“Data on your Apple device is encrypted so that no one but you can access it, and that’s great for user privacy,” EF states, “But when data is backed up to iCloud, it’s encrypted so that Apple, and not just the user, can access it. That makes those backups vulnerable to government requests, third-party hacking, and disclosure by Apple employees. Apple should let users protect themselves and choose truly encrypted iCloud backups.”
The good news is that Apple CEO Tim Cook already thinks that encrypting iCloud backups is a good idea and seems to want to implement it in the future. Here’s what he said about allowing users to encrypt their iCloud backups in an interview with Der Spiegel (translated):
SPIEGEL ONLINE: Is the data also secure with your online service iCloud as on the devices? COOK: There our users have a key and we have one. We do this because some users lose or forget their key and then expect help from us to get their data back. It is difficult to estimate when we will change this practice. But I think that will be regulated in the future as with the devices. So we will not have a key for it in the future.
The future is now, Tim. While some users may find it helpful for Apple to be able to recover their backups when they forget their passwords, that’s not true for all users. It’s time to let users choose security and encrypt their iCloud backups so only they have the key.
Read more about EFF’s “Fix It Already” initiative here.
MacDailyNews Take: We’ve been asking for this for three years now:
How about encrypted iCloud backups next, Apple? — MacDailyNews, March 14, 2016
In 2019, it’s ridiculous that iCloud still doesn’t employ end-to-end encryption.
EFF’s “Fix It Already” initiative calls for:
• Android should let users deny and revoke apps’ Internet permissions.
• Apple should let users encrypt their iCloud backups.
• Facebook should leave your phone number where you put it.
• Slack should give free workspace administrators control over data retention.
• Twitter should end-to-end encrypt direct messages.
• Venmo should let users hide their friends lists.
• Verizon should stop pre-installing spyware on its users’ phones.
• WhatsApp should get your consent before you’re added to a group.
• Windows 10 should let users keep their disk encryption keys to themselves.
[Thanks to MacDailyNews Reader “Fred Mertz” for the heads up.]