EFF Calls on Apple to Let Users Encrypt iCloud Backups as Part of 'Fix It Already' Initiative
The Electronic Frontier Foundation (EFF), perhaps the most well-known digital rights non-profit, today launched a new "Fix It Already" campaign with the aim of getting technology companies to implement new privacy features in areas where privacy is lacking.
According to the EFF, the issues that it is demanding a fix for are "well-known privacy and security issues" that have "attainable fixes." From Apple, the EFF wants the company to implement user-encrypted iCloud backups that are inaccessible to the company and thus to law enforcement.
iCloud content uploaded to Apple is encrypted at the location of the server and, with the proper legal requests, Apple can provide iCloud information that includes name, address, email, mail logs with date/time stamps, photos, Safari browsing history, iMessages, and more, with full details outlined by Apple on its privacy site. [PDF]
The EFF says that Apple should "let users protect themselves" and elect for "truly encrypted iCloud backups."
Apple has not encrypted iCloud backups because doing so would prevent Apple from being able to restore iCloud backups for users who have forgotten their passwords. As the EFF points out, though, Apple CEO Tim Cook has said in the past that Apple may move towards encrypted iCloud backups in the future. From an interview Cook did with German site Der Spiegel:
There our users have a key and we have one. We do this because some users lose or forget their key and then expect help from us to get their data back. It is difficult to estimate when we will change this practice. But I think that will be regulated in the future as with the devices. So we will not have a key for it in the future.
The EFF has demands for other technology companies in addition to Apple. Android, it says, should let users deny and revoke apps' internet permissions, while Twitter should end-to-end encrypt direct messages and Facebook should stop using phone numbers provided for account creation for targeted advertising.
WhatsApp should obtain user consent before adding users to groups, Slack should give free workspace administrators control over data retention, and Verizon should stop pre-installing spyware on some smartphones.
Top Rated Comments
I want safety. I promise not to complain if I go senile and forget by password.
If you forget your FileVault password, you lose your data, period. Just make it ABSOLUTELY CLEAR to the user that they must not forget their password or they will lose their iCloud backup data. They could even make it a choice; I believe FileVault asks if you want to let Apple keep a copy of the recovery key.
I know Apple is really big on keeping users from shooting themselves in the foot, but for those of us who understand the risks, we should be allowed to secure our data further.