Apple today announced the launch of an Advanced Data Protection feature that expands end-to-end encryption to additional data stored in iCloud, including iCloud Backup, iCloud Drive, Reminders, Notes, and more. With the launch of the feature, Apple’s Craig Federighi did a quick interview with The Wall Street Journal’s Joanna Stern to discuss the change and other new security features that are coming in the future.
Federighi said that expanding iCloud end-to-end encryption took a long time to implement because Apple needed to “build toward the moment” and prove the technology.
Some of the steps we took over a decade ago designing iCloud and how we encrypted were necessary precursors to build toward this moment. Using end-to-end encryption for other data types like passwords and browser history helped prove that technology.
With end-to-end encryption expanding to most iCloud services, should an attacker get access to iCloud data, there would be no way to decrypt it. As a downside, it will prevent information from being accessible on iCloud.com, which is why it is an opt-in feature that can be enabled or disabled depending on the level of security and convenience each iPhone user desires.
As for data recovery, Federighi explains that a person who has Advanced Data Protection enabled that loses access to their device and forgets their iCloud password would need to have established a recovery key or a Data Recovery Contact to get access to their content.
A user activating this feature is taking on an additional responsibility. They’re taking on responsibility for their data recovery, from setting up a Data Recovery Contact or securing a recovery key. All users might need more time to be ready or willing to do that.
Advanced-Data Protection will not allow law enforcement officials to access data like iCloud backups or photos, which is possible now with unencrypted iCloud backups. When asked if Apple considered this when implementing Advanced Data Protection, Federighi said that the benefits outweigh the negatives as it protects government officials who foreign adversaries might target.
We deeply appreciate the work of law enforcement and support the work of law enforcement. We have the same mission at heart: to keep people safe. Ultimately keeping customers’ data safe has big implications for our safety more broadly. There’s sensitive information that an ill-intentioned attacker, whether a foreign adversary or organized crime, to get access to information about our political leaders or others who have particular secrets, or access to systems, would be a disaster for us all.
This is important to accomplishing our shared mission: to keep users safe.
Federighi said rumors that iCloud backups were once scrapped because they would harm law enforcement investigations were untrue and that the impact on law enforcement was not a consideration when implementing Advanced Data Protection. Federighi said the only way to keep customer data safe is to stay “one step ahead” of the attackers with features like Advanced Data Protection.
