FBI Also Wants to Break iCloud Advanced Data Protection
Zak Doffman (via Eric deRuiter, Hacker News):
What has just shocked the U.K. is exactly what the FBI told me it also wants in the U.S. “Lawful access” to any encrypted user data. The bureau’s quiet warning was confirmed just a few weeks ago.
The U.K. news cannot be seen in isolation and follows years of battling between big tech and governments over warranted, legal access to encrypted messages and content to fuel investigations into serious crimes such as terrorism and child abuse.
As I reported in 2020, “it is looking ever more likely that proponents of end-to-end security, the likes of Facebook and Apple, will lose their campaign to maintain user security as a priority.” It has taken five years, but here we now are.
[…]
When December’s encryption warnings hit in the wake of Salt Typhoon, the bureau told me while it wants to see encrypted messaging, it wants that encryption to be “responsible.”
Because the backdoor worked so well then?
Previously:
- Apple Pulls iCloud Advanced Data Protection From UK
- UK Orders Apple to Break iCloud Advanced Data Protection
- China Possibly Hacking US “Lawful Access” Backdoor
- Advanced Data Protection for iCloud
- Apple Dropped Plans for End-to-End Encrypted iCloud Backups After FBI Objected
- The Time Tim Cook Stood His Ground Against the FBI
- Federighi and Cryptographers on FBI vs. Apple
- FBI Asks Apple for Secure Golden Key
Update (2025-03-03): Jaanus Kase:
It’s not far fetched to imagine that the US government will walk up to Apple and demand data about the users of your app, including the data they have stored with your app.
How will Apple respond?
That is the point of this post. I don’t know. I would like to know.
Apple is not going to side with you over the government in cases where they could easily comply. They have no history of doing that. It seems obvious that, if iCloud Advanced Data Protection is disabled, Apple will just give them the data. This has happened many times already. If it’s enabled, Apple will prevent you from using it (as in the UK), so data already encrypted will probably remain safe but future data will not be E2EE. It’s possible, but I think unlikely, that Apple would backdoor the encryption so that you think it’s safe, but it isn’t. It’s also possible that there’s already a vulnerability that Apple did not intentionally put there. Regardless, only way to ensure privacy with such a single point of failure would be to use an app that doesn’t rely on Apple’s services for its encryption layer.
See also: Nick Heer.
Previously:
Update (2025-03-05): John Gruber:
Apple’s most recent [government transparency] report for the United States covers January to June 2023. They didn’t always lag this far behind. […] it has me looking as much at what Apple doesn’t say about government data demands as what Apple does say about them.
13 Comments RSS · Twitter · Mastodon
But didn't the bootlicking Tim Cook just pay Trump a million bucks as well announce a 500 billion dollar plant for Texas for AI Servers. That should or maybe not register with Trump to get the FBI to back off.
My solution is to never log in to iCloud and not use related Apple services. Too bad they’re all bundled together, because some I would be fine with. As long as you’re logged in to iCloud, all your data is one click (or one bug) away from being uploaded to Apple. I consider logging in to App Store is fine (for now). Same for iMessage and FaceTime. They predate iCloud and are sort of independent, even though Apple makes it hard to tell sometime what you’re logging in to.
- PRISM company (never forget this).
- Chinese iCloud accounts must be stored on servers in China.
- Siri voice samples kept indefinitely and farmed to third parties.
- Attempted to ship CSAM.
- UK iCloud data protection: OFF.
- Xcode phoning home, app launches phoning home, leaky VPN implementation, firewall bypasses, etc.
Apple privacy is about the same level as Facebook or Google privacy.
2010s: making Mac OS X buggier and less tolerable because security & privacy
2020s: making Mac OS X buggier and less tolerable just because
2030s: customers abandoning Apple products en masse because the software is unusably buggy and Apple can no longer live off the reputation it built in the 2000s
At the moment you can choose not to have an iCloud account. How long will that last? Selling access to the Five Eyes might be another great source of services revenue for us. Just like charging 30% on books, apps, that merely "graced" our platform.
After all, why should users use our platform for free, if they don't upgrade for years? Particularly if there are others who will step in and pay our dividends!
This is all part of the plan kids. In 2030, you'll own nothing and you WILL be happy. (copyright WEF 2018).
And those worries about privacy will be just so quaint by the 2040s, when you have your neuralink iNeuralLace installed. Then you'll truly understand why sharing is caring. You'll all live in your very own Truman show. Imagine the possibilities for mass delusion!
But even the notion of delusion presupposes you can understand the idea of truth. Once you've been subjected to mandatory betrization (Return from the Stars, Stanislaw Lem), that won't even be a distant memory.
After all, now that we have gotten rid of objective truth, and understood that everything is subjective, and everyone has their own experiential truth, we must progress further! And who better to bring us the world of tomorrow today than Apple? (/s for the irony impaired, hopefully).
This website doesn’t inject any tracker. A rarity. For everyone else we have every possible tracker already operating in whichever app or web app you employ. If not enough street cameras are everywhere. Now I would really like to know from the bots here who we can trust more. Or less.
Is it or is it not a bad idea to put a backdoor into a service? You tell me. Do any banking softwares have a 'back door'? The FBI and the UK Gov are not stupid. So what's the thinking behind this? Is the end game to return to paper money?! Or something more obvious like shifting even more power to those already with money, power, and the resources? Sigh...
"Do any banking softwares have a 'back door'?"
America does, in fact, have a backdoor in every banking software. It's not a technical backdoor, it's a social backdoor enforced by the US's status as an economic powerhouse and the sole remaining global superpower. It's called tax forms.
Of course, the dismantling of America has now begun in earnest, so I'm not sure how much longer this backdoor will exist, and at what point other countries will stop giving a shit about pleasing the US. In fact, the US also seems to care less and less, because international treaties and taxes are woke.
I go a step further than Michel Fortin, I don't have any Apple account. I just use my Mac like decades ago, with a local account. I don't use App Store at all.
Chris Brandow: I backup to a hard disk using Time Machine. I have 3 such disks. I keep one at home, one at work, and one at my mom's.
Hammer: to add to your list: they send duckduckgo queries to google first.
Microsoft is making it increasingly difficult to use local accounts on Windows. I would assume that in due time, Apple will follow.
The most interesting part of all this for me is that there are still people at the FBI. /s
To answer to Chris Brandow: I mostly do local backups, and I also have a lot of redundancy for the data I care the most because I own a lot of Macs. For syncing (and almost exclusively work-related stuff) I use Dropbox. I've tried different solutions, but *for my needs* Dropbox turned out to be the best, the most seamless, the least unpredictable or buggy.
