The iCloud Loophole With iPhone Encryption

3 March 2016

The Verge:

But there’s an exception, a loophole, in Apple’s unyielding stance on privacy and encryption: its iCloud service, and, specifically, iCloud Backup — the convenient and comforting automatic way in which iPhones and iPads back themselves up to the cloud daily.

Unlike the iPhone hardware itself, Apple retains the ability to decrypt most of what’s in an iCloud backup. And the company on occasion turns the contents of iCloud backups over to the FBI and other law enforcement agencies when a proper legal warrant or court order is presented.

This is correct, at least with current Apple devices and operating systems. I think the iCloud loophole has been overlooked in the current Apple/FBI court proceedings. The FBI seems to conduct its current business with the foregone belief that the ability to retrieve and decrypt iCloud backups will always exist. Even Apple has helped solidify this feeling, by focusing so much on the password reset blunder that prevented more recent iCloud backups in the San Bernardino case from being available to law enforcement. I think the FBI mindset is that if Apple remains steadfast in its right to lock down the physical phone, it will at least have iCloud backups to fallback to.

No one on at the congressional hearing brought up a future scenario where iCloud backups are not decryptable. I think that’s a huge error. I have no doubt that Apple will close the iCloud loophole very soon, probably with iOS 10. Apple is on a one-way path where it will secure and lock down anything and everything it can, in the scope of the law.

End-to-end encryption for iCloud is an inevitability and, when it happens, the FBI is going to be truly locked out of phone data. When discussing the balance of privacy and public safety, people need to keep in mind that data accessible today will almost certainly not be accessible tomorrow. There’s a huge difference between being able to retrieve some data and no data from a suspect’s phone. I don’t want new legislation to be based on the current state of technology, when it’s an evolving issue with a clear trajectory for Apple to go as private as possible.