Apple, in a continued effort to protect customer privacy, said on Wednesday that it will provide end-to-end encryption for almost all user data stored in its unified cloud storage system throughout the world. Thus, it will be harder for hackers, spies, and law enforcement to access private user data.
Customers’ safety and privacy have always been important to the most valuable firm in the world. Apple has sometimes butted heads with law enforcement, most notably the FBI, over its unwillingness to unlock smartphones that use the company’s iMessage and FaceTime messaging services, both of which are completely encrypted end-to-end.
However, most of the data consumers have remotely backed up using Apple’s iCloud service, such as photographs, videos, and conversations has not been provided ironclad security via end-to-end encryption, a method that not even Apple can decipher. Due to this, criminals, spies, and even law enforcement with warrants have an easier time gaining access to it.
Not anymore. This significantly closes the door that law enforcement may use to get iPhone data.
Cupertino, California-based Apple declined to comment on the announcement’s timing or any other concerns raised.
The FBI was unhappy and said as much.
In a statement, it said it continues to support encryption policies that allow “lawful access by design,” so that technology firms “served with a judicial order” may decode data and hand it over to authorities. According to the FBI, “end-to-end and user-only-access encryption represents a hazard that we continue to be genuinely worried about,” since they limit the bureau’s capacity to protect the American people from threats including cybercrime, child abuse, and terrorism.
However, cryptographers and other cyber experts have long maintained that efforts by law enforcement to weaken encryption using backdoors are unwise since they would make the internet less dependable and affect vulnerable people like ethnic minorities.
Apple’s intention to scan iPhones for images of child sexual abuse material, or CSAM, was unveiled last year and quickly retracted after receiving widespread backlash.
It seems like Apple has decided to put the pedal to the metal in terms of deploying encryption features, as noted by Johns Hopkins cryptography professor Matthew Green on Twitter. “Where Apple was hesitant about deploying encryption features last year — maybe backsliding a bit with CSAM scanning proposals,” Green said.
In its introduction of encryption, Apple provides what it terms Advanced Data Protection, which can only be enabled if the user specifically requests it. With this update, more cloud-based data types, such as iCloud Backup, Notes, and Photos, may make use of the same end-to-end encryption safeguards as sensitive information like medical records and passwords. Apple has said that the iCloud encryption system does not include email, contacts, or calendars since these services need to be compatible with goods from other providers.
According to Apple, Advanced Data Protection for iCloud will launch in the United States by the end of this year and in the rest of the globe in the first quarter of 2023.
The number of data breaches has more than quadrupled in the last eight years, and Apple has said that “improved security for customers’ data in the cloud is more urgently required than ever” in a blog post.
The most widely used messaging service, WhatsApp, and Signal, a communications software beloved by journalists, dissidents, human rights activists, and other traders in sensitive material, already provide end-to-end encryption.
On Wednesday, Apple revealed several new layers of protection, including one designed specifically for journalists, human rights advocates, and government officials who “meet extreme digital risks,” such as no-click malware. The feature, known as iMessage Contact Key Verification, would notify users immediately if an unauthorized third party can add a new device to their iCloud.
In July, Apple launched Lockdown Mode, an optional security feature meant to prevent attacks on iPhones and other Apple devices by state-sponsored hackers and commercial malware.
Apple said at the time that it thought the added safeguard would be useful for those who were the subject of organized hacking campaigns backed by deep funds.
Users have complete control over when lockdown mode is enabled and disabled.