Apple has signalled that it plans to upgrade the security on its iCloud cloud service so that even Apple can’t access the data it’s storing.
From the Financial Times:
Apple is working on new ways to strengthen the encryption of customers’ iCloud backups in a way that would make it impossible for the company to comply with valid requests for data from law enforcement, according to people familiar with its plans.
What Apple is expected to do is to move to a “zero-knowledge” cloud system.
Its iMessage is one example of such a system. Apple never sees the content of your blue bubbles — the data Apple transfers is always encrypted in transit, and only decrypted on the user’s device.
Ostensibly, the move to make iCloud’s encryption stronger is a response to the recent battle between Apple and the FBI. A zero-knowledge system means that Apple knows nothing about the data stored on its servers, and therefore wouldn’t be able to help out law enforcement, even for valid requests.
Apple has received and filled hundreds of valid iCloud requests from law enforcement.
There are two major downsides to a fully encrypted iCloud from a user’s perspective.
First, true zero-knowledge iCloud would likely mean that Apple could not reset users’ passwords. So if somebody loses his or her password, it’s possible that important data such as documents, photos, and messages would be lost forever.
For example, aside from unlocking orders from law enforcement, Apple often fields requests from angry relatives who want to get into deceased relatives’ iPhones and iPads.
For example, earlier this year, a Canadian woman called it “ridiculous nonsense” that Apple wouldn’t give her late husband’s Apple ID password to her without a court order.
If Apple said that it couldn’t fill that request at all, that could seriously ding the company’s reputation for being user-friendly.
Another major downside is that a zero-knowledge system would mean that Apple wouldn’t be able to use the data included in iCloud to provide better services through artificial-intelligence techniques.
Google, for example, scours photos uploaded to its servers for data to feed its machine-learning technology. This allows users to search for concepts like “cat” or “beach” and Google Photos can return images that depict those things.
Because a zero-knowledge infrastructure would prevent Apple from analysing uploaded photos, a feature like that wouldn’t be possible — or would be significantly harder — with a fully encrypted iCloud.
Apple’s machine-learning abilities are behind Google and Microsoft for now, but software that learns will only become more important going forward.
That, of course, assumes Apple even wants to do that. CEO Tim Cook has signalled that Apple considers its stance on privacy to be a feature, not a bug.
A zero-knowledge iCloud could still be great for iPhone users even if they’re not worried about federal criminal investigations.
A more secure encrypted system would make it significantly less likely for hackers to be able to talk their way into Apple performing password resets to download backed-up photos and texts — a hacking method commonly called social engineering. This is what happened in 2014 when a slew of leaked celebrity photos were exfiltrated from iCloud and posted on the internet.
For Apple, it’s a move that could make iCloud a more attractive service to privacy-minded consumers, and it will help Apple take on Google, Microsoft, Amazon, and the other technology giants who currently dominate online services.
If iCloud were fully encrypted, the service would have a clear identity that it previously lacked. Cloud services like Google Drive, Dropbox, and Microsoft’s OneDrive are not encrypted so that they cannot read the data of their users and probably will never be, given the way those firms build features and monetise their cloud storage.
Apple could finally point to a reason to use iCloud over its competitors: privacy and security.
While online services may not be Apple’s strong suit, in recent years, designing systems with maximum security has become a strength. iMessage, for example, reliably delivers as many as 200,000 messages per second, and it’s seriously secure, too.
Ultimately, one outcome might be that Apple could decide not to port its services to competing platforms, as has been suggested. The company’s approach to digital security involves cryptographic keys built into the physical devices that Apple designs. So, say, moving iMessage to Android or the web while keeping cryptographic standards may be a significant challenge.
Apple’s security engineers are a “tight-knit tribe of hackers” with “almost unparalleled power around the company’s Cupertino campus,” according to the Guardian. Now they have been empowered to revamp Apple’s iCloud around security — and that’s good news for privacy-minded Apple users.