After the FBI complained that the move would harm investigations, Apple killed iCloud encryption that would have allowed users to fully encrypt backups of their devices in the company’s iCloud service, Reuters is reporting today, citing “six sources familiar with the matter.”
The tech giant’s reversal, about two years ago, has not previously been reported. It shows how much Apple has been willing to help U.S. law enforcement and intelligence agencies, despite taking a harder line in high-profile legal disputes with the government and casting itself as a defender of its customers’ information…
More than two years ago, Apple told the FBI that it planned to offer users end-to-end encryption when storing their phone data on iCloud, according to one current and three former FBI officials and one current and one former Apple employee. Under that plan, primarily designed to thwart hackers, Apple would no longer have a key to unlock the encrypted data, meaning it would not be able to turn material over to authorities in a readable form even under court order.
After the most recent Islamic terrorist killing spree, Apple correctly disputed U.S. AG William Barr’s assessment that the company failed to provide “substantive assistance” in unlocking the password-protected iPhones used by the terrorist at the Pensacola Navy base:
We reject the characterization that Apple has not provided substantive assistance in the Pensacola investigation. Our responses to their many requests since the attack have been timely, thorough and are ongoing… [We] produced a wide variety of information associated with the investigation [and provided] gigabytes of information [including] iCloud backups, account information and transactional data for multiple accounts… We have always maintained there is no such thing as a backdoor just for the good guys. Backdoors can also be exploited by those who threaten our national security and the data security of our customers. Today, law enforcement has access to more data than ever before in history, so Americans do not have to choose between weakening encryption and solving investigations. We feel strongly encryption is vital to protecting our country and our users’ data. — Apple Inc.
In private talks with Apple soon after, representatives of the FBI’s cyber crime agents and its operational technology division objected to the plan, arguing it would deny them the most effective means for gaining evidence against iPhone-using suspects, the government sources said.
When Apple spoke privately to the FBI about its work on phone security the following year, the end-to-end encryption plan had been dropped, according to the six sources…
In the first half of last year, the period covered by Apple’s most recent semiannual transparency report on requests for data it receives from government agencies, U.S. authorities armed with regular court papers asked for and obtained full device backups or other iCloud content in 1,568 cases, covering about 6,000 accounts… Had it proceeded with its plan, Apple would not have been able to turn over any readable data belonging to users who opted for end-to-end encryption.
MacDailyNews Take: There is a thin line between compromise and capitulation.
“How about encrypted iCloud backups next, Apple?” — MacDailyNews, March 14, 2016
We’ve been asking for this for three years now… In 2019, it’s ridiculous that iCloud still doesn’t employ end-to-end encryption. — MacDailyNews, February 28, 2019
Importantly, the report contains the disclaimer, “Reuters could not determine why exactly Apple dropped the plan.” Regardless, iCloud remains unencrypted.