Apple, the FBI and the keys to decrypt copies of iCloud, this is what we know
When Apple and the FBI appear in the same sentence the policy is served. We have seen several cases in the United States in which the federal agency asks Apple for a way to unlock the iPhone of some criminal or terrorist, and Apple's response has always been the same: we have no way to access that information.
Apple takes the security of its devices very seriously and for that reason the company is not able to unlock an iPhone without the user's code, fingerprint or face. The FBI, Trump and many other state agencies will they have asked Apple to create a backdoor so that only they can enterHowever, Apple still refuses, who can guarantee that this door will only be used by "the good guys"?
However recently there has been a story that informs that Apple could have stepped aside in terms of encryption of iCloud copies from end to end by FBI pressures. It will be a strange action by Apple and doubts have already begun to arise about the veracity of this information.
How does iCloud security work?
The current iCloud backups are encrypted, but they are not end to end. That means that both the user with his password and Apple can access the data of these backups. When different law enforcement agencies, different agencies, police or governments want to access a locked iPhone, Apple cannot directly help them unlock the iPhone, but s can provide any iCloud backup of the device, which include the vast majority of data found in it.
Every year Apple takes stock in which it shows what governments have requested information about some of their devices, last year Apple provided 82% of requests, about 160,000 devices.
However, the company announced a while ago that start using end-to-end encryption on copies of iCloud, Apple already uses end-to-end encryption in iMessage and FaceTime, so it is not something really new. This type of encryption eliminates the possibility that Apple can decrypt a copy of iCloud and access the information, since it can only be done with the identification key of each user.
The FBI does not like end-to-end encryption
The news that appeared yesterday said that Apple had backtracked in its plans to encrypt copies of iCloud FBI pressures, but now one of the greatest experts at Apple, John Gruber, has sown doubts and questioned this story.
Gruber says that This information is based on FBI sources, not Apple sources., and that precisely for that reason, and knowing Apple, questions the information.
"It is simply not in Apple's nature to inform anyone outside the company about any of its future product plans. I'm not sure how I could clarify it further. It's not in Apple's DNA to ask permission for anything.
Encrypting iCloud backups will be perfectly legal. There will be no legal requirement for Apple to inform the FBI in advance. Nor will there be any reason to inform the FBI in advance just to get the FBI's opinion on the idea. We all know what the FBI thinks about secure encryption. ”
In addition, Gruber argues that in the event Apple has backed up its encryption plans for iCloud backups, it will be done only by users. If end-to-end encryption is implemented in iCloud Apple, it will no longer have the key, so You will not be able to help customers who lost or broke their iPhone and do not remember their iCloud password to recover your data.
He also points out that the story about the influence of the FBI claimed that Apple made the decision "about two years ago," however, CEO Tim Cook said in an interview with the German press. about a year ago these plans could be realized soon. So the dates do not add up.
"Our users have a password, and we have another. We do this because some users lose or forget their password and then wait for our help to recover their data. It is difficult to estimate when we will change this practice. But I think that in the future it will be regulated as it happens with the devices. ”
This is a very complex issue and a difficult solution, if Apple goes one step further in this type of encryption there is no doubt that it will improve user privacy, however this does not mean that it is a solution without side effects.