Skip to main content

Apple reportedly scrapped plans to fully secure iCloud backups after FBI intervention

Apple reportedly scrapped plans to fully secure iCloud backups after FBI intervention


Apple can’t read your device data, but it can read your backups

Share this story

Illustration by Alex Castro / The Verge

Apple reportedly dropped plans to fully secure users’ iPhone and iPad backups after the FBI complained about the initiative, reports Reuters.

Apple devices have a well-deserved reputation for protecting on-device data, but backups made using iCloud are a different matter. This information is encrypted to stop attackers, but Apple holds the keys to decrypt it and shares it with police and governments when legally required.

“Legal killed it, for reasons you can imagine.”

Privacy advocates like the Electronic Frontier Foundation have long criticized this arrangement, but Apple says it’s needed for when users are locked out of their account. For iCloud backups, “our users have a key and we have one,” said CEO Tim Cook in 2019. “We do this because some users lose or forget their key and then expect help from us to get their data back.”

Back in 2018, Apple reportedly planned to close this loophole by applying the same end-to-end encryption used on devices to users’ iCloud backups — but the plan never moved forward. Reuters now says the iPhone maker reversed course after talking to the FBI about the issue.

One former Apple employee told the publication: “Legal killed it, for reasons you can imagine.”

The source said the decision was influenced by Apple’s long court battle in 2016 with the FBI over an iPhone belonging to one of the San Bernardino shooters. The FBI demanded that Apple build a backdoor into its own devices, but Apple refused, saying this would permanently undermine its security. Eventually, the FBI found its own way in.

According to the former employee Reuters spoke to, Apple didn’t want to aggravate the FBI further by locking it out of iCloud backups. “They decided they weren’t going to poke the bear anymore,” said the source.

In meetings with the agency, FBI officials told Apple that the plan would harm its investigations. The FBI and other law enforcement bodies regularly ask Apple to decrypt iCloud data, and in the first half of 2019, they requested access to thousands of accounts. Apple says it complies with 90 percent of such requests.

Apple can’t access users’ devices, but it can read their backups

One former FBI official who was not involved with these talks told Reuters that Apple was won over by the agency. “It’s because Apple was convinced,” said the source. “Outside of that public spat over San Bernardino, Apple gets along with the federal government.”

As mentioned earlier, Apple may have been motivated by user convenience for dropping fully encrypted backups, and Reuters says that, ultimately, it “could not determine why exactly Apple dropped the plan.”

The report is timely considering confrontations between Apple and law enforcement agencies have sprung back to life this month, with the FBI demanding access to another phone, this one connected to a shooting at a Pensacola naval base last December.

The White House has hit Apple hard on the issue, with Attorney General William Barr and President Donald Trump launching attacks on the company. “We are helping Apple all of the time on TRADE and so many other issues, and yet they refuse to unlock phones used by killers, drug dealers and other violent criminal elements,” Trump tweeted this month.

Apple has rejected these criticisms, particularly Barr’s accusation that the company has provided no “substantive assistance” to the FBI. Reuters’ report about the company reversing plans to fully encrypt iCloud backups gives some credence to this claim. The Verge has reached out to Apple for comment.

Today’s Storystream

Feed refreshed 29 minutes ago The tablet didn’t call that play by itself

The Verge
Mary Beth Griggs29 minutes ago
We’re about an hour away from a space crash.

At 7:14PM ET, a NASA spacecraft is going to smash into an asteroid! Coverage of the collision — called the Double Asteroid Redirection Test — is now live.

Emma RothAn hour ago
There’s a surprise in the sky tonight.

Jupiter will be about 367 million miles away from Earth this evening. While that may seem like a long way, it’s the closest it’s been to our home planet since 1963.

During this time, Jupiter will be visible to the naked eye (but binoculars can help). You can check where and when you can get a glimpse of the gas giant from this website.

Asian America learns how to hit back

The desperate, confused, righteous campaign to stop Asian hate

Esther Wang12:00 PM UTC
Emma Roth7:16 PM UTC
Missing classic Mario?

One fan, who goes by the name Metroid Mike 64 on Twitter, just built a full-on 2D Mario game inside Super Mario Maker 2 complete with 40 levels and eight worlds.

Looking at the gameplay shared on Twitter is enough to make me want to break out my SNES, or at least buy Super Mario Maker 2 so I can play this epic retro revamp.

External Link
Russell Brandom7:13 PM UTC
The US might still force TikTok into a data security deal with Oracle.

The New York Times says the White House is still working on TikTok’s Trump-era data security deal, which has been in a weird limbo for nearly two years now. The terms are basically the same: Oracle plays babysitter but the app doesn’t get banned. Maybe it will happen now, though?

Richard Lawler6:54 PM UTC
Don’t miss this dive into Guillermo del Toro’s stop-motion Pinocchio flick.

Andrew Webster and Charles Pulliam-Moore covered Netflix’s Tudum reveals (yes, it’s going to keep using that brand name) over the weekend as the streamer showed off things that haven’t been canceled yet.

Beyond The Way of the Househusband season two news and timing information about two The Witcher projects, you should make time for this incredible behind-the-scenes video showing the process of making Pinocchio.

External Link
Russell Brandom4:29 PM UTC
Edward Snowden has been granted Russian citizenship.

The NSA whistleblower has been living in Russia for the 9 years — first as a refugee, then on a series of temporary residency permits. He applied for Russian citizenship in November 2020, but has said he won’t renounce his status as a U.S. citizen.

External Link
Emma Roth4:13 PM UTC
Netflix’s gaming bet gets even bigger.

Even though fewer than one percent of Netflix subscribers have tried its mobile games, Netflix just opened up another studio in Finland after acquiring the Helsinki-based Next Games earlier this year.

The former vice president of Zynga Games, Marko Lastikka, will serve as the studio director. His track record includes working on SimCity BuildIt for EA and FarmVille 3.

External Link
Andrew J. Hawkins3:37 PM UTC
Vietnam’s EV aspirant is giving big Potemkin village vibes

Idle equipment, absent workers, deserted villages, an empty swimming pool. VinFast is Vietnam’s answer to Tesla, with the goal of making 1 million EVs in the next 5-6 years to sell to customers US, Canada and Europe. With these lofty goals, the company invited a bunch of social media influencers, as well as some auto journalists, on a “a four-day, multicity extravaganza” that seemed more weird than convincing, according to Bloomberg.

James Vincent3:17 PM UTC
Today, 39 years ago, the world didn’t end.

And it’s thanks to one man: Stanislav Petrov, a USSR military officer who, on September 26th, 1983, took the decision not to launch a retaliatory nuclear attack against the US. Petrov correctly guessed that satellite readings showing inbound nukes were faulty, and so likely saved the world from nuclear war. As journalist Tom Chivers put it on Twitter, “Happy Stanislav Petrov Day to those who celebrate!” Read more about Petrov’s life here.

Soviet Colonel who prevented 1983 nuclear response
Photo by Scott Peterson/Getty Images
The Verge
James Vincent3:03 PM UTC
Deepfakes were made for Disney.

You might have seen the news this weekend that the voice of James Earl Jones is being cloned using AI so his performance as Darth Vader in Star Wars can live on forever.

Reading the story, it struck me how perfect deepfakes are for Disney — a company that profits from original characters, fans' nostalgia, and an uncanny ability to twist copyright law to its liking. And now, with deepfakes, Disney’s most iconic performances will live on forever, ensuring the magic never dies.

External Link
Elizabeth Lopatto2:41 PM UTC
Hurricane Fiona ratcheted up tensions about crypto bros in Puerto Rico.

“An official emergency has been declared, which means in the tax program, your physical presence time is suspended,” a crypto investor posted on TikTok. “So I am headed out of the island.” Perhaps predictably, locals are furious.

The Verge
Richard Lawler2:09 PM UTC
Teen hacking suspect linked to GTA 6 leak and Uber security breach charged in London.

City of London police tweeted Saturday that the teenager arrested on suspicion of hacking has been charged with “two counts of breach of bail conditions and two counts of computer misuse.”

They haven’t confirmed any connection with the GTA 6 leak or Uber hack, but the details line up with those incidents, as well as a suspect arrested this spring for the Lapsus$ breaches.