Get the Lowest Prices anywhere on Macs, iPads and Apple Watches: Apple Price Guides updated April 4th
 


Apple claims to be the home of privacy and security; a place where users can feel safe just using their devices without a prying eye. All modern iOS and macOS devices are capable of hardware encryption by design. Your iPhone or Mac, when configured correctly, will keep all but the worst bad actors out of your data. This also means the good guys can't see your data either, and government agencies are not so happy about this consumer level protection.

The complex dance of sending an end-to-end encrypted iMessage The complex dance of sending an end-to-end encrypted iMessage

First, lets cover encryption and what your devices are doing to protect you, then there will be information about the encryption debate and where it all stems from.

What is encryption?

Data encryption is a cryptographic process that makes data unintelligible to anyone who doesn't have the proper keys. This ensures that only the person with the correct passwords can access and read data, otherwise the data accessed is just a mess of characters. All of this security happens without user input, besides the occasional password or biometric, and is designed to get out of the way as much as possible.

Data can exist in transit or at rest, and so does encryption. Generally data in transit is or should be encrypted. This means that anyone spying in on your traffic will not see what is passing through. Data at rest is usually only encrypted if need be, but Apple encrypts the entire device when locked, if it is iOS or iPadOS. macOS users can opt to encrypt their computer using FileVault, and those who own a Mac with a T2 chip will have encrypted drives automatically.

The T2 chip is the integrated System-on-a-Chip that houses the Secure Enclave on Macs The T2 chip is the integrated System-on-a-Chip that houses the Secure Enclave on Macs

Total device encryption can be a very processor demanding task. This often meant users used to have to choose between total device encryption and speed. Ever since the iPhone 4, this hasn't been the case. iOS devices have benefitted from hardware encryption for nearly a decade now, and Apple uses AES-256, which is what banks use for transactions.

When data is encrypted no matter the state, and the key is generated and stored on device, it is called end-to-end encryption. This means that the data is secure unless the decryption key is presented. Data like this is usually locked behind the users Apple ID and Password.

End-to-end encrypted data on iOS includes:

-iMessage and FaceTime  -QuickType Keyboard vocabulary   
-Health and Home Data -Screen Time
-iCloud Keychain -Siri information
-Payment information     -WiFi passwords

Encryption in the Cloud

While things like iMessage and FaceTime are end-to-end encrypted, other information is not. End-to-end encryption requires that only the party who owns the information have access to the keys, like with device encryption. When saving data to iCloud, however, things change considerably. Apple always encrypts data in transit, and encrypts data stored on its servers, but when it comes to iCloud backup its encryption keys are stored with Apple.

When a user has iCloud Backup turned on for a device, information like iMessages, photos, health data, and app data are all saved in an encrypted bundle on iCloud. The key to unlock this bundle stays with Apple to prevent a user from inadvertently losing their secret key, and thus all of their backed up data. This means, though, that Apple does have reasonable access to data when properly warranted by government investigation.

If and when Apple complies with a government data request, it is often the iCloud backup data that provides the most useful information. Apple doesn't always hand over every bit of data they have, however, but only portions of data specific to the warrant. Only specific cases ever demand total access to data, and Apple will deny those requests if deemed data requested is not part of the case.

Apple’s privacy icon used wherever a user might encounter privacy concerns Apple’s privacy icon used wherever a user might encounter privacy concerns

Apple started storing iMessage data in the cloud for syncing. This data is normally end-to-end encrypted when on device and in transit between users, but if a user elects to have their messages sync across devices, their history is saved to the cloud. While that history is fully encrypted in the cloud, an encryption key is saved inside of the iCloud backup to prevent data loss. This means that if Apple decrypted the backup, pulled the key from it, then used it to open the synced messages, they could do so.

All iCloud data is managed by the user. If you deem it unnecessary or unsafe to use certain iCloud syncing or backup features, you can toggle each one off. Local backup using finder is also an option, which will let the user totally encrypt the backup locally too. Users will be aware of their own circumstances and need to determine where they want to store data.

Remember, there is no such thing as a perfectly secure system. Convenience will always reduce overall security, so using iCloud tools can improve your life, but introduce scenarios where your data can be accessed under certain conditions.

Hardware Encryption: T2 and the Secure Enclave

The introduction of the Secure Enclave to the iPhone 5s changed things again. Not only were devices encrypted, the keys were stored in a chipset completely separate from the device OS. This meant that remote attacks were rendered nearly impossible and anyone trying to get information would likely need physical access to the device to even begin a brute force attack. 

For any device newer than the iPhone 5s with Touch ID, and devices with Face ID, the Secure Enclave handles all generated encryption keys. A notable exception is the iPhone 5c, which released after the iPhone 5s, and didn't have the Secure Enclave. This was the phone used by the San Bernardino shooter, which sparked the entire encryption battle with the US government; more on that later.

Your fingerprints are turned into numeric strings and stored in the Secure Enclave using encryption Your fingerprints are turned into numeric strings and stored in the Secure Enclave using encryption

The Secure Enclave acts as a gatekeeper to all of your sensitive information. It holds onto encryption keys, like those used for iMessage, until presented with proper authorization like a passcode or biometric. Even the biometric data used for Face ID and Touch ID are stored using encryption, so there actually isn't even any record of your face or fingerprint used by the system.

MacBooks with TouchBar have Touch ID built in, which means a dedicated Secure Enclave as well. The first generation T1 chipset held the Secure Enclave and handled key generation just like its iOS counterpart. The T1 chipset runs completely independent of macOS and boots separately for added security.

Apple then introduced T2, which breaks away from needing Touch ID as a prerequisite and allows users to enjoy its functionality on other devices. Not only does the T2 hold the Secure Enclave, it manages FileVault encrypted storage and Secure Boot also.

How encryption is handled when toggling File Vault on and off in a Mac with a T2 chip How encryption is handled when toggling File Vault on and off in a Mac with a T2 chip

Secure Boot is a very important security enhancement, which prevents illegitimate software or operating systems from loading at startup. It also prevents booting from external media, thus thwarting hackers who might attempt stealing information using alternative booting methods.

Apple versus The US Government

Apple CEO Tim Cook wants to take the DOJ to task on encryption Apple CEO Tim Cook wants to take the DOJ to task on encryption

San Bernardino 2015 (iPhone 5c)

One of the deadliest mass shootings on record occurred in San Bernardino on December 2, 2015. There were 14 people killed and 22 seriously injured during the attack. One of the perpetrators, Syed Rizwan Farook, left behind his company iPhone, leaving investigators wanting what was inside.

San Bernardino mourns those lost as FBI confronts Apple San Bernardino mourns those lost as FBI confronts Apple

February 16th, 2016 a judge ordered Apple to break into the phones encryption using special software to be developed by Apple. The iPhone 5c in question was running iOS 9 and did not have all of the security capabilities of the more modern iPhone 6s, and had no Secure Enclave, which would have made access even more unachievable if it had.

What the judge, and ultimately the FBI, was asking for was a new iOS update that would defeat the encryption using a back-door provided to the FBI. Because of this approach, any iPhone running this OS would be vulnerable to such decryption, and the keys given to the good guys likely wouldn't stay in their hands forever. Apple CEO Tim Cook said as much in his open letter to the US Government the next day.

FBI Director Comey wants an encryption backdoor for the good guys FBI Director Comey wants an encryption backdoor for the good guys

Apple asserted that they had handed over all of the requested data 3 days after the shooting occurred. They even offered advice on how to force the phone to backup to the cloud, which was ignored. It was later found out that the Apple ID associated with the iPhone was changed while in government custody, ruining any chance of a backup.

This tit-for-tat battle continued in a very public debate, and shed a lot of light on exactly how much the US Government, and more specifically FBI director of the time, James Comey, knew about technology and encryption. Damaging public exposition continue for the following month, leaving Americans to watch as their personal security was debated on a national scale.

On one side, the DA asserted that "evidence of a dormant cyber pathogen" could be found on the iPhone. Husband of a former co-worker and survivor of the shooter said company phone "unlikely to contain useful information." 

The DOJ says Apple’s candy colored iPhone 5c could have been a tool for terrorism The DOJ says Apple’s candy colored iPhone 5c could have been a tool for terrorism

A hearing was set for March 22, so prosecutors could present and cross examine witnesses over the encryption matter. This was the FBI's last chance to convince Congress to force Apple's hand. The hearing never came to pass, as on the 21st, the DOJ asked for a delay to the hearing. An "outside party had come forward with a potential unlock method that would negate the need for Apple's assistance."

Israeli firm Cellebrite was said to be helping the FBI attempt to unlock the iPhone. This raised a number of concerns over the tool, the government's willingness to work with foreign companies, and the taxpayer dollars spent on the hack.

On March 28th the DOJ withdrew their legal action against Apple, citing that they had successfully gained access to the device. Rumors continued to speculate that Cellebrite helped, citing a $218,000 contract the company made with the FBI on the same day of the hack.

One Cellebrite kit could have cost the US over $900,000 One Cellebrite kit could have cost the US over $900,000

It was never officially confirmed if the data from the terrorists iPhone 5c was informative or useful in any way, but seeing as we never heard another word about it, it likely wasn't useful. The FBI Director did reveal, however, that the tool was useless for any phone newer than the iPhone 5c. Thus, the battle to weaken Apple encryption continued.

In April, unnamed sources cited that the iPhone in question didn't provide actionable intel, it did however give investigators more insight into the attackers.

James Comey wouldn't rest however, declaring the "encryption war far from over."

In December of that year, the U.S. House Judiciary Committee's Encryption Working Group issued a report. It stated "any measure that weakens encryption works against the national interest." This seemingly, finally, put the encryption debate to bed.

Sutherland Springs 2017 (iPhone SE)

A new administration and new FBI director brought new challenges to the encryption debate, which had nearly a year of quiet before being reignited. Only a few weeks before the Sutherland Springs shooting, the new FBI Director Christopher Wray made his stance clear

"To put it mildly, this is a huge, huge problem." Wray said. "It impacts investigations across the board — narcotics, human trafficking, counterterrorism, counterintelligence, gangs, organized crime, child exploitation."

 Sutherland Springs mourns loss after terrible shooting Sutherland Springs mourns loss after terrible shooting

On November 5, 2017 another tragedy wracked America as shooter Devin Kelley killed 26 people at a church in Sutherland Springs Texas. The FBI moved quickly, to make exactly the same mistakes that were made during the San Bernardino shooting.

Reportedly, the FBI refused to seek help, took the phone from the site to a remote FBI facility, did not ask Apple for information, or perform the iCloud backup procedure defined by Apple previously. 48 hours passed and the critical window for direct help from Apple closed.

On November 9th, Texas Rangers secured warrants for files stored in the shooters iPhone SE and served them to Apple.

For whatever reason, not even a rumor has appeared about what happened next with this case. Speculation can assume that Apple handed over what data they had, as usual, and told them that unlocking the phone was impossible. Given that it was an older iPhone even then, the FBI likely were able to procure a way to get inside and avoided another public debate.

2018 to present

Outside of, or perhaps because of the Sutherland Springs case; Apple began educating law enforcement and the FBI on how to access data from iPhones, Macs, and iCloud. This wasn't a class on hacking into devices, but a basic course of understanding how to request data, handle it after receiving it, and how best to deal with devices.

FBI Director Wray asserts that “solutions” must exist to bypass encryption without endangering consumers FBI Director Wray asserts that “solutions” must exist to bypass encryption without endangering consumers

Apple wasn't done with its own fight however, with each new update to iOS and macOS Apple doubled down on security and encryption protocols. Pushing the devices to be ever harder to crack. The FBI Director and forensics examiner both stated similar angst towards the company at a Cyber Security Conference in January 2018. They called Apple "jerks" and compared them to "evil geniuses" that were thwarting the good guys at every turn.

While the "good guys" kept pushing for legislation to weaken encryption, other companies were pushing for new tools that took advantage of known exploits. One such company was GrayKey, which said had a tool that could crack a six digit passcode in 11 hours.

Attempting to bypass iPhone security could cost you $30,000 for one kit from GrayKey Attempting to bypass iPhone security could cost you $30,000 for one kit from GrayKey

Companies like GrayKey and Cellebrite tend to sell their hacks for a lot of money, so regular consumers never needed to fear them much. A GrayKey box was sold for $15,000 to $30,000 usually, and Cellebrite hacks were even more expensive. What complicates this more is that once Apple can patch an exploit used by these tools, they do, and push the patch within weeks to nearly every Apple user on the market.

Pensacola 2019 (iPhone 5 and 7 Plus)

A gunman killed three people in Pensacola, Florida while in the possession of two iPhones. The shooter, Mohammed Saeed Alshamrani, fired a bullet into one of the devices before being killed himself. Apple handed over all of the data they had associated with the devices, but the FBI became persistent, again asking Apple to unlock iPhones.

President Donald Trump and Attorney General William Barr agree that encryption should be bypassed for the good guys President Donald Trump and Attorney General William Barr agree that encryption should be bypassed for the good guys

Vocal US Attorney General William Barr made a public request to Apple, stating that they had yet to provide "substantive assistance" to law enforcement. The DOJ were determined to get into the iPhones, claiming that they may determine if the shooter had conspirators. Barr had been vocal earlier in the year on the subject, saying there must be a way to create backdoors without weakening encryption.

Apple provided an official statement in response to the Attorney General.

"We reject the characterization that Apple has not provided substantive assistance in the Pensacola investigation," Apple said in the statement. "Our responses to their many requests since the attack have been timely, thorough and are ongoing."

"We responded to each request promptly, often within hours, sharing information with FBI offices in Jacksonville, Pensacola and New York," the statement asserted. "In every instance, we responded with all of the information that we had."

"We have always maintained there is no such thing as a backdoor just for the good guys," Apple concluded. "Backdoors can also be exploited by those who threaten our national security and the data security of customers."

Tim Cook often repeating the same encryption mantra, wants legislation protecting consumers. Tim Cook often repeating the same encryption mantra, wants legislation protecting consumers.

The letter reiterated many of the same arguments that Apple and Tim Cook had been stating for years. The President even chimed in with a tweet, telling Apple to "step up to the plate" and unlock the iPhones.

An update to the Pensacola case came on February 5th where the FBI stated they still cannot access the data on the phone. The phone was finished being reconstructed after being shot by the perpetrator, which may have something to do with the data not being accessible. No word yet if the other unbroken iPhone was accessed, but likely the FBI will continue to use this as pressure for Apple to build them a GovOS.

Where encryption stands

The debate is far from over. Legislation threatens to fight customer level encryption across many countries, like in Australia. The United States Government is likely to take Apple to court yet again over the Pensacola iPhones, and if not that case, some other will surely occur.

According to a recent report, Apple may have been planning to end-to-end encrypt iCloud backup data, but decided not to based on FBI demands. Apple has stated publicly before that encrypting backups might overly complicate security for users. Adding that a user who loses their secret key would lose access to all of their data. Until Apple can find a way to prevent users from losing everything from a silly mistake, it is unlikely that iCloud backups will be end-to-end encrypted.

For the over 1.5 billion Apple device users out there, things are still looking up. Device security is as strong as ever, and all but the most skilled or money lined hacker can breach that security; even then under only very specific conditions. Set a strong passcode, utilize device biometrics and password managers, and you can rest easy knowing your data and privacy is safe with encryption. For now.

Essential Reading