Apple killed its plan to protect iCloud with end-to-end encryption. Over two years ago, the FBI told Tim Cook to knock it off.
At least, that’s according to “six sources familiar with the matter.” In a detailed report published this week from Reuters, we’re told that Apple nixed the project because it would remove one of the FBI’s best ways to gather evidence.
But the timing is fascinating. In this week’s Security Blogwatch, we wonder if we’re useful idiots (again).
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: katsup.
FBiPhone
What’s the craic? Joseph Menn breathlessly reports—Apple dropped plan for encrypting backups after FBI complained:
According to one current and three former FBI officials and one current and one former Apple employee … more than two years ago, Apple told the FBI that it planned to offer users end-to-end encryption when storing their phone data on iCloud. … Representatives of the FBI’s cyber crime agents and its operational technology division objected to the plan, arguing it would deny them the most effective means for gaining evidence against iPhone-using suspects.
…
“Legal killed it, for reasons you can imagine,” [a] former Apple employee said he was told. … “They decided they weren’t going to poke the bear anymore,” [he] said, referring to Apple’s court battle with the FBI in 2016 over access to an iPhone used by one of the suspects in a mass shooting in San Bernardino.
…
Backed-up contact information and texts from iMessage, WhatsApp and other encrypted services remain available to Apple employees and authorities. … Had it proceeded with its plan, Apple would not have been able to turn over any readable data belonging to users who opted for end-to-end encryption.
…
An Apple spokesman declined to comment. … The FBI did not respond to requests for comment.
Why? because of FBI, concludes Adam Ismail:
As it stands today, iCloud is encrypted, such that only users and Apple have keys to backups stored on the company's servers. However, enabling end-to-end encryption would have eliminated the company's ability to access or recover users' backups — something government officials feared would have hindered criminal investigations involving suspects using iPhones.
…
These backups present a full snapshot of a device's contents at a given point in time, including logs of encrypted-messaging chats, so they're tremendously valuable to investigators. … In the first half of 2019, Apple handed over account data (that includes iCloud backups) … in 90% of requests from the U.S. government [or] 3,259 cases out of 3,619.
Correct decision? No, comments Ben Lovejoy—Apple’s decision … is wrong, but also understandable:
There’s always been one major problem with [the] claim that ‘What happens on your iPhone, stays on your iPhone’: It isn’t true of iCloud backups. … Although Apple was working towards end-to-end encryption … it has now abandoned the plan.
…
Apple’s decision is wrong. … Personal data has never been more at risk, and any weakness in privacy protections designed for use by the good guys is one that is at risk of exploitation by the bad guys.
…
[But] while it isn’t the ideal approach by Apple, it is a pragmatic one with few downsides. And one that might, in the long-run, reduce the risk legislation forcing Apple to compromise iOS, which would create massively greater risks.
However, as Peter Cohen has it, We’re our own worst enemy:
Apple hasn’t encrypted iCloud Backups end to end for a much more pragmatic reason that may, in the end, have nothing to do with the FBI at all. It’s because of us.
…
Lots of us forget our passwords, lose our encryption keys, and will even get rid of devices and get new ones without remembering that we’ve employed schemes like two-factor authentication. Then we find ourselves in a pickle when it comes time to restore our device or set up new ones.
…
When I worked for an Apple service provider, every day I would encounter customers in this quandary … regardless of age, technical sophistication, or organizational ability. Sooner or later, even the most veteran experts can run into these sorts of issues.
…
Apple has to toe the line between security and convenience, and sometimes that line is tough to distinguish. But this is also a problem that Apple’s made for itself.
And twistmeyer agrees:
Also, not sure about the architecture. If you use the secure enclave to encrypt your iCloud files on one device, then you really can’t decrypt it on the other devices, so the question then is where are the encryption keys actually generated and stored. Obviously not unsolvable issues, but Apple still seems to be going through enough growing pains with iCloud as it is.
Yes, but fferitt25 asks the tough questions:
Did you bother to fact-check this story from a source other than [an] anonymous ex-Apple employee (who nobody knows is not disgruntled) and an anonymous ex-FBI employee who is seemingly towing the party line conveniently just after the FBI and Trump were crying about 'no cooperation from Apple'?
…
Who knows how the relationship with Apple and its ex-employee ended? Who knows why the FBI employee is no longer working there?
And John Gruber suggests a glitch in the Matrix:
From a wide-ranging interview from October 2018 [Tim Cook said] “Our users have a key there, and we have one. … I think that [we will] no longer have a key for this in the future.”
…
Joseph Menn’s blockbuster report … claims Apple abandoned its plans for encrypting iCloud backups “about two years ago.” Something in the timeline doesn’t add up.
Respect Deputy Cartman’s authority:
I see no way whatsoever that this will blow up in important people's faces. None.
And I certainly see no way poor OpSec and/or criminal warrants enter into the fray. Nope.
*looks at Donald Trump's and Rudy Guilliani's iPhones*.
Is he hinting what I think he’s hinting? nimbius is more forthcoming:
[Apple] made the job of nation-state espionage and black-hat hacking a whole lot simpler as well. Why go to the trouble of breaking the encryption on the iPhone when you can just find a way to fetch the … full backup of the device to any device of your choosing?
…
Pay data, health metrics, sensitive communications to loved ones or businesses. … All yours on a device that may or may not even be a cell phone.
Meanwhile, actions speak louder than words. So blink tag is concerned:
Apple's support article has changed a bit over the past year. I don't know that it's any clearer, but [it] seems designed to hide the fact that the backups at rest are decryptable by Apple.
The moral of the story?
iCloud backups might be vulnerable to corporate or nation-state espionage. Consider alternative arrangements for your users.
And finally
You have been reading Security Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or sbw@richi.uk. Ask your doctor before reading. Your mileage may vary. E&OE.
Image source: Josh McConnell
Keep learning
Get up to speed on unstructured data security with TechBeacon's Guide. Plus: Get the Forrester Wave for Unstructured Data Security Flatforms, Q2 2021.
Join this discussion about how to break the Ground Hog Day repetition with better data management capabilities.
Learn how to accelerate your analytics securely into the cloud in this Webinar.
Find out more about cloud security and privacy, and selecting the right encryption and key management in TechBeacon's Guide.
Learn to appreciate the art of data protection and go behind the privacy shield in this Webinar.
Dive into the new laws with TechBeacon's guide to GDPR and CCPA.
