Apple Drops Plan to Tighten iCloud Encryption

Reports suggest that Apple has been pressured by the FBI to drop plans to improve the security of its customer backups. The plan was to better encrypt backups on the iCloud service.

iCloud serves two purposes: it's a way for Apple users to store data and documents online and access them from anywhere (from any Apple device) with a password; it's also a way to automatically backup the contents of iPads and iPhones.

Data from the iCloud is stored on Apple servers in an encrypted format, which means that if somebody gained access to the files (either through a remote hack, or a physical breach on an Apple device), they would find it almost impossible to use them.

The data stored on iCloud servers is similar to the way data is stored on Apple devices - but with one key difference. On an iPhone or iPad, only the account holder has the decryption key, which is used in the form of a password or biometric lock.

San Bernardino Case Prompted Debate

Apple is physically unable to decrypt and access the files on these devices even if it wanted to - even if a court order was issued. That's caused unease among law enforcement officials, sparking a court battle with the FBI over a locked phone belonging to a shooter in the San Bernardino killings.

With iCloud, however, both Apple and the user have a decryption key. Apple's policy is to only decrypt the data when legally required to do so, for example through a court warrant to 'search' the data.

Reuters is now reporting that Apple planned to change this policy so that only the user had the decryption key. It says six sources confirmed the story and quotes a former Apple employee as saying the company discussed the issue with the FBI and was persuaded to drop the plan. (Source: reuters.com)

Risk Of Legal Action And Legislation

The employee described Apple's rationale for the decision as: "They decided they weren't going to poke the bear anymore."

The employee added that Apple feared being sued over the move because it would mean data that had previously been available to law enforcement (with a warrant) would become unavailable. Apple is also have said to fear provoking legislation to further restrict or ban the use of encryption.

It's important to note the FBI pressure wasn't the only factor in the decision. One downside of the proposed change was that Apple would have become unable to help customers who forgot their login details and wanted a way of recovering access to their files in decrypted form. (Source: theverge.com)

What's Your Opinion?

Was Apple right to drop the plan? Should commercial data services always make it possible for law enforcement officials to access unencrypted data if they have a warrant? How should society balance privacy and national security in the tech world?