Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple Reportedly Dropped Plans for End-to-End Encrypted iCloud Backups After FBI Objected

MandiMac said:
government needs a warrant so they can gather your data
Click to expand...
Nope. The data is gathered mass surveillance style. They are supposed to have a warrant to search through it, but guess what?

theintercept.com

Court Ruling Shows How FBI Abused NSA Mass Surveillance

In a declassified ruling, a federal FISA judged showed how the FBI abused its access to the NSA’s warrantless mass surveillance data.
theintercept.com theintercept.com

While the law requires that FBI searches of such data be related to investigations in which agents have reasonable suspicion that crimes are occurring or in which national security is at risk, assessments provide an enormous loophole that potentially allows agents to search through the communications of any American without a warrant.
Click to expand...
 
  • Like
Reactions: snek, t1meless1nf1n1t and Victor Mortimer
x34 said:
iCloud is not secure, because it is not encrypted. therefore it's not an option for backups.
Click to expand...

It's not "end-to-end" encrypted, which is a setup where only the user holds the keys.

iCloud data is encrypted: (a) during transport, and (b) at-rest, but using keys that Apple manages.

See the difference? Apple is taking steps to ensure that your data is secure, but this article is suggesting that they've ceased plans to implement the more complex end-to-end encryption mechanism.

Let's not spread misinformation.
 
  • Like
Reactions: mazz0 and brian3uk
hagjohn said:
Apple should encrypt as much data end to end as it can. If law enforcement has a proper warrant for the data, then I have no problems with Apple giving it to them, as long as what they are asking for is proper and the warrant is issued properly.
Click to expand...
except that the warrants don't get issued properly, and thanks to 9/11, stuff can just get done without pesky warrants.

www.smithsonianmag.com

Leaks and the Law: The Story of Thomas Drake

The former NSA official reached a plea deal with the government, but the case still raises questions about the public’s right to know
www.smithsonianmag.com www.smithsonianmag.com
www.theguardian.com

Obama's war on whistleblowers leaves administration insiders unscathed

Five key political players enjoy ‘virtual impunity’ – while four lower-level figures are in prison or facing time
www.theguardian.com www.theguardian.com
 
  • Like
Reactions: snek, t1meless1nf1n1t, IG88 and 1 other person
Classie said:
Do I understand it correctly:
- Everything on your phone is impossible for Apple or anyone else to see, without knowing the password.
- Everything stored on iCloud is open if Apple gives permission.

If true it goes against a big part of what I thought Apple was all about - Privacy! One of the biggest selling points compared to their competitors.

More and more of your stuff is stored in the cloud instead of on your phone...
Click to expand...

This is why I don't use anyone's cloud for sensitive data.
 
  • Like
Reactions: snek and Victor Mortimer
MistrSynistr said:
I need you people to understand something.

The NSA gets copies of everything you send in electronic form, ALL OF IT.

They HAVE IT.
Click to expand...

And now they have your post!!! Run! Grab your tinfoil hat!

Do you really think that MacRumors has an agreement that lets the NSA store a copy of the entire forum database? Millions of forums online all have agreements?

No.

Same goes for email providers. They are not openly sharing all of your emails with the NSA.

Don't worry so much, friend.
 
This should be ok, and completely different from a "backdoor" into the phone.

iCloud backups wouldn't give access to messages or passwords which are still encrypted. I guess, pics, videos, apps will be visible to people who get access. But not the same as giving random people unfettered access through a backdoor.

Besides privacy, there is also the issue of exploitation of backdoors by malicious people - which does not get compromised by Federal agencies getting access to icloud backups through a court warrant.
 
Marekul said:
E2E Encryption means you hold all the private keys, apple never gets to see them. Therefore apple can not decrypt/access your data.
Click to expand...

No, end-to-end encryption means only that data is encrypted while moving from one end to another and that no third-party can read the data while in transit. There are no requirements that the receiver of the data can not read the data.

HTTPS using TLS is an example of end-to-end encryption. The webserver (sender) can read the contents of the web pages and so can the browser (receiver). And yet it is end-to-end encrypted.
 
  • Like
Reactions: snek
2013.1 said:
So my contacts synced via icloud
are encrypted but Apple can read them and give them to authorities
because they are not end-to-end encrypted?

My mail isn’t encrypted at all?

iCloud data security overview - Apple Support

iCloud uses strong security methods, employs strict policies to protect your information, and leads the industry in using privacy-preserving security technologies like end-to-end encryption for your data.
support.apple.com support.apple.com
Click to expand...

Yes, assuming Apple has access. If after being presented with probable cause that establishes that your phone's backup may have evidence of crimes you are suspected of committing, as the result of a law enforcement investigation, a judge signs a search warrant permitting your backup data to be examined.

It's no different than if your safe deposit box at the bank you do business with contains evidence of your crimes. A signed warrant will allow that to be searched as well.

I have no problem with either situation.
 
End-to-End Encryption for all iCloud data (Photos, Drive, Calendar, Notes, backups etc) is something i have been wanting for years. Everything stored in such a way no-one, except me will be able to access it.
 
  • Like
Reactions: centauratlas
In the cited Reuters article but not in the MacRumors summary is this text:

"However, a former Apple employee said it was possible the encryption project was dropped for other reasons, such as concern that more customers would find themselves locked out of their data more often."
 
  • Like
Reactions: coolfactor
dominiongamma said:
I can’t see Apple doing this, they have strong principles with privacy. I won’t believe it unless Apple sends a message to the public which will be a sad day for Apple if this is true
Click to expand...

Apple looked at doing end to end encryption but backed away from it for a much more straight forward reason. With the system they were planning to use, if all the devices on the account were damaged or lost, there would have been no way to recover the data. They are still investigating methods to solve this problem.

Apple does not want to create a situation where too many customers lose access to their data.
 
What's the best thing people do if they are privacy-conscious about this?

Would it be to disable iCloud backup and then do encrypted device backups to computer? Does anyone know if these backups can happen over Wi-Fi and automatically, or do you need to manually backup to the computer?
 
BootsWalking said:
In public Tim Cook touts Apple's dedication to user privacy and security. In private Apple leaves a backdoor to users' backups that allows them to share thousands of backups with law enforcement.

In public Tim Cook rails against firms like Google that harvest users' privacy by monetizing their information. In private Apple has a secret agreement with Google that pays them $9B/year to enable that very business model by making Google the default search engine on iPhones.

Seeing the pattern here?
Click to expand...
I see a pattern of posters who will twist things around to make Apple look bad no matter what.

Apple is nothing like Google in how it gathers or treats your data. To imply they are is not just a logical fallacy (false equivalency) is is nothing short of an outright lie. Google is orders of magnitude worse than Apple in the quantity of data they collect, where they collect it from and what they use it for.

BTW, monetization and encryption are not the same thing. So why are you bringing monetization into this discussion?
 
  • Like
Reactions: MEJHarrison, diandi and TheSkywalker77
All major news outlets have picked up this story. It will be interesting to see how apple tries to spin this. Remember when they said "courage" was removing a headphone port? 😂
 
  • Like
Reactions: dk001
x34 said:
iCloud is not secure, because it is not encrypted. therefore it's not an option for backups.
Click to expand...
Why do people post things that are clearly incorrect? From Apple:

Each file is broken into chunks and encrypted by iCloud using AES-128 and a key derived from each chunk’s contents, with the keys using SHA-256. The keys and the file’s metadata are stored by Apple in the user’s iCloud account. The encrypted chunks of the file are stored, without any user-identifying information or the keys, using both Apple and third-party storage services—such as Amazon Web Services or Google Cloud Platform—but these partners don’t have the keys to decrypt the user’s data stored on their servers.
Click to expand...
[automerge]1579624904[/automerge]
mdorais said:
All major news outlets have picked up this story. It will be interesting to see how apple tries to spin this. Remember when they said "courage" was removing a headphone port? 😂
Click to expand...
Curious how they'd spin this when they find out that all the major could servicesoperate like this and lack end-to-end encryption.
 
  • Like
Reactions: MEJHarrison
Joseph H said:
What's the best thing people do if they are privacy-conscious about this?

Would it be to disable iCloud backup and then do encrypted device backups to computer? Does anyone know if these backups can happen over Wi-Fi and automatically, or do you need to manually backup to the computer?
Click to expand...

I think it depends on what your concern is.

If your concern is that some hacker might get your data then perhaps you want to keep your own (multiple) backups and store one in a safe deposit box off site.

If instead, and this is theoretical, your concern is law enforcement getting access to evidence to crimes you are suspected of committing, where a backup can be examined with a search warrant signed by a judge after probable cause is presented, then you would need to think through on how to hide those backups.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back