Mossberg: Apple’s iCloud loophole

“Apple has drawn a line in the sand over keeping its customers’ iPhones encrypted and secure,” Walt Mossberg writes for Re/code.

“The special software sought by the FBI — which Apple, with its marketing flair, is calling “GovtOS” — is, in essence, a back door to the encrypted phone, because the passcode is the user’s encryption key, and Apple has deliberately designed the iPhone so the company itself lacks any other key to decrypt it,” Mossberg writes. “Even before the court order in California ignited the current fight, I opposed the idea of any encryption back door on grounds that it could also help criminals and repressive foreign governments. And I stand with Apple in its dispute with the FBI over the demand for special passcode-cracking software, for the same reasons.”

Mossberg writes, “But there’s an exception, a loophole, in Apple’s unyielding stance on privacy and encryption: Its iCloud service and, specifically, iCloud Backup — the convenient and comforting automatic way in which iPhones and iPads back themselves up daily to the cloud.”

Read more in the full article here.

MacDailyNews Take: As we wrote last month:

Apple, we want our iCloud backups encrypted in such a way as to be inaccessible by you via court order post haste.

SEE ALSO:
Apple scored the knockout punch against FBI in House Judiciary Committee hearing – March 2, 2016
Within an hour of Malaysia Flight 370 disappearing, Apple was working with officials to locate it – March 2, 2016
John McAfee reveals how the FBI can unlock an iPhone in 30 minutes – March 2, 2016
Can the FBI force a company to break into its own products? No, says U.S. Magistrate – March 2, 2016
Apple CEO Cook decried Obama’s ‘lack of leadership’ on encryption during a closed-door meeting last month – February 29, 2016
Obama administration set to expand sharing of data that N.S.A. intercepts – February 28, 2016
Apple’s fight with U.S. could speed development of devices impervious to government intrusion – February 24, 2016
Petition asks Obama administration to stop demanding Apple create iPhone backdoor – February 19, 2016
Obama administration claims FBI is not asking Apple for a ‘backdoor’ to the iPhone – February 18, 2016
Obama administration wants access to smartphones – December 15, 2015
Obama administration war against Apple just got uglier – July 31, 2015
Obama’s secret attempt to ban cellphone unlocking, while claiming to support it – November 19, 2013

10 Comments

    1. Yes, but MDN means that use of iCloud is very convenient (versus local backups,to your Macintosh).

      The issue is that if Apple will make iCloud copies truly protected from the government, they will not be able to assist with password recovery for users.

      This means that if user would forget his/her password OR someone stole/guessed/fished your password and then changed it, there is no Apple can help you in any way.

      In the end, I would like Apple to provide OPTION that would explain this to users and allow either variant of iCloud backups: truly protected, but risky in case if you forget/lose your password, or as it is now: convenient, but leaky to government who gets access to anything by rubber-stamping decisions of fake FISA courts.

      1. Yes sure if you forget your password you’re out of luck. But someone else fishing it shouldn’t be an issue. You would set the iCloud encryption key on YOUR device for backups of THAT device. If someone changed the password somewhere else, either your device would keep backing up with the original password, or else it would popup a message saying something has changed and you either need to enter the new password or else reset it. I don’t any issues here. The user should have the ability to set such a password if they want to.

  1. iCloud backup is OK if you don’t have much stuff that needs restored. The restore process is really slow. I recommend local backups unless you want it to take forever.

  2. I love it, “GovtOS”, not “IcelandGovtOS” or “NorwayGovOS” as if to imply only one nation is stupid enough to conceive of such an idea.

    Mind you Microsoft might be happy, they can finally show the world that their OS is actually better than another one.

  3. Mossberg is attempting to fan flames here out of nothing, and I’m sad to say I think he is merely trolling for hits. Apple has been clear about *not* selling, collecting or exposing ANY customer data. They (Cook) have been unyielding on customer privacy from day 1. To exempt iCloud backups would be a transparent violation of that ethic and a marketing disaster.

  4. According to Apple, you don’t own the data you upload to Apple’s servers. Apple does. Doesn’t anyone read user agreements these days?

    http://www.apple.com/legal/internet-services/icloud/en/terms.html

    “You acknowledge and agree that Apple may, without liability to you, access, use, preserve and/or disclose your Account information and Content to law enforcement authorities, government officials, and/or a third party, as Apple believes is reasonably necessary or appropriate, if legally required to do so or if Apple has a good faith belief that such access, use, disclosure, or preservation is reasonably necessary to: (a) comply with legal process or request; (b) enforce this Agreement, including investigation of any potential violation thereof; (c) detect, prevent or otherwise address security, fraud or technical issues; or (d) protect the rights, property or safety of Apple, its users, a third party, or the public as required or permitted by law.”

    “Apple reserves the right at all times to determine whether Content is appropriate and in compliance with this Agreement, and may pre-screen, move, refuse, modify and/or remove Content at any time, without prior notice and in its sole discretion, if such Content is found to be in violation of this Agreement or is otherwise objectionable.”

    Apple can and will monitor whatever you upload. Apple can encrypt and decrypt your data anytime it wants to do so. You have no guarantee of privacy or security, even if Cook advertises that he’s the most private and secure cloud rental outfit on the planet. The contract doesn’t protect the user.

Add Your Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.