Apple dropped plan for encrypting backups after FBI... - Daily Mail

Posted: 21 Jan 2020 12:00 AM PST

Apple allegedly abandoned plans to implement encrypted iCloud backups after a complaint from the FBI.

According to a Reuters report, the bureau ordered Apple not to encrypt files that were uploaded to the iCloud from customers' iPhones and other devices, as it would hinder their investigations.

It is claimed this abrupt U-turn at the behest of the US law enforcement agency occurred two years ago and was brushed under the carpet to avoid scrutiny.

The decision was confirmed to Reuters by six sources close to the matter.

However, a former Apple employee said it was possible that the project was dropped for other reasons - including the risk customers would be locked out of their data.

Scroll down for video

According to a Reuters report, the FBI requested Apple not implement encryption to its iCloud backups as it would hinder their investigations and make it impossible for them to obtain data from the iPhone of a person under investigation (file photo)

WHAT IS END-TO-END ENCRYPTION?

End-to-end encryption ensures only the two participants of a chat can read messages, and no-one in between – not even the company that owns the service.

End-to-end encryption is intended to prevent data being read or secretly modified when it is in transit between the two parties.

The cryptographic keys needed to access the service are automatically provided only to the two people in each conversation.

In decrypted form, messages are accessible by a third party – which makes them interceptable by governments for law enforcement reasons.

Facebook-owned WhatsApp is already encrypted, and now Mark Zuckerberg is looking to do the same with Facebook Messenger and Instagram Direct.

More than two years ago, Apple told the FBI that it planned to offer users end-to-end encryption when storing their iPhone data on iCloud, according to one current and three former FBI officials and one current and one former Apple employee.

Under that plan, primarily designed to thwart hackers, Apple would no longer have a key to unlock the encrypted data.

Jake Moore, Cybersecurity Expert at ESET: 'Encrypting data is essential and companies usually offer help and support when protecting data, so this news comes as a shock to me.

'However, it doesn't mean your back-up and data can't be encrypted.

'You will still be able to make an encrypted back-up on your home computer and store it there.

'As always, users should also be reminded that their data needs to be protected with a strong and complex password.

'The balance between law enforcement and tech companies protecting data comes into question quite often.

'However, this balance is extremely difficult to fine-tune. Typically, users want the easiest route if they care about their data security, so encryption should be handed to them on a plate.'

This would take a tool away from the FBI, who can ask the manufacturer to unlock the account of a person they are investigating.

Representatives from the FBI's cyber crime unit held private talks with Apple where they objected to the plan, it is claimed.

The FBI argued it would deny them the most effective means for gaining evidence against iPhone-using suspects, the government sources said.

When Apple spoke privately to the FBI about its work on phone security the following year, the end-to-end encryption plan had been dropped.

Reuters, who first reported the story, could not determine why exactly Apple dropped the plan.

'Legal killed it, for reasons you can imagine,' a former Apple employee said he was told, without any mention of why the plan was dropped or if the FBI was involved.

That person told Reuters the company did not want to risk being attacked by public officials for protecting criminals, sued for moving previously accessible data out of reach of government agencies or used as an excuse for new legislation against encryption.

'They decided they weren't going to poke the bear anymore,' the person said, referring to Apple's court battle with the FBI in 2016 over access to an iPhone used by one of the suspects in a mass shooting in San Bernardino, California.

Apple appealed a court order to break into that phone for the FBI.

The government dropped the proceedings when it found a contractor that could break into the phone, a common occurrence in FBI investigations.

One former FBI official, who was not present in talks with Apple, told Reuters: 'Outside of that public spat over San Bernardino, Apple gets along with the federal government.'

Representatives of the FBI's cyber crime agents held private talks with Apple where they objected to the plan to encrypt iCloud backups. The FBI argued it would deny them the most effective means for gaining evidence against iPhone-using suspects (stock photo)

The company has recently taken a hard-line stance in high-profile legal disputes with the government as it refuses to violate its customers' data.

Apple was last week publicly asked by US Attorney General William Barr to unlock two iPhones used by a Saudi Air Force officer who shot dead three Americans at a Pensacola, Florida naval base last month.

US President Donald Trump accused Apple on Twitter of refusing to unlock phones used by 'killers, drug dealers and other violent criminal elements.'

Republican and Democratic senators sounded a similar theme in a December hearing, threatening legislation against end-to-end encryption, citing unrecoverable evidence of crimes against children.

Apple did in fact did turn over the shooter's iCloud backups in the Pensacola case, and said it rejected the claim that it 'has not provided substantive assistance.'

An Apple spokesman declined to comment on the company´s handling of the encryption issue or any discussions it has had with the FBI.

The FBI did not respond to requests for comment on any discussions with Apple.

HOW WOULD ENCRYPTED ICLOUD HINDER THE FBI?

The FBI relies on hacking software that exploits security flaws to break into a phone.

But that method requires direct access to the phone which would ordinarily tip off the user, who is often the subject of the investigation.

Apple´s iCloud, on the other hand, can be searched in secret.

In the first half of 2019, US authorities asked for and obtained full device backups or other iCloud content in 1,568 cases, covering about 6,000 accounts.

The company said it turned over at least some data for 90 per cent of the requests it received.

Had it proceeded with its plan, Apple would not have been able to turn over any readable data belonging to users who opted for end-to-end encryption.

Instead of protecting all of iCloud with end-to-end encryption, Apple has shifted to focus on protecting some of the most sensitive user information, such as saved passwords and health data.

But backed-up contact information and texts from iMessage, WhatsApp and other encrypted services remain available to Apple employees and authorities.

Apple is not the only tech company to have removed its own access to customers' information.

In October 2018, Google announced a similar system to Apple's dropped plan for secure backups.

The maker of Android software, which runs on about three-quarters of the world's mobile devices, said users could back up their data to its own cloud without trusting the company with the key.

Two people familiar with the project said Google gave no advance notice to governments, and picked a time to announce it when encryption was not in the news.

The company continues to offer the service but declined to comment on how many users have taken up the option.

The FBI did not respond to a request for comment on Google's service or the agency's approach to it.

Google makes it safer to text on Android phones, but end-to-end encryption is still MIA - PCWorld

Posted: 12 Dec 2019 12:00 AM PST

As part of its year-end push to bring Android Messages up to speed, Google is rolling out two new features today: Verified SMS and spam protection. Together, they will help make sure your conversations aren't taken over by people you don't want to talk to.

Like the phone app, Google won't automatically filter out suspected spam messages, but it will warn you when it suspects one has arrived. You'll be able to let Google know whether it got it right and also report spam texts, all of which will be used to improve the detection engine.

In addition to flagging spam, Google will also verify whether you're indeed chatting with the brand you think you're chatting with. If so, Google will add a verification badge alongside the business name and logo in the conversation. Google says 1-800-Flowers, Banco Bradesco, Kayak, Payback, and SoFi are among the first brands to send messages with Verified SMS, with more being added daily.

While both of these features are certainly excellent additions to Android Messages—especially on the heels of the recent launch of RCS—it also underscores the biggest security safeguard that's still MIA: end-to-end encryption. While messages are indeed encrypted while being sent, there's no guarantee that they're encrypted by the carrier, which means someone could be reading or intercepting messages along the way. Google promises that it doesn't save messages, but most providers make no such claims, making it difficult to fully trust that your messages are for-your-eyes-only.

But at least you'll know that they're coming from verified sources, which is a step in the right direction. Verified SMS is rolling out in nine countries, , starting in the U.S., India, Mexico, Brazil, the UK, France, Philippines, Spain and Canada, while spam protection is rolling out in the U.S. following a broader launch earlier this year.

Note: When you purchase something after clicking links in our articles, we may earn a small commission. Read our affiliate link policy for more details.

Search This Blog

Android Full Encryption