Apple has announced its plans to transfer iCloud encryption key management to account holders, a move which could stand in the way of or even prevent the FBI and other law enforcement agencies from requesting users’ information.
The tech giant currently manages the encryption key management for all iCloud account holders.
eWeek reports that because of this level of control, Apple provided federal authorities with several iCloud backups of Syed Rizwan Farook, an individual who participated in a mass shooting and attempted bombing in San Bernardino, California back in December. The company cooperated with authorities even as it refused to help them unlock the suspected terrorist’s iPhone.
But the times they are a-changin’.
Back in 2014, many account holders experienced a crisis of faith when a hacker allegedly leaked the nude pictures of several well known celebrities from their private iCloud accounts.
Although the breach may have been assisted by users falling for phishing messages, Apple vowed to explore ways to further enhance the security of its services and devices.
It is against this backdrop that we have seen the ongoing Apple-FBI controversy.
Over the past few months, several well known figures in the tech field, including the CEO of Google, have supported Apple’s decision to not comply with the FBI’s demands that it help authorities unlock Farook’s iPhone.
The future of this case is uncertain. Just recently, a federal court granted the FBI’s request to postpone all court proceedings while it takes the time to investigate a method of unlocking the suspected terrorist’s iPhone that would not require Apple’s assistance.
But even if the U.S. Department of Justice decides to drop this particular case, it is almost certain that the tech giant will face more and more requests to access customer data in the future.
With that in mind, Apple’s decision to hand over encryption key management to iCloud account holders will render many of these requests irrelevant. Without the encryption keys, Apple will have no way to access users’ encrypted iCloud data regardless of how much the U.S. government wants it.
The onus of data management will therefore shift to the users themselves.
There is admittedly some risk in that transition; if users forget their passwords, Apple will have no way of restoring access to their accounts. This might lead some users to create easy-to-remember passwords that by their nature could weaken the security of their iCloud accounts.
It is therefore important that iCloud users begin thinking about password security now. I recommend that users consider creating an account with one of the leading password managers (examples include Dashlane, LastPass and 1Password). These services not only remember passwords for users, but many of them can also generate strong passwords automatically.
A password manager could ultimately be the perfect tool to help iCloud users handle their own encryption key.
I would like to see Apple implement this as soon as possible and also allow users to confirm their data is encrypted.
However, and I'm on the fence with this, I think it may be a good idea to offer users the choice – i.e. have a 'high security' mode and a 'standard security' mode – both with enforced 2SV. Then the users who are concerned about forgetting their passwords and losing their data can elect for the 'standard security' (but in doing so government bodies can also access your data) and privacy conscious individuals can choose the 'high security' mode on the understanding that if you forget your password it's game over.
Maybe an optional, very long recovery key (like the 48 digit BitLocker key), could be offered to enable a master reset in the case of a forgotten password. Obviously I wouldn't expect Apple to escrow it anywhere and a user should never save it in the cloud. You could print it off and lock it up somewhere safe – that physical method would prevent it from being stolen by hackers.
The former NSA Director Michael Hayden is publicly backing companies who protect information using strong, unbreakable encryption. Video below.
https://www.aei.org/publication/gen-michael-hayden-on-apple-the-fbi-and-data-encryption/
For privacy conscious, read people with something bad to hide? Criminals are privacy conscious. I put defence of the realm and the fight against crime ahead of keeping our dirty little secrets from the gaze of others.
It's an imperfect world. Democratically elected state first, Apple second.
Chris bulk surveillance doesn't protect the defence of the realm. Being privacy conscious means maintaining your personal security.
Many readers of this blog will use encrypted services – are we all criminals?
If we were to ban encrypted services/make encryption illegal who do you think would benefit? Only the criminals would then have security and law-abiding citizens would get pillaged.
Encryption software can be downloaded from other countries or encrypted products bought from abroad. It would severely damage our economy trying to ban the stuff. Are we going to ban the import of books next? The source code could be imported… or should we have a 'Great Firewall of Great Britain' very much like China? Even theirs doesn't work properly.
Franklin was reported as saying: those who sacrifice liberty for security deserve neither.
You're suggesting we walk straight into a police state.
Remember we get told time and time again that terrorist atrocities were actually preventable but the authorities failed to act upon the information. The 'information' being gathered isn't being actioned.
Plus do you honestly believe that they use online services when they're planning their heinous attacks? Of course they're not; they don't want anybody to know what they're up to.
Bulk surveillance harms national security and many experts would disagree with you.
Too often do we hear about criminals hacking into online accounts and plundering their victim's secrets. If the former Director of the NSA (a man who has extensive experience in national security and intelligence gathering) speaks up for strong encryption what position are you in to contradict him? He was quoted as saying:
"I know encryption represents a particular challenge for the FBI," Hayden said. "But on balance, I actually think it creates greater security for the American nation than the alternative: a backdoor."
Many other experts, academics, technologies companies and government officials advocate strong, unbreakable encryption. It's only routine law enforcement who want access to it.
America have now allowed the FBI to use information that the NSA slurped up (originally for 'national security') to investigate ordinary, domestic crimes. It's very likely this will happen over here and it'll be abused by local councils and other agencies much like occurred with RIPA.
Australia have a similar system which has been found to be unworkable because the police are being inundated with useless/entirely innocuous information. They haystack is now so big that they're complaining about the level of information provided and that it's hindering their crime prevention capabilities. Australia also allow normal public bodies to use information (allegedly collected for national security) for other purposes. Some bodies also refuse to even admit they're recipients of that information for fear of harming their public image.
Once we start to collect information our authorities will start to abuse their power. One example is the current practice of the police who are now targeting football fans by abusing counter-terrorism laws.
Who will retain all of this information? It's massively expensive for ISP's and it risks creating repositories of extremely valuable information for hackers/blackmailers/private investigators. Look at TalkTalk for an example of how not to secure information.
Think of the recent iMessage flaw – if implementing strong cryptography is hard then think how much harder it'll be if we've got backdoors there.
By undermining security systems we're making it harder to maintain national security and several parliamentary committees all say this plan is unworkable. A very respected QC (who was given access to the most classified of information in order to write his report) severely criticised proposals to undermine encryption.
Your comments show a gross misunderstanding of the technology I'm afraid. You're even wrong on the 'defence of the realm' point unless you have evidence to back it up because every expert who works in that field (with access to operational intelligence) is contradicting you.
'Franklin was reported as saying: those who sacrifice liberty for security deserve neither.'
I thought it was more than that; not only would [they] not deserve liberty and security, they would also not keep it (obviously taking away liberty would prevent having it and indeed without liberty you won't have security [certainly not as much otherwise]). I'm sure he'd be impressed with the United States of America especially but probably also other nations that have similar beliefs.
But the US has already taken away liberties and they certainly haven't made things better for it (and they never will either). Obviously there isn't 100% security (in anything) but the US tends to create their own enemies – repeatedly and without learning.
I completely agree with you coyote. Privacy is a big deal with me not because I'm trying to hide anything. I do not need someone coming into my life and micromanaging it. I do that just fine myself and don't need someone who invaded my privacy to micromanage me at all.
Glad you agree; too many unfortunately do not.
But I would say this: you do have things to hide but you don't have crimes to hide. Those who say privacy isn't a big deal and then say they don't have anything to hide however not only hide their intentions but they are deceiving themselves (and many others but not everyone): they most certainly are hiding things like their banking credentials, their social security number (or whatever); and so on. We all have things to hide – even those who claim otherwise.
Secrecy is equally as important: the only thing that cannot be revealed are those things you do not tell anyone; the moment you tell someone (or write/type/etc.) something it is no longer a secret. You should keep your passwords secret (even if that is in your password manager) for example.
Privacy improves security (or adds to it); lack of privacy weakens security (or even takes it away). I get really angry when people will CC something to me when they include many others too (or actually anyone who doesn't know both of: my email address and that I do not want them forwarding the email on with my address there). There is nothing wrong with that and it's actually a good thing (if only people would use bcc more often).
On a slightly related note, I recall reading on the BBC a few days back that in France they paying for sex is now illegal. And some of the prostitutes protested with signs that said something (when translated to English) like "I do not need you to liberate me; I can take care of myself."
Thanks for the comments.
Chris, please don't make the mistake of confusing privacy and secrecy. For reasons of privacy I generally send snail mail in envelopes. Similarly, I would like my electronic communication to be private. Nothing wrong with that. Is there?
There is nothing wrong with secrecy, either.
Electronic communications can be intercepted and so too can other methods. Think of redacting things out of letters during a major war (WWII for example). Thieves also will go around in neighbourhoods and steal all sorts of things out of post boxes – including cheques or even cash (obviously cash is the most easily abused).
Meanwhile the things you keep secret – which is to say you don't give any hints and you don't tell anyone – remain secret. There are many things that should remain secret. I most certainly hold a lot of secrets and this will never change. But I'm not a criminal and I never will be. Everyone has a right to secrecy (and I challenge anyone to take that right away … torture usually only harms those trying to get information although they often enough get some information it doesn't mean it's true – and it shows they have no moral compass and lack ethics); everyone should have a right to privacy or if not that then it should be a privilege. But it's obviously neither even without espionage. How could it be? If you share something with someone it's no longer secret and even those you think you can trust can make mistakes – or betray you.
There is nothing wrong with secrecy and there is nothing wrong with privacy.
Let me see if I’ve got this straight, Chris. Anyone who values privacy and security is necessarily a criminal…is that what you’re saying? If so, you are headed for a lesson you’re going to have to learn the hard way when your data is compromised, your identity stolen, or you become the target of a police state action that misinterprets your innocent intentions according to some arbitrary screening criterion.
The mentality that sanctifies a coercive state simply because it is "democratically elected" leads straight to hell. Mr. Hitler was democratically elected by a majority so large that other politicians can only dream about achieving.
Apple simply wants to place the responsibility for the security of users' data squarely where it belongs—on users. I don't want Apple to be my nanny, and I sure as hell don't need them to serve as an unpaid proxy for a state that already is far too aggressively curtailing the liberty of perfectly harmless people in the name of “defense of the realm”.
'Mr. Hitler was democratically elected by a majority so large that other politicians can only dream about achieving.'
For Chancellor? Yes. But of course the fact he managed to get the NSDAP many seats in the Reichstag meant he could then do so and (as soon as Hindenburg died in 1934) become Führer (and his last will mandated that the government be split back to President and Chancellor although once Goebbels committed suicide it was sort of moot until the Allies arrested them). von Papen also helped him with becoming Chancellor (albeit not with the goal it would become). The Enabling Act was also brilliant. So was the realisation that the youth were the easiest to manipulate hence Hitlerjugend. And the disaster Germany was in because of the Treaty of Versailles and the Great Depression certainly helped him. So did his influence (and spellbinding presence and speaking abilities). He also understood that people not only want but NEED some trouble (though most won't accept this as true it is true). So yes he was democratically elected – sort of. But on the other hand, the United States of America is hardly a democracy. And I ask you: what kind of democratic state would invade another country and then force the fallen state to become a 'democracy'? And what kind of democracy is the new state? The answer: the same kind of 'democracy' that was forced upon Germany after WW I.
Your points are still valid, though; he's asking for trouble and the hard way. And I'll go so far as to say he'll deserve it (though I don't wish harm on anyone in general when you actually are hiding the fact you have something to hide [which by itself is hiding], and accusing OTHERS who have things to hide being criminals, and the fact he thinks privacy isn't as important as the government … I'm not sympathetic here because why should I feel sorry for a hypocrite who thinks themselves superior enough to say that no one should have privacy of their own data including pictures?).
I'm sure Chris, that you would have said the same to Ernst Kaltenbrunner, too. Correct?
In that case I admire your courage and extreme foolishness (or at least the courage).
Obviously it is an imperfect world. And really only fools will make the claim that the United States of America is a democracy. That's complete rubbish. Even then when was the last time an American citizen voted FBI staff? You're lying to yourself.
Incidentally, since you have nothing to hide, would you kindly give me your ID, your bank account, your home address and while you're at it would you send in post your house and car keys? Thanks!
(The last part means as much as: you not only have things to hide but you hide your intentions / make false claims too)
I absolutely agree with Bob and Keith here. There is a BIG difference between privacy and secrecy. It is silly to assume that someone wants privacy only because they're a criminal.
Chris, you should bear in mind that metadata is far more valuable to the police than content. Take a mobile phone as an example. Knowing whom a person contacted, on what date, at what time, at which location the parties were at and the duration of the calls is far more valuable than content.
Metadata can't be encrypted and this iCloud change won't be of much benefit to the criminal fraternity. It *will* protect the data of innocent, law-abiding, privacy conscious users.
You'll find that most criminals make elementary mistakes which renders encryption useless. Even the most technologically savvy of individuals find encryption clunky and difficult to use.
The other point you should consider is that if somebody is a suspect then encryption won't prevent the authorities from hacking the device and defeating encryption.
All this iCloud change means is that the public at large are protected from indiscriminate, intrusive surveillance.
There was an independent study which showed that encryption defeated the grand total of 0 investigations – i.e. there was no evidence that encryption hindered law enforcement. There are a number of ways for the police to get in if they need to. Therefore to reiterate my earlier point all that the iCloud changes mean is that criminals won't be able to access your content nor will Apple nor will the police unless they believe you're a suspect. It stops bulk surveillance. It protects the innocent.
Terrorists meet in person away from the glare of technology. Encryption was not found to have been used in the Paris attacks nor has there been any suggestion it has prevented any serious investigations.
Who's to say that they won't communication using codewords. Passing a message on such as "Are we going out later?" could be the command that they communicate. Totally innocuous at first glance but unless you're a mind reader then even if that message is unencrypted it's meaningless.
The "democratically elected state" have chosen not to ban encryption. That speaks volumes and totally undermines your point.
The same democratically elected state failed to investigate serious paedophile rings, outlawed homosexuality, covered up abuse in the NHS and also (to this day) have the ability to prosecute computer investigators who inadvertently come across serious sexual images. That's right – I.T. repair guys can be prosecuted if they come across illegal pornography – that's why a number of repair shops have policies which mean they refuse to report such activity to the police. In reality they ask for people to wipe personal data prior to taking it in for repair. Surely we should be encouraging reporting horrendous images of abuse!
The problem with relying upon the democratically elected state to protect us is sometimes they get things wrong.
Senator Lindsey Graham was ignorant of the reality – he was expressing the same view that you are – but now he's admitted he was WRONG (during a public hearing video; you can watch in on YouTube) after receiving briefings from the intelligence community:
“I was all with you until I actually started getting briefed by the people in the Intel Community,” Graham told Attorney General Loretta Lynch during an oversight hearing in the Senate Judiciary Committee. “I will say that I’m a person that’s been moved by the arguments about the precedent we set and the damage we might be doing to our own national security.”
What is to stop the FBI, or other agencies, putting pressure on the password management companies to release customer data? This is just Apple passing the buck.
Decent password managers encrypt your password database with your password and do some other fancy stuff to stop them from being broken into easily.
A lot of password manager companies are based overseas (a problem the FBI and NSA have created – nobody trusts the American tech companies anymore) where they aren't susceptible to pressure from the FBI.
Some password managers are open source which means anybody can look at the computer code to make sure there are no backdoors.
Basically if the password manager is designed properly then not even the company who designed it are able to break the encryption. If a malicious password management company were to put a backdoor in their code then it'd soon be spotted and that company's reputable in tatters.
The most respected, longest serving password manager which is fully open source is KeePass followed by Password Safe.
http://keepass.info/
https://pwsafe.org/
For cross platform support (Windows, Mac, iOS, Android) look at 1Password and read their blog posts about why they don't agree with (nor do they use) backdoors:
https://1password.com/
https://blog.agilebits.com/2015/04/29/back-doors-are-bad-for-security-architecture/
https://blog.agilebits.com/2013/09/06/1password-and-the-crypto-wars/
'A lot of password manager companies are based overseas (a problem the FBI and NSA have created – nobody trusts the American tech companies anymore) where they aren't susceptible to pressure from the FBI.'
Problem? Only to the Americans perhaps. And indeed they created the 'problem'. But as for American corporations and trust? I think I would trust them much more than the American government. Not that I would trust any government (even though they are needed) but America being trusted in things like this and interfering in other nations affairs? I've known children that know better than that!
Who says all password managers are remote? Last I knew my password manager is local to this specific computer only. Thanks for informing me that I (stupidly!) uploaded it all!
And not everyone uses password managers.
No, this is Apple being responsible.
It's a problem because American companies can be served a National Sceurity Letter which gags the company from ever speaking out on pain of lifetime imprisonment. I'd say that's a massive trust risk considering the highly sensitive information that password managers are designed to keep. It's therefore misplaced trust to believe companies over the government because the latter can secretly compel the former.
KeePass and Password Safe are both examples of local password managers. Remember that LastPass have now been sold to the same people who destroyed LogMeIn and they've lost a substantial part of their customer base.
I think you misunderstood me.
I meant that the FBI might call it a problem but as far as countries in another jurisdiction they (the FBI) have themselves to blame (as you say) and more importantly what can they do about it? So it's a problem perhaps for the American government but it could also be a blessing for those using said services. Or then again maybe not in some cases or in some ways.
And I vaguely recall that about LastPass; personally I don't use a GUI password manager although if I had it'd likely be KeePass (but I would evaluate what is available before I decided). Even then I would only use an open source password manager (and for all I know LastPass is … I only know that KeePass is .. at least it was last I knew). Regardless, the point about local password managers is that if the FBI (or any other entity) were bullying the corporations it is frankly irrelevant to someone who doesn't use online services. For this I'm obviously ignoring backdoors and the like (but that is always a problem).
And it's true that trusting corporations is potentially dangerous but I was more getting at that governments are less trustworthy and whilst I would argue that it is especially true for the US it still isn't to say that other countries should be trusted; they shouldn't be.
Despite the adverse side-effect of putting the burden on the users I would like them to do this. Everyone has something to hide – even those who make claims that only criminals have information to hide. Not true. It's easy to prove otherwise although those with the mentality of you have nothing to fear if you have nothing ot hide won't easily see the truth (and neither do they realise that they most likely condemn regimes with that mentality). Bob's additional ideas are worth considering too.
I can't think of a better reason for sticking with Apple than this discussion. It shows they are more keen on my wellbeing than the FBI. And she. It comes to the privacy/secrecy debate, I wear clothes for privacy's sake, though I've nothing more to hide than the rest of my gender!