Thursday, December 17, 2020

Where Is End-to-End Encryption for iCloud?

Ole Begemann:

In a December 2020 video recorded for the European Data Protection & Privacy Conference, Apple’s Craig Federighi touts end-to-end-encryption for iMessage[…]

Apple has been using this self-congratulatory tone about their encryption efforts for years and I find it increasingly disingenuous. What Federighi fails to mention: if you have iCloud Backup enabled, that last claim (emphasis mine) is not the whole truth.


In other words, if you use Apple services as intended and recommended by Apple, a large portion of your most sensitive data is in fact not securely encrypted.


5 Comments RSS · Twitter

The sad and amusing consequence of this, of course, is that it is currently, on paper, positively 110% illegal to use an iPhone — or, for that matter, an Android device — for professional purposes in the EU.

The moment you use an iPhone with iCloud turned on, your call data, messages, and app data get sent to iCloud, which, under EU rules, constitutes an export of Personally Identifiable Information. Recent comments by the EU DPA after the Schrems II judgement make this crystal clear.

Of course, no country could ever enforce this and ban iPhones on GDPR grounds, but targeted actions against individual professionals are well within the realm of possibility. In fact, France has already fined professionals for similar “violations.”

Currently, the only way Apple can get out of this is by end-to-end encrypting all iCloud data, because even storing clear-text data in a EU-based data centre would be considered “exposure to US interests.” (See the US CLOUD act).

This whole situation is going to blow up sooner or later, and it is not going to be pretty. End-users are going to pay the price of a lot of protectionism and legal uncertainty on both sides.

Just Sell me a $599 Time Capsule that includes iOS Backup function.

Amen, Ed. It's mind-boggling that Apple gave up on their line of routers. And did so just before attempting a push into the 'Smart Home' sector. Can't fathom what they were thinking. Massive missed opportunity.

Apple only enters a market when they think they can make a difference. They started making wifi routers back when the wifi market was not yet mature, and left once it was. What would an Apple wifi router or NAS offer today that competitors don't already have?

Yes, local (Mac-less) iOS backup would be a neat feature, but that sounds like a software feature of iOS, not a router/NAS feature. There are third-party "Time Machine" servers available, so if iOS supported Time Machine, it could just use any of those.

> What would an Apple wifi router or NAS offer today that competitors don't already have?

Usability combined with privacy.

eero was a good choice... until they were acquired by Amazon.

Leave a Comment