Two years ago, Apple dropped a plan that would have made it impossible for the company to decrypt iPhone and iPad backups for law enforcement, according to a Reuters report today. Reuters wrote that “six sources familiar with the matter” confirmed that Apple dropped the end-to-end encryption plan for iCloud Backup “after the FBI complained that the move would harm investigations.”
Apple had “told the FBI that it planned to offer users end-to-end encryption when storing their phone data on iCloud” more than two years ago, Reuters wrote.
“Under that plan, primarily designed to thwart hackers, Apple would no longer have a key to unlock the encrypted data, meaning it would not be able to turn material over to authorities in a readable form even under court order,” the report continued.
But the FBI objected, and Apple dropped the plan, although the exact reason for doing so isn’t clear. One former Apple employee told Reuters that the company “decided they weren’t going to poke the bear anymore.” However, another former Apple employee “said it was possible the encryption project was dropped for other reasons, such as concern that more customers would find themselves locked out of their data more often.”
Apple had “10 or so experts” working on the end-to-end encryption plan, “variously code-named Plesio and KeyDrop,” but told them to stop work on the project once the decision was made, according to Reuters’ sources.
The reversal “shows how much Apple has been willing to help US law enforcement and intelligence agencies, despite taking a harder line in high-profile legal disputes with the government and casting itself as a defender of its customers’ information,” Reuters wrote.
We contacted Apple about the Reuters report today and will update this article if we get a response.
Encryption vs. end-to-end encryption
Nearly all types of iCloud data are encrypted both in transit and on Apple’s servers, Apple explains in this security overview. But only certain Apple services get the extra protection of end-to-end encryption, in which “your data is protected with a key derived from information unique to your device, combined with your device passcode, which only you know.” When end-to-end encryption is enabled, Apple doesn’t have a key to unlock the data and therefore cannot turn a decrypted version over to law enforcement. “No one else can access or read this data,” Apple’s website says.
The iCloud Keychain password manager, Wi-Fi passwords, and Siri usage information are among the data sets stored in iCloud with end-to-end encryption. Notably, Apple has not implemented end-to-end encryption for iCloud Backup, the service that lets customers back up their iPhones and iPads to Apple servers, or for iCloud Drive. The iCloud Backup and iCloud Drive data sets are encrypted at rest and in transit, but Apple has the key to unlock them and can thus give decrypted versions to law enforcement.
Messages is a special case. Messages itself has end-to-end encryption, but iCloud Backup “includes a copy of the key protecting your Messages.” If you want full protection for Messages, you’d want to disable iCloud Backup and back your iOS devices up to iTunes on your computer instead.
iCloud Backup’s inclusion of a copy of the Messages key “ensures you can recover your Messages if you lose access to iCloud Keychain and your trusted devices,” Apple explains. “When you turn off iCloud Backup, a new key is generated on your device to protect future messages and isn’t stored by Apple.”
Apple has been one of the leading proponents of encryption in the face of government pressure to install backdoors that could undermine security for all technology users.
The Reuters report comes amid the latest dispute over encryption between Apple and the US government, which began with the FBI asking Apple for help decrypting two iPhones believed to have belonged to Mohammed Saeed Alshamrani, a Saudi Air Force officer and suspect in the December 2019 shooting of three members of the US Navy at a base in Pensacola, Florida.
As we wrote last week, “an Apple spokesperson said that Apple had provided the contents of the cloud backups of those devices to investigators within hours of the shooting, and Apple executives thought the FBI was satisfied with that—until the FBI came back a week ago and asked for additional assistance.”
President Trump blasted Apple on Twitter last week, writing that Apple “refuse[s] to unlock phones used by killers, drug dealers and other violent criminal elements.”
Apple countered that it gave the FBI “gigabytes of information,” including “iCloud backups, account information and transactional data for multiple accounts.”
Apple may be unable to unlock the phones since it hasn’t granted the government’s request for a backdoor—and continues to argue that encryption backdoors would harm security for all users.
“We have always maintained there is no such thing as a backdoor just for the good guys,” Apple said in its statement, according to CNBC. “Backdoors can also be exploited by those who threaten our national security and the data security of our customers. Today, law enforcement has access to more data than ever before in history, so Americans do not have to choose between weakening encryption and solving investigations. We feel strongly encryption is vital to protecting our country and our users’ data.”