For years, Apple has protected users' health data, passwords, credit card, and other payment info on iCloud through end-to-end encryption, which prevents third parties from accessing data while it is being transferred from one end system or device to another. But users' photos, notes, and iCloud backup remained unencrypted and thus, vulnerable to anyone able to gain access to iCloud.
That changed last week, when Apple announced Advanced Data Protection for iCloud, which the company says will bring the highest level of security to more sensitive information and data stored on iCloud.
Matthew Green, a nationally recognized cryptography expert and associate professor at the Johns Hopkins University Information Security Institute and the Whiting School of Engineering's Department of Computer Science, hailed the move and sat down with the Hub to discuss its implications.
Why is it a big deal that Apple is introducing new data protection for users?
Apple has spent years building the infrastructure needed to enable end-to-end backup for iCloud. This means backup that ensures that you are the only one who can access your own data: not hackers, not law enforcement, not the government, and not even Apple.
The interesting thing is that even though Apple had the infrastructure to do this eight years ago, it didn't. It limited the use of end-to-end encryption to things like protecting your passwords and guarding your web history. But that left your photos, notes, etc., accessible to anyone who managed to get into iCloud. This new feature changes that.
One thing to note is this new capability will require users to opt in. This means users will only receive the new encryption features if they activate the feature by turning on a switch in their phone's Settings menu. It also means that users who activate the feature will be at risk of losing their backups if they forget their phone password. To mitigate this risk, Apple is building in a new "social backup" feature that lets you appoint a friend to help you recover your backups if that ever happens. Apple is hoping that this combination will make encryption workable for most iPhone and Mac users. These features will help to stop an entire range of hacking attacks that criminals use to steal user data and extort vulnerable people.
If Apple had the capability to protect this data, why the wait to deploy it?
There is a lot of speculation about that. Two years ago, Reuters reported that the FBI pressured the company into dropping plans to enable that feature, saying it would harm investigations. This is because many police investigations have relied on access to phone backups that Apple was able to hand over when presented with a warrant. That won't be possible anymore. In fact, when Apple announced the new iCloud data protection measures last week, FBI sources told The Washington Post they were "deeply concerned" with the threat that user-controlled encryption poses and that it "hinders our ability to protect the American people from criminal acts ranging from cyber-attacks and violence against children to drug trafficking, organized crime, and terrorism."
But it appears that Apple has overcome these concerns.
Do you expect this move by Apple to spur competitors like Samsung or Google to offer similar levels of security?
Absolutely, because Apple sets the standard on what secure consumer cloud backup looks like. There is little question in my mind that competitors all over the industry will chase them.
I should say that Google and WhatsApp deserve credit for deploying some of this end-to-end backup tech on their own. But I think this move by Apple creates a dynamic where companies will continue to compete to offer consumers better privacy features, making it a challenge for any company not to step up and offer these protections themselves.
The positive side to this for consumers is that it will no doubt result in a better and more secure experience. And if things continue in this vein, my hope is that, in the future, end-to-end user controlled encryption will be turned on by default, or users will be strongly encouraged to turn it on for their own protection. Apple's two-factor authentication—a feature where attempts to log in to your iCloud account require a one-time passcode sent to your phone—provides a good example of this, because although this protection is optional right now, about 95% of Apple's customers use it.
What other security enhancements is Apple introducing?
One improves iMessage—Apple's end-to-end encrypted messaging service—by preventing someone from adding new devices to your account without permission. This makes it much harder for a hacker to read your encrypted text messages. Again, you have to opt in, but if you do, it puts into place a sort of "key transparency" that makes it harder for people to add new devices that can receive your iMessage chats. While the feature isn't something most people think about, it eliminates one of iMessage's big weaknesses: that Apple can be hacked or forced to bypass the iMessage encryption.
It is important to note that there is no reason to think this has ever happened, but some governments have argued that systems like Apple's iMessage are vulnerable to this type of attack.
Finally, Apple has made a bunch of nice improvements around account access—including providing support for hardware security keys to protect sensitive corporate accounts. These features are used widely by enterprises, who rely on these keys to prevent phishing attacks and other account takeovers. All of these protections are features that enterprises in particular will really like.
What else should consumers know about Apple's new security features?
The bottom line is that something important has happened in Cupertino. Whereas previously, Apple was obviously hesitant about deploying beefed up encryption features, it is clear that now they are putting the gas pedal down. It's not clear what changed, but whatever it is, I am glad to see it.