Apple and law enforcement agencies have been locked in a battle over recent years. On one side, we have law enforcement wanting to access messages sent by alleged criminals who use encrypted services such as iMessage. On the other side, there are companies like Apple who want to protect users from criminals who steal information by encrypting messages.
It’s the right to privacy vs need to catch bad guys debate. This was made very public back in 2016 when terrorists murdered 14 people and injured another 22 before being killed. In that case, law enforcement agencies wanted to access messages on the perpetrators’ iPhones but could not do so as they were encrypted and the phones were locked. Apple was asked to help but could not decrypt the messages because of the way they intentionally designed the iPhone and iMessage security features.
Incidentally, the FBI did eventually get access to the messages using a third party (Australian company Azimuth Security) that hacked the iPhones. They method used at the time is no longer usable as Apple has continued to refine and improve its data protection tools.
Since that time, Apple has enabled the ability for iMessage messages to be backed up over iCloud. And this is where a weakness has come. iCloud backups haven’t been encrypted making them vulnerable to hackers who steal iCloud user credentials or available to law enforcement agencies with the appropriate warrants or subpoenas.
Apple is adding new encryption options to iCloud with a number of new privacy and data protection options. This includes specific tools for people that need heightened protection such as journalists and politicians as well as support for physical security protections such as Yubikey These features will become progressively available over the coming months.
They key here is that iCloud will have full end-to-end encryption with keys that are not available to Apple or any other party.
Apple says:
iCloud already protects 14 sensitive data categories using end-to-end encryption by default, including passwords in iCloud Keychain and Health data. For users who enable Advanced Data Protection, the total number of data categories protected using end-to-end encryption rises to 23, including iCloud Backup, Notes, and Photos. The only major iCloud data categories that are not covered are iCloud Mail, Contacts, and Calendar because of the need to interoperate with the global email, contacts, and calendar systems.
Apple media release
In effect, Apple is handing control over who can see and access our personal data to us. While law enforcement could give Apple a warrant to provide the data, at best Apple could only hand law enforcement agencies encrypted data. The encryption key remains out of reach to Apple or, indeed, any other party unless we give access.
This is a major step forward for user privacy. And a potential flashpoint between Apple and law enforcement agencies.
Anthony is the founder of Australian Apple News. He is a long-time Apple user and former editor of Australian Macworld. He has contributed to many technology magazines and newspapers as well as appearing regularly on radio and occasionally on TV.