A new report out today says that Apple has not implemented end to end encryption on iCloud backups at the behest of the FBI. Apple hasn’t verified the report, but it has other reasons not to encrypt iCloud backups. In the end, I don’t worry too much about the absence of end-to-end encryption in iCloud, because it’s to my benefit. Let me explain.
First of all, data in iCloud is encrypted, but both you and Apple can decrypt it. Apple will do so for customers who need access to their account and have lost it by other means. Apple will also do so for law enforcement officials who provide the appropriate request.
Some data stored in iCloud is encrypted end-to-end. Meaning that without a decryption key managed by the user, that data isn’t useful to anyone. What’s at issue here is that not all iCloud data is encrypted end-to-end. If it were, Apple couldn’t help law enforcement when it needs to. Apple also couldn’t unlock user data when users request their help.
If you’re confused about how Apple keeps iCloud data secure, you can read their own iCloud security overview to get a better understanding.
What is iCloud Backup?
iCloud Backup is part of the core services Apple offers iPhone, iPod touch, and iPad users. It makes it simple to set up a new device or to restore information back onto your device without losing any data. With a good iCloud Backup archive to restore from, I can walk out of an Apple Store with a new device that’s pretty much a clone of the device I walked in with.
When active, iCloud Backup runs as an automated process on your device, and it happens when your device is plugged in, locked, charging, and connected to a Wi-Fi network. Typically it happens in the middle of the night or at other low-traffic times. iCloud Backup includes app data and settings, Apple Watch backups, ringtones and other information on your phone, as well as photos and messages (though read on for an important note).
There’s a lot that iCloud Backup doesn’t back up. Your contacts and calendar info, for example. Safari bookmarks. Notes. That stuff is ordinarily synced in iCloud, regardless – so if you sign in to the same Apple ID on your iPhone and Mac, each one’s contacts and calendar will be populated with the same info.
None of the apps you have on your phone are backed up in iCloud Backup for example, or content you’ve downloaded from Apple Music. Because all of that stuff is in the cloud – you can re-download copies of the apps or entertainment content you might want to have again. Restoring from a backup causes the phone to simply re-download the apps you installed directly from the App Store.
If you have activated Messages in iCloud or iCloud Photos, that content isn’t backed up either, since doing so would be redundant: it’s already in the cloud.
While Apple selectively employs end-to-end encryption for some of its services, at least when it comes to iCloud backups, you have a key, and so does Apple. Ordinarily that key stays secure. But if Apple receives a legal request from the police or a government agency, it’s obliged to unlock your account and share that data.
Apple noted how many such requests it received for the first half of 2019 in a recently-published transparency report. Apple complied with user account and device data requests from governments around the world the vast majority of the time.
We’re our own worst enemy
While the Reuters story would seem to scandalize Apple for acquiescing to the FBI’s demands, the fact is that Apple hasn’t encrypted iCloud Backups end to end for a much more pragmatic reason that may, in the end, have nothing to do with the FBI at all. It’s because of us.
Unfortunately, lots of us forget our passwords, lose our encryption keys, and will even get rid of devices and get new ones without remembering that we’ve employed schemes like two-factor authentication. Then we find ourselves in a pickle when it comes time to restore our device or set up new ones, and we realize the info we have is wrong or incomplete. We’re locked out of our devices, unable to log in to our Apple ID, unable to authenticate to prove our identity.
When I worked for an Apple service provider, every day I would encounter customers in this quandary. It is a constant problem suffered by many folks who use these devices. And it happens regardless of age, technical sophistication, or organizational ability. Sooner or later, even the most veteran experts can run into these sorts of issues, even accidentally.
Unlocking an Apple ID account without the right credentials is not a trivial process – and I’d argue that it shouldn’t be. It can take days for Apple to verify your identity before unlocking you. Apple’s the gatekeeper, and at the end of the day you have no alternative – outside of not using cloud services – but to trust them to hold your keys.
Betwen security and convenience
The report, published by Reuters, comes at a time when Apple is engaged in a very public disagreement with the federal government over its role in unlocking iPhones used by a suspected terrorist. Last week both the U.S. Attorney General and the President called on Apple to unlock the devices used by the individual who shot personnel at the Pensacola Naval Base in Florida last December.
Apple has so far stood up to government requests to build in a backdoor to its devices and operating systems that would let law enforcement officials more easily gain access to the contents on those devices. The company said in a statement:
Backdoors can also be exploited by those who threaten our national security and the data security of our customers.
Made its own bed
Apple has to toe the line between security and convenience, and sometimes that line is tough to distinguish. But this is also a problem that Apple’s made for itself, because privacy and data security has become so central to Apple’s message to customers. News stories like this run the risk of undermining Apple’s credibility as a company that values privacy. Apple’s made its own bed when it comes to privacy, and now it has to sleep in it.
What’s clear through all of this is that end-to-end encryption is important for some of Apple’s customers. I’d love to see Apple incorporate it for those of us who feel we need it. But I think if you ask the average Apple user, “would you prefer to have more secure backups, or backups Apple can help you recover if need be,” the average person will favor the latter more than the former.
I realize this isn’t a one size fits all answer, and that convenience isn’t the answer for everyone. There is a solution. If having an encrypted backup of your iPhone is important to you, use your Mac to back it up. You can encrypt local backups to your heart’s content. Relegating backups to the cloud means that you’re going to play by Apple’s rules.
Here’s the bottom line as I see it: Apple has tried to make it easy to make sure you don’t lose your data. Backing up to iCloud and using iCloud sync services (like iCloud Photo or Messages in iCloud) enables you to do exactly that.
If you’re worried about protecting your data from prying eyes, the best solution is to simply keep your data off the cloud altogether. Although that’s likely to create as many problems as it solves, given how comfortable and used to we’ve gotten with having instant access to all our info, everywhere. But it’s an option.
What do you think? Should Apple provided end to end encryption for all iCloud services? Or is it doing enough to protect its users’ data? Sound off in the comments and let me know.