Apple recently announced that end-to-end encryption is coming to even more sensitive types of iCloud data, including device backups, messages, and photos. The move is being hailed by privacy advocates who say it will keep online information safer. But the FBI has reportedly said the enhanced encryption could jeopardize its ability to catch criminals. “In certain situations, when users opt-in to the service, Apple will no longer hold the key to unlock any data,” Matt Howard, the senior vice president of the cybersecurity firm Virtru, told Lifewire in an email interview. “Therefore, law enforcement cannot simply get a subpoena or a warrant and compel Apple to decrypt the data and hand it over in clear text.”
Apple’s Security Move
Apple said that with iMessage Contact Key Verification, users could verify they are communicating only with whom they intend. The Security Keys system for Apple ID lets users choose to require a physical security key to sign in to their Apple ID account. And with Advanced Data Protection for iCloud, which uses end-to-end encryption to provide Apple’s highest level of cloud data security, users can lock down iCloud data, including iCloud Backup, Photos, and Notes. “At Apple, we are unwavering in our commitment to provide our users with the best data security in the world. We constantly identify and mitigate emerging threats to their personal data on device and in the cloud,” Craig Federighi, Apple’s senior vice president of Software Engineering, said in the news release about the new security features. The privacy advocacy group, the Electronic Frontier Foundation, praised Apple’s move. “We applaud Apple for listening to experts, child advocates, and users who want to protect their most sensitive data,” the organization said in a news release. “Encryption is one of the most important tools we have for maintaining privacy and security online.” The foundation said that Apple’s new on-device encryption is strong. Still, some especially sensitive iCloud data, such as photos and backups, has continued to be vulnerable to government demands and hackers. “Users who opt-in to Apple’s new proposed feature, which the company calls Advanced Data Protection for iCloud, will be protected even if there is a data breach in the cloud, a government demand, or a breach from within Apple (such as a rogue employee),” the group noted in the news release. Mike Parkin, a senior technical engineer at the cybersecurity company Vulcan Cyber, told Lifewire via email that end-to-end encryption enables private conversations, which keeps law enforcement or intelligence agencies knowing what’s being said. “It keeps them out of the room where it happened, and they don’t like it,” he added.
The Long Fight Over Privacy
The FBI has a number of ways to get around encrypted communications, from conventional surveillance of the subjects to bypassing broken encryption schemes, Parkin said. The agency has also backed legislative efforts to force developers to place back doors in their products for “authorized access by law enforcement” and other efforts to restrict encryption. “The law enforcement and intelligence communities have long expressed their opinion that anything that restricts their ability to access communications between their targets should be restricted,” Parkin said. “The challenge is that there are many legitimate reasons for people and organizations to engage in private communications, and the threat of any back door being abused under official pretenses or revealed to threat actors and rendering the entire encryption scheme useless.” Apple’s end-to-end encryption isn’t the only data protection scheme that’s a problem for law enforcement. There’s also TLS encryption, which encrypts the messages in transit, and can also pose a problem for law enforcement if they cannot access the service host’s servers, Hang Dinh, the CEO of ExtentWorld, a social media platform that offers end-to-end encrypted video calls, said via email. But there may be ways to appease the FBI while keeping data private. Howard proposed that tech companies and law enforcement collaborate to develop the ability to conduct privacy-preserving analytics on sensitive and fully encrypted data. He said the technology already exists and enables engineers and authorized data scientists to securely query sensitive information without ever decrypting the underlying data. “The result is a society that can fundamentally respect an individual’s right to data sovereignty, without sacrificing its ability to investigate and fight crime,” Howard added. “Furthermore, it would finally put an end to the circular and 25-year-old debate on Capitol Hill pertaining to ‘clipper chips’ and ‘backdoors.’”