Encryption & Key Management , Endpoint Security , Security Operations

Apple to Enable End-to-End Encryption of iCloud Backups

Announcement Comes After Apple Reportedly Delayed the Backups at the FBI's Request
Apple to Enable End-to-End Encryption of iCloud Backups
Image: Getty Images

Apple will allow iPhone users to encrypt iPhone backups stored in its customer cloud, the company said in an announcement it touted as a boon for security but which governments may decry as an escalation in long-running tensions over law enforcement access to data in mobile devices.

The Cupertino, California-based company said Wednesday that by the end of this year most U.S. users will have the ability to enable end-to-end encryption of iPhone backups, notes and photos housed in Apple's iCloud. The feature is set to roll out globally in early 2023.

Apple, which positions itself as the rare Silicon Valley company that is protective of users' privacy, took pains to frame its announcement in the context of cloud computing data breaches. "Experts say the total number of data breaches more than tripled between 2013 and 2021, exposing 1.1 billion personal records across the globe in 2021 alone," the company wrote. Not included in the new encryption options will be iCloud mail, contacts and calendar events "because of the need to interoperate with the global email, contacts, and calendar systems," the company said.

End-to-end encryption ensures data integrity even in the event of a data breach, Apple stressed.

Reuters reported in January 2020 that the company had held back from offering full end-to-end encryption to iCloud backup after the FBI complained about the impact to investigations (see: Report: Apple Scuttled Encryption Plans for iCloud Backups).

Law enforcement uses the phrase "going dark" to describe what it says are encryption-created obstacles to obtaining data. Privacy advocates and technologists say the concern is misplaced, especially given the vast quantities of unencrypted metadata revealing information such as individuals' locations and contacts created by digital devices. Their retort to law enforcement has been that we live in a "golden age of surveillance."

The U.S. government for decades has alternated between pressuring industry to give it backdoor access to encrypted communications and an often begrudging acceptance of encryption's benefits. The Trump administration ramped up pressure, enlisting the United Kingdom, Australia and New Zealand in 2020 to urge tech companies into ensuring that "encryption is applied in a way that wholly precludes any legal access to content."

Similar efforts haven't taken place during the Biden administration, which instead in May issued a national security memorandum calling for the development of quantum-resistant cryptography.

The Department of Justice and the FBI did not immediately respond to a request for comment on Apple's announcement.

Today's product announcement also includes mention of strengthening multifactor authentication controls for accessing Apple accounts through support for a hardware security key. Users will also be able to add contact verification for iMessage chats. The verification feature will alert users should a threat actor such as a state-sponsored hacker breach iMessage servers to surveill messages, Apple said.

This year, Apple has layered on defenses to combat advanced spyware apps that infect its devices, announcing in July an "extreme, optional protection" feature that lets users limit the functionality of their device (see: Apple Lockdown Mode Aims to Prevent State-Sponsored Spyware).


About the Author

David Perera

David Perera

Editorial Director, News, ISMG

Perera is editorial director for news at Information Security Media Group. He previously covered privacy and data security for outlets including MLex and Politico.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.