For better iCloud security, Apple may have to compromise

The way iCloud backups are currently handled, the files are encrypted but are not entangled with a passcode. This makes them vulnerable to being easily decrypted, so law enforcement officials are able to gain access to user content with ease. In fact, Apple has complied with thousands of requests for such access in the past for a variety of different court cases.

If law enforcement agencies can defeat the encryption, that means cybercriminals can do so, as well. Beefing up the security of iCloud’s encrypted backup files will make it much more difficult to hack into the user’s content, protecting privacy.

According to The Wall Street Journal, Apple has to balance security with user convenience. If the backup files are entangled with a user passcode, there could be serious ramifications if a consumer forgets that password. In such a case, the user would permanently lose access to their stored information, like photos and documents.

Apple doesn’t want to continue retaining the encryption keys for iCloud backup files, either. Being in possession of those keys means being on the hook for complying with court requests compelling Cupertino to violate user’s privacy, something the tech giant hates doing.

Apple has to walk a fine line here, balancing security and privacy concerns with convenience for its customers. If the tech giant doesn’t want to be accountable for violating its users’ privacy, though, it has to offload the encryption keys and ability to break into the files, even if that puts users at risk of losing information should they forget their passcode.

All of these concerns have arisen, primarily, because of the Federal Bureau of Investigation’s insistence that Apple effectively hack itself at the FBI’s whim. The case of the San Bernadino iPhone 5c has forced Apple to seriously reconsider iCloud security standards. It’s unfortunate that convenience has to be weighed against security, but I think ultimately security should be the first priority.