Apple on Wednesday said it plans to expand end-to-end encryption of iCloud data to include backups, photos, notes, chat histories and other services, in a move that could further protect user data but also add to tensions with law enforcement around the world.
Among a handful of new security tools is a feature called Advanced Data Protection which will allow users to keep certain data more secure from hackers, governments and spies, even in the case of an Apple data breach. In addition, law enforcement would not be able to gain access to that data even with a warrant. With end-to-end encryption, not even the platform can access the data, only the sender and recipient.
As a result, Apple would be unable to comply with requests to share this data stored in the cloud to officials as part of an investigation. Apple has previously clashed with law enforcement over attempts to access data on devices, including an effort by the FBI to break into the iPhone of one of the shooters behind the 2015 attack in San Bernardino, California.
In recent years, Apple has increasingly made privacy a core pillar of its pitch to users through a mix of new tools, including a feature designed to protect journalists and human rights workers from spyware. The company framed the latest move as part of an effort to combat “increasingly sophisticated and complex” threats to user data from bad actors, as well as from a spike in the number of data breaches.
Privacy groups have urged Apple for years to increase encryption for iCloud backups. In an interview with the Wall Street Journal, Craig Federighi, Apple’s senior vice president of software engineering, said some of the steps it took over a decade ago in designing iCloud and the way it encrypts its data were “necessary precursors to build toward this moment.”
In a blog post, Apple (AAPL) said iCloud already protects 14 sensitive data categories using end-to-end encryption by default, including passwords in iCloud Keychain and Health data, and it is adding nine new categories. Not included in the new list, however, is encryption for iCloud Mail, Contacts, and Calendar due to interoperability challenges, Apple (AAPL) said.
Matthew Green, a cryptographer and associate professor at the Johns Hopkins Information Security Institute, believes Apple’s increased effort will set a standard for others to increase encryption.
“Why is this a big deal? Because Apple sets the standard on what secure (consumer) cloud backup looks like,” Green said in a series of tweets on Wednesday. “Even as an opt-in feature, this move will have repercussions all over the industry as competitors chase them.”
In a statement Wednesday, the FBI said it “continues to be deeply concerned with the threat end-to-end and user-only-access encryption pose.”
“This hinders our ability to protect the American people from criminal acts ranging from cyber-attacks and violence against children to drug trafficking, organized crime and terrorism,” the FBI said in the statement. “End-to-end and user-only-access encryption erodes law enforcement’s ability to combat these threats and administer justice for the American public.”