Since February, reports have been circulating that Cupertino may be looking into beefing up iCloud backup encryption security. According to corroborating reports to The Wall Street Journal, the modifications to iCloud backup security are definitely in the works.
What's wrong with how it is now?
The way iCloud backups are currently handled, the files are encrypted but are not entangled with a passcode. This makes them vulnerable to being easily decrypted, so law enforcement officials are able to gain access to user content with ease. In fact, Apple has complied with thousands of requests for such access in the past for a variety of different court cases.
If law enforcement agencies can defeat the encryption, that means cybercriminals can do so, as well. Beefing up the security of iCloud’s encrypted backup files will make it much more difficult to hack into the user’s content, protecting privacy.
Why hasn't Apple already implemented the passcode entanglement?
According to The Wall Street Journal, Apple has to balance security with user convenience. If the backup files are entangled with a user passcode, there could be serious ramifications if a consumer forgets that password. In such a case, the user would permanently lose access to their stored information, like photos and documents.
Apple doesn’t want to continue retaining the encryption keys for iCloud backup files, either. Being in possession of those keys means being on the hook for complying with court requests compelling Cupertino to violate user’s privacy, something the tech giant hates doing.
A problem more about convenience than technology
Apple has to walk a fine line here, balancing security and privacy concerns with convenience for its customers. If the tech giant doesn’t want to be accountable for violating its users’ privacy, though, it has to offload the encryption keys and ability to break into the files, even if that puts users at risk of losing information should they forget their passcode.
All of these concerns have arisen, primarily, because of the Federal Bureau of Investigation’s insistence that Apple effectively hack itself at the FBI’s whim. The case of the San Bernadino iPhone 5c has forced Apple to seriously reconsider iCloud security standards. It’s unfortunate that convenience has to be weighed against security, but I think ultimately security should be the first priority.
For more on iPhone security in light of law enforcement demands, listen to what Tim Cook has to say about the San Bernadino iPhone case.