While Apple can’t unlock an end-to-end encrypted iPhone for the police, the company can access iCloud data and share it with law enforcement. That’s because Apple also holds the keys to iCloud backups. But Apple planned a few years ago to let users fully encrypt iCloud backups, but the feature was never released. A new report says that Apple dropped plans to enable full encryption for iCloud after the FBI complained.
Apple and the FBI are again fighting over end-to-end encryption over the two iPhones belonging to a Saudi Air Force officer who killed three people at a Pensacola, Florida naval base. U.S. Attorney General William Barr and President Donald Trump both urged Apple to unlock these devices, something the company can’t do. Apple has said that it turned over the contents of the iPhones’ iCloud backups to authorities, rejecting the idea that it “has not provided substantive assistance.”
A similar case occurred a few years ago following the San Bernardino shooting. The FBI backed down at the time, after finding an alternative for hacking the iPhones. The FBI wanted Apple to build a backdoor into iOS that would allow Apple to retrieve data from devices that were part of criminal investigations. Such a measure would diminish the security of all iOS users, as a backdoor could be used by hackers looking for vulnerabilities.
In fact, it would appear that the Pensacola phones are much older iPhones, whose security can be bypassed by various forensic tools available to the FBI and other agencies.
Six people familiar with Apple’s plans, including a current and former Apple employee, and a current and three former FBI agents, told Reuters that Apple sought to deploy full backup encryption a couple of years ago.
Such backup protection would make it impossible for Apple to access iCloud backups, and the company could not turn any evidence over to law enforcement. Sensitive data, including saved passwords and health data, isn’t accessible in backups. However, data from iMessage, WhatsApp, and other encrypted apps are available to Apple when backed to iCloud, and such data that can help with investigations.
But Apple dropped the plan after private talks with the FBI. The bureau complained that a lack of iCloud data could deny them access to evidence against suspects. Law enforcement can perform iCloud searches in secret with Apple’s help, without requiring physical access to a device, never tipping off the suspect.
Apple never explained why it killed the projects, the report notes, but the FBI’s stance on the matter may have played a significant role. A person familiar with the matter said Apple did not want to risk being attacked by public officials for protecting criminals, or sued for withholding data. Also, it didn’t want to offer authorities an excuse for new anti-encryption legislation.
One other reason for dropping iCloud encryption has to do with users. Customers might find themselves locked out of their data after forgetting iCloud credentials, and Apple would not be able to assist if those backups were fully encrypted.