EFF Calls on Apple to Let Users Encrypt iCloud Backups as Part of 'Fix It Already' Initiative

[MacRumors]

The Electronic Frontier Foundation (EFF), perhaps the most well-known digital rights non-profit, today launched a new "Fix It Already" campaign with the aim of getting technology companies to implement new privacy features in areas where privacy is lacking.

According to the EFF, the issues that it is demanding a fix for are "well-known privacy and security issues" that have "attainable fixes." From Apple, the EFF wants the company to implement user-encrypted iCloud backups that are inaccessible to the company and thus to law enforcement.

iCloud content uploaded to Apple is encrypted at the location of the server and, with the proper legal requests, Apple can provide iCloud information that includes name, address, email, mail logs with date/time stamps, photos, Safari browsing history, iMessages, and more, with full details outlined by Apple on its privacy site. [PDF]

The EFF says that Apple should "let users protect themselves" and elect for "truly encrypted iCloud backups."

Apple has not encrypted iCloud backups because doing so would prevent Apple from being able to restore iCloud backups for users who have forgotten their passwords. As the EFF points out, though, Apple CEO Tim Cook has said in the past that Apple may move towards encrypted iCloud backups in the future. From an interview Cook did with German site Der Spiegel:

There our users have a key and we have one. We do this because some users lose or forget their key and then expect help from us to get their data back. It is difficult to estimate when we will change this practice. But I think that will be regulated in the future as with the devices. So we will not have a key for it in the future.

The EFF has demands for other technology companies in addition to Apple. Android, it says, should let users deny and revoke apps' internet permissions, while Twitter should end-to-end encrypt direct messages and Facebook should stop using phone numbers provided for account creation for targeted advertising.

WhatsApp should obtain user consent before adding users to groups, Slack should give free workspace administrators control over data retention, and Verizon should stop pre-installing spyware on some smartphones.

Article Link: EFF Calls on Apple to Let Users Encrypt iCloud Backups as Part of 'Fix It Already' Initiative

 

[cmChimera]

I definitely agree with them.

 

[Apple_Robert]

Glad to see the EFF publicly pushing for this. Apple needs to take heed.

I want safety. I promise not to complain if I go senile and forget by password.

 

[cmaier]

This would be great. Would have to be optional due to difficulties that would inevitably arise when people lose their devices and forget their passwords.

 

[Heineken]

Yes please.

 

[Khedron]

I definitely agree with them.

I understand Apple's point of view for restoring backups, especially since they have removed the user's ability to recover files from failing hard drives with the T2 chip. If they encrypt iCloud too then a SSD failure and a forgotten password means you lose everything.

In the meantime, can't you just store anything you want encrypted in an encrypted folder?

 

[ersan191]

Just make it optional - people who know what they are doing can enable it and the regular people who are more likely to forget their passwords can leave it off.

 

[adamdport]

How does this work from a tech perspective? The data would be just one giant blob and not searchable or indexable in any way, right? If I wanted to restore anything, I'd have to restore everything?

 

[cmaier]

I understand Apple's point of view for restoring backups, especially since they have removed the user's ability to recover files from failing hard drives with the T2 chip. If they encrypt iCloud too then a SSD failure and a forgotten password means you lose everything.

In the meantime, can't you just store anything you want encrypted in an encrypted folder?

Not all iCloud data is files. Some of it is stored in places other than the file system.
[doublepost=1551377690][/doublepost]

How does this work from a tech perspective? The data would be just one giant blob and not searchable or indexable in any way, right? If I wanted to restore anything, I'd have to restore everything?

No. Only the index needs to be transmitted, decrypted, then used to extract an index into the blob.

 

[CalvinBroadus]

This should go without question.

 

[k27]

Don't use the (i)Cloud (Backup).

 

[zorinlynx]

Why can't it be treated the same way as FileVault?

If you forget your FileVault password, you lose your data, period. Just make it ABSOLUTELY CLEAR to the user that they must not forget their password or they will lose their iCloud backup data. They could even make it a choice; I believe FileVault asks if you want to let Apple keep a copy of the recovery key.

I know Apple is really big on keeping users from shooting themselves in the foot, but for those of us who understand the risks, we should be allowed to secure our data further.

 

[Ldubrov]

We should be very careful what we ask for. While I value privacy, there are legitimate reasons for someone else to have the key to our files. For example, should something happen to your spouse or parent (stroke, severe accident, etc), all their info would permanently be locked out, including all their photos. We live in an age where the photos of all our loved ones reside on our iPhones and iCloud. There must be a way to salvage them.

 

[Saipher]

While I do agree with them, if this gets implemented, this might become the final straw that broke the camel's back as far as the government push for an end to end-to-end encryption, specially in China, Russia and as of late, Australia.

EDIT: typo

 

[cmaier]

We should be very careful what we ask for. While I value privacy, there are legitimate reasons for someone else to have the key to our files. For example, should something happen to your spouse or parent (stroke, severe accident, etc), all their info would permanently be locked out, including all their photos. We live in an age where the photos of all our loved ones reside on our iPhones and iCloud. There must be a way to salvage them.

If i wanted my heirs to have access to my stuff after I die I would be sure to arrange for that. I don’t need apple to do my estate planning.

 

[oneMadRssn]

I understand Apple's point of view for restoring backups, especially since they have removed the user's ability to recover files from failing hard drives with the T2 chip. If they encrypt iCloud too then a SSD failure and a forgotten password means you lose everything.

In the meantime, can't you just store anything you want encrypted in an encrypted folder?

I don't think iCloud does full Mac backups though, so I think you're conflating two issues.

Either way, forgetting your password would mean you lose the data - that's why it should be optional.

 

[Heineken]

Here we go with the bad memory nonsense.

 

[CarlJ]

Glad to see the EFF publicly pushing for this. Apple needs to take heed.

I want safety. I promise not to complain if I go senile and forget by password.

You won't complain, but several thousand people every year will forget/misplace their password some time before losing their phones and then sue Apple for "refusing" to give them their data back. It will be "interesting" times.

Regardless, this needs to happen.

 

[oneMadRssn]

We should be very careful what we ask for. While I value privacy, there are legitimate reasons for someone else to have the key to our files. For example, should something happen to your spouse or parent (stroke, severe accident, etc), all their info would permanently be locked out, including all their photos. We live in an age where the photos of all our loved ones reside on our iPhones and iCloud. There must be a way to salvage them.

I like LastPass's system. You can designate other accounts that can access all your passwords if (1) they ask for access, and (2) you do not deny them access within a certain number of days. For example, I have my wife, my brother, and my best friend set up this way. If one of them requests access, and I don't deny the request within 15 days, they get access to my passwords database. Presumably, if I'm dead or totally incapacitated, they can get access to everything within 15 days. But I doubt I will ever be away from my email for 15 days in a row such that this could be abused.

 

[keysofanxiety]

Here we go with the bad memory nonsense.

It’s not nonsense at all. Last time I listened to Heineken, I ended up in a ditch with my underwear inexplicably missing, yet the rest of me fully clothed.

Oh, wait. Article. It should be an opt-in option IMO, but it’s definitely an option Apple need to implement.

 

[Crowbot]

I understand Apple's point of view for restoring backups, especially since they have removed the user's ability to recover files from failing hard drives with the T2 chip. If they encrypt iCloud too then a SSD failure and a forgotten password means you lose everything.

In the meantime, can't you just store anything you want encrypted in an encrypted folder?

There's just not one perfect solution. Every method has a failure point. I saw a site that sells waterproof/fireproof hard drives. That sounds like a neat idea.

The immediate solution for Apple would be to allow encrypted backups as an option with LOTS and LOTS of warnings.

 

[oneMadRssn]

You won't complain, but several thousand will forget/misplace their password some time before losing their phones and then sue Apple for "refusing" to give them their data back. It will be "interesting" times.

Regardless, this needs to happen.

I wouldn't be too afraid of lawsuits. They should be easily dismissed if Apple make it clear in their terms of service. Indeed they already do - there is a pretty strict warning anytime you enable FileVault because it's the same problem.

 

[cmChimera]

I understand Apple's point of view for restoring backups, especially since they have removed the user's ability to recover files from failing hard drives with the T2 chip. If they encrypt iCloud too then a SSD failure and a forgotten password means you lose everything.

In the meantime, can't you just store anything you want encrypted in an encrypted folder?

Make it optional. Problem solved.

Edit: I know iCloud doesn't do Mac Backups currently, but I have to imagine that, eventually, it will. So my point stands for iOS and macOS.

 

[cmaier]

I like LastPass's system. You can designate other accounts that can access all your passwords if (1) they ask for access, and (2) you do not deny them access within a certain number of days. For example, I have my wife, my brother, and my best friend set up this way. If one of them requests access, and I don't deny the request within 15 days, they get access to my passwords database. Presumably, if I'm dead or totally incapacitated, they can get access to everything within 15 days. But I doubt I will ever be away from my email for 15 days in a row such that this could be abused.

That sounds horrifying. How do they tell you when the start of the 15 days is triggered? What if someone hijacks your email or spoofs your SMS?

Why not just leave your password in your will or in a lockbox or safe where family can get to it after your passing?

 

[Heineken]

It’s not nonsense at all. Last time I listened to Heineken, I ended up in a ditch with my underwear inexplicably missing, yet the rest of me fully clothed.

It’s nonsense. There techniques that allow you to have any password you want and you will never forget it. I have yet to forget a password.