Apple announced last night that it will be rolling out end-to-end encryption to even more sensitive iCloud data, such as device backups, messages, photos, and more.
iCloud end-to-end encryption, which Apple calls Advanced Data Protection, encrypts user data stored in iCloud so that only a trusted device can decrypt and read the data. iCloud data in accounts with Advanced Data Protection can only be read by a trusted device, not by Apple, law enforcement, or government agencies. The EFF (Electronic Frontier Foundation), a group that has long called for Apple to implement end-to-end encryption and take more measures to protect user privacy, welcomed the move in a Explanation the new feature and Apple's renewed commitment to data protection. It states:
We welcome Apple's listening to experts, child advocates, and users who want to protect their sensitive data. Encryption is one of the most important tools we have to protect our privacy and security online. That's why we included the request that Apple allow users to encrypt iCloud backups in our Fix It Already campaign launched in 2019.
Meredith Whittaker, CEO of popular encrypted messaging app Signal, said Apple's decision to offer end-to-end encryption was "great." Speaking to the Washington Post gave them:
Users will be able to encrypt iCloud backups in the future
There was enough pressure and enough persuasion for them to see how the story unfolds. It's really incredible.
The Surveillance Technology Oversight Project (STOP) called Advanced Data Protection "important and overdue". Despite the announcement, the group is "disappointed" that end-to-end encryption will require user consent and will not be enabled by default. Fox Cahn, executive director of the group, said:
It's good to see Apple's privacy keeping up with its sales pitch, but most users are left defenseless when forced to opt in. For years, Apple has boasted about its privacy while leaving its users unprotected, especially when it comes to police surveillance. Much of the data users store in iCloud is just a court order away from becoming a tool of the police. With these changes, Apple is keeping up with the best privacy practices other companies have used for years. But it's disappointing that users must opt in to many of these new protections, leaving the vast majority at risk.
Fight for the Future, another privacy advocacy group, explained on Twitter that Apple's announcement of end-to-end encryption turns the company's marketing of commitment to protecting privacy into reality.
Apple's reputation as a privacy-friendly technology company has long been at odds with the fact that its iCloud backups are not secured by end-to-end encryption. This news means that people's personal messages, documents and data are safe from law enforcement, hackers and Apple itself.
FBI demands “legal access from the outset”
The group is now calling on Apple to implement RCS messaging in the iPhone, a move the group calls a "non-negotiable next step." While privacy groups and apps have praised Apple for extending end-to-end encryption to iCloud, governments have reacted differently. The FBI, the world's largest intelligence agency, told the Washington Post it was "deeply concerned about the threat posed by end-to-end encryption and user-only encryption." The FBI said that end-to-end encryption and Apple's Advanced Data Protection make the FBI's job more difficult and that they require "lawful access in the first place."
This hinders our ability to protect the American people from criminal acts ranging from cyberattacks and violence against children to drug trafficking, organized crime, and terrorism. In the age of cybersecurity and the demand for 'security by design,' the FBI and its law enforcement partners need 'lawful access by design.'
Former FBI agent Sasha O'Connell also spoke out and said the New York Times:
It's great to see companies putting security first but we must remember that there are trade-offs and one that is often not considered is the impact it has on reduced law enforcement access to digital evidence.
Advanced Data Protection will be available worldwide in 2023
In January 2020, Reuters reported that Apple had abandoned plans to encrypt user data in iCloud at the urging of the FBI, which feared such a move would hinder investigations and its intelligence work. In an interview with Joanna Stern of the Wall Street Journal yesterday, Apple's vice president of software engineering, Craig Federighi, called the report inaccurate.
I heard this rumor, but I don't know where it came from.
In the same interview, Federighi said that Apple "greatly appreciates and supports the work of law enforcement. We feel that we really have the same mission, which is to keep people safe." Apple says Advanced Data Protection will be available to all U.S. users by the end of this year, and that the global rollout is planned for early 2023. (Photo by Zinkevych / Bigstockphoto)
- iCloud Photos & more: Apple expands end-to-end encryption options
- iMessage & Apple ID: Apple shows new security features
- Detection of CSAM in iCloud Photos: Apple abandons plans
