Apple dropped the plan to encrypt backups after the FBI complained: reports

0
60

SAN FRANCISCO: Apple Inc. has dropped plans to allow iPhone users to fully encrypt backups of their devices on the company's iCloud service after the FBI complained that the move would harm the investigation, six sources familiar with the matter said Reuters with. The reversal of the technology giant about two years ago has not yet been reported. It shows how much Apple was willing to help US law enforcement and intelligence agencies, even though high-profile litigation with the government was more difficult to pretend to be defending its customers' information.

The long tug of war between investigators 'concerns about security and technology companies' desire for privacy came back into focus last week when Attorney General William Barr took the rare step of publicly asking Apple to unlock two iPhones used by one Saudi Air Force officer who shot three Americans at a naval base in Pensacola, Florida last month. US President Donald Trump went on to accuse Apple on Twitter of refusing to unlock phones used by "killers, drug dealers, and other violent criminal elements". Republican and Democratic senators raised a similar issue at a hearing in December by threatening laws against end-to-end encryption, citing non-recoverable evidence of child crime.

Live television

In fact, Apple has given the shooter iCloud backups in the Pensacola case and refused to characterize that it "has not provided substantial support". Behind the scenes, Apple has provided the United States Federal Bureau of Investigation with more comprehensive, non-probe help. An Apple spokesman declined to comment on the company's handling of the encryption problem or any discussions with the FBI. The FBI did not respond to requests for comments on discussions with Apple.

More than two years ago, Apple informed the FBI that, according to a current and three former FBI officials and a current and former Apple employee, plans are being made to offer users end-to-end encryption when storing their phone data on iCloud , According to this plan, which is primarily intended to frustrate hackers, Apple would no longer have a key to unlock the encrypted data. This means that the material cannot be handed over to the authorities in a legible form even after a judicial order.

In private conversations with Apple, representatives of the FBI's cybercrime agents and its operational technology department spoke out against the plan, arguing that they would deny them the most effective means of obtaining evidence against suspects who use the iPhone. When Apple spoke privately to the FBI about its work on phone security the following year, the end-to-end encryption plan had been dropped, according to the six sources. Reuters couldn't determine exactly why Apple dropped the plan.

"Legal killed it for reasons you can think of," said another former Apple employee, without mentioning exactly why the plan was dropped or whether the FBI played a role in the decision. This person told Reuters that the company did not want to risk being attacked by officials to protect criminals, to remove previously accessible data from the reach of government agencies, or to apologize for new encryption laws.

"They decided not to nudge the bear anymore," the person said, referring to Apple's lawsuit with the FBI in 2016 over access to an iPhone used by one of the suspects during a mass shootout in San Bernardino. California. Apple appealed against a court order to open the phone to the FBI. The government dropped the case when it found a contractor who could get into the phone, a common occurrence in FBI investigations.

Two of the former FBI officials who weren't around to talk to Apple told Reuters that the FBI's arguments that the backups provided important evidence in thousands of cases had prevailed. "It's because Apple was convinced," said one. "Outside of this public spit on San Bernardino, Apple gets along with the federal government." However, a former Apple employee said it was possible that the encryption project was suspended for other reasons, e.g. B. from the fear that more customers would be excluded from their data more often. As soon as the decision was made, around ten experts on the Apple encryption project – Plesio and KeyDrop with different code names – were told that they should stop working, three people familiar with the matter told Reuters.

APPLE SHIFTS FOCUS

Apple's decision to discontinue end-to-end encryption of iCloud backups made the FBI's job easier. The agency relies on hacking software that exploits security gaps to penetrate a phone. However, this method requires direct access to the phone, which usually gives a hint to the user who is often the subject of the exam. Apple's iCloud, on the other hand, can be searched in secret. In the first half of last year, the period during which Apple's latest semi-annual transparency report on requests for data from government agencies, U.S. authorities armed with regular court files and requesting and receiving full device backups or other iCloud content, in 1,568 cases , cover over 6,000 accounts.

The company said it provided at least some data for 90% of the requests it received. The data is shared more often in response to secret orders from the U.S. Intelligence Court. 14,000 accounts were reached in the second half of 2018. Due to gag orders, Apple has not provided such data for 2019.

Had the plan been followed, Apple would not have been able to transfer readable data from users who opted for end-to-end encryption. Instead of protecting the entire iCloud with end-to-end encryption, Apple has focused on protecting some of the most confidential user information, such as saved passwords and health information. Secure contact information and texts from iMessage, WhatsApp and other encrypted services are still available to Apple employees and authorities.

Apple is not the only technology company that has removed its own access to customer information. In October 2018, Google from Alphabet Inc. announced a system similar to Apple's plan for secure backups. The manufacturer of Android software, which runs on about three quarters of the world's mobile devices, said users could back up their data in their own cloud without entrusting the key to the company. Two people familiar with the project said Google had given no advance notice to governments and selected a time for the announcement when encryption was not in the news. The company continues to offer the service, but declines to comment on how many users have taken the option. The FBI did not respond to a request to comment on the Google service or the agency's actions.