The Electronic Frontier Foundation on Thursday launched "Fix It Already," a campaign directed at nine tech companies including Apple, pressuring them to solve privacy and security issues with their platforms.
In the case of Apple, the EFF is arguing that the company should offer people the choice to set tighter encryption on iCloud backups. Such backups are already encrypted, the EFF noted, but can be decrypted on-demand by Apple — and hence handed over in government search requests. The data could also theoretically be raided by hackers.
"The good news," the EFF said, "is that Apple CEO Tim Cook already thinks that encrypting iCloud backups is a good idea and seems to want to implement it in the future."
Apple complies with most government search requests for iCloud data, the only criteria typically being whether due process was followed. That includes not just law enforcement but spy agencies, such as the U.S. National Security Agency.
This can become a serious threat in countries like China and Russia, where autocrats regularly have opposition members imprisoned or killed. Apple has come under fire for obeying laws in those countries requiring local data hosting — stronger iCloud backups could be a way out of the controversy, though it would likely face pressure to weaken security if it wants to keep doing business.
The EFF suggests that heightened encryption should be optional because Apple can help people recover data when they can't remember passwords.
iCloud backups can contain a range of content, from photos, videos, and texts to app data and HomeKit setups. Things like contacts, notes, and email are stored separately.
10 Comments
I guess “Fix It Again Tony” was already taken.
Good initiative. I hope Apple finds a way to balance convenience & security.
The prime complaint about Android (app-specific access to the Internet) also goes for iOS and is duly noted by the EFF as applying to Apple, too. I've been harping on this for ages but until now have felt alone in my concerns. Thanks, EFF.
All while Samsung laughs in their face,
Does Apple document somewhere what data they can and cannot decrypt without the user handing over their password by free will?