FBI Pressured Apple to Halt iCloud Encryption: Report

For your free ISO 27001 Information Security Management System Gap Analysis Checklist, Click here.

Tech-giant Apple has reportedly capitulated to pressure from the FBI and ditched its plans to fully encrypt back-ups of their data hosted on Apple’s iCloud servers, according to The BBC’s coverage.

Full encryption, in this context, refers to the process of converting easily accessible, readable data into a code that is close to impossible to access without a password. Apple was, according to reports, developing the encryption feature for its iCloud service for more than 24-months, but eventually abandoned plans after the FBI raised its concerns about the encryption hindering its investigations into legitimate crimes.

The initial plan, Reuters is reporting, was “primarily designed to thwart hackers,” and “Apple would no longer have a key to unlock the encrypted data, meaning it would not be able to turn material over to authorities in a readable form even under a court order.”

“In private talks with Apple soon after, representatives of the FBI’s cybercrime agents and its operational technology division objected to the plan, arguing it would deny them the most effective means of gaining evidence against iPhone-using suspects, the government sources said.”

According to six sources in the report, Apple spoke privately to the FBI and soon after, the plans for end-to-end encryption were dropped. “Legal killed it, for reasons you can imagine,” a former Apple employee told journalists, stating that the company wanted to avoid the risk of appearing as though they were providing cover for criminals, being sued for moving data out of reach for government officials, or the move being used to introduce legislation that would limit end-to-end encryption.

“They decided they weren’t going to poke the bear anymore,” the source said in reference to the 2016 case involving the San Bernardino shooter.

The report also cites two former FBI officials that weren’t present for the talks between Apple and the FBI, however, did state that the FBI’s argument is that backups were vital evidence in thousands of cases.

Apple has responded to 127,000 requests from various US law enforcement agencies for addition support, including the decryption of data and several high-profile cases of unlocking a suspect’s phone. “The company said it turned over at least some data for 90% of the requests it received. It turns over data more often in response to secret U.S. intelligence court directives, which sought content for more than 18,000 accounts in the first half of 2019,” the report states.

Just last week, the US Attorney General demanded that Apple gain access and hand over the data to two iPhones owned by a Saudi Air Force officer who shot three Americans dead at a naval base in Florida.

This led to US President, Donald Trump to tweet that while the government was “helping Apple all of the time on TRADE and so many other issues, and yet they refuse to unlock phones used by killers, drug dealers and other violent criminal elements. They will have to step up to the plate and help our great Country.”

Apple responded to this criticism in a statement on the 13th of January, stating that “we reject the characterisation that Apple has not provided substantive assistance in the Pensacola investigation… Our responses to their many requests since the attack have been timely, thorough and are ongoing.”

Reuters, who broke the story initially, quoted six sources- including those inside Apple and the FBI. Jake Moore, a security guru at antivirus company ESET said that “encrypting data is essential and companies usually offer help and support when protecting dta, so this news comes as a shock to me.”

“However, it doesn’t mean your back-up and data can’t be encrypted,” he added. “You will still be able to make an encrypted back-up on your home computer and store it there. As always, users should also be reminded that their data needs to be protected with a strong and complex password.”

“The balance between law enforcement and tech companies protecting data comes into question quite often,” he added. “However, this balance is extremely difficult to fine-tune. Typically, users want the easiest route if they care about their data security, so encryption should be handed to them on a plate,” Moore concluded.

Reuter’s reporting says that “instead of protecting all of iCloud with end-to-end encryption, Apple has shifted to focus on protecting some of the most sensitive user information, such as saved passwords and health data.” However, “backed-up contact information and texts from iMessage, WhatsApp and other encrypted services remain available to Apple employees and authorities.”

Featured Posts
Recent Posts
Search By Tags
Follow Us
  • YouTube Best Practice Icon
  • LinkedIn Social Icon
  • Facebook Basic Square
  • Instagram Social Icon
  • Twitter Basic Square

© 2020 by Best Practice

  • White YouTube Icon
  • White LinkedIn Icon
  • White Instagram Icon
  • White Facebook Icon
  • White Twitter Icon