Apple plans to expand iCloud data encryption



CNN Business

Apple on Wednesday announced plans to expand end-to-end encryption of iCloud data to include backups, photos, notes, chat histories and other services, in a move that could further protect user data, but also add to tensions with law enforcement around the world.

Among a handful of new security tools is a feature called Advanced Data Protection that will allow users to better protect certain data from hackers, governments, and spies, even in the event of an Apple data breach. Additionally, law enforcement would not be able to access this data, even with a warrant. With end-to-end encryption, not even the platform can access the data, only the sender and receiver.

Because of this, Apple would not be able to comply with requests to share this cloud-stored data to officials as part of an investigation. Apple has previously clashed with law enforcement over attempts to access data on devices, including an attempt by the FBI to break into the iPhone of one of the shooters. 2015 attack in San Bernardino, California.

In recent years, Apple has increasingly made privacy a central pillar of its message to users through a combination of new tools, including a feature designed to protect journalists and human rights defenders from spyware. The company presented the latest move as part of an effort to combat “increasingly sophisticated and complex” threats to user data from malicious actors, as well as a rise in the number of data breaches.

Privacy groups have urged Apple for years to increase iCloud backup encryption. In an interview with The Wall Street Journal, Craig Federighi, Apple’s senior vice president of software engineering, said some of the steps he took more than a decade ago in designing iCloud and the way it encrypts its data were “necessary precursors to preparing for this moment”. .”

In a blog post, Apple (AAPL) said iCloud already protects 14 categories of sensitive data using end-to-end encryption by default, including passwords in iCloud Keychain and health data, and that it adds nine new categories. However, encryption for iCloud Mail, Contacts and Calendar is not included in the new listing due to interoperability issues, Apple (AAPL) said.

Matthew Green, a cryptographer and associate professor at the Johns Hopkins Information Security Institute, believes Apple’s increased efforts will set a standard for others to increase encryption.

“Why is this a big deal? Because Apple sets the standard for what secure (consumer) cloud backup looks like,” Green said in a series of tweets Wednesday. “Even as an opt-in feature, this decision will have ripple effects across the industry, as competitors will pursue them.”

In a statement released Wednesday, the FBI said it “continues to be deeply concerned about the threat posed by end-to-end encryption and restricted user access.”

“This impedes our ability to protect the American people from criminal acts ranging from cyberattacks and child abuse to drug trafficking, organized crime and terrorism,” the FBI said in the statement. “End-to-end encryption and user-restricted access erode law enforcement’s ability to combat these threats and administer justice for the American public.”

– CNN’s Sean Lyngaas contributed to this report

Leave a Reply

Your email address will not be published. Required fields are marked *