Apple details plans to beef up encryption of data in its iCloud

Apple’s new protections are part of a broader push by tech companies to improve customer security. PHOTO: AFP

SAN FRANCISCO – Apple has long promised that what is on your iPhone stays on your iPhone. But that pledge came with the caveat that if law enforcement had a warrant for someone’s iCloud account, Apple could provide a file of unencrypted messages, photos and notes.

Now, the company is planning to close that loophole.

On Wednesday, Apple said it was expanding its end-to-end encryption system to keep most iCloud data indecipherable, even when it’s stored in data centres.

The increased protections, which are optional, aim to make the sensitive data inaccessible to hackers and governments. Previously, encryption covered only select information, such as passwords, payment and health data.

The change sets up a potential conflict with the US government and other governments that have clashed with Apple over access to data on criminals’ iPhones. Though Apple has refused to assist law enforcement in unlocking iPhones over the years, it has fulfilled thousands of requests annually for iCloud backups that include unencrypted messages and photographs.

Law enforcement has been able to obtain confidential messages in high-profile cases, including its prosecution of Paul Manafort, chair of former president Donald Trump’s 2016 campaign.

In the first six months of 2021, the company received requests for 7,122 iCloud accounts in the United States. These security upgrades would close off that access.

“It’s great to see companies prioritising security, but we have to keep in mind that there are trade-offs, and one that is often not considered is the impact it has on decreasing law enforcement access to digital evidence,” Ms Sasha O’Connell, an executive-in-residence at American University and a former FBI section chief. “The big question is: Who decides that trade-off? It continues to sit in Apple’s hands.”

Apple has not fully encrypted iCloud data because it wants to make it easier for customers to retrieve information for users who are locked out or have lost access to their accounts. But data breaches have tripled over the past seven years, as more data has migrated to the cloud, spurring Apple to want to enhance its security.

Apple’s new protections are part of a broader push by tech companies to improve customer security. Google recently introduced end-to-end encryption for group chats in its Messages app, and Facebook’s WhatsApp started offering encrypted backups a year ago.

Users who opt in to increased encryption for iCloud, which Apple calls Advanced Data Protection, can increase their account’s security by getting a hardware security key, Apple said. The added protection can be used by everyone but is designed to safeguard the data of public figures who can be targeted by hackers, including celebrities, journalists and government officials.

Only three categories won’t be covered – Apple’s Mail, Contacts and Calendar systems – because they are connected to legacy technology, the company said.

The program rolls out later in 2022 in the United States and worldwide starting 2023, Apple said. It will be available to customers in China, where a Chinese company manages storage of their iCloud accounts.

A separate plan to scan iPhones for images of child sexual abuse has been abandoned, Apple said. That proposal, which was introduced in 2021, faced blowback from privacy activists.

Instead, Apple said, it will update its messaging system in the future to cover nudity in videos. It will also make the technology behind those protections available to other messaging apps. NYTIMES

Join ST's Telegram channel and get the latest breaking news delivered to you.