iCloud does not yet have E2E encryption

iCloud does not yet have E2E encryption
iCloud does not yet have E2E encryption

In the last few days, more information has surfaced indicating the possible reasons why Apple might have stopped end-to-end (E2E) encryption of iCloud copies. John Gruber, a well-known blogger with a fairly reliable track record of internal contacts in the company, has made some interesting observations in this regard.

About Apple’s plans to encrypt copies of E2E

Before you start, it’s important to know the difference between the two types of encryption Apple applies to iCloud copies. There is encryption that protects most data in this cloud, which is only accessible to the user and Apple under certain circumstances (a court order). Then there’s the other, more complete type of encryption, called end-to-end, which protects certain data in our iCloud copy such as passwords and our most sensitive data. In this case, only the user with his password has access.

In Gruber’s experience, Apple does not share its plans with anyone outside of the company, as was implied in the Reuters article that triggered the controversy. Least of all the FBI. Thinking coldly, what’s the point of Apple telling the FBI about its intention to add E2E encryption to copies of iCloud? What would the company gain from it?

Apple is not characterized by notifying a third party outside of the company of its plans for a product or service that are yet to be disclosed

Of course, both now and in the past, Apple has been characterized by asking for forgiveness rather than permission. In the sense that they have often acted and then managed with a third party, as was the case with the name of the original iPhone and Cisco. It doesn’t fit that Apple communicates its intentions to the FBI with something as sensitive as the security of one of their services. Even more so when both parties have clashed with each other several times in recent years over issues of this kind.

There is no law that prohibits encryption End to end, In fact, it is generally recommended.

A possible event calendar

Apple's iCloud
Apple’s iCloud

If you want to know what happened to the E2E encryption of backups in iCloud, you should check the chronology. Thanks to Apple’s connoisseur, we can get a clearer picture. The Sequence of facts It would be the following, although they are not necessarily derived from one another:

  1. February 2016: The FBI asked a US court to allow Apple to infiltrate the iPhone of one of the authors of the San Bernardino massacre.
  2. March 2016: WSJ announces Apple’s intentions to increase iCloud security. This one would include E2E encryption of the copies, although they see an important inconvenience in the company if the user forgets his password.
  3. “More than two years ago (mid-2017?), According to Reuters, Apple informed the FBI of its E2E encryption plans.
  4. “About 2 years ago” (late 2017, early 2018?), Says Reuters again, Apple gives up its plans.
  5. October 2018. Tim Cook gives an interview to the German newspaper The mirror where he says Apple’s intention is for cloud encryption to be like on the devices, that is, E2E.

On the third point, Gruber indicates that his own sources claim that that part of the Reuters article came from FBI sources, not from Apple’s side. And that furthermore, the claim is not correct. It is not difficult for the FBI to smell Apple’s intentions, given its reputation and drive for the safety of its products and services.

The last thing we know from Tim Cook is that he wants to enable E2E encryption for copies of iCloud

For the interview with the German newspaper, Cook’s full quote is as follows:

Our users have the key [to iCloud] and we have one too. We do this because some users lose or forget their password and then expect us to help them recover their data. It is difficult to estimate when we will change this practice. But I think in the future it will be controlled like on devices. Consequently, we will not have a key for this in the future

Amazon Music has 55 amazing million subscribers and surprises Apple Music
Amazon Music has 55 amazing million subscribers and surprises Apple Music

This may well be the real reason that Apple has not yet implemented E2E encryption on iCloud copies, despite having talked about it openly. That Apple has been weighing up the pros and cons of implementing it all these years and seeing what its implementation would look like.

Forgotten and fatal events – cases where E2E encryption makes data recovery impossible

End-to-end encryption
End-to-end encryption

We don’t know how often users ask Apple to access their backups in the cloud. But judging by Cook’s words, may be more than we think. It’s not hard to imagine that users will forget their iCloud passwords when they buy a new iPhone because they have lost or stolen their terminal.

In case of death and if family members do not know the iPhone’s password (which E2E encrypts and for which Apple has no “key”), the content can only be restored via a backup. In either case, the company can help by granting access to the iCloud backup because it has the “key”.

Implement encryption End to end would prevent copies from being restored. Because Apple would have no way to access them because they would be protected by the user’s password. The only possible solution would be An option that is disabled by default that would enable this type of encryption. Of course, it would be necessary to inform the user of the consequences of losing or forgetting the password, as well as of death.

And yet Apple would have to deal with the problems described. Naturally there is no easy solution and maybe that’s why Apple has been analyzing possible solutions for years. Tim Cook and his team may not have given up yet and will surprise us in the next WWDC.


Please enter your comment!
Please enter your name here