First the iPhone, now iCloud. Apple is strengthening the encryption of its cloud storage service, so that even it won’t be able to access its customers’ iPhone backups, unnamed sources tell the Wall Street Journal.
Apple could re-engineer its system, so if it were to receive a request to turn over user data to the government, it wouldn’t be able to decrypt it without the iCloud password. The drawback is it would still need to find a balance between the security of customer data and convenience. If Apple goes a similar route with iCloud as it did with the iPhone — by removing encryption keys from its servers and placing them solely in the hands of users — it could also prevent the company from helping customers regain access to their accounts if they forget their passwords.
As it stands now, Apple stores the encryption keys in its U.S. data centers, which allows it to comply with government requests for iCloud backup data. For example, Apple was able to give the FBI the last iCloud backup of the iPhone used by one of the San Bernardino, California, killers, Syed Rizwan Farook, despite its refusal to create a backdoor into his smartphone for the government. The Journal confirms a February report about Apple’s stronger iCloud encryption efforts by the Financial Times.
It’s not known when Apple will release its upgraded version of iCloud encryption. But before that happens, it’s expected to battle it out on March 22 with the FBI in federal court in Riverside, California, over whether the agency and court had the legal authority to compel it to create software to defeat the security of its iPhone.