Posted: 21 Jan 2020 12:00 AM PST

SAN FRANCISCO (Reuters) - Apple Inc (AAPL.O) dropped plans to let iPhone users fully encrypt backups of their devices in the company's iCloud service after the FBI complained that the move would harm investigations, six sources familiar with the matter told Reuters.

The tech giant's reversal, about two years ago, has not previously been reported. It shows how much Apple has been willing to help U.S. law enforcement and intelligence agencies, despite taking a harder line in high-profile legal disputes with the government and casting itself as a defender of its customers' information.

The long-running tug of war between investigators' concerns about security and tech companies' desire for user privacy moved back into the public spotlight last week, as U.S. Attorney General William Barr took the rare step of publicly calling on Apple to unlock two iPhones used by a Saudi Air Force officer who shot dead three Americans at a Pensacola, Florida naval base last month.

U.S. President Donald Trump piled on, accusing Apple on Twitter of refusing to unlock phones used by "killers, drug dealers and other violent criminal elements." Republican and Democratic senators sounded a similar theme in a December hearing, threatening legislation against end-to-end encryption, citing unrecoverable evidence of crimes against children.

Apple did in fact did turn over the shooter's iCloud backups in the Pensacola case, and said it rejected the characterization that it "has not provided substantive assistance."

Behind the scenes, Apple has provided the U.S. Federal Bureau of Investigation with more sweeping help, not related to any specific probe.

An Apple spokesman declined to comment on the company's handling of the encryption issue or any discussions it has had with the FBI. The FBI did not respond to requests for comment on any discussions with Apple.

More than two years ago, Apple told the FBI that it planned to offer users end-to-end encryption when storing their phone data on iCloud, according to one current and three former FBI officials and one current and one former Apple employee.

Under that plan, primarily designed to thwart hackers, Apple would no longer have a key to unlock the encrypted data, meaning it would not be able to turn material over to authorities in a readable form even under court order.

In private talks with Apple soon after, representatives of the FBI's cyber crime agents and its operational technology division objected to the plan, arguing it would deny them the most effective means for gaining evidence against iPhone-using suspects, the government sources said.

When Apple spoke privately to the FBI about its work on phone security the following year, the end-to-end encryption plan had been dropped, according to the six sources. Reuters could not determine why exactly Apple dropped the plan.

"Legal killed it, for reasons you can imagine," another former Apple employee said he was told, without any specific mention of why the plan was dropped or if the FBI was a factor in the decision.

That person told Reuters the company did not want to risk being attacked by public officials for protecting criminals, sued for moving previously accessible data out of reach of government agencies or used as an excuse for new legislation against encryption.

"They decided they weren't going to poke the bear anymore," the person said, referring to Apple's court battle with the FBI in 2016 over access to an iPhone used by one of the suspects in a mass shooting in San Bernardino, California.

FILE PHOTO: A woman uses her Apple iPhone and laptop in a cafe in lower Manhattan in New York City, U.S., May 8, 2019. REUTERS/Mike Segar/File Photo

Apple appealed a court order to break into that phone for the FBI. The government dropped the proceedings when it found a contractor that could break into the phone, a common occurrence in FBI investigations.

Two of the former FBI officials, who were not present in talks with Apple, told Reuters it appeared that the FBI's arguments that the backups provided vital evidence in thousands of cases had prevailed.

"It's because Apple was convinced," said one. "Outside of that public spat over San Bernardino, Apple gets along with the federal government."

However, a former Apple employee said it was possible the encryption project was dropped for other reasons, such as concern that more customers would find themselves locked out of their data more often.

Once the decision was made, the 10 or so experts on the Apple encryption project - variously code-named Plesio and KeyDrop - were told to stop working on the effort, three people familiar with the matter told Reuters.

APPLE SHIFTS FOCUS

Apple's decision not to proceed with end-to-end encryption of iCloud backups made the FBI's job easier.

The agency relies on hacking software that exploits security flaws to break into a phone. But that method requires direct access to the phone which would ordinarily tip off the user, who is often the subject of the investigation.

Apple's iCloud, on the other hand, can be searched in secret. In the first half of last year, the period covered by Apple's most recent semiannual transparency report on requests for data it receives from government agencies, U.S. authorities armed with regular court papers asked for and obtained full device backups or other iCloud content in 1,568 cases, covering about 6,000 accounts.

The company said it turned over at least some data for 90% of the requests it received. It turns over data more often in response to secret U.S. intelligence court directives, which sought content from more than 18,000 accounts in the first half of 2019, the most recently reported six-month period.

Had it proceeded with its plan, Apple would not have been able to turn over any readable data belonging to users who opted for end-to-end encryption.

Instead of protecting all of iCloud with end-to-end encryption, Apple has shifted to focus on protecting some of the most sensitive user information, such as saved passwords and health data.

But backed-up contact information and texts from iMessage, WhatsApp and other encrypted services remain available to Apple employees and authorities.

Apple is not the only tech company to have removed its own access to customers' information.

Slideshow (2 Images)

In October 2018, Alphabet Inc's (GOOGL.O) Google announced a similar system to Apple's dropped plan for secure backups. The maker of Android software, which runs on about three-quarters of the world's mobile devices, said users could back up their data to its own cloud without trusting the company with the key.

Two people familiar with the project said Google gave no advance notice to governments, and picked a time to announce it when encryption was not in the news.

The company continues to offer the service but declined to comment on how many users have taken up the option. The FBI did not respond to a request for comment on Google's service or the agency's approach to it.

Reporting by Joseph Menn in San Francisco; Editing by Bill Rigby and Cynthia Osterman

Our Standards:The Thomson Reuters Trust Principles.

How to Encrypt Your Texts, Calls, Emails, and Data - WIRED

Posted: 09 Dec 2017 12:00 AM PST

Cryptography was once the realm of academics, intelligence services, and a few cypherpunk hobbyists who sought to break the monopoly on that science of secrecy. Today, the cypherpunks have won: Encryption is everywhere. It's easier to use than ever before. And no amount of handwringing over its surveillance-flouting powers from an FBI director or attorney general has been able to change that.

Thanks in part to drop-dead simple, increasingly widespread encryption apps like Signal, anyone with a vested interest in keeping their communications away from prying eyes has no shortage of options.

In fact, secure communications are not only attainable but perhaps even the new default, says Matthew Mitchell, the founder of security training organization Crypto Party Harlem and an adviser to the Open Technology Fund. "Security is here to stay. It's now expected that a product just encrypts without you having to do anything," Mitchell says. He describes every unencrypted internet-connected app or web tool as a window without curtains. "Now people are learning there are curtains."

Still, effective encryption doesn't always just happen, especially once you move beyond basic messaging. Here's how to keep snoopers out of every facet of your digital life, whether it's video chat or your PC's hard drive.

Text Messaging

Signal, the smartphone and now-desktop encryption app, has become the darling of the privacy community, for good reason. It's as easy to use as the default messaging app on your phone; it's been open source from the start, and carefully audited and probed by security researchers; and it has received glowing recommendations from Edward Snowden, academic cryptographers, and beyond. Its cryptographic protocol also underpins the encryption offered by WhatsApp and Facebook's Secret Conversations. (Those two services don't, however, offer Signal's assurance that it doesn't log the metadata of who is talking to whom.) The most important note, for encrypted chat newbies: Remember that the person with whom you're messaging has to be on the same service. Signal to Signal provides rock-solid end-to-end encryption; Signal to iMessage, or even to WhatsApp, won't.

There are plenty of other ways to communicate securely. Unlike Signal, messaging apps like Wire, Threema, and Wickr allow you to sign up without tying your account to a phone number, a significant feature for those seeking some level of anonymity in addition to security. And iMessage has also quietly offered end-to-end encryption for years, although without the assurances Signal offers about no logging of metadata, or that messages aren't being intercepted by spoofed contacts. (Signal is designed to warn you when the unique key of your contact changes, so that he or she can't easily be impersonated on the network.)

On the desktop rather than the phone, a few emerging tools offer advantages over Signal too: Keybase, Semaphore, Wire, and Wickr Pro offer some approximation of an encrypted version of the collaboration software Slack, with more collaboration and team-focused features than Signal offers. And desktop instant messaging app Ricochet uses Tor's onion services to allow true peer-to-peer messaging that's anonymized, encrypted, and directly sent to the recipient, with no intermediary server that might log conversations, encrypted or not.

Video and Voice

Have you heard of Signal? Perhaps several times in the earlier paragraphs of this story? Well, it enables encrypted video and voice calls too. WhatsApp again uses Signal's encryption protocols for voice and video, but as with text messages, doesn't promise not to keep logs of conversation metadata. Apple's FaceTime integrates end-to-end encryption by default, but with the same caveats about metadata and, as with iMessage, without Signal's protections against spoofed contacts.

What you need to know about encryption on your phone - CNET

Posted: 10 Mar 2016 12:00 AM PST

The heated and very public confrontation between the FBI and Apple has spurred a lot of talk about encryption, the technology that shields data on phones and other gadgets.

The feds are pushing Apple to find a way to prevent an iPhone 5C from erasing itself after 10 successive incorrect guesses at the passcode. The user of that phone, San Bernardino shooter Syed Farook, used a PIN code to secure his device, and without bypassing that code, the data stored on it is unreadable, thanks to encryption.

If Apple were to disable the auto-erase feature, the FBI could then connect the iPhone to a computer and quickly and repeatedly attempt to guess the passcode -- a technique commonly referred to as a brute force attack -- until the device is unlocked.

Should the FBI prevail and the courts force Apple to comply, the decision could have widespread implications for our daily lives. Apple and fellow technology companies would be forced to create permanent solutions for law enforcement to get around encryption, using what's commonly referred to as a back door.

Alternatively, companies could very well decide the financial burden of maintaining encryption and abiding by law enforcement requests is too much, and give up on adding security features to the devices we've come to rely upon.

With our personal devices carrying more and more of our lives than ever before, it's a good time to look at what is and isn't encrypted and what you can do to ensure your information is safe.

What is encryption?

A fancy word for a basic concept, encryption is the science behind protecting any information stored on an electronic device, be it a phone, a laptop or a server. On a phone that means your photos, text conversations, emails and documents.

Encryption stores information in a scrambled format, typically unreadable by computers or people without a key (which only the device's owner should know) to unlock the data. PIN codes (of numbers, letters or a combination of both) and fingerprints are just two of many examples of keys used to unlock an encrypted device.

Indeed, the practice of encryption is far more technical than requiring a PIN code or fingerprint to unlock a device. Some phone manufacturers, such as Apple, require multiple pieces of information -- one known to the device owner, another embedded in the processor inside the device unknown to anyone -- to unlock data stored within the device.

It's important to note, regardless of the device you're using, data created by third-party applications store information on their own servers, which may or may not be encrypted. Even then, the rules for decrypting data stored on a server are often different than data stored on a phone (see iCloud section below for more information).

In other words, most of what we do on a phone is backed up to a server at some point. That means a copy of your Facebook posts or photo albums, Snapchat conversations, or Twitter direct messages are stored on your device but also on the respective servers for each service.

Essentially, any information stored within an app on your phone that forgoes any sort of connection to a server is encrypted and inaccessible by law enforcement on a locked phone. For example, if an iOS user wanted to keep Notes or Contacts off of Apple severs, he or she would need to disable iCloud sync for the respective app in Settings.

If you've opted not to sync your contacts or calendars through Google or a similar service, relying instead on a local copy of information on your device, that data is encrypted and presumably inaccessible by law enforcement.

How does iOS handle encryption?

Apple began encrypting iOS devices in 2014 with the release of iOS 8. Prior to iOS 8, iOS users were able to set a PIN or passcode to prevent unauthorized access, but some of the data stored on the device was still accessible by Apple when law enforcement presented the company with a valid warrant. A total of 84 percent of iOS devices are running iOS 8 or later.

With iOS 8 and beyond, Apple no longer has the tools required to bypass a device's lock screen and gain access to any data stored on your iOS device. That means items such as call logs, photos, documents, messages, apps and notes are inaccessible to anyone without a device's PIN.

This is an important detail, as it has led to the current situation playing out in public view between the FBI and Apple.

How does iCloud factor in?

Another topic that's come up in the battle between the FBI and Apple is what data stored in an iCloud backup of an iOS can and cannot be accessed by Apple.

Apple's Legal Process Guidelines state iCloud backups are encrypted and stored on the company's servers. However, unlike an encrypted device, Apple can access information stored within a backup. Specifically, it's possible for Apple to provide authorities with "photos and videos in the users' camera roll, device settings, app data, iMessage, SMS, and MMS messages and voicemail," as detailed in Section J.

What about encryption on Android?

As with all things Android, there's a long list of caveats regarding encryption on an Android device.

Android manufacturers use different processors and components, each requiring custom software and backup services outside of what Google originally designed Android for. It's the key selling point of Android over iOS, as Android fans are quick to espouse. And they're not wrong. However, each change can introduce unintended security issues outside of Google's control.

Google first provided the option for users to opt into encrypting their devices in 2011. At the time, the option was strictly up to the user, leaving the manufacturer out of the equation.

Toward the end of 2014, though, the company released Android 5.0 Lollipop with the default setting of encryption turned on. But phone makers didn't have to enable encryption to be default when they made phones; it wasn't a requirement of Google, and in the end, most OEMs left the setting turned off, citing performance issues as the reason.

Then, with the release of Android 6.0 Marshmallow in 2015, Google started requiring manufacturers to enable encryption on all devices out of the box. There is, of course, an exception to the rule: Google allows phone makers to disable the feature on what amounts to entry level, and thus often slower devices. For those who want a more technical explanation, read section "9.9 Full-Disk Encryption" of this document.

Once an Android device is encrypted, all data stored on the device is locked behind the PIN code, fingerprint, pattern, or password known only to its owner.

Without that key, neither Google nor law enforcement can unlock a device. Android security chief Adrian Ludwig recently took to Google+ to refute a claim of a back door into Android: "Google has no ability to facilitate unlocking any device that has been protected with a PIN, password, or fingerprint. This is the case whether or not the device is encrypted, and for all versions of Android."

Nevertheless, each phone manufacturer is able to alter Android, customizing its look, adding or removing features, and in the process potentially introducing bugs or vulnerabilities authorities can use to bypass Android's security features.

So how do you know if you've got encryption working?

Android users can check the encryption status of a device by opening the Settings app and selecting Security from options. There should be a section titled Encryption that will contain the encryption status of your device. If it's encrypted, it will read as such. If not, it should read similar to "encrypt device." Tap on the option if you want to encrypt your device, but make sure to set aside some time -- encrypting a device can take upwards of an hour.

Google's backup service for Android devices is optional for device manufacturers and application developers. As with Apple's iCloud Backup practices, data within a backup stored on Google's servers is accessible by the company when presented with a warrant by law enforcement. However, because the backup service is opt-in by developers, it may not contain data from every app installed on your device.

What can you do to better protect your data?

Android users should enable encryption and set a PIN code or alphanumeric passcode. iOS users, setup Touch ID and use an alphanumeric passcode containing at least six digits. The longer password is a hassle, yes, but with Touch ID enabled, you shouldn't have to enter it too often.

If the FBI succeeds in forcing Apple to bypass a device's lock screen timeout, it would take five and a half years for a computer to crack a six-digit alphanumeric passcode, according to Apple's iOS Security Guide (see page 12).

As for protecting data stored in backups on Apple's or Google's servers, you can start by disabling iCloud backups by opening the settings app, selecting iCloud, followed by Backup and sliding the switch to the Off position. Apple also allows you to delete iCloud backups from your account through the iCloud settings on your iOS device by opening Settings > iCloud > Storage > Manage Storage.

On Android, the process for disabling backups will depend on the device you're using, but generally the setting is found in Settings app under Backup & Reset. You can remove backed-up data from Google's servers under the Android section in your Google Dashboard.

How to secure your phone before attending a protest - The Verge

Posted: 04 Jun 2020 12:00 AM PDT

People are taking to the streets to organize for justice and protest against systemic racism and police brutality. If you're attending or even just watching the protests, then be aware: not only is your phone a trove of information about you and the people you communicate with, it also functions as a tracking device. That's why it's important to keep your digital footprint as small as possible — any evidence placing people at protests could be enough to get them arrested.

You should account for the fact that your phone may get lost, stolen, or broken. There's also a risk of your phone being confiscated by authorities — which means that if they're able to unlock your phone, they'll have access to data on you and people you know. It could give authorities access to information about what is being organized and who is doing the organizing, and might even give them the information necessary to shut down or prevent protests and arrest those involved.

In other words, it never hurts to prepare for the worst, especially considering recent events.

The steps we've listed here are a basic start toward protecting your privacy before you attend a protest, but there are additional precautions you can take. Circumstances and situations vary and none of these methods are 100 percent foolproof, but they do offer increased security for you and your info.

Data security is an ongoing issue, and we're still learning the ways in which information is collected and sold, what kinds are gathered, who gets access to them, and what can be learned from them. While the following strategies are important if you're participating in a protest, they are also useful if you want to be careful in your everyday technology use.

Here are some strategies you should consider.

If you can, leave your phone at home

Your phone carries a lot of information about you specifically. When you take it to different locations, it can reveal where you live, where you work, and what protests or demonstrations you've attended. In addition, every app you use collects a certain amount of information on you and has a detailed log of your activity. So, for example, if you use Twitter or Instagram at a protest, that activity and your social media account gets tied to the protest.

So it's better to just avoid carrying all of that data with you. If you can, purchase and use a burner phone instead, and only turn it on when you're at the site of the demonstration. Download and use more secure, encrypted apps for communication rather than the default text messaging apps on the phone (we'll share some examples later).

If you're bringing your own phone, back up your device in case it gets confiscated and remove all personally identifiable information from the phone. You can also wipe your phone entirely (after you've backed up all your stuff, of course) and add the apps and information you need to it. Try to keep your phone off unless you absolutely need to use it.

Use a password rather than biometrics to secure your data

It's a good idea to change the settings on your phone so that you can't unlock it using your fingerprint or facial recognition. These methods make it easier for someone else to get into your phone, especially if you're there, and law enforcement can legally force people to unlock their phones using their fingerprint or facial recognition. Instead, use a passcode, PIN, or password, which are protected under the Fifth Amendment.

Adjust your settings so that you can't see message content in notifications when your phone is locked. At the protest, try not to unlock your phone unless you absolutely have to. If you are taking photos and videos, try to access your camera without unlocking your phone. (On an Android phone, this varies depending on your model; for example, on a Pixel, you just press the Power key twice. On an iPhone, you can open the camera from the lock screen by long pressing on the camera icon in the lower right corner or swiping to the side of your lock screen.)

Encrypt your device

It's always a good practice to encrypt your personal information, but in the event that your phone is confiscated, stolen, or lost, you don't want any information linking you or others to the protests to fall into the hands of authorities (or anyone else). So if you haven't done so already, now's a good time to secure your device and any information on it.

It's a quick and easy process. If you have an Android phone, go to "Settings" > "Security & location" > "Advanced" > "Encryption & credentials" > "Encrypt phone."

For an iPhone, as long as you've set a passcode up, and you see the text "Data protection is enabled" at the bottom of the "Touch ID & Passcode" page, your information is secure.

Turn on airplane mode

Your phone actually gives off a lot of information about you, including where you've been. And not only can those signals be intercepted, they can be used to locate you and connect you to others. So while you're at a demonstration, you'll want your phone to communicate as little information about you as possible.

Keep your phone off or put it on airplane mode, which turns off cellular data and Wi-Fi by default. This stops cell carriers from knowing where you are based on what cell towers you connected to. This will also protect against any stingray attacks, which is when a device pretends to be a cell tower and collects data, including location, from phones around it. Police have been accused of using stingrays, or cell-site simulators, to collect information about phones.

Airplane mode does not disable location services. In addition, if you're using iOS 13, then depending on what you toggled on or off last time you were in airplane mode, Wi-Fi and Bluetooth may be enabled or disabled. So it's a good idea to make sure all of those services are switched off. If airplane mode interferes with your activities, then switch off cellular data, Bluetooth, location services, and Wi-Fi individually, and only switch on what you need.

Use guided access or pin your screens

Android and iOS both have features that let you access one app while effectively locking the rest of the phone, so you can use that app while keeping the device secure. This is a safer way to post to social media or take photos during a protest, and it's helpful in the event that you need to show someone, including law enforcement, something on your phone.

The iOS feature is called Guided Access. To enable it, go to "Settings" > "Accessibility" > "Guided Access" and toggle it on. Once it's on, you'll see additional settings such as setting the time limits for guided access and locking your display using a passcode.

To use Guided Access, open the app you would like to use. Press the home button three times, which will lock down all the other apps on your phone. (You may need to press "Start" in the top right corner in order to switch on Guided Access.) To disable Guided Access, press the home button three times, then enter your passcode and tap "End" on the top left corner of the next screen.

On Android, the process is called screen pinning. Go to "Settings" > "Security" > "Advanced" > "Screen pinning" and toggle it on. You can set it so it will ask for your PIN before unpinning. To pin an app, press the square Overview key at the bottom of your screen, choose the app you want to pin, long-press the app's icon at the top of its screen, and select "Pin." To unpin it, long-press the back and Overview keys.

Use secure apps

If you're using your own phone, or even if you're using a burner phone, it's a good idea to use especially secure apps. The Electronic Frontier Foundation has a list of recommended tools to keep your phone secure, or you can try one of these.

For texting, one of the apps that's most often recommended is Signal, a secure, open-source, end-to-end encrypted messaging app that doesn't store message metadata. If you're communicating about protests and demonstrations, this is one of the safest ways to do so. For added safety, you should also take advantage of some of its more secure features by adjusting your privacy settings to, for example, set up a PIN or use call relays. It also has a handy disappearing message feature that causes every message sent in a conversation to disappear after a specific time limit.

If you're using an Android phone, you want to use a more secure browser than Chrome. Chief among them is Tor (Android only), which protects your identity and information by bouncing your activity through a set of relays. Other security-minded browsers include Brave (Android and iOS) which is aggressively anti-advertising, and Vivaldi (Android only), which has a number of privacy-enhancing tools. If you've got an iPhone, Apple controls the security of its Safari browser pretty strictly (although there have been occasional blowups).

Finally, a search engine like DuckDuckGo won't store your search history or connect it to your IP address.

Use a VPN

In or out of a demonstration, it's always a good idea to download and set up a VPN on your phone (here's our detailed guide and here are some recommendations). A VPN hides your activity by encrypting your connection. When choosing a VPN, it's a good idea to look for those that are headquartered outside of the United States and Europe because companies in those countries are required to submit personal data to authorities if requested. Also keep in mind that VPNs that charge a subscription fee are usually more trustworthy than free ones.

Secure your social media accounts

If you want to protect your identity and keep the history of your personal (and business) tweets, Facebook posts, and other social media history private, consider creating a separate email account that isn't linked to any personal information. You can then use that to create separate social media accounts for protest or demonstration photos and footage.

It's also always a good idea to have two-factor authentication set up on all of your accounts.

If you're taking photos and videos

Try not to take any photos or videos with identifying information about others without their consent. Be mindful of objects in the photos such as street signs and landmarks that may give away location, if that's something you'd want to hide. Afterward, blur out other demonstrators and scrub the photos of any metadata. (We'll go into how to do that in an upcoming article.)

If your device is confiscated

Don't unlock it if at all possible. (As previously mentioned, your Fifth Amendment rights are covered if it's locked using a PIN or password, but not if you can unlock it with a fingerprint or face image.) As soon as possible, change your passwords for any apps or accounts you have on there and disconnect your accounts from that device.

And if you don't feel comfortable or safe protesting, or are looking for other ways you can act, here's a list of places you can donate to in order to support the fight against police brutality and racism.

Correction June 5th, 12:42PM ET: Corrected to clarify how airplane mode works with Bluetooth in iOS 13.

Search This Blog

Android Full Encryption

Exclusive: Apple dropped plan for encrypting backups after FBI complained - sources - Reuters