Main menu


Apple updates: better iCloud security AND less privacy?

Apple has made two important announcements that will improve the privacy of its users, and which could have significant beneficial effects around the world:

  1. Wired reported that Apple had dropped plans to introduce it client-side image scanning stored in iCloud Photos, announced last year.
  2. Apple aims to bring end-to-end encryption to iCloud.

While the first would be a terrible setback for the privacy of individuals, the second… is quite the opposite. In particular, governments and official authorities around the world oppose individual privacy in the name of law enforcement.

Curiously, the tech giants also object to authorities being able to access individual communications whenever they deem it necessary.

What is Apple Planning?

First, Apple scanning images stored in your iCloud would set a terrible precedent – it would mean that Apple could take over people’s phones without asking permission. Client-side scanning was also being touted by governments as an example of technology that can be used to detect child sexual exploitation material (CSAM).

Naturally, everyone agrees that CSAM is an extremely serious problem that needs to be tackled urgently, but client-side analytics is not the solution because it suffers from serious drawbacks, as we mentioned earlier. The fact that Apple has abandoned plans to develop this technology will make it harder for governments to claim that this is a solution that already exists and should therefore be widely implemented.

Second, Apple’s other major announcement concerns end-to-end encryption:

iCloud already protects 14 categories of sensitive data using end-to-end encryption by default, including passwords in iCloud Keychain and health data. For users who enable Advanced Data Protection, the total number of data categories protected using end-to-end encryption increases to 23, including iCloud backup, Notes, and Photos. The only major categories of iCloud data that are not covered are iCloud Mail, Contacts, and Calendar due to the need to interact with global mail, contacts, and calendar systems.

The biggest addition to the list of data categories that use end-to-end encryption by default is iCloud Backup. It’s essentially a copy of all the data on a user’s device, and therefore of great interest to law enforcement, as it potentially allows them to search through the content of a device without the need for the device itself.

Following Apple’s latest decision, even if the company agrees to share iCloud data with authorities, it will be encrypted in such a way that only the owner can decrypt it – Apple does not hold the corresponding key.

Governments want access to your privacy

Governments around the world are fighting to undermine end-to-end encryption. They claim that law enforcement should have immediate access to everything, if needed, but end-to-end encryption makes that impossible.

One of the countries at the forefront of the attack on individual privacy is… the UK. the Online security bill is in the final stages of the legislative process and contains measures that would seriously undermine encryption. A legal analysis commissioned by Index on Censorship explains what the law says in this area:

Targeted companies will be forced to mass monitor and scan private communications to avoid the risk of being hit with fines of up to £18million. [around $22 million] or 10% of a company’s annual worldwide turnover, whichever is greater. This will inevitably include the choice to comply with backdoor demands and give UK-only users less protection for their private messages, or opt out of the UK altogether if the demands conflict with the companies’ own red lines on encryption technology and the services they provide.

The UK is not the only country against individual privacy

One of the bill’s most vocal critics is WhatsApp, owned by Meta. His British boss, Will Cathcart, said“The harsh reality is that we offer a global product. It would be a very difficult decision for us to make a change where 100% of our users would reduce their security. The only alternative would be to remove WhatsApp from the UK completely. While this is a drastic measure, it reflects the fact that there are no magic bullets that allow governments to gain access while ensuring that users’ privacy is fully protected.

Unfortunately, the UK is far from alone in passing a new law that would effectively ban end-to-end encryption. As we reported In October, the European Union is well underway with its own plans to force providers to search all private chats, messages and emails for “suspicious content”. What was dubbedconversation controlby its adversaries would require companies to break end-to-end encryption in order to perform these searches.

Leaving the UK market is perhaps something companies could consider, given its relatively small size, but leaving the much larger EU is probably not something they would be willing to do.

India is another key market, especially for its future potential as a new economic superpower alongside the US, EU and China. It also discusses a new law that would require internet companies to make currently encrypted conversation content available to authorities. As the Hindustan Times explainsSection 24 of the bill “empowers the government to be able to intercept messages, calls on platforms such as WhatsApp and Signal, which are encrypted – meaning they are not stored and remain private between users, in accordance with company policy.

The United States could lead the fight for individual privacy

In the United States, things are not so bad, but there is still a threat to end-to-end encryption in the form of the “Child Online Safety Act(KOSA), currently under discussion. In late November, a coalition of more than 90 organizations sent a letter to Congress explaining why KOSA is likely to be harmful to children. It includes the following reason:

By creating strong incentives to filter and allow parental controls on content that minors can access, KOSA could also compromise young people’s access to the end-to-end encrypted technologies they depend on to access mental health-related resources. and to protect their data. .bad actors.

In this context, Apple’s decision to add end-to-end encryption to its iCloud backup is significant. This will alert many people to the need for this feature – Google seems to have noticed And make it harder for governments to call for its weakening or removal.

It’s still unclear exactly how this epic battle between trillion-dollar corporations and national law enforcement will end; but what is certain is its importance for the future of digital privacy.

Featured image created with Steady broadcast.