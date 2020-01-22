The assumption that Apple has yielded to FBI pressure on iCloud backups and abandoned plans to move to end-to-end encryption has been questioned.

In particular, it seems that the timing of the complaint is not the right one…

Context

Current iCloud backups are encrypted, but Apple has the key, so can access the data. When law enforcement wants to access a locked iPhone, Apple can’t help them directly, but it can provide them with a copy of any iCloud backup of the device. This will include almost all of the data stored on the phone.

Apple receives requests from the government for hundreds of thousands of devices. In the first half of last year, for example, the company revealed that it had received requests for more than 195,000 devices and provided data for 82% of them – about 160,000 devices.

Apple uses much more powerful end-to-end encryption for its two messaging services, iMessage and FaceTime. Here, Apple does not hold the key and cannot read intercepted messages. (Although iCloud backups may contain stored copies of messages, which can be read.) We have long expected that Apple will eventually adopt end-to-end encryption for iCloud backups as well, which means that Apple would be unable to decrypt the data.

However, it was said yesterday that Apple had abandoned the plan following pressure from the FBI. I then expressed the opinion that it was not the right decision on the part of Apple, even if it would be understandable. In our survey, 37% agreed with me, although 55% said it was wrong, period. Less than 6% felt it was the right thing to do.

Doubt casts on history of “FBI pressure on iCloud backups”

True, a pro-Apple expert, John Gruber, had already questioned the story.

Menn is a solid reporter and I have no reason to doubt what he reports. What I suspect however, is based on (a) everything we all know about Apple, and (b) my own private conversations in recent years, with basic Apple sources who have been directly involved in the engineering of security of the business is that Menn’s sources for “ Apple told the FBI it plans to offer users end-to-end encryption when storing their phone data on iCloud ” were FBI sources, not Apple sources, and that this is not correct.

It’s just not in the nature of Apple to tell anyone outside of the company about its future product plans. I don’t know how I could clarify this. It is not in Apple’s DNA to ask for permission to do anything. (Cf. the theory according to which the culture of a company is permanently shaped by the personality of its founders.)

Encrypting iCloud backups would be perfectly legal. There would be no legal requirement for Apple to notify the FBI in advance. Nor would there be any reason to inform the FBI in advance just to get the FBI’s opinion on the idea. We all know what the FBI thinks of strong encryption.

If Apple has indeed abandoned its plans, argued Gruber, it would be because it would then be unable to help customers who lost or broke their iPhone and could not remember their iCloud password. .

But he later noted that there appears to be hard evidence that the report is inaccurate. Namely, the timing doesn’t seem to add up. History has claimed that Apple made the decision “about two years ago,” while CEO Tim Cook said in an interview with the German press a year later that these plans were still likely to materialize.

Our users have a key and we have one. We do this because some users lose or forget their keys and then wait for help from us to recover their data. It is difficult to estimate when we will change this practice. But I think in the future it will be regulated like devices. We will therefore no longer have a key for this in the future.

A native German speaker said that the word “regulated” was a bad translation from Google and that a better translation would be “managed” like devices – that is, end-to-end encryption would be used.

