This is one of the areas where people assume too much regarding iCloud.
Apple can't decrypt the information off iCloud, that much is true (if they're to be believed). However, That encrypted information is still tied to you, it's your blob of encrypted information, this can be passed to the Government. Now can the Government decrypt it? Who knows, maybe not today but as computers get more powerful it's only a matter of time.
The point is, evan though it's encryted, Apple still knows which information is yours and will happily pass it on if subpoenad; it's just that Apple can't read it so that's what they use in their marketing.
That is not true.
Apple can and has decrypted iCloud backups multiple times. Apple's own documentation states it. See the above message about why China told Apple it must move its iCloud servers to China - the reason was so that the keys are under China's control when the servers are there so anyone who has iCloud backup turned on with a home country of China can have their data accessed.
Ditto in the US under legal process since Apple has the keys.
This does not mean that they can decrypt your phone, but if you have iCloud backup on, the can access what is stored in the backup. For that matter, anyone at Apple could do so if they desired and had access to the keys.
Off-device encryption is a huge issue and will eventually become a problem. No matter how good Apple is at some point, someone at Apple will make a mistake or be compromised.
See e.g. -- there are many discussion with more details, but this has a reasonably good high level overview:
https://www.reuters.com/article/us-...hina-raising-human-rights-fears-idUSKCN1G8060
"
That’s because of a change to how the company handles the cryptographic keys needed to unlock an iCloud account. Until now, such keys have always been stored in the United States, meaning that any government or law enforcement authority seeking access to a Chinese iCloud account needed to go through the U.S. legal system.
Now, according to Apple, for the first time the company will store the keys for Chinese iCloud accounts in China itself. That means Chinese authorities will no longer have to use the U.S. courts to seek information on iCloud users and can instead use their own legal system to ask Apple to hand over iCloud data for Chinese users, legal experts said.
...
“While we advocated against iCloud being subject to these laws, we were ultimately unsuccessful,” it said. Apple said it decided it was better to offer iCloud under the new system because discontinuing it would lead to a bad user experience and actually lead to less data privacy and security for its Chinese customers.
...
And even though Chinese iPhones will retain the security features that can make it all but impossible for anyone, even Apple, to get access to the phone itself, that will not apply to the iCloud accounts. Any information in the iCloud account could be accessible to Chinese authorities who can present Apple with a legal order.
Apple said it will only respond to valid legal requests in China, but China’s domestic legal process is very different than that in the U.S., lacking anything quite like an American “warrant” reviewed by an independent court, Chinese legal experts said. Court approval isn’t required under Chinese law and police can issue and execute warrants.
“Even very early in a criminal investigation, police have broad powers to collect evidence,” said Jeremy Daum, an attorney and research fellow at Yale Law School’s Paul Tsai China Center in Beijing. “(They are) authorized by internal police procedures rather than independent court review, and the public has an obligation to cooperate.”
"
Last edited: