{"id":46849,"date":"2025-02-25T16:48:24","date_gmt":"2025-02-25T21:48:24","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=46849"},"modified":"2025-03-05T09:17:39","modified_gmt":"2025-03-05T14:17:39","slug":"fbi-also-wants-to-break-icloud-advanced-data-protection","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2025\/02\/25\/fbi-also-wants-to-break-icloud-advanced-data-protection\/","title":{"rendered":"FBI Also Wants to Break iCloud Advanced Data Protection"},"content":{"rendered":"<p><a href=\"https:\/\/www.forbes.com\/sites\/zakdoffman\/2025\/02\/24\/fbis-new-iphone-android-security-warning-is-now-critical\/\">Zak Doffman<\/a> (via <a href=\"https:\/\/mastodon.social\/@ridogi\/114065132922312172\">Eric deRuiter<\/a>, <a href=\"https:\/\/news.ycombinator.com\/item?id=43166365\">Hacker News<\/a>):<\/p>\n<blockquote cite=\"https:\/\/www.forbes.com\/sites\/zakdoffman\/2025\/02\/24\/fbis-new-iphone-android-security-warning-is-now-critical\/\"><p>What has just shocked the U.K. is exactly what the FBI told me it also wants in the U.S. &ldquo;Lawful access&rdquo; to any encrypted user data. The bureau&rsquo;s quiet warning was confirmed just a few weeks ago.<\/p><p>The U.K. news cannot be seen in isolation and follows <a href=\"https:\/\/www.forbes.com\/sites\/zakdoffman\/2020\/03\/14\/new-warning-issued-for-all-whatsapp-and-imessage-users-major-threat-to-encryption\/\">years of battling between big tech and governments<\/a> over warranted, legal access to encrypted messages and content to fuel investigations into serious crimes such as terrorism and child abuse.<\/p><p>As I <a href=\"https:\/\/www.forbes.com\/sites\/zakdoffman\/2020\/03\/14\/new-warning-issued-for-all-whatsapp-and-imessage-users-major-threat-to-encryption\/\">reported<\/a> in 2020, &ldquo;it is looking ever more likely that proponents of end-to-end security, the likes of Facebook and Apple, will lose their campaign to maintain user security as a priority.&rdquo; It has taken five years, but here we now are.<\/p><p>[&#8230;]<\/p><p>When December&rsquo;s <a href=\"https:\/\/www.forbes.com\/sites\/zakdoffman\/2024\/12\/06\/fbi-warns-iphone-and-android-users-stop-sending-texts\/\">encryption warnings<\/a> hit in the wake of Salt Typhoon, the bureau told me while it wants to see encrypted messaging, it wants that encryption to be &ldquo;responsible.&rdquo;<\/p><\/blockquote>\n<p>Because the backdoor worked so well then?<\/p>\n\n<p>Previously:<\/p>\n<ul>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2025\/02\/21\/apple-pulls-icloud-advanced-data-protection-from-uk\/\">Apple Pulls iCloud Advanced Data Protection From UK<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2025\/02\/07\/uk-orders-apple-to-break-icloud-advanced-data-protection\/\">UK Orders Apple to Break iCloud Advanced Data Protection<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2024\/10\/09\/china-possibly-hacking-us-lawful-access-backdoor\/\">China Possibly Hacking US &ldquo;Lawful Access&rdquo; Backdoor<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2022\/12\/07\/advanced-data-protection-for-icloud\/\">Advanced Data Protection for iCloud<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2020\/01\/21\/apple-dropped-plans-for-end-to-end-encrypted-icloud-backups-after-fbi-objected\/\">Apple Dropped Plans for End-to-End Encrypted iCloud Backups After FBI Objected<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2019\/04\/17\/the-time-tim-cook-stood-his-ground-against-the-fbi\/\">The Time Tim Cook Stood His Ground Against the FBI<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2016\/03\/07\/federighi-and-cryptographers-on-fbi-vs-apple\/\">Federighi and Cryptographers on FBI vs. Apple<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2016\/02\/17\/fbi-asks-apple-for-secure-golden-key\/\">FBI Asks Apple for Secure Golden Key<\/a><\/li>\n<\/ul>\n\n<p id=\"fbi-also-wants-to-break-icloud-advanced-data-protection-update-2025-03-03\">Update (2025-03-03): <a href=\"https:\/\/jaanus.com\/which-side-are-you-on-apple\/\">Jaanus Kase<\/a>:<\/p>\n<blockquote cite=\"https:\/\/jaanus.com\/which-side-are-you-on-apple\/\">\n<p>It&rsquo;s not far fetched to imagine that the US government will walk up to Apple and demand data about the users of your app, including the data they have stored with your app.<\/p>\n<p>How will Apple respond?<\/p>\n<p>That is the point of this post. I don&rsquo;t know. I would like to know.<\/p>\n<\/blockquote>\n<p>Apple is not going to side with you over the government in cases where they could easily comply. They have no history of doing that. It seems obvious that, if iCloud Advanced Data Protection is disabled, Apple will just give them the data. This has happened many times already. If it&rsquo;s enabled, Apple will prevent you from using it (as in the UK), so data already encrypted will probably remain safe but future data will not be E2EE. It&rsquo;s possible, but I think unlikely, that Apple would backdoor the encryption so that you <em>think<\/em> it&rsquo;s safe, but it isn&rsquo;t. It&rsquo;s also possible that there&rsquo;s already a vulnerability that Apple did not intentionally put there. Regardless, only way to ensure privacy with such a single point of failure would be to use an app that doesn&rsquo;t rely on Apple&rsquo;s services for its encryption layer.<\/p>\n\n<p>See also: <a href=\"https:\/\/pxlnv.com\/linklog\/us-government-uk-icloud-backdoor\/\">Nick Heer<\/a>.<\/p>\n\n<p>Previously:<\/p>\n<ul>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2025\/02\/27\/our-changing-relationship-with-apple\/\">Our Changing Relationship With Apple<\/a><\/li>\n<\/ul>\n\n<p id=\"fbi-also-wants-to-break-icloud-advanced-data-protection-update-2025-03-05\">Update (2025-03-05): <a href=\"https:\/\/daringfireball.net\/linked\/2025\/03\/04\/apple-us-government-transparency-report-20-months\">John Gruber<\/a>:<\/p>\n<blockquote cite=\"https:\/\/daringfireball.net\/linked\/2025\/03\/04\/apple-us-government-transparency-report-20-months\">\n<p>Apple&rsquo;s most recent [government transparency] report for the United States covers January to June 2023. They didn&rsquo;t always lag this far behind. [&#8230;] it has me looking as much at what Apple <em>doesn&rsquo;t<\/em> say about government data demands as what Apple <em>does<\/em> say about them.<\/p>\n<\/blockquote>","protected":false},"excerpt":{"rendered":"<p>Zak Doffman (via Eric deRuiter, Hacker News): What has just shocked the U.K. is exactly what the FBI told me it also wants in the U.S. &ldquo;Lawful access&rdquo; to any encrypted user data. The bureau&rsquo;s quiet warning was confirmed just a few weeks ago.The U.K. news cannot be seen in isolation and follows years of [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2025-02-25T21:48:26Z","apple_news_api_id":"0e7808e6-e5da-4718-8e3d-e158b75dccbe","apple_news_api_modified_at":"2025-03-05T14:17:42Z","apple_news_api_revision":"AAAAAAAAAAAAAAAAAAAAAg==","apple_news_api_share_url":"https:\/\/apple.news\/ADngI5uXaRxiOPeFYt13Mvg","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[1347,16,2729,31,2586,30,2598,355],"class_list":["post-46849","post","type-post","status-publish","format-standard","hentry","category-technology","tag-federal-bureau-of-investigation-fbi","tag-icloud","tag-icloud-advanced-data-protection","tag-ios","tag-ios-18","tag-mac","tag-macos-15-sequoia","tag-privacy"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/46849","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=46849"}],"version-history":[{"count":4,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/46849\/revisions"}],"predecessor-version":[{"id":46960,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/46849\/revisions\/46960"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=46849"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=46849"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=46849"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}