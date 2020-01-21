There has always been a major problem with Apple’s privacy statement that “what’s going on your iPhone stays on your iPhone”: iCloud backups don’t.

Although Apple uses end-to-end encryption for iMessage and FaceTime, it does not do the same for iCloud backups. They’re encrypted, but Apple has the key, which means the company has access to a copy of almost everything on your phone – and that includes stored messages.

I have long expected Apple to fix this, but a report released today says the company decided not to …

I expected Apple to switch to end-to-end encrypted iCloud backups for two reasons. First, it fixes a hole in Apple’s privacy claims. Second, it would make life a lot easier when governments knock on Apple’s door asking for someone’s backup. At present, the company must make often delicate decisions to comply or not; with end-to-end encryption, he could shrug his shoulders and say there is no way to decrypt them.

Apple made reference to these sometimes difficult decisions in its latest transparency report.

Our legal team reviews the requests received to ensure that the requests have a valid legal basis. If they do, we respond to requests and provide data that meets the request. If we determine that a request has no valid legal basis, or if we consider it to be unclear, inappropriate and / or too broad, we contest or reject it […]

For example, Apple may reject a law enforcement request if it considers that the scope of the requested data is excessively broad for the case in question. We count each request based on an account when we partially challenge it, or reject it entirely, and report the total number of such instances by country / region.

Apple details the percentage of cases where it has provided the requested information. This ranges from 0% in countries like Qatar, Iran and the United Arab Emirates to 100% in the case of a number of countries, including Finland, Malaysia and South Africa. The figure for the United States was 84%.

Today’s iCloud backup report

A Reuters report says today that while Apple was working on end-to-end encryption for iCloud backups, it has now abandoned the plan. In addition, he indicates that this is due to pressure from the FBI.

Apple has abandoned its intention to release an end-to-end encrypted version of iCloud backups after facing complaints from the FBI that told Apple it would hamper their investigations.

The report says Apple was working on the feature more than two years ago, but it was canceled after the FBI raised concerns. One employee said that “legally killed him, for reasons you can imagine.”

I think Apple’s decision is bad

On a point of principle, I think it’s the wrong decision. Personal data has never been more threatened, and any weakness in privacy protections designed to be used by the good guys is one that risks being exploited by the bad guys. This is why I have always opposed any backdoor on iOS.

I also believe that the most dangerous criminals and terrorists are those who are smart enough to protect their data and communications. There are forms of encryption readily available that can mask the fact that they even use it.

Steganography is an example. An encrypted message is embedded in something like a JPEG file. To anyone looking at it, it would appear to be a perfectly ordinary photograph, with no clue suggesting that it contains a message. But with the right software and encryption key, the message can be extracted. You can do the same with any file, from a spreadsheet to an application. Any smart terrorist will use this type of technique, not WhatsApp or iMessage.

Yes, stupid criminals will do stupid things, but they are generally not those who present major risks.

But I think it’s understandable

Going this route, Apple does three things.

First, it can help law enforcement most of the time. Most criminals are not technicians and will not realize that using iCloud backup means that Apple can access all of their data. So while law enforcement will always try to pressure Apple, as the FBI did in the San Bernardino and Pensacola shootings, that is nothing compared to the pressure that would be applied if the backups were not available.

Second, it keeps the risk of compromise extremely low for ordinary users. It would take a villain with a very special contact within Apple capable of accessing backups. I guess Apple only grants this privilege to a small number of employees – just enough to meet law enforcement requirements – and scrutinizes them. The risk of abuse is close to zero for the average law-abiding iPhone owner.

Not quite zero. A corrupt employee is always at risk if enough money is at stake, even at very high levels. In addition, of course, innocent people find themselves investigated by law enforcement and are subject to search warrants, physical and electronic. But personally, I consider the risk low enough that I would be happy to use iCloud backups myself.

Third, it allows those who are dissatisfied, even with this small risk, to withdraw. Simply reject the option to switch to iCloud backups and perform locally encrypted backups on a Mac. This way, Apple does not have access to it.

So while it’s not Apple’s ideal approach, it’s a pragmatic approach with a few drawbacks. And that could, in the long run, reduce the risk legislation forcing Apple to compromise iOS, which would create considerably greater risks.

If I were Tim Cook, I couldn’t say for sure that I wouldn’t make the same decision, but reluctantly.

What is your opinion? Has Apple made the right decision? The bad but understandable? Or just the wrong one, period? Please complete our survey and share your thoughts in the comments.

