Tuesday, January 21, 2020

Apple Dropped Plans for End-to-End Encrypted iCloud Backups After FBI Objected

Benjamin Mayo:

In a 2018 interview, Cook’s comments to a German website heavily implied they are working on iCloud backups without a key (i.e. end-to-end encrypted).

Tim Cook (translation):

Our users have a key there, and we have one. We do this because some users lose or forget their key and then expect help from us to get their data back. It is difficult to estimate when we will change this practice. But I think that in the future it will be regulated like the devices. We will therefore no longer have a key for this in the future.

Joseph Menn (MacRumors, Hacker News):

Apple Inc dropped plans to let iPhone users fully encrypt backups of their devices in the company’s iCloud service after the FBI complained that the move would harm investigations, six sources familiar with the matter told Reuters.

The tech giant’s reversal, about two years ago, has not previously been reported. It shows how much Apple has been willing to help U.S. law enforcement and intelligence agencies, despite taking a harder line in high-profile legal disputes with the government and casting itself as a defender of its customers’ information.

Two years ago would be about 9 months before that interview with Cook was published.

As Apple explains, most iCloud data is not end-to-end encrypted. And, despite Apple’s marketing, iMessage has effectively never been end-to-end encrypted, either, unless all the parties in a conversation have turned off iCloud backup. I’ve been writing about this for years, but most reporting continues to ignore the backup loophole.

In October 2018, Alphabet Inc’s Google announced a similar system to Apple’s dropped plan for secure backups. The maker of Android software, which runs on about three-quarters of the world’s mobile devices, said users could back up their data to its own cloud without trusting the company with the key.

[…]

The company continues to offer the service but declined to comment on how many users have taken up the option.

John Gruber:

Apple, the privacy company

Ryan Jones:

We all need to remember and repeat often: “Apple has a master key for all iCloud backups”.

Matthew Green:

Notice as well that Apple didn’t just abandon plans to encrypt iCloud backups by default. They even abandoned giving users the option to encrypt those backups. And due to the walled garden nature of iOS, there’s nothing you can do about it.

Benjamin Mayo:

If Apple wants to be taken seriously as the ‘privacy’ company, then they should offer end-to-end encrypted iCloud backups.

Hide it behind ten warning dialogs, whatever. It should be an option, plain and simple.

The iOS security model (rightly) won’t let any other company have privileged access to the complete filesystem and user data, so a third-party solution isn’t possible. It falls on Apple to do it.

Matthew Green:

I was going to write something about iCloud backup and encryption but I realize that I’ve written it all. So here are a bunch of old posts[…]

Walt Mossberg:

As most of you know, you can back up an iPhone or iPad locally, to your own computer, using Apple’s iTunes program. In fact, that was the only way to back up your iPhone before Apple introduced iCloud Backup in iOS 5 in 2011. It was originally introduced with the iPod many years before.

This method is clumsy, slow, and requires you to remember to use it. But it still works. You can even opt to encrypt this local backup. And it keeps the contents of your phone available for restoring, but out of the cloud and out of Apple’s control.

Royce Ausburn:

It’s interesting that they choose to make iPhones unbreakable but not the backups. I’d prefer it the other way around given a choice. Better for law enforcement too, they get iCloud backups without the suspect’s knowledge, but the suspect would know if their iPhone is seized.

Eric Young:

I think this entire debate is purposefully vague and abstract

Apple doesn’t want to and cannot take firm stances on “privacy”

Because they can’t. Their statements are purposefully vague and abstract - and what many will come realize: misdirection/and somewhat dishonest

[…]

The idea that a for-profit company jumped into this un-winnable and resource draining war - is shocking to me

This is Apple’s war on drugs. It’s their lost decade. And we all suffer because of it

I’m not sure it’s true that Apple’s privacy stance is the reason for their poor services, but fighting governments on encryption is difficult. At present, Apple seems focused on putting up a smokescreen so that customers think their data is more secure than it actually is. The way to win, if that’s even possible, would be to educate the public about what’s actually going on, so that they can lobby their representatives to change government policy in favor of privacy.

Previously:

Update (2020-01-21): AAPL of Discord:

Steve Jobs responding to Walt Mossberg on Privacy at D8 2010:

“No! Privacy means that people know what they’re signing up for. In plain English, and repeatedly. That’s what it means.”

At the very least, Apple is failing on the “plain English” bit.

zacwest:

You need to be extremely technical to understand the difference between “Encryption: Yes” and not end-to-end encrypted. To the lay user, Apple is explicitly telling you that they’re encrypted.

And to understand that “Messages in iCloud also uses end-to-end encryption” actually means that Apple can access the messages if they are backed up and could access future messages without a backup if they added a fake device to your account.

David Sparks:

So Apple is holding the line on our devices but not on our backups. That seems like a great way to upset everyone. Do they think giving the government user just iCloud backups will satisfy them? Do they think that privacy-minded users will say “good enough” when they realize their device is encrypted but not their backups? Seems to me like it is time for Apple to fish or cut bait.

Nick Heer:

Even though Apple attempts to explain how iCloud backups work, I don’t think they do a good job, and it is one reason the Reuters report today had such a profound impact: a lot of people have been surprised that their iCloud backups are less private than their phone. Yet, as bad as this is for Apple, it is equally a poor look for the Department of Justice, who have publicly been whining about their inability to extract device data while privately accepting Apple’s cooperation.

John Gruber (tweet):

It’s essential that Apple still supports local backups, for many reasons, but for most iPhone and iPad users it’s irrelevant, because they never connect their devices to a Mac or PC, and the overwhelming majority of them surely have no idea that the feature even exists. iCloud backups are the only backups most iOS users ever use, and it is a fact that there is no option to truly encrypt them.

[…]

In fact, it’s so contrary to Apple’s stance as The Privacy Company that I’ve already heard from several tech-savvy users today, in the wake of Reuters’s report, that they had assumed until now that their iCloud backups were encrypted.

[…]

If that is the case — that Apple’s legal department killed the project to avoid “poking the bear” — then it’s ultimately irrelevant whether Apple briefed the FBI in advance or not. It’s acquiescence, and users will be left unprotected. Not just in the U.S., where the FBI has jurisdiction, but everywhere in the world where encryption is legal.

Apple Legal is afraid to poke the bear, which Google has been doing since 2018?

Starting in Android Pie, devices can take advantage of a new capability where backed-up application data can only be decrypted by a key that is randomly generated at the client. This decryption key is encrypted using the user’s lockscreen PIN/pattern/passcode, which isn’t known by Google. Then, this passcode-protected key material is encrypted to a Titan security chip on our datacenter floor. The Titan chip is configured to only release the backup decryption key when presented with a correct claim derived from the user’s passcode. Because the Titan chip must authorize every access to the decryption key, it can permanently block access after too many incorrect attempts at guessing the user’s passcode, thus mitigating brute force attacks. The limited number of incorrect attempts is strictly enforced by a custom Titan firmware that cannot be updated without erasing the contents of the chip. By design, this means that no one (including Google) can access a user’s backed-up application data without specifically knowing their passcode.

Ryan Jones:

We must stop using “encrypted” and especially “end-to-end encrypted”.

ICloud backups are encrypted, but Apple has a master key.

All that matters is accessible. Are iCloud backups accessible by Apple? Yes.

Why does Apple have a master key? Because people forget their passwords every day.

I believe that’s a valid reason and why they have access (not for some FBI conspiracy).

The problem is Apple hides it.

You have to read this like a detective to know.

Not just backups, but also the Safari browsing history for all your devices.

Update (2020-01-24): John Gruber:

Via my friend Glenn Fleishman, who speaks German: “You are correct about the Spiegel story. The machine translation is quite good, but ‘regulated’ was translated from the verb ‘regeln’ which can be regulated, but also controlled/set/etc. So it would be better to say, ‘I believe that in the future, it will be handled like on devices.’ ”

[…]

Something in the timeline doesn’t add up there.

Damien Petrilli:

The limitations of the Apple closed ecosystem: your state is against encryption, as iOS is closed, nothing you can do.

Can’t backup to your own cloud, can’t set third party photo as default, nothing.

If Apple cared about security, they would actually open the system.

Damien Petrilli:

SeeAnd BTW, easy fix to reduce the iCloud Backup issue: let people pick what they want to backup instead of all or nothing.

That way you could exclude Messages for example, which are encrypted end-to-end but the private key is uploaded by the iCloud backup system if ON...

John Gruber:

First, while Android runs on 75 percent of mobile devices worldwide, not all of those devices use Google services like backup. None of the Android phones in China, for example — which is a lot of phones. It’s lazy to conflate Android phones with Google Android phones.

Second, I wasn’t aware of this until today. And it makes iCloud’s lack of backup encryption look bad.

[…]

Not sure why the Department of Justice isn’t publicly complaining about this.

Rosyna Keller:

[Google] App Data backups are limited to 25MB per app, anything over isn’t backed up.

Alex Stamos:

What we really need is a detailed accounting of what data is available to the governments of the United States and the People’s Republic of China and under what circumstances. Apple continues to obfuscate by using “encryption” when they mean “encrypted with a key we hold”.

See also: TidBITS Talk, Bruce Schneier, Rene Ritchie, The Talk Show.

10 Comments RSS · Twitter


Something no one has mentioned is the fact that using local iTunes backups to your Mac opens a backdoor to your iPhone. When you plug the device in and say "Trust," a key exchange takes place between Mac and iPhone. If compromised, the key stored on the Mac can be used to bypass the iPhone's security measures.

Apple makes it completely impossible to either know this or for a normal user to delete this keypair. How do you do it? Settings->General->Reset->Reset Location & Privacy.


Another point on data at rest: people are learning for the first time today that Apple scans images for hashes of known images tied to criminal investigations. What no one thinks about is that–because Apple chose to "de-duplicate" data at rest to save money on storage, if ten people download a public PDF and store it on iCloud, Apple only stores one copy of that PDF on their servers.

This means that *any* file you store of questionable nature can be linked to you personally __without a court order specifically targeting you based on probable cause.__ The Feds effecively indict files, give companies like Apple & Dropbox the hashes, and Apple is compelled to hand over the personal information of any user who has uploaded that file to the cloud.


>Why does Apple have a master key? Because people forget their passwords every day.

That does not seem plausible to me. Does Apple actually provide the service of allowing people to access iCloud backups where users forgot the password? How often does this happen? If I call Apple now and tell them that I lost my iCloud password, what exactly will they do?


Regular folk forget passwords all the time.

Peopla who forgot their password can get it reset by Apple - they do so with a series of security questions which is how those celebrities got hacked as the questions used to be ones that could be known or researched for famous people listed on wikipedia (first school attended etc) I gather they are more random now.

I use local backup as I start the day at my desktop Mac so why not plug in the phone to charge and back-up at the same time. Back-up is encrypted mainly to have all the login passwords backed-up as well - so it's a win-win-win.


I have been writing this everywhere. We need iOS Time Capsule. That is Simple, Plug and Play Set up. And for advance user they should be given the option to upload their encrypted backup to the cloud as Off Site Backup.For a price.

I get it, FBI wants certain access to information. Then get a court order to come to my house and get that encrypted Data from me. It doesn't need to go through Apple.


>Peopla who forgot their password can get it reset by Apple - they do so with a series of security questions

I'm actually genuinely unaware of how this works, since I'm not using Apple's cloud stuff anymore. The password for the iCloud account is also used to encrypt the backup? There's no way to define a separate key for the encryption of the backup?


@Lukas Right, there’s just one password for everything in iCloud.


OK, then I get why there needs to be a way to reset the password. But that seems like a design flaw. It seems to me that the password for logging into the service, and the key to encrypt data that ends up being stored on that service, should be two different things, at least as an option if people decide that they want a separate encryption key.


[…] Walt Mossberg from 2016: Mossberg: The iCloud loophole and Daring Fireball: Regarding Reuters’s Report That Apple Dropped Plan for Encrypting iCloud Backups See also Michael Tsai’s roundup: Apple Dropped Plans for End-to-End Encrypted iCloud Backups After FBI Objected […]


Would be nice if Apple would implement into iOS Files the same utility as macOS has, to create and to view the content of AES encrypted DMG folders on iCloud Drive.
No more problem with "lost" passwords as the responsibility will be exclusively related to iCloud Drive user.

Leave a Comment