- Apr 12, 2001
Apple yesterday announced that end-to-end encryption is coming to even more sensitive types of iCloud data, including device backups, messages, photos, and more, meeting the longstanding demand of both users and privacy groups who have rallied for the company to take the significant step forward in user privacy.
iCloud end-to-end encryption, or what Apple calls "Advanced Data Protection," encrypts users' data stored in iCloud, meaning only a trusted device can decrypt and read the data. iCloud data in accounts with Advanced Data Protection can only be read by a trusted device, not Apple, law enforcement, or government entities.
Following its announcements, the EFF or Electronic Frontier Foundation, a group that has long-called for Apple to enable end-to-end encryption and take more steps to safeguard user privacy, put out a statement applauding the new feature and Apple's renewed commitment to privacy.
Meredith Whittaker, CEO of the popular encrypted messaging app Signal, said the decision by Apple to offer end-to-end encryption "is great." "There's been enough pressure and enough narrative work that they see the side of history forming. It's really incredible," Whittaker told The Washington Post.We applaud Apple for listening to experts, child advocates, and users who want to protect their most sensitive data. Encryption is one of the most important tools we have for maintaining privacy and security online. That's why we included the demand that Apple let users encrypt iCloud backups in the Fix It Already campaign that we launched in 2019.
The Surveillance Technology Oversight Project, or S.T.O.P, called Advanced Data Protection "essential and overdue." Despite the announcement, the group is "disappointed" that end-to-end encryption will require users to opt-in and is not to be enabled by default. Fox Cahn, the group's executive director, said, "it's good to see Apple's privacy protections catching up with its sales pitch, but making these protections opt-in will leave most users vulnerable."
Fight for the Future, another privacy-focused advocacy group, said on Twitter that Apple's announcement of end-to-end encryption brings the company's marketing of being privacy-focused to reality. "Apple's reputation as the pro-privacy tech company has long been at odds with the reality that iCloud backups aren't secured by end-to-end encryption. This news means people's personal messages, documents, and data will be secure from law enforcement, hackers, and Apple itself." The group is now calling upon Apple to implement RCS messaging into iPhone, a move the group says is a "non-negotiable next step."For years, Apple has touted its privacy record while leaving its users vulnerable, particularly to police surveillance. Much of the data users store on iCloud is just a court order away from becoming a policing tool. With these changes, Apple will keep up with the privacy best practices that other companies have followed for years. But it's disappointing that users have to opt-in to many of these new protections, leaving the vast majority at risk.
While privacy groups and apps applaud Apple for the expansion of end-to-end encryption in iCloud, governments have reacted differently. In a statement to The Washington Post, the FBI, the largest intelligence agency in the world, said it's "deeply concerned with the threat end-to-end and user-only-access encryption pose." Speaking generally about end-to-end encryption like Apple's Advanced Data Protection feature, the bureau said that it makes it harder for the agency to do its work and that it requests "lawful access by design."
Former FBI official Sasha O'Connell also weighed in, telling The New York Times "it's great to see companies prioritizing security, but we have to keep in mind that there are trade-offs, and one that is often not considered is the impact it has on decreasing law enforcement access to digital evidence.""This hinders our ability to protect the American people from criminal acts ranging from cyber-attacks and violence against children to drug trafficking, organized crime, and terrorism," the bureau said in an emailed statement. "In this age of cybersecurity and demands for 'security by design,' the FBI and law enforcement partners need 'lawful access by design.'"
In January 2020, Reuters reported that Apple dropped plans to encrypt user data in iCloud at the behest of the FBI, which was concerned such a move would hinder investigations and its intelligence efforts. In an interview yesterday with The Wall Street Journal's Joanna Stern, Apple's vice president of software engineering, Craig Federighi, labeled the report as inaccurate. "I've heard that rumor, but I don't know where it came from."
In that same interview, Federighi said Apple "deeply appreciates the work of law enforcement and supports the work of law enforcement. We view that we really have the same mission at heart which is to keep people safe." Apple says that Advanced Data Protection will be available to all US users by the end of this year, with plans to launch globally in early 2023.
Update: This article has been updated to note that the FBI was speaking generally about end-to-end encryption, which includes Apple's new Advanced Data Protection feature.
Article Link: FBI Calls End-to-End Encryption 'Deeply Concerning' as Privacy Groups Hail Apple's Advanced Data Protection as a Victory for Users