Apple's new encryption regime: EFF delighted, FBI deeply concerned

From Sami Fathi's "FBI Calls End-to-End Encryption 'Deeply Concerning' as Privacy Groups Hail Apple's Advanced Data Protection as a Victory for Users" posted Thursday on MacRumors:

Apple yesterday announced that end-to-end encryption is coming to even more sensitive types of iCloud data, including device backups, messages, photos, and more, meeting the longstanding demand of both users and privacy groups who have rallied for the company to take the significant step forward in user privacy.

‌iCloud‌ end-to-end encryption, or what Apple calls "Advanced Data Protection," encrypts users' data stored in ‌iCloud‌, meaning only a trusted device can decrypt and read the data. ‌iCloud‌ data in accounts with Advanced Data Protection can only be read by a trusted device, not Apple, law enforcement, or government entities.

Following its announcements, the EFF or Electronic Frontier Foundation, a group that has long-called for Apple to enable end-to-end encryption and take more steps to safeguard user privacy, put out a statementapplauding the new feature and Apple's renewed commitment to privacy...

While privacy groups and apps applaud Apple for the expansion of end-to-end encryption in ‌iCloud‌, governments have reacted differently. In a statement to The Washington Post, the FBI, the largest intelligence agency in the world, said it's "deeply concerned with the threat end-to-end and user-only-access encryption pose." Speaking generally about end-to-end encryption like Apple's Advanced Data Protection feature, the bureau said that it makes it harder for the agency to do its work and that it requests "lawful access by design."

"This hinders our ability to protect the American people from criminal acts ranging from cyber-attacks and violence against children to drug trafficking, organized crime, and terrorism," the bureau said in an emailed statement. "In this age of cybersecurity and demands for 'security by design,' the FBI and law enforcement partners need 'lawful access by design.'"

My take: Bold move. Let's see how it shakes out.

9 Comments

  1. Fred Stein said:
    The question is much larger than Apple because so many things are connected, personal devices, infrastructure, etc.

    Which devices should be hackable and which not? Who sets the rules? As Joseph posits, who watches the watchers? Which agencies have ‘hacking’ rights? Which countries?

    Finally, people with evil intent do not need Apple’s encryption. In the San Bernardino case, after spending $900,000, they found nothing on the iPhone.

    6
    December 8, 2022
    • David Emery said:
      “Who sets the rules? ” Uh, Congress. And NOT the FBI.

      0
      December 8, 2022
  2. Jerry Doyle said:
    The CCP sets the rules in the PRC. Apple will need to capitulate if it expects to sell iPhones in China.

    0
    December 8, 2022
  3. Gregg Thurman said:
    I’m always amazed at how upset people that have nothing to hide, get so upset that law enforcement may be able to search your iPhone. At the same time they employ easily broken passwords. Then want to inhibit law enforcements’ legitimate investigations for fear they may learn what you bought on Amazon last week. These same people, who don’t want law enforcement being able to access their data, don’t care enough about their privacy, to block advertisers from tracking them.

    Before digital communications law enforcement could “tap” an analog phone line [with a court order], and people never said boo. Besides law enforcement doesn’t have the resources they need to properly investigate legitimate crimes. They certainly don’t have the resources to randomly investigate millions of people’s cell phones, hoping to find activity they don’t have the resources to investigate.

    How do totalitarian governments do it? Mostly they employe your family, friends and co-workers to spy on you. End to end encryption can’t protect you from that.

    Am I in favor of an unlimited police power. No. While democracy is the most inefficient and messiest forms of government, it’s better than all the others.

    Maybe the solution is having the ability to opt in, or out, of end to end. My guess is that the majority of people don’t know what that is, and if they did, don’t care about it, I mean, how many backup to the Cloud anyway?

    2
    December 8, 2022
    • David Emery said:
      I would be less concerned from a policy perspective if the only way to get at a phone was via a warrant (with probable cause). CBP’s requiring people to open their phones at border checks certainly gave me a lot of discomfort. (I’m also appalled by ‘civil forfeiture’ as another instance of government law enforcement overreach.)

      But for me personally, the technical concern overrides the policy issue. A backdoor capability that allows government to read data will also allow hackers and others to potentially read data. I’m sure there have been instances of criminals tapping phones, etc. But that doesn’t mean I accept the likelihood.

      1
      December 9, 2022

Leave a Reply