MacAlert!

Up to the minute Apple and Mac news alerts

2016 WSJ Story on Apple’s Plans for E2E Encryption for iCloud Data

[2020-01-22 14:54:16]

Daisuke Wakabayashi, reporting for The Wall Street Journal four years ago: Apple Inc. has refused federal requests to help unlock the phone of San Bernardino gunman Syed Rizwan Farook. But the company turned over data from his phone that Mr. Farook had backed up on its iCloud service. Soon, that may not be so simple. Apple is working to bolster its encryption so that it won’t be able to decode user information stored in iCloud, according to people familiar with the matter. But Apple executives are wrestling with how to strengthen iCloud encryption without inconveniencing users. Apple prides itself on creating intuitive, easy-to-use software, and some in the company worry about adding complexity. If a user forgets a password, for example, and Apple doesn’t have the keys, the user might lose access to photos and other important data. If Apple keeps a copy of the key, the copy be “can be compromised or the service can be compelled to turn it over,” said Window Snyder, a former Apple security and privacy manager who is now chief security officer at Fastly, a content-delivery network. If Apple were to implement E2E encryption for iCloud backups, there’s no “might” about it — if the customer forgets their password, they would lose access to the data. That’s the entire point of this debate. I’ve heard from a few additional sources at Apple (or very recently at Apple), and all believe that Apple’s reluctance to use end-to-end encryption for iCloud backups is about the frequency of customers who don’t know their password but need to access their backup. My idea is to make it optional, but every additional option makes a feature more complicated. No one expects to forget their password — even if this were only an option, some number of iCloud users would turn it on because it’s more secure, forget their password, and be forever locked out of their backup. Also, let me emphasize that with the sole exception of email — which is expected — all iCloud data is encrypted both in transit and in storage on the Apple’s servers. (Email is encrypted in transit, of course, just not in storage.) The difference is whether Apple also has a key to the data. End-to-end encryption is when only the user controls the keys. Just plain “encryption” is when Apple also has a key.  ★ 

Read more....



RELATED!

Tim Cook to Der Spiegel a Little Over a Year Ago: Apple Will Eventually No Longer Have a Key to iCloud Data

Android 9 and Later Offers Encrypted Backups to Google

★ Regarding Reuters’s Report That Apple Dropped Plan for Encrypting iCloud Backups

Derek Jeter, Hall of Famer

Instagram for Windows 95

[Sponsor] SQLPro Studio -- Database Client for macOS & iOS

How Modern iPhone Encryption Works

MyNetDiary

The Talk Show: ‘Sport Mode’

The FBI Used a GrayKey to Obtain Data From a Locked iPhone 11 Pro Max

★ Quit Confirmation for Safari on MacOS

Which Emoji Scissors Close

More on Tile’s Complaints About Apple in Congressional Testimony

Study Claims YouTube Ads of 100 Top Brands Fund Climate Misinformation

The Case for a Low Power Mode for Mac Laptops — and iPads