Apple again rumored to goose iCloud security amid iPhone encryption flapIn a move sure to complicate the ongoing Apple vs. FBI court case, Apple is reportedly developing stronger iCloud encryption methods that would prevent even it from accessing and extracting user data protected by a passcode.
Racks of Apple's iCloud servers in Maiden, NC
Citing sources familiar with Apple's plans, The Wall Street Journal on Tuesday reported that while preparations for a more secure iCloud are underway, executives are still trying to find a workable balance between strong encryption and customer convenience.
Currently, iCloud can be configured to store daily device backups, messages, photos, notes and other data, much of which is accessible by Apple. But the purported plan is to encrypt that data and restrict access to holders of user-created passkeys. Apple's supposed encryption plans were first report by the Financial Times in late February.
If Apple does enact stronger iCloud security measures, particularly those that would render warrants for data access moot, it could exacerbate an already tenuous situation. The company is embroiled in a heated court battle over the unlocking of an iPhone used by San Bernardino shooter Syed Rizwan Farook. Apple was compelled by a federal magistrate judge to help in FBI efforts to break into the device, but the company has so far resisted, sparking a contentious debate over privacy rights and national security.
Currently, iCloud backups are Apple's go-to, non-destructive option for law enforcement requests. And for agencies like the FBI, iCloud has quickly become the only way to access data as part of a criminal investigation.
Apple introduced strong on-device encryption with iOS 8, making it nearly impossible to extract usable intel from hardware running the latest OS. Certain information, however, is sent up to the cloud and can potentially be accessed by Apple on behalf of the government. That all ends if Apple puts encryption keys wholly in the hands of its customers.
A version of this all-or-nothing strategy is already up and running in iCloud Keychain. The feature lets users store especially sensitive data like passwords and credit card information that can be accessed remotely, synced and transferred to and from other devices. Apple is unable to decrypt and read the data, but at the same time it can't restore or retrieve the information if a user loses or forgets their password.
It remains unclear when Apple intends to implement the iCloud changes, if at all. However, given the company's intractable stance on strong encryption, consumers could see enhancements roll out sooner rather than later.