Changes to iCloud Put Apple on Collision Course With Governments Seeking Access to Encrypted Messages
Apple has sent its top privacy executives to Australia twice in the past month to lobby government officials over proposed new laws that would require companies to provide access to encrypted messages.
According to the Sydney Morning Herald, Apple privacy advocates met with attorney general George Brandis and senior staff in Prime Minister Malcolm Turnbull's office on Tuesday to discuss their concerns about the legal changes, which could compel tech companies to provide decryption keys to allow access to secure communications such as that provided by WhatsApp and iMessage.
Apple has consistently argued against laws that would require tech companies to build so-called "back doors" into their software, claiming that such a move would weaken security for everyone and simply make terrorists and criminals turn to open-source encryption methods for their digital communications.
While Apple's position is clear, the Turnbull government has yet to clarify exactly what it expects tech companies to give up as part of the proposals. A source familiar with the discussions said that the government explicitly said it did not want a back door into people's phones, nor to weaken encryption.
However, given that encrypted services like WhatsApp and iMessage do not possess private keys that would enable them to decrypt messages, a back door would seem the only alternative. "If the government laid a subpoena to get iMessages, we can't provide it," CEO Tim Cook said in 2014. "It's encrypted and we don't have a key."
As it happens, Cook's comment only applies to iMessages that aren't backed up to the cloud: Apple doesn't have access to messages sent between devices because they're end-to-end encrypted, but if iCloud Backup is enabled those messages are encrypted on Apple's servers using an encryption key that the company has access to and could potentially provide to authorities.
However, Apple is moving in the same direction as WhatsApp and Telegram to make encryption keys entirely private. As announced at WWDC in June, macOS High Sierra and iOS 11 will synchronize iMessages across devices signed into the same account using iCloud and a new encryption method that ensures the keys stay out of Apple's hands.
As senior VP of software Craig Federighi noted in interview with Daring Fireball's John Gruber, even if users store information in the cloud, "it's encrypted with keys that Apple doesn't have. And so they can put things in the cloud, they can pull stuff down from the cloud, so the cloud still serves as a conduit — and even ultimately a kind of a backup for them — but only they can read it."
How this will play out in Apple's discussions with the Australian government – and indeed other governments in the "Five Eyes" intelligence sharing network seeking similar access to encrypted communications – is anything but clear. According to sources, Apple and the Turnbull government are taking a collaborative approach in the discussions, but previous statements by officials imply a tougher stance behind the scenes.
Last week, Senator Brandis said the Australian government would work with companies such as Apple to facilitate greater access to secure communications, but warned that "we'll also ensure that the appropriate legal powers, if need be, as a last resort, coercive powers of the kind that recently were introduced into the United Kingdom under the Investigatory Powers Act... are available to Australian intelligence and law enforcement authorities as well".
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.