Apple now provides full end-to-end encryption for nearly all data its users store in its global cloud-based storage system.
As part of an ongoing privacy push, Apple said Wednesday it will now provide full end-to-end encryption for nearly all data its users store in its global cloud-based storage system. That makes it harder for hackers, spies, and law enforcement to access sensitive user information.
The world’s most valuable company has long held customer security and privacy a top priority. It’s iMessage and Facetime communications services are fully encrypted end-to-end, and it has at times locked horns with law enforcement agencies, including the FBI, over its refusal to unlock devices.
But much of what customers have backed up remotely using Apple’s iCloud service, including photos, videos and chats — has not been given uncompromising protection through end-to-end encryption, a technology that even Apple of decoding it. That has made it easier for crooks, spies – and detectives with warrants – to get their hands on it.
No longer. The loophole that law enforcement had to get hold of iPhone data is now significantly reduced.
Apple, based in Cupertino, California, did not respond to requests for comment about the timing of the announcement and other issues.
The FBI expressed displeasure.
In a statement, it said it remains a strong supporter of encryption schemes that provide “legal access by design” so that tech companies “who have a legal warrant” can decrypt data and give it to law enforcement. The agency said it remains “deeply concerned about the threat posed by end-to-end and user-only-access encryption,” highlighting that they hinder the FBI’s ability to protect Americans from crimes ranging from cyber-attacks to violence against children and terrorism.
Cryptographers and others cyber security however, experts have long argued that attempts by law enforcement agencies to weaken encryption with backdoors are ill-advised because they inherently internet less reliable and hurt vulnerable populations, including ethnic minorities.
Last year, Apple announced a plan to scan iPhones for photos of child sexual abuse material, or CSAM.
“While Apple was hesitant to deploy encryption features last year — maybe even backed off a bit with CSAM scan proposals — it now feels like they’ve decided to step on the gas,” said Johns Hopkins, cryptography professor Matthew Green on Twitter.
Apple’s encryption announcement offers what the company calls Advanced Data Protection, which requires users of their devices to opt-in. It adds iCloud Backup, notes, and photos to categories of data already protected by end-to-end encryption in the cloud, including health data and passwords. Not included in the iCloud encryption scheme are email, contacts and calendar items because they must interoperate with third-party products, Apple said.
It said Advanced Data Protection for iCloud would be available to US users by the end of the year and rolled out to the rest of the world in early 2023.
In a blog post, Apple said that “enhanced security for user data in the cloud is more urgent than ever,” citing research that says data breaches have more than tripled in the past eight years.
Other tech products that already offer end-to-end encryption include the world’s most popular messaging app, WhatsApp, and Signal, a communications app prized by journalists, dissidents, human rights activists, and other traffickers of sensitive data.
Apple announced a few other advanced security features on Wednesday, including one aimed at journalists, human rights activists and government officials who “face extraordinary digital threats,” such as no-click spyware. Called iMessage Contact Key Verification, it automatically alerts users to eavesdroppers who manage to get a new device into their iCloud through a break-in.
In July, Apple announced a new optional feature called Lockdown Mode, which is designed to protect iPhones and its other products from intrusions from state-sponsored hackers and commercial spyware.
At the time, Apple said it believed the extra layer of protection would be valuable for targets of hacking attacks launched by well-funded groups.
Users can activate and deactivate the lock mode at will.
