Storm clouds: Apple vexes the cops, coming and going

Offers end-to-end iCloud encryption, drops controversial child-sexual abuse screening plan.

From Robert McMillan and Joanna Stern's "Apple Plans New Encryption System to Ward Off Hackers and Protect iCloud Data" posted Wednesday by the Wall Street Journal:

Apple is planning to significantly expand its data-encryption practices, a step that is likely to create tensions with law enforcement and governments around the world as the company continues to build new privacy protections for millions of iPhone users.

The expanded end-to-end encryption system, an optional feature called Advanced Data Protection, would keep most of the iCloud’s data secure, even in the event that Apple is hacked. It would also prevent Apple from being able to provide data from iCloud phone backups in response to law-enforcement requests.

While Apple has drawn attention in the past for being unable to help agencies such as the Federal Bureau of Investigation access data on its encrypted iPhones, it has been able to provide much of the data stored in iCloud backups upon a valid legal request. Last year, it responded to thousands of such requests in the U.S., according to the company.

With these new security enhancements, Apple would no longer have the technical ability to comply with certain law-enforcement requests such as for iCloud backups—which could include iMessage chat logs and attachments and have been used in many investigations...

The changes represent a new potential setback for law-enforcement officials. Last year, Apple proposed software for the iPhone that would identify child sexual-abuse material on the iPhone. Apple now says it has stopped development of the system, following criticism from privacy and security researchers who worried that the software could be misused by governments or hackers to gain access to sensitive information on the phone.

My take: This won't win Apple many friends in Washington.

13 Comments

  1. Robert Paul Leitao said:
    @PED Thank you for covering the story. While this might create some tensions with various law enforcement agencies, securing the privacy of well over 1 billion Apple product users around the world is a paramount concern. Noted in the story is this assists in safeguarding the privacy of people around the world in the event Apple’s systems are somehow hacked.

    6
    December 7, 2022
  2. Michael Goldfeder said:
    So here comes the next headline from Mark “Eddie Munster” Gurman: Apple actively seeks to protect criminals from law enforcement.”

    4
    December 7, 2022
  3. Roger Schutte said:
    Criminals who worry about iPhone security probably do local encrypted backups to their Mac’s with no backups to iCloud. And probably use complex alphanumeric passcodes and no FaceID.

    1
    December 7, 2022
  4. Gregg Thurman said:
    Apple proposed software for the iPhone that would identify child sexual-abuse material on the iPhone. Apple now says it has stopped development of the system, following criticism from privacy and security researchers who worried that the software could be misused by governments

    You can’t have it both ways.

    Either you embrace systems that detect child sexual exploitation, and risk that governments that may, somehow, find a way to use it against its citizens, or you live with child sexual exploitation.

    I don’t think the trade off is worth protecting us from rogue governments over protecting children from sexual exploitation.

    If you have criminal intent you’ll just find another way to communicate.

    If you have government resistance intent you’ll just find another way to communicate.

    For the greater percentage of us (99%?) we have no such intent, so our fear of George Orwell’s “1984” is irrational, and that irrationality is leaving our children vulnerable to the very real threat of child sexual exploitation.

    Think about that the next time you read/hear about child sexual exploitation.

    6
    December 7, 2022
  5. Jerry Doyle said:
    The CCP will not accept this new Apple data practice. Am I correct to make this statement? So, what will be Apple’s response to the PRC?

    4
    December 7, 2022
    • David Emery said:
      That IS the interesting question! Of course, China doesn’t have the crypto keys to iPhones themselves.

      2
      December 7, 2022
    • Fred Stein said:
      Glad you brought this up, Jerry. Let’s see how this plays out in China.

      I recall, the same non-friends in Washington made a big deal that Apple conceded to China’s demand to host could data locally. That was another OMG Apple story. And there were assertions (unproven) that Apple gave access to locals in China. My recollection may be off. Feedback, corrections are most welcome.

      2
      December 7, 2022

Leave a Reply