Apple announces plans to encrypt iCloud backups

Apple announced on Wednesday that it plans to allow users to encrypt additional kinds of iCloud data on its servers, including full backups, photos and notes.

The feature, called Advanced Data Protection, will prevent Apple from seeing the contents of some of the most sensitive user data stored on its servers and will make it impossible for Apple to provide the content of an encrypted backup to law enforcement.

Encrypted backups will be opt-in, according to Apple, and will be available in the U.S. before the end of the year.

While Apple has previously encrypted a lot of data it stores on servers, entire device backups that included text messages, contacts and other important data were not end-to-end encrypted, and Apple previously had access to the contents of the backups.

The move will please security advocates, many of whom previously pointed to unencrypted iCloud backups as a weak link in Apple’s privacy policy. It also means that user data content would not be exposed if Apple’s servers were ever breached.

It could upset law enforcement, which has used Apple’s policy of not encrypting backups as a way to obtain materials in investigations even though Apple’s iMessage and devices are encrypted.

The FBI criticized Apple’s new feature in a statement on Wednesday, saying that it would “hinder” the bureau’s ability to “protect the American people from criminal acts,” according to the Wall Street Journal.

Apple famously fought the FBI’s attempt to force it through the courts to unlock an encrypted iPhone used by a terrorist in San Bernardino, California. At the time, Apple said that a iCloud backup on its servers was an option to get the same data.

Law enforcement officials around the world generally oppose encryption because it allows suspects to “go dark” and denies law enforcement access to potential evidence they could previously access under lower levels of security.

In 2018, Apple CEO Tim Cook said in an interview that one factor in Apple’s decision-making around end-to-end encrypted iCloud backups is that its users expect Apple to be able to help recover their data. If users forget their passwords, and they have Advanced Data Protection on, Apple won’t be able to restore the account because it doesn’t have the necessary encryption key.

Apple also announced two other security features on Wednesday. Users will soon be able to use a physical key as second-factor protection for Apple ID logins. Another update allows users facing significant security threats to confirm that text messages aren’t being intercepted.

Last year, in an apparent effort to appease law enforcement, Apple announced a system to scan for illegal content such as child sexual abuse materials using a complicated system that would still allow Apple to encrypt user photos on its servers. The system was opposed by privacy advocates who said that it would essentially allow Apple to scan people’s hard drives.

The development of the system has been stopped, according to The Wall Street Journal.