Apple killed iCloud encryption after FBI complained

After the FBI complained that the move would harm investigations, Apple killed iCloud encryption that would have allowed users to fully encrypt backups of their devices in the company’s iCloud service, Reuters is reporting today, citing “six sources familiar with the matter.”

iCloud encryption: iCloud login screen
iCloud login screen
Joseph Menn for Reuters:

The tech giant’s reversal, about two years ago, has not previously been reported. It shows how much Apple has been willing to help U.S. law enforcement and intelligence agencies, despite taking a harder line in high-profile legal disputes with the government and casting itself as a defender of its customers’ information…

More than two years ago, Apple told the FBI that it planned to offer users end-to-end encryption when storing their phone data on iCloud, according to one current and three former FBI officials and one current and one former Apple employee. Under that plan, primarily designed to thwart hackers, Apple would no longer have a key to unlock the encrypted data, meaning it would not be able to turn material over to authorities in a readable form even under court order.

After the most recent Islamic terrorist killing spree, Apple correctly disputed U.S. AG William Barr’s assessment that the company failed to provide “substantive assistance” in unlocking the password-protected iPhones used by the terrorist at the Pensacola Navy base:

We reject the characterization that Apple has not provided substantive assistance in the Pensacola investigation. Our responses to their many requests since the attack have been timely, thorough and are ongoing… [We] produced a wide variety of information associated with the investigation [and provided] gigabytes of information [including] iCloud backups, account information and transactional data for multiple accounts… We have always maintained there is no such thing as a backdoor just for the good guys. Backdoors can also be exploited by those who threaten our national security and the data security of our customers. Today, law enforcement has access to more data than ever before in history, so Americans do not have to choose between weakening encryption and solving investigations. We feel strongly encryption is vital to protecting our country and our users’ data. — Apple Inc.

In private talks with Apple soon after, representatives of the FBI’s cyber crime agents and its operational technology division objected to the plan, arguing it would deny them the most effective means for gaining evidence against iPhone-using suspects, the government sources said.

When Apple spoke privately to the FBI about its work on phone security the following year, the end-to-end encryption plan had been dropped, according to the six sources…

In the first half of last year, the period covered by Apple’s most recent semiannual transparency report on requests for data it receives from government agencies, U.S. authorities armed with regular court papers asked for and obtained full device backups or other iCloud content in 1,568 cases, covering about 6,000 accounts… Had it proceeded with its plan, Apple would not have been able to turn over any readable data belonging to users who opted for end-to-end encryption.

MacDailyNews Take: There is a thin line between compromise and capitulation.

“How about encrypted iCloud backups next, Apple?” — MacDailyNews, March 14, 2016

We’ve been asking for this for three years now… In 2019, it’s ridiculous that iCloud still doesn’t employ end-to-end encryption. — MacDailyNews, February 28, 2019

Importantly, the report contains the disclaimer, “Reuters could not determine why exactly Apple dropped the plan.” Regardless, iCloud remains unencrypted.


    1. Good question. Apple hasn’t done the minimum acceptable disclosure to its iCloud users to inform them.

      This is the behavior of the one “good” company that supposedly cared about customer privacy. Seeing the reality of Cook’s empty promises, why would anyone trust Apple or any 3rd party to store your data for you???

  1. This is your government saying privacy from someone who wants to sell you mouthwash is important, however privacy from the people who can legally and indefinitely incarcerate you or kill you, shall not be had. And Apple, whether you buy all of Tim Cook’s virtue signaling as anything more than clever opportunistic marketing, will acquiesce. Or as Joe “Patriot Act Biden” Biden put it, they [The Government] will show these [Silicon Valley] twerps who is in charge.

    It never seems to matter who they are from Clinton to Bush to Obama to Trump, when the time to defend the rights, freedom, and privacy of the people is truly at stake, they toss us under a bus and tell us it’s for our protection. Or as a friend of mine used to say, they piss on us and tell us it’s rain.

    Bit by bit, creeping totalitarianism approaches.

    We have two enemies here. Not just the tech service corporations. The most dangerous of the two is the all powerful local, state, and federal governments and all the massively powerful agencies within.

    The information in our digital devices and our cloud storage should be considered parts of our minds. Allowing government to seize it should be considered as being forced to testify against yourself. Corporations should not be allowed to share any information about us with any other corporation or government agency without our permission.

    1. The problem is that warrants are not directed to the owner of the place or thing to be searched, but to the possessor. Multiple cases hold that the owner has no standing to object to a search; only the party searched does. You own your data in iCloud, but Apple is clearly in possession of it. There are laws going all the way back to 1789 requiring cooperation with the execution of lawful process.

      Apple can argue, and has done so successfully, that it cannot be compelled to decrypt data in someone else’s possession. It is unwilling to litigate whether that applies to information in its own possession in which the company itself has no reasonable expectation of privacy. Losing that suit could be very costly to both the company and its customers. Given the composition of the federal judiciary and its coziness with the Trump Justice Department, you definitely do not want to gamble on privacy winning over security in this context.

      Given that reality, Apple has compromised. The police can get to iCloud data with a valid judicial warrant (and Apple checks carefully for validity). The police are on their own in getting to data on a device. Apple will not help them. That is probably the best they can do.

    2. Apple makes it fairly clear that anything you put up on iCloud is not encrypted. Apple makes no secret of the fact that everything you put on iCloud is discoverable under court order.

      I think of it as no different than you putting your excess stuff in one of those off-site storage lockers. The authorities just go to the owners of those lockers [you just lease the space; you don’t own the space] to get them to open them up.

      Putting documents, phone histories, photographs, etc. into iCloud is the same as printing them out and placing all that information into a storage unit. It is not the same as keeping it in your head.

      Is printing your password out and giving it in a sealed envelope to your next door neighbor the same as keeping it unwritten and solely in your head? Obviously not. Now think of Apple as that next door neighbor and iCloud files/folders as the printout/envelope.

      Apple is fairly clear about how all this works. For example: In Apple’s iPhone backup application, it fairly clearly states that only the iPhone backup to your local machine can be encrypted.

      I don’t know how much clearer Apple can be. Put something onto iCloud and it is discoverable. Period.

      To me these complaints are similar to someone putting something in an unencrypted email then believing no one other than the unintended recipient will ever see it. For email, the bottom line should always be to not put anything into an unencrypted email that you would not write on the back of a postcard you’d send through the postal system.

      Privacy is only what YOU make of it. Don’t expect others to create privacy for you.

    3. I’ll sat it again…..
      Theloniousmac = my favorite genius. Brilliantly stated. I’ve copied your comment and would like to send it to friends via email. I hope you are okay with it.

    4. What do you expect when anyone can be forced by a court order to give up their DNA for comparison? If that’s not a violation of the 5th, what is? It’s your own body testifying against you. And I’m not going to get into how chimeras make a mess of DNA testing as a crime fighting tool.

  2. Here comes another “Apple sucks” argument for my Android using buddies. Guess im not going with a lame “but, but Google does this too counter”. Apple needs to do better, not same.
    Looks like Apple has just coined a new term – “selective privacy”. Or is it what they really ment by their “differential privacy”.

  3. This is wrong, pure and simple. A company that keeps selling us how important privacy and then to punk out and not protect super important info like this is just WRONG AF.

    Real smart criminals will use their own encryption and none of this will effect them, but normal law abiding citizens stuff, that will be open to abuses.

    This is so wrong and such a fail on Apple’s part. Disgusted.

  4. Ever since the “the cloud” argument came along I asked myself a simple question, “Do I trust my data to be stored on someone else’s computer?” My answer has always been to backup onto hard drives that I own and trust.

    And for those who use Gmail you’d be surprised to know that all your emails are stored on their servers. It took me hours to delete these emails that went to 2010. You might want to do the same.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.