlock the iPhone at the center of the San Bernadino shooter investigation.

A court hearing to address the iPhone backdoor issue is scheduled for next Tuesday, March 22, the day after Apple's media event, where it is expected to introduce a new 4-inch "iPhone SE" and a new 9.7-inch iPad, as well as make additional announcements.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Article Link: Apple Actively Working to 'Double Down' on iCloud Encryption

 

[0815]

Doubling down ... As in doubling down on product leaks???

 

[farewelwilliams]

just like they doubled down on secrecy.

 

[macintoshmac]

Making it harder and harder for my private info to be tapped into. Gotta love Apple for this stand.

 

[Apple Knowledge Navigator]

Doubling down? Give me laser focus any day.

 

[Sirious]

Data will go straight in to the shredder?



[2014]

 

[2457282]

I want to make it as hard as possible for anyone to invade my privacy. No one should be able to enter my house and look through my old photo albums and take them. However, robbers do this. The government also does this with a proper search warrant. No one should be able to enter my digital house and look at my pictures and take them. Hackers can do this. The government should be able to do this with proper search warrants. The question is how to enable the government without enabling hackers. I am for lots of security and support apple in its drive to improve security and encryption. But we should have a conversation on how best to allow legal search and seizure request by law enforcement. Right now it's either/or, but there must be a way to get to both/and. The current back door suggestion by the FBI is not the right answer, but one does exist if we work collaboratively.

 

[profets]

You can bet that not only are they going to try removing their ability to access iCloud data, but also secure new iPhones even farther so that it wouldn't even be possible to build a version of iOS that weakens security.

 

[Turnpike]

Sometimes we may complain and get impatient with them, and say what you want, but for the most part, Apple is the best company out there- showing (by far) the most interest in it's users/customers, both in terms of quality products and privacy of information. And while it costs more to live in their ecosystem (or whatever people call it) and they have a lot of extra rules, the system WORKS, and stories like this make me really appreciate that they exist and that they are an option.

 

[soupcan]

Nice. Although I am curious about how they're going to give me the key to my stuff in the event of a restore if even Apple doesn't have it.

 

[kahkityoong]

Good on them. And way to go, flipping the bird to the FBI at the same time.

 

[jgelin]

I'm glad for this. I have almost chose to move from iCloud backup to local just to keep my encryption. I would much prefer it to be secured this way and not need to worry as much.

 

[Michael Scrip]

No one should be able to enter my digital house and look at my pictures and take them. Hackers can do this. The government should be able to do this with proper search warrants.

The question is how to enable the government without enabling hackers.

And therein lies the rub.

How would Apple protect 500 million iPhone users' privacy... while simultaneously providing law enforcement access to a far smaller number of bad guys' iPhones?

Imagine what sort of information you could find on people's phones these days: their home address, pictures of their children, their children's school, schedules, emails, access to door locks, garage door openers, health data, etc. Do you really want that stuff to be easily accessible to any common criminal?

I certainly don't. It should be as secure as it can possibly be.

But by keeping that information secure... it also prevents law enforcement from getting into criminals' phones too.

I can't imagine any way to selectively make some phones secure while making other phones easy to open.

It's sort of an "all or nothing" deal.

 

[haruhiko]

Thanks Tim!

 

[bbeagle]

Nice. Although I am curious about how they're going to give me the key to my stuff in the event of a restore if even Apple doesn't have it.

If you lose the key, you won't be able to get your stuff. Period. Even Apple won't be able to help you get it. This is the goal.

 

[keysofanxiety]

The government should be able to do this with proper search warrants. The question is how to enable the government without enabling hackers.

You can't. Encryption is a surprisingly absolute thing. You either have it, or you don't. Brilliant encryption, that can only be broken by a key that a government has, isn't brilliant encryption. The government has to accept that there are some things they can't control.

 

[vpndev]

And I bet that iPhone 7 will wipe storage when starting DFU mode. Maybe iOS 10 will be able to retrofit that to earlier iPhones, but maybe not.

 

[bushido]

i disabled it on my iDevices as it takes way too long to restore from iCloud anyway. Ill just keep making a local backup before doing anything to my device

 

[doelcm82]

Doubling down ... As in doubling down on product leaks???

"Double Down" doesn't actually appear in the story above. I don't know whether it appears in the WSJ story, since it's behind a paywall. So it's kind of ironic that the MR headline writer chose that term (which means to make a single side bet on a hand that you think you have a good chance of winning). But it doesn't describe what Apple is actually doing.

 

[MentalFloss]

I want to make it as hard as possible for anyone to invade my privacy. No one should be able to enter my house and look through my old photo albums and take them. However, robbers do this. The government also does this with a proper search warrant. No one should be able to enter my digital house and look at my pictures and take them. Hackers can do this. The government should be able to do this with proper search warrants.

Out of curiosity: If it were possible to download data from a person's brain into a computer to view their thoughts there, would you also be in favor of the police doing that with a proper search warrant?

Because one day, that will be possible, so please consider your answer carefully.

It is a slippery slope to compare a search warrant for physical items with a search warrant for intangible items. There is no search warrant for my brain and no law that would allow police to coerce me into revealing any thoughts or ideas I have if I am accused of a crime. In fact, most countries have laws that protect you from exactly that - for good reasons. I am of the strong opinion that any virtual items stored in my accounts or my devices should be treated like my thoughts, ideas and memories stored in my brain, not like physical items lying around my house.

If I have my own cloud server at home, police can't torture me to get the encryption password from me. My data could be - given the right encryption mechanisms - close to 100% safe. I have no idea why a service provided by a company like Apple should be any less safe than that.

 

[Rossatron]

good.
meanwhile, Bill Gates is busy giving embarrassing interviews to the media. MS should add "now, with exclusive government backdoor features!" to their ad campaigns.

 

[Phil A.]

And therein lies the rub.

How would Apple protect 500 million iPhone users' privacy... while simultaneously providing law enforcement access to a far smaller number of bad guys' iPhones?

Imagine what sort of information you could find on people's phones these days: their home address, pictures of their children, their children's school, schedules, emails, access to door locks, garage door openers, health data, etc. Do you really want that stuff to be easily accessible to any common criminal?

I certainly don't. It should be as secure as it can possibly be.

But by keeping that information secure... it also prevents law enforcement from getting into criminals' phones too.

I can't imagine any way to selectively make some phones secure while making other phones easy to open.

It's sort of an "all or nothing" deal.

Currently in the UK (I say currently because our stupid government is trying to force backdoors into everything), you are compelled to unlock a smartphone and / or provide decryption keys if the police have a search warrant, or else go to jail for 2 years. While I don't particularly like that, it's far preferable to the alternative of the government being able to get into your stuff at any time without you being aware (and the risk of hackers doing the same through the same backdoors).

 

[ScottishCaptain]

I'm sure they're "doubling down" on iCloud encryption.

And I'm sure it'll be a major selling feature of some new product, or just another way to force people to upgrade to the latest greatest (*cough*) version of iOS.

Remember folks, everything Apple does is to make money. If they could give the FBI what they wanted without tanking the whole company, they would.

-SC

 

[Gutwrench]

Doubling down, skeuomorphism, price point, form factor - can we do away with these clever expressions?

 

[keysofanxiety]

I'm sure they're "doubling down" on iCloud encryption.

And I'm sure it'll be a major selling feature of some new product, or just another way to force people to upgrade to the latest greatest (*cough*) version of iOS.

Remember folks, everything Apple does is to make money. If they could give the FBI what they wanted without tanking the whole company, they would.

-SC

Boy, and I thought I was pessimistic. Why are you here?