But most iPhone and Mac computer owners back up their iMessages, photos and other content to Apple’s iCloud, where the company can retrieve them for locked users or authorities. It also left the hardware open to hackers who tricked customers into their passwords, increasing the potential for embarrassment and even extortion.
Apple representatives said these threats and growing breach attempts by cloud providers make end-to-end encryption in the cloud the best option for those most concerned about security.
This step is likely to draw protests from several governments, some of which may take legal or legal action or deny Apple access to their markets. Top law enforcement officials in the United States, Britain, and other democracies have opposed strong encryption, and some have passed laws they could use to try to force companies to cooperate against their clients.
Late Wednesday, the FBI said it was “deeply concerned about the threat posed by end-to-end encryption and restricted user access.”
“This impedes our ability to protect the American people from criminal acts ranging from cyberattacks and child abuse to drug trafficking, organized crime and terrorism,” the office said in an emailed statement. . “In this era of cybersecurity and ‘security by design’ requirements, the FBI and law enforcement partners need ‘lawful access by design’.”
The encryption option will be available to freeware testers immediately, to all US customers by the end of the year, and to other countries starting next year, Apple said. He added that it might not reach all countries by the end of 2023.
Apple’s move follows similar actions by other companies and organizations that either caught up to it on privacy or went further.
Facebook’s WhatsApp is the most widely used fully encrypted messenger, and it started offering encrypted backup a year ago. Signal, which develops the protocol used by WhatsApp and others, does not allow cloud backups to prevent inappropriate access. Google offers encrypted backups, although the popularity of the service is unclear.
After cloud service providers were hacked, a growing number of companies insist on controlling decryption keys themselves. Apple will now also offer this option to consumers.
Privacy experts were delighted with Apple’s announcement.
“That’s awesome,” said Meredith Whittaker, president of Signal, an encrypted chat app. “There was enough pressure and enough narrative work for them to see the side of the story forming. It’s really unbelievable.
The change is likely to slow down a particularly effective law enforcement tool. In a six-month period covered by Apple’s latest transparency report, the company said it forwarded user content 3,980 times for legal reasons, mostly in the United States and Brazil. He said legal requests for all types of account data, including credentials, had doubled in two years to more than 20,000.
In China, Apple is coming under increasing criticism for not doing more to protect iPhone users who are already under heavy surveillance. During the recent wave of protests against harsh covid restrictions, Apple restricted the use of AirDrop, which people used to share videos and other large files over short distances. iCloud data in China is stored on servers under the control of a local company.
Apple intended to introduce fully encrypted iCloud storage many years ago, according to FBI agents and Apple employees at the time. The FBI objected, and Apple dropped the idea rather than face a public fight.
Instead, he chose specific categories of data that would be isolated from outside prying eyes, including passwords and payment and health data. Now everything can be stored securely, except mail, calendar, and contacts functions that need to interact with multiple providers.
Apple will require users to set up a recovery key or appoint someone else who can help them access it in the event of a lockout. That person, the account holder, and Apple should all be involved in the recovery.
In a second victory for privacy advocates, Apple said it was abandoning a plan to scan users’ photos for child sexual abuse images. The company suspended the plan shortly after it was announced last year because security experts claimed it would infringe on the privacy of the user’s device and be subject to abuse.
Apple also said Wednesday that it is making iPhones compatible with physical security keys that connect to the phone so consumers can need them to access their accounts from new devices. This way, phishing attackers who steal passwords and usernames still wouldn’t be able to get in.
#Apple #iCloud #backups #fully #encrypted