Apple iCloud: How safe is it from hackers?

January 22, 2020, 12:30 AM UTC

For years, Apple has tried to be the loudest proponent of digital privacy. But a new report casts doubt on the extent of the company’s privacy commitment and its willingness to block law enforcement from obtaining user information.

Apple quietly abandoned plans to add end-to-end encryption to content in iCloud, the company’s digital storage locker, Reuters reported. That means Apple can decrypt user data saved there, including all text messages, photos, and videos, and hand that data to law enforcement.

Two years ago, Apple had considered implementing end-to-end encryption on the service, according to the report. But Apple shelved the project after the FBI complained.

Apple did not respond to a Fortune request for comment.

Apple’s privacy practices are currently under scrutiny after President Donald Trump and U.S. Attorney General William Barr blasted Apple for not building so-called “backdoors” in iPhones that let law enforcement agencies unlock encrypted data and access it. The criticism came after Apple declined a government request to unlock two iPhones owned by Mohammed Alshamrani, who allegedly killed three people at a naval air base in Pensacola, Fla.

For years, Apple has argued that such backdoors harm user privacy because they could be exploited by hackers. But the latest Reuters report suggests that law enforcement can easily get access to data stored in iCloud as long as they provide Apple with a warrant.

Apple already uses end-to-end encryption on iMessages sent between users and on the data stored locally on iPhones and iPads. It helps users protect the data they stored on their devices, including for those who don’t use iCloud as a backup.

Riana Pfefferkorn, associate director of surveillance and cybersecurity at Stanford University’s Center for Internet and Security, says that Apple has bowed to law enforcement pressure by failing to add end-to-end encryption for content stored in iCloud. She calls the decision a “safety valve” for Apple because it lets the company share data with law enforcement while still appearing to side with privacy-focused users by giving them end-to-end encryption for the data they store on their iPhones.

“Apple typically encrypts those backups in a way that provides security against hackers while still also enabling Apple to provide the decrypted data to law enforcement,” Pfefferkorn says.

As an alternative to using iCloud, users could back up their data by storing it directly on their devices, says security expert and Miami University law professor A. Michael Froomkin. However, he cautions that local data storage is an imperfect solution because users who lose their phones also lose their stored data.

Ultimately, Froomkin gave Apple a “B+” for how it secures data. Customers would be better off if Apple used end-to-end encryption, he says, but the current reality—that Apple keeps a key that can unlock stored iCloud data—is better than nothing.

“End-to-end encryption would be substantially better,” Froomkin says. “But let’s not confuse failing to do that with doing nothing.”

More must-read stories from Fortune:

A.I. in China: TikTok is just the beginning
—Inside big tech’s quest for human-level A.I.
—Medicine by machine: Is A.I. the cure for the world’s ailing drug industry?
—A.I. breakthroughs in natural-language processing are big for business
A.I. is transforming the job interview—and everything after
Catch up with Data Sheet, Fortune’s daily digest on the business of tech.

Read More

Artificial IntelligenceCryptocurrencyMetaverseCybersecurityTech Forward