Good work, Britain. Owners of Apple devices in the United Kingdom will be a little less safe moving forward as the company pulls its most secure end-to-end (E2E) encryption from the country. The move is in response to government demands there that Apple build a backdoor into its iCloud encryption feature that would allow law enforcement to access the cloud data of any iPhone user around the world.
Apple has for many years marketed its products as being the most safe and secure personal electronics available on the market. Being a key pillar of the brand, Apple has consistently pushed back against government orders around the world to decrypt confiscated devices or build similar backdoors into its products. The most famous instance was when, under President Trump’s first administration, Apple refused Department of Justice demands to unlock an iPhone used by the attacker in a mass shooting in San Bernardino, California. The FBI eventually paid a third-party Australian firm a reported $900,000 to identify an “exploit chain” and crack open the device.
Following its decision to pull E2E cloud encryption from the UK, Apple on Friday told Bloomberg that “enhancing the security of cloud storage with end-to-end encryption is more urgent than ever before” and that it “remains committed to offering our users the highest level of security for their personal data and are hopeful that we will be able to do so in the future in the United Kingdom.” The UK order asked Apple for access to global user data under the country’s Investigatory Powers Act, a law that grants officials the authority to compel companies to remove encryption under a “technical capability notice.”
Law enforcement is always looking for new ways to conduct surveillance under the guise of protecting the public, but once you take the genie out of the bottle, it is hard to put it back—and the capabilities can get into the wrong hands. Police already have access to plenty investigative tools, privacy advocates say, and the public should be very cautious about giving them more that could be ripe for abuse.
Building a backdoor into any encryption product defeats the purpose, essentially rendering the security moot. If there is a backdoor, Apple and privacy advocates have long argued, then bad actors and authoritarian states will be able to find and exploit those backdoors or demand Apple provide access. The entire purpose of end-to-end encryption is that nobody, not even Apple, can access a user’s sensitive data. Backdoors are an inherent vulnerability.
End-to-end encryption of iCloud, formally called Advanced Device Protection, covers data storage, device backups, web bookmarks, voice memos, notes, photos, reminders, and text message backups. The way ADP works, data is stored in the cloud but can only be decrypted locally on a user’s device, using a key stored in the Secure Enclave security component built physically into Apple devices. Bloomberg reports that Apple will not remove end-to-end encryption for other features including iMessage, FaceTime, password management, and health data. So all of that is safe for now.
With today’s move, Apple is essentially saying that it would rather pull the E2E encryption altogether and inform customers they will be less safe, rather than build an open door for the UK government. It is a shrewd, gigachad move by Apple even though consumers there will no longer have the same amount of security as others around the globe. iCloud encryption is important as the service has in the past been a target of hackers who penetrated the accounts of celebrities to steal their nudes and post them online in a scandal that was called “the Fappening.”
Of course, because no security is entirely bulletproof, hackers and law enforcement groups still manage to find ways to penetrate iPhones, and doing so is a billion-dollar business for companies like Israel’s NSO Group, which supplies iPhone cracking software to governments around the world. It is essentially playing a cat-and-mouse game with Apple—each time hackers find an exploit, they are able to take advantage of it for a limited time before Apple plugs the hole. ADP was intended as a way to make it tougher for nefarious actors to access certain data, though it makes it more difficult for users to recover their content if they lose their devices.
NSO Group and other firms claim they only sell their exploits to governments and law enforcement and prohibit the software from being used to spy on dissidents or journalists. But reporting over the years has put those claims in significant doubt, as NSO’s software has been linked to hacks of journalists around the globe, including Jamal Khashoggi, whose devices were monitored leading up to his brutal assassination by Saudi intelligence agents.
If you live in the UK, you will need to manually disable ADP during an unspecified grace period to keep your iCloud account. Bloomberg says that Apple will release feature guidance on this process sometime soon.
Earth Sciences Minister Kiren Rijiju is reportedly upset with the French IT company Atos. Reason is said to be Read more
Bobby Kotick, the former head of Activision Blizzard, is reportedly considering buying TikTok, as the app could be banned Read more
Apple's Find My app has cost the city of Denver, US $3.76 million in compensation and damages. In 2022, Read more
If you have been planing to purchase a budget smartphone, then you can consider buying the Moto G54. Launched Read more