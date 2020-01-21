advertisement

Although Apple cannot unlock an end-to-end encrypted iPhone for the police, the company has access to and shares with iCloud data with the police. That’s because Apple also has the keys for iCloud backups. But Apple planned to allow users to fully encrypt iCloud backups a few years ago, but the feature was never released. A new report says that Apple has dropped plans to enable full encryption for iCloud after the FBI complained.

Apple and the FBI are again fighting for end-to-end encryption via the two iPhones that belong to a Saudi Air Force officer who killed three people at a naval base in Pensacola, Florida. US Attorney General William Barr and President Donald Trump urged Apple to unlock these devices, which the company cannot. Apple has said it has transferred the contents of the iPhones’ iCloud backups to authorities, and rejected the idea that it “did not provide any substantive help.”

A similar case occurred a few years ago after the shooting in San Bernardino. The FBI went backwards at the time, after finding an alternative to hacking the iPhones. The FBI wanted Apple to build a backdoor in iOS that allowed Apple to retrieve data from devices that were part of criminal investigations. Such a measure would reduce the security of all iOS users because a back door can be used by hackers looking for vulnerabilities.

It appears that the Pensacola phones are much older iPhones, the security of which can be bypassed by various forensic tools available to the FBI and other agencies.

Six people familiar with Apple’s plans, including a current and former Apple employee, and a current and three former FBI agents, told Reuters that Apple wanted to try a few years ago to implement full backup encryption.

Such backup protection would make it impossible for Apple to access iCloud backups and the company could not provide any evidence to law enforcement. Sensitive data, including stored passwords and health data, cannot be accessed in backups. However, data from iMessage, WhatsApp, and other encrypted apps are available to Apple when backed up to iCloud, and such data that may assist with investigations.

But Apple dropped the plan after private talks with the FBI. The agency complained that a lack of iCloud data could deny them access to evidence against suspects. Law enforcement agencies can secretly perform iCloud searches using Apple, without requiring physical access to a device, without warning the suspect.

Apple has never explained why it killed the projects, notes the report, but the FBI’s position on the issue may have played an important role. A person familiar with the issue said that Apple did not want to risk being attacked by government officials for protecting criminals, or being charged with withholding data. It also did not want to offer the authorities an excuse for new anti-encryption legislation.

Another reason for dropping iCloud encryption has to do with users. Customers can be excluded from their data after they forget iCloud login data, and Apple could not help if those backups were fully encrypted.

Image source: Ray Tang / LNP / Shutterstock

