Engadget has been testing and reviewing consumer tech since 2004. Our stories may include affiliate links; if you buy something through a link, we may earn a commission. Read more about how we evaluate products.
Apple reportedly dropped iCloud encryption plans amid FBI pressure
This happened about two years ago, though it's not certain why.
Apple encrypts your iOS device's locally stored data, but it doesn't fully encrypt iCloud backups -- and that was apprently a conscious choice. Reuters sources say Apple dropped plans for end-to-end encryption of iCloud backups (codenamed KeyDrop and Plesio) roughly two years ago. The decision came soon after the company revealed those plans to the FBI, which unsurprisingly objected given its previous pressure on Apple to facilitate access to San Bernardino shooter Syed Farook's iPhone. However, it's not clear this was the reason -- law enforcement's desires may have been secondary.
One of the sources claimed that Apple wasn't going to "poke the bear" again and risk another battle with the FBI. At the same time, though, a former Apple worker said the company might have ditched the plan over concerns customers could be locked out of their data more often.
Apple has declined to comment, while the FBI so far hasn't responded to requests for comment.
This doesn't mean that all your iOS data is insecure, or that iCloud backups are completely insecure. As Apple explains, particularly sensitive data like your iCloud Keychain, networking passwords, health data, payment info and Siri info are end-to-end encrypted on iCloud. Much of your info also has some kind of encryption both on the server and in transit, too. However, it's technically possible for Apple staff and law enforcement to get that more lightly-protected data, and that's the problem -- you'd have to turn off iCloud backups altogether (and rely on local Mac/PC backups instead) to be safe.
If Apple was trying to placate law enforcement, it didn't work. The FBI is once again pushing Apple to facilitate unlocking iPhones in the case of alleged Pensacola shooter Mohammed Saeed Alshamrani, even though it appears likely the bureau could access that info through other means. This is despite Apple having turned over iCloud backups for the shooter. Authorities want the power to access any device data on request, and Apple's possible compromise wasn't enough in their eyes.
