Apple Reportedly Dropped Plans for End-to-End Encrypted iCloud Backups After FBI Objected

[manu chao]

I don't believe that's entirely true. As per Apple's support doc:

But if you don't do iCloud backups, what data that is being synced via iCloud is end-to-end encrypted and what is not?
[automerge]1579618443[/automerge]

Just remember that if you use iCloud for anything, none of your data on iCloud is protected by anything. Might as well upload it to a public file server. Remember that.
Makes you wonder why we're constantly pestered to back up to iCloud..

It's pretty clear that that is not the case, if you don't use iCloud for backups, there are quite a number of things that are end-to-end encrypted (eg, iMessages).

 

[timber]

From a different perspective some people in the US government wonder why nobody among their oldest allies cares what they say about Huawei (no, nobody is saying China is even comparable to the USA).

 

[kingtj]

Yeah, pretty much.

The stupid thing is, anyone using Time Machine to do Mac backups locally has the ability to encrypt those. So we're not talking about some brand new concept here that no "mere mortal" would ever be able to do with their personal data!

Dear Apple Customer,
We, here at Apple, have decided to NOT encrypt iCloud backups. Due to the fact we can't trust you to use your iPhone in a lawful manner we have no choice but to allow ANY law enforcement agency to have access to YOUR backups whenever they say pretty please.
Have a nice day!
Tim

 

[zubikov]

I can’t see Apple doing this, they have strong principles with privacy. I won’t believe it unless Apple sends a message to the public which will be a sad day for Apple if this is true

They have stronger principles with return on shareholders' equity.

 

[FrankieTDouglas]

And it’s true that most people shouldn’t have to worry if their info gets handed over to law enforcement. Most people don’t have anything to hide, But I’m not worried about the FBI finding anything out about me.

I don't think anyone of sound mind would just be casually fine with all of their info being handed over to the FBI. What an absurd statement of complacency.

 

[nt5672]

I can’t see Apple doing this, they have strong principles with privacy. I won’t believe it unless Apple sends a message to the public which will be a sad day for Apple if this is true

That strong commitment to values is just Apple's marketing message, not reality. Apple does not give a ^%&^, unless it is publicly shamed like in this story. If this story holds up we might finally get end to end encryption.

I'll never use iCould for 2 reasons; 1) it is a terrible implementation, and 2) it is not secure.

 

[blackcrayon]

Apple needs to subtly allow customers to encrypt their iCloud backups, maybe view them in iCloud drive and process the files as they see fit. For a restore, you'd simply have to unencrypt the files the same way before the device could restore them. Complicated for a "regular" user, but they wouldn't be forced to use it...

 

[x34]

iCloud is not secure, because it is not encrypted. therefore it's not an option for backups.

 

[JimmyBanks6]

I emailed Tim to ask if this is true, you should too.

If they receive enough emails on the subject they will need to respond.

 

[nt5672]

We know Apple's claim that it does not do iCould backup encryption because of "ease of use" is total BS because they could make the default no encryption and only the people that wanted the risk would turn it on.

Also what is the difference between Apple not doing encryption and Apple doing it causing a law against encryption? Simply marketing BS.

 

[jonblatho]

Of course, that's true. Like Google can access everything you put on their server, or Dropbox, or Microsoft. If it's not end-to-end the service provider will be able to access it.
iCloud Keychain is end-to-end encrypted, and Apple can't access it. iMessage is another one.

Apple (and law enforcement) can indirectly access messages stored in Messages in iCloud if both that feature and iCloud Backup are enabled. The iMessage encryption keys are stored in device backups.

 

[centauratlas]

Eh, just let em in. If there were ever a time not to worry about corruption in the federal government it’s now.


/s/

Not just now, always. Whether Obama, Trump, Clinton (either), Bush or anyone else is in charge of the Federal Government doesn't matter, there are tens of thousands of people who could potentially abuse it.

Not to mention that if Apple servers at AWS, Azure, Apple or wherever are hacked today, someone, somewhere (e.g. NSA, CIA, FSB, employees at AWS, Azure, Apple etc)) could be making copies of all the backups now. Eventually Apple's encryption keys will leak or be compromised by someone wanting a big payoff and when that happens everyone's backups from that point on backwards are vulnerable.

Do I care if someone sees the pictures of my kids or what stocks I have in the Stocks app? Not really, but privacy is a right, not just in the abstract, but in reality.

 

[calstanford]

So much freedom in the US. A real beacon and a good example for the whole planet!

 

[gavroche]

Why would Apple supply iCloud backups to the government for “regular citizens”? Anyway it’s not like Apple stopped doing something or reversed an implementation. iCloud backups aren’t end to end encrypted now.

What is a "regular citizen."
We can safely stop making he assertion that unless you commit serious crimes it's no big deal. We already see the government abuse information they should not access. How often now do we see people access IRS info (against political opponents), bank info, etc. For me personally, I don't see it a stretch to have people gaining access to all your info for political reasons. People are already suggesting that merely voting for someone can make you unworthy of protection... in much the same way that committing a crime makes you unworthy of protection.

 

[Quu]

Sad if true. I don't use iCloud for my backups due to them not being encrypted with a key only accessible to me (the key is stored on Apples servers currently making the data accessible to them and whoever they choose to let see my data stored there).

 

[trainwrecka]

"... after FBI objected"

"... unclear if federal agency was a factor"

So, what is the story here?

 

[centauratlas]

So, criminals will just not use iCloud backup and be safe. Regular citizens will use it and be subject to government or system administrator overreach …

What happened to backdoors make it unsafe for everyone? Why wouldn't that apply to backups?

And not just that, hacking. Eventually Apple's private keys will be compromised, it is just a matter of time and then everything that was stored in iCloud using those keys will be compromised.

It is a disaster just waiting to happen, it is just a question of when, not if.
[automerge]1579621954[/automerge]

I emailed Tim to ask if this is true, you should too.

If they receive enough emails on the subject they will need to respond.

Good idea, everyone should do that.

 

[luvbug]

Backup iOS devices to my Mac. Backup Mac automatically to dedicated, encrypted ssd. Done. Using network bandwidth to backup devices never made sense to me. Photos, notes, mail and such *are* end-to-end encrypted (mail to Apple servers and Apple email addresses), anyway, unless something's changed.

 

[thadoggfather]

Muh Tim sanctioned Apple privacy is the gold standard though... how... how can it be?!?

 

[AZMecha]

Now Everyone sees how important it was to keep iTunes and backup using it locally...

 

[laz232]

As far as I understand:
- government needs a warrant so they can gather your data
- iCloud backups are not encrypted because users can forget the password needed for it, losing access to any data in said backup
- if Apple would have encrypted these backups, maybe encryption would have been ruled illegal by the gov.

I'm ok with this overall.

Although we have seen that certain warrants (e.g. under FISA) are effectively blank cheques (both the left and right media have reported this), so I would not put too much into any warrant protection:

https://theintercept.com/2019/12/12...-not-only-for-the-fbi-but-also-the-u-s-media/

(note the Intercept has a fairly left bias):
In sum, the IG Report documents multiple instances in which the FBI – in order to convince a FISA court to allow it spy on former Trump campaign operative Carter Page during the 2016 election – manipulated documents, concealed crucial exonerating evidence, and touted what it knew were unreliable if not outright false claims.

Apple try everything to push users onto iCloud. I have avoided it because I don't have a large data limit on my connection.
Apple tout privacy at every opportunity, but this clearly shows that it is not private.
Moreoever, countries with weak human rights records (Turkey) love these kind of weaknesses to imprison journalists.

Regardless of your political leanings, the past decade and STASI DDR and Stalinist Russia before, have shown that governments of any political part of the spectrum should not be trusted - and once bad precedents are set into law they can be exploited by unscrupulous leaders.

"if Apple would have encrypted these backups, maybe encryption would have been ruled illegal by the gov."

They tried that with Phil Zimmerman and pretty much ruined his life for a while:
https://en.wikipedia.org/wiki/Phil_Zimmermann#Arms_Export_Control_Act_investigation
Encryption remains legal. First amendment et al.

 

[MistrSynistr]

I need you people to understand something.

The NSA gets copies of everything you send in electronic form, ALL OF IT.

They HAVE IT.

 

[IG88]

I don't think anyone of sound mind would just be casually fine with all of their info being handed over to the FBI. What an absurd statement of complacency.

Especially considering how rampant the FBI's abuse has been, combing through the communications of US citizens without a warrant. In 2017 the FBI ran 3.1 million searches of "US persons."
They would go trolling through the data for anything juicy, then if they found something they liked, they'd get a warrant to run the same search.

 

[Rogifan]

iCloud is not secure, because it is not encrypted. therefore it's not an option for backups.

Really? Tell that to the millions of people who use iCloud backups every day.
[automerge]1579622437[/automerge]

I need you people to understand something.

The NSA gets copies of everything you send in electronic form, ALL OF IT.

They HAVE IT.

What’s your source for this?

 

[coolfactor]

Dear Apple Customer,
We, here at Apple, have decided to NOT encrypt iCloud backups. Due to the fact we can't trust you to use your iPhone in a lawful manner we have no choice but to allow ANY law enforcement agency to have access to YOUR backups whenever they say pretty please.
Have a nice day!
Tim

Read: "End-to-End Encryption", where ONLY the user holds the keys, not Apple.

End-to-End encryption actually involves multiple keys, where parties (or user devices) at each end hold the keys needed to decrypt the data. Apple is just the blind transporter in the middle with this type of setup.

This is different from at-rest encryption at the datacenter hardware level. I highly doubt that our files and data are sitting on iCloud servers in plain readable format. I highly suspect they use a server-grade whole-disk encryption similar to FileVault for our Macs, so if the hardware was ever compromised at the datacenter, the data is safe.