Apple on Wednesday announced a series of security and privacy enhancements the company is offering as a way to help people protect their data from hackers, including one that civil liberty and privacy advocates have been asking for a long time.
The tech giant will soon allow users to choose to secure more data saved on their iCloud using end-to-end encryption, which means that no one other than the user will be able to access this information.
Apple says the changes will help users protect their digital lives from hackers in the exceptional event that an advanced state actor is able to breach the company’s servers. But privacy advocates like Albert Fox Cahn, founder of the Surveillance Technology Oversight Project, say these changes could have a more immediate effect on the kinds of user data law enforcement and government agencies can obtain. ‘Apple. These changes “acknowledge the massive public backlash against widespread spying on our devices,” particularly following the Supreme Court’s strikedown of federal abortion protections, he said.
“This kind of protection is most valuable for protecting not cybercriminals, but people who abuse government power to force the company to hand over data,” Cahn said. “Apple has long been in the position where it needed to be the police long arm for years. Their law enforcement handbook shows dozens of ways they can help with investigations and now for people opting for protection. [feature]there will be a backup in the future.
This could be a source of concern for government agencies looking to obtain user data to aid in their investigations. Apple declined to say whether the company discussed the changes with law enforcement or government agencies.
Companies like Apple have become an increasingly attractive entity to hackers and law enforcement due to the vast amounts of information they hold about people. Recent years have brought a peak in the world cyberattacks and data breaches. In the first quarter of 2022, 404 data breaches were publicly reported, up 14% from the same quarter a year earlier, according to a report by Identity Theft Resource Center (ITRC). There was a 68% overall increase in data breaches between 2020 and 2021.
The number of requests for data from law enforcement and government received by Apple has also increased, according to the company’s latest transparency report. Between January and July 2021, the company received over 12,000 requests for various types of user information, up from over 10,000 in the last six months of 2020.
End-to-end encryption of user information stored in iCloud, which Apple calls “Advanced Data Protection for iCloud”, will first be rolled out to a small subset of test users before being widely launched in the states. States before the end of the year. and worldwide in 2023. The new deal will mean things like messages that are backed up to iCloud, notes and pictures would be fully encrypted.
However, the change won’t cover all data — contacts, calendar information, and emails won’t be encrypted — and users will need to voluntarily opt in to the feature. The encryption key, or code used to access this secure data, will be stored on the device. This means that if a user opting into this protection loses access to their account, they will be responsible for using their key to regain that access – Apple will no longer store encryption keys in iCloud.
The feature that is not enabled by default for all users remains a point of contention for privacy advocates.
“I am less critical of Apple for [not encrypting contacts, calendar information and email] given how difficult it would be to remove so many email programs and calendar tools,” Cahn said. “But I think the transition to privacy by default for iCloud is the most important step.”
The company says it opted in to these features because the system requires users to be responsible for encryption keys and other means of tracing and recovering access to this information. “If you lose access to your account, only you can recover that data, using your device’s passcode or password, recovery contact, or recovery key,” according to the website. ‘Apple.
In addition to iCloud data protection, Apple plans to roll out a physical security key system for people logging into their iCloud account on any new device. It acts as a hardware-based two-factor authentication system. For those who choose to use this additional layer of security, they will need to plug a physical security key into the phones charging port to verify their identity when logging into their iCloud account on a new device.
However, users who choose to use it to protect their iCloud accounts will be responsible for keeping these security keys – the master key and a backup.
Finally, the company is rolling out a code system that allows users to verify that their messages only reach the intended recipient and are not compromised by a hacker. The process may be familiar to users of the Signal encrypted messaging app. In the case of Apple, two people who have activated the system will be able to exchange their unique code and their devices will automatically detect if someone with a different code has entered the conversation. Automatic alerts will appear in conversations between users who have enabled this verification feature “if an exceptionally advanced adversary, such as a state-sponsored attacker, manages to break into cloud servers and insert their own device to eavesdrop these encrypted communications,” the company said in the press release announcing the products.