He manhood ICloud encryption encryption is one of those issues worth analyzing from different points of view. In recent days, a number of details have been published that show their causes Apple could have stopped encryption end-to-end (E2E) copies on iCloud. John Gruber, someone you know Blogger With the track record of internal contacts at a trusted company, you've made observations about this interesting subject.
About Apple's plans for E2E encryption of copies
First and as we showed the other day, it's easy to distinguish between the two types of encryption used by Apple in the copies on iCloud. There is encryption that protects a lot of data in the cloud, in it Only user and Apple have access in certain cases (court order). Then there is another type of encryption, more complete, called end-to-end which protects some data from our copy in iCloud such as health, passwords or home automation. In this case, only the user can sign in with their password.
What Gruber adds to the discussion is a specific context that we have narrowed down thus far. From his experience, Apple is not telling anyone outside the company what its plans are, as mentioned in the controversial Reuters story. So much more than the FBI. Thinking about it cold, what is Apple's point telling the FBI its intention to add E2E encryption to iCloud copies? Know your opinion? What will the company get?
Apple is anonymous for telling a third party outside the company about its product or service plans yet to be revealed
Of course, both now and in the past, Apple is characterized by asking for forgiveness instead of permission. In the sense that they have done it many times and are already able to manage with a third party, as was the case with the original iPhone and Cisco. Simply It is not appropriate for Apple to tell the FBI what their intentions were for something as critical as security in one of its services. A lot where both sides have faced each other many times in recent years with problems of this nature.
No law prohibits encryption end-to-end. In fact, it is highly recommended.
Calendar of possible events
When it comes to understanding what has been happening with E2E encryption of backups in iCloud, it's easy to review the chronology. As a result connection Apple, we can get a clear idea. The a sequence of facts It can be the following, though not for each other:
- February 2016: the FBI asked the court US that Apple got into the iPhone of one of the authors of the San Bernardino massacre.
- March 2016: WSJ reports Apple's intentions to increase iCloud security. This is including E2E encryption of copies, even though the company perceives significant interference if the user forgets his password.
- "More than two years ago" (in mid-2017?), According to Reuters. Apple notified the FBI of its E2E encryption programs.
- "About 2 years ago" (late 2017, early 2018?), According to Reuters also. Apple is abandoning its plans.
- October 2018. Tim Cook gives an interview to the German newspaper Der Spiegel when he says that Apple's intention is to Cloud encryption is similar to devices, that is, E2E.
In a third article, Gruber points out that his sources say that that part of Reuters comes from the FBI sources, not Apple's side. And that in addition, the statement is incorrect. It's not difficult that the FBI smells of Apple's intentions, given its reputation and drive for the safety of its products and services.
The last thing we know for Tim Cook is that his intention is to activate E2E encryption on iCloud copies
As for an interview with a German newspaper, Cook's full quote is as follows:
Our users have a key (in iCloud) and we have one too. We do this because some users lose or forget their password and hope that we can help them recover their data. It is difficult to estimate when we will change this practice. But I think that in the future it will be controlled as it is in devices. As a result, we will have no key for this in the future.
It is very possible that this the real reason why Apple has yet to use encryption E2E in iCloud copies, even though we talked about it openly. What Apple has taken all these years is weighing the benefits and costs of achieving it and seeing how it will be implemented.
Forgotten and death, cases where E2E encryption makes data recovery impossible
We don't know how often users ask Apple to access their backups in the cloud. But judging by Cook's words, they can be beyond our imagination. It's not too hard to imagine users forgetting their iCloud passwords when buying a new iPhone because they've lost or stolen their terminal.
If possible death and if family members do not know the password of the iPhone (which encrypt E2E and Apple does not have a "key"), the only way to access its content is a backup copy. In both cases, the company can help provide iCloud backup access because it has a "key"
Use encryption end-to-end would have prevented the availability of copies. Because Apple didn't have access to them, they would be protected by a user's password. Only a possible solution an option that is automatically disabled which will allow this type of hiding. Of course, you'll need to inform the user of the consequences of losing or forgetting the password, as well as death.
And still, Apple will have to deal with the problems described. Of course, there is no simple solution And maybe that's why Apple has been analyzing possible solutions for years. Tim Cook and his team may not be disappointed right now and it may come as a surprise to the next WWDC.
