Apple introduced three advanced security features focused on protecting against threats to user data in the cloud, representing the next step in its ongoing effort to provide users with even stronger ways to protect their data.
With iMessage Contact Key Verification, users can verify they are communicating only with whom they intend. With Security Keys for Apple ID, users have the choice to require a physical security key to sign in to their Apple ID account. And with Advanced Data Protection for iCloud, which uses end-to-end encryption to provide Apple’s highest level of cloud data security, users have the choice to further protect important iCloud data, including iCloud Backup, Photos, Notes, and more.
As threats to user data become increasingly sophisticated and complex, these new features join a suite of other protections that make Apple products the most secure on the market: from the security built directly into our customer chips with best-in-class device encryption and data protections, to features like Lockdown Mode, which offer an extreme, optional level of security for users such as journalists, human rights activists, and diplomats. Apple is committed to strengthening both device and cloud security, and adding new protections over time.
The Wall Street Journal reported that Apple is planning to significantly expand its data-encryption practices, a step that is likely to create tensions with law enforcement and governments around the world as the company continues to build new privacy protections for millions of iPhone users.
According to The Wall Street Journal, the expanded end-to-end encryption system, an optional feature called Advanced Data Protection, would keep most data secure that is stored in iCloud, an Apple service used by many of its users to store photos, back up their iPhones or save specific device data such as Notes and Messages. The data would be protected in the event that Apple is hacked, and it also wouldn’t be accessible to law enforcement, even with a warrant.
The Wall Street Journal also reported that the FBI said it was “deeply concerned with the threat end-to-end and user-only-access encryption pose,” according to a statement provided by an agency spokeswoman. “This hinders our ability to protect the American people from criminal acts ranging from cyberattacks and violence against children to drug trafficking, organized crime, and terrorism,” the statement said. The FBI and law enforcement agencies need “lawful access by design,” it said.
BuzzFeed News reported that Apple’s Advanced Data Protection is significant because switching it on will only store your key locally on your device and not on Apple’s servers. This will not only keep your backup safe in case a hacker breaches Apple’s data centers, but also prevent Apple from being able to turn over iCloud backups to law enforcement agencies and governments in response to valid legal requests, something the the company has done thousands of times so far, according to its own transparency report.
It sounds to me like this change in policy is good for consumers, because it not only protects their data from hackers, but also makes it impossible for law enforcement agencies to demand that Apple turn over iCloud information to them. Apple won’t have any way to access that information because it won’t have the key.