Apple says it will allow iCloud backups to be fully encrypted
But most iPhone and Mac computer owners back up their iMessages, photos and other content to Apple’s iCloud, where the company can retrieve it for locked-out users or authorities. That has also left the material open to hackers that have tricked customers out of their passwords, increasing the potential for embarrassment and even extortion.
Apple representatives said those threats, and increasing attempts to breach cloud providers, made end-to-end encryption in the cloud the best option for those most concerned about security.
The step is likely to draw protests from multiple governments, some of which could take legislative or court action or deny Apple access to their markets. Top law enforcement officials in the United States, Britain and other democracies have railed against strong encryption, and some have passed laws they could use to try to force companies to cooperate against their customers.
The encryption option will be available for public software testers immediately, for all U.S. customers by year-end, and for all other countries next year, Apple said.
Apple’s move follows similar ones by other companies and organizations that have caught up to it on privacy or gone further.
Facebook’s WhatsApp is the most-used fully encrypted messenger, and it began offering an encrypted backup a year ago. Signal, which develops the protocol used by WhatsApp and others, does not allow cloud backups to prevent improper access. Google offers encrypted backups, though it is unclear how popular the service is.
After hacks of cloud service providers, an increasing number of businesses are insisting on controlling decryption keys themselves. Apple will now provide that option to consumers as well.
That is likely to slow an especially effective law enforcement tool. In a six-month period covered in Apple’s most recent transparency report, the company said it had turned over users’ content for legal reasons 3,980 times, mostly in the United States and Brazil. It said legal requests for all types of account data, including just identifying information, had doubled in two years to more than 20,000.
In China, Apple has come under intensifying criticism for not doing more to protect iPhone users who are already heavily surveilled. During the recent wave of protests against harsh covid restrictions, Apple limited the use of AirDrop, which people were using to share videos and other large files at close range. The iCloud data in China is stored on servers under a local company’s control.
Apple had intended to introduce fully encrypted iCloud storage many years ago, according to FBI agents and Apple employees at the time. The FBI objected, and Apple shelved the idea rather than face a public fight.
Instead, it picked specific categories of data that would be walled off from outside prying, including passwords and payment and health data. Now, everything can be stored securely except for email, calendar and contacts functions that need to interoperate with multiple providers.
An FBI spokesperson did not respond to a request for comment.
Apple will require that users set up a recovery key or name another person who can get access in the event that they are locked out or are incapacitated.
In a second victory for privacy advocates, Apple said it was dropping a plan to scan user photos for child sex abuse images. The company had paused that plan shortly after its announcement last year, as security experts argued that it would intrude on user’s device privacy and be subject to abuse.
Apple also said Wednesday that it was making iPhones compatible with physical security keys that would connect to the phone so that consumers can require them for access to their accounts from new devices. That way, phishing attackers who steal passwords and user names would still be unable to get in.
/cdn.vox-cdn.com/uploads/chorus_asset/file/24393819/1238159388.jpg)
