Skip to main content

Apple reportedly scrapped plans to fully secure iCloud backups after FBI intervention

Apple reportedly scrapped plans to fully secure iCloud backups after FBI intervention

/

Apple can’t read your device data, but it can read your backups

Share this story

Illustration by Alex Castro / The Verge

Apple reportedly dropped plans to fully secure users’ iPhone and iPad backups after the FBI complained about the initiative, reports Reuters.

Apple devices have a well-deserved reputation for protecting on-device data, but backups made using iCloud are a different matter. This information is encrypted to stop attackers, but Apple holds the keys to decrypt it and shares it with police and governments when legally required.

“Legal killed it, for reasons you can imagine.”

Privacy advocates like the Electronic Frontier Foundation have long criticized this arrangement, but Apple says it’s needed for when users are locked out of their account. For iCloud backups, “our users have a key and we have one,” said CEO Tim Cook in 2019. “We do this because some users lose or forget their key and then expect help from us to get their data back.”

Back in 2018, Apple reportedly planned to close this loophole by applying the same end-to-end encryption used on devices to users’ iCloud backups — but the plan never moved forward. Reuters now says the iPhone maker reversed course after talking to the FBI about the issue.

One former Apple employee told the publication: “Legal killed it, for reasons you can imagine.”

The source said the decision was influenced by Apple’s long court battle in 2016 with the FBI over an iPhone belonging to one of the San Bernardino shooters. The FBI demanded that Apple build a backdoor into its own devices, but Apple refused, saying this would permanently undermine its security. Eventually, the FBI found its own way in.

According to the former employee Reuters spoke to, Apple didn’t want to aggravate the FBI further by locking it out of iCloud backups. “They decided they weren’t going to poke the bear anymore,” said the source.

In meetings with the agency, FBI officials told Apple that the plan would harm its investigations. The FBI and other law enforcement bodies regularly ask Apple to decrypt iCloud data, and in the first half of 2019, they requested access to thousands of accounts. Apple says it complies with 90 percent of such requests.

Apple can’t access users’ devices, but it can read their backups

One former FBI official who was not involved with these talks told Reuters that Apple was won over by the agency. “It’s because Apple was convinced,” said the source. “Outside of that public spat over San Bernardino, Apple gets along with the federal government.”

As mentioned earlier, Apple may have been motivated by user convenience for dropping fully encrypted backups, and Reuters says that, ultimately, it “could not determine why exactly Apple dropped the plan.”

The report is timely considering confrontations between Apple and law enforcement agencies have sprung back to life this month, with the FBI demanding access to another phone, this one connected to a shooting at a Pensacola naval base last December.

The White House has hit Apple hard on the issue, with Attorney General William Barr and President Donald Trump launching attacks on the company. “We are helping Apple all of the time on TRADE and so many other issues, and yet they refuse to unlock phones used by killers, drug dealers and other violent criminal elements,” Trump tweeted this month.

Apple has rejected these criticisms, particularly Barr’s accusation that the company has provided no “substantive assistance” to the FBI. Reuters’ report about the company reversing plans to fully encrypt iCloud backups gives some credence to this claim. The Verge has reached out to Apple for comment.