New in OS X: Get MacRumors Push Notifications on your Mac

16" MacBook Pro Now Available

Apple Actively Working to 'Double Down' on iCloud Encryption

Wednesday March 16, 2016 5:16 am PDT by Tim Hardwick

Apple is working to further harden iCloud security so that even it won't be able to access user information stored on its data servers, The Wall Street Journal has reported.

According to yesterday's report, which cites "people familiar with the matter", Apple executives are actively considering how to bolster iCloud encryption without inconveniencing users.

Currently, encrypted data kept on the cloud service is accessible by Apple using a key, which is used for restoring account information if, for example, a user forgets their password. Apple's access also allows the company to provide relevant information it has to law enforcement agencies that approach it with proper, legal requests.

However, Apple appears to be concerned that keeping a copy of the key means it could be compromised by hackers or that the company could be legally compelled to turn it over to governments.

The news contrasts with a report earlier this month suggesting that Apple viewed privacy and security issues differently between physical devices that can be lost and its iCloud service.

However, according to The Wall Street Journal, an Apple spokesperson pointed to comments made by senior VP of software engineering Craig Federighi in reference to the company's fresh concerns. "Security is an endless race—one that you can lead but never decisively win," he wrote in a March 6 opinion piece in The Washington Post. "Yesterday's best defenses cannot fend off the attacks of today or tomorrow."

iCloud backups contain user iMessages and texts, content purchase history, photos and videos, device settings, app data, voicemail password, and health data. Any steps Apple takes to close off access to these backups are likely to further antagonize law enforcement authorities, especially given the company's current fight with the FBI over the latter's demand for help to unlock the iPhone at the center of the San Bernadino shooter investigation.

A court hearing to address the iPhone backdoor issue is scheduled for next Tuesday, March 22, the day after Apple's media event, where it is expected to introduce a new 4-inch "iPhone SE" and a new 9.7-inch iPad, as well as make additional announcements.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Tag: Apple-FBI

Top Rated Comments

(View all)

macintoshmac

48 months ago

Making it harder and harder for my private info to be tapped into. Gotta love Apple for this stand.

Rating: 28 Votes

Turnpike

48 months ago

Sometimes we may complain and get impatient with them, and say what you want, but for the most part, Apple is the best company out there- showing (by far) the most interest in it's users/customers, both in terms of quality products and privacy of information. And while it costs more to live in their ecosystem (or whatever people call it) and they have a lot of extra rules, the system WORKS, and stories like this make me really appreciate that they exist and that they are an option.

Rating: 26 Votes

keysofanxiety

48 months ago

The government should be able to do this with proper search warrants. The question is how to enable the government without enabling hackers.

You can't. Encryption is a surprisingly absolute thing. You either have it, or you don't. Brilliant encryption, that can only be broken by a key that a government has, isn't brilliant encryption. The government has to accept that there are some things they can't control.

Rating: 18 Votes

Michael Scrip

48 months ago

No one should be able to enter my digital house and look at my pictures and take them. Hackers can do this. The government should be able to do this with proper search warrants.

The question is how to enable the government without enabling hackers.

And therein lies the rub.

How would Apple protect 500 million iPhone users' privacy... while simultaneously providing law enforcement access to a far smaller number of bad guys' iPhones?

Imagine what sort of information you could find on people's phones these days: their home address, pictures of their children, their children's school, schedules, emails, access to door locks, garage door openers, health data, etc. Do you really want that stuff to be easily accessible to any common criminal?

I certainly don't. It should be as secure as it can possibly be.

But by keeping that information secure... it also prevents law enforcement from getting into criminals' phones too.

I can't imagine any way to selectively make some phones secure while making other phones easy to open.

It's sort of an "all or nothing" deal.

Rating: 15 Votes

profets

48 months ago

You can bet that not only are they going to try removing their ability to access iCloud data, but also secure new iPhones even farther so that it wouldn't even be possible to build a version of iOS that weakens security.

Rating: 14 Votes

bbeagle

48 months ago

Nice. Although I am curious about how they're going to give me the key to my stuff in the event of a restore if even Apple doesn't have it.

If you lose the key, you won't be able to get your stuff. Period. Even Apple won't be able to help you get it. This is the goal.

Rating: 11 Votes

MentalFloss

48 months ago

I want to make it as hard as possible for anyone to invade my privacy. No one should be able to enter my house and look through my old photo albums and take them. However, robbers do this. The government also does this with a proper search warrant. No one should be able to enter my digital house and look at my pictures and take them. Hackers can do this. The government should be able to do this with proper search warrants.

Out of curiosity: If it were possible to download data from a person's brain into a computer to view their thoughts there, would you also be in favor of the police doing that with a proper search warrant?

Because one day, that will be possible, so please consider your answer carefully.

It is a slippery slope to compare a search warrant for physical items with a search warrant for intangible items. There is no search warrant for my brain and no law that would allow police to coerce me into revealing any thoughts or ideas I have if I am accused of a crime. In fact, most countries have laws that protect you from exactly that - for good reasons. I am of the strong opinion that any virtual items stored in my accounts or my devices should be treated like my thoughts, ideas and memories stored in my brain, not like physical items lying around my house.

If I have my own cloud server at home, police can't torture me to get the encryption password from me. My data could be - given the right encryption mechanisms - close to 100% safe. I have no idea why a service provided by a company like Apple should be any less safe than that.

Rating: 9 Votes

haruhiko

48 months ago

Thanks Tim!

Rating: 9 Votes

zioxide

48 months ago

So Apple is really protecting pedophiles, murders and Isis? So you telling me Apple would be protecting these criminal's footage of the killing a cop? http://www.cnn.com/2016/03/15/us/maryland-police-officer-killed/index.html

The fourth amendment is not absolute...

You don't get it.

Apple is protecting innocent users of their products from identity theft, data theft, hackers, etc.

Due to the limitations of math, a side effect of that is that we might not be able to search the phones of a few bad guys. That's something we just will have to deal with.

You don't put nearly a billion innocent users at risk to attempt to catch a few crooks. That's one of the most ridiculous ideas ever.

Rating: 8 Votes