January 29, 2023

Apple has long promised that what’s on your iPhone will stay on your iPhone. But that promise comes with the caveat that if law enforcement has a warrant for someone’s iCloud account, Apple could provide files containing unencrypted messages, photos, and notes.

Now, the company is planning to close that loophole.

On Wednesday, Apple said it was expanding its end-to-end encryption system to ensure that most iCloud data cannot be deciphered, even when it is stored in data centers. The added protection is optional and designed to make sensitive data inaccessible to hackers and governments. Previously, encryption only covered specific information, such as passwords, payment and health data.

The change presents a potential conflict with the U.S. government and other governments that have clashed with Apple over access to data on criminals’ iPhones. While Apple has refused to assist law enforcement in unlocking iPhones for years, it honors thousands of iCloud backup requests each year, which include unencrypted messages and photos.

Law enforcement has been able to obtain classified information in high-profile cases, including the indictment of former President Donald J. Trump’s 2016 campaign chairman, Paul Manafort. In the first six months of last year, the company received 7,122 requests for iCloud accounts in the United States. These security upgrades will close that access.

“It’s great to see companies making security a priority, but we have to remember that there are trade-offs, and what is often not considered is its impact on reducing law enforcement’s access to digital evidence,” Sasha O’Connell, American University Resident Administrator and former FBI Section Chief. “The big question is: who decides this trade-off? It continues to be in Apple’s hands.”

Apple doesn’t fully encrypt iCloud data because it wants to make it easier for customers to retrieve information about users who are locked out or unable to access their accounts. But as more data moves to the cloud, data breaches have tripled over the past seven years, prompting Apple to look to beef up its security.

Apple’s new protections are part of a broader move by tech companies to improve customer safety. Google recently introduced end-to-end encryption for group chats in its messaging app, while Facebook’s WhatsApp began offering encrypted backups a year ago.

Users who choose to add encryption to iCloud (which Apple calls Advanced Data Protection) can also individually increase the security of their account by obtaining a hardware security key, Apple said. The added protections are available to everyone, but are designed to protect the data of public figures who could be targeted by hackers, including celebrities, journalists and government officials.

Only three categories won’t be covered — Apple’s mail, contacts and calendar systems — because of their ties to legacy technology, the company said.

Apple says the program will launch in the U.S. later this year and globally starting next year. It will be available to customers in China, with a Chinese company managing the storage of their iCloud accounts in China.

Apple said it had dropped a separate plan to scan iPhones for child sexual abuse imagery. The proposal was introduced last year but faced opposition from privacy activists.

Instead, Apple said it would update its messaging system to cover nudity in the videos in the future. It will also make the technology behind these protections available to other messaging apps.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *