Apple Angers FBI By Offering More Privacy And Security To Users
from the oh-no-the-government-is-feeling-ways-about-stuff dept
Apple has always been a market leader in user security. Things haven’t changed, no matter how much the FBI wishes/litigates. What’s most important to Apple is that users can trust it to keep their personal info and communications private and secure. What’s most important to federal law enforcement agencies — pretty much just the FBI at this point — is on-demand access to data stored in Apple devices.
Apple has been a target of hackers for years. Many of these hacking attempts are performed by government agencies. Israeli malware manufacturer NSO Group was sued by Apple for targeting its users with extremely powerful malware capable of completely compromising devices. The FBI hasn’t hacked phones, but it has spent a considerable amount of time in court trying to secure precedent that would force the company to decrypt devices. And it has spent just as much time allowing its directors to say stupid things about encryption while angling for backdoor-friendly legislation, despite others in the agency offering much more rational statements on the subject.
The NSO Group hackings prompted changes from Apple to protect users from the long list of malicious governments the tech firm sold to. Some more improvements have arrived, says Apple in its post to its Newsroom.
Apple today introduced three advanced security features focused on protecting against threats to user data in the cloud, representing the next step in its ongoing effort to provide users with even stronger ways to protect their data. With iMessage Contact Key Verification, users can verify they are communicating only with whom they intend. With Security Keys for Apple ID, users have the choice to require a physical security key to sign in to their Apple ID account. And with Advanced Data Protection for iCloud, which uses end-to-end encryption to provide Apple’s highest level of cloud data security, users have the choice to further protect important iCloud data, including iCloud Backup, Photos, Notes, and more.
All good things for Apple customers. But it’s the last one — the end-to-end encryption of iCloud data — that is raising the almost always erect hackles of the FBI. Earlier this year, Apple introduced “Lockdown Mode” in response to NSO malware deployments — a feature that allowed users to block messages with attachments (a common attack vector), preventing phones from previewing web links, and (to the chagrin of phone search device manufacturers) disabling wired connections to other devices.
This goes even further. One way to get around device encryption was access to iCloud data, which was often not encrypted, much less at both ends. That option will be disappearing as Apple continues to roll this out to all users. There’s still time for exploitation by government agencies, but the window is closing rapidly. Here’s Joseph Mann of the Washington Post with the details:
The encryption option will be available for public software testers immediately, for all U.S. customers by year’s end, and for other countries starting next year, Apple said. It added that it might not reach every country by the end of 2023.
All this should mean is that Apple is taking the lead in user security and privacy. This effort protects users against malicious hackers, whether they work the government or for themselves. This is the sort of thing law enforcement should embrace, because it means a lot of criminal acts will be thwarted.
But the only thing it means to the head of the FBI org chart is that Apple wants law enforcement to fail. And the FBI is definitely going to take this personally since it’s the agency’s anti-encryption bullshit that has partially prompted this change.
Apple had intended to introduce fully encrypted iCloud storage many years ago, according to FBI agents and Apple employees at the time. The FBI objected, and Apple shelved the idea rather than face a public fight.
Instead, it picked specific categories of data that would be walled off from outside prying, including passwords and payment and health data. Now, everything can be stored securely except for email, calendar and contacts functions that need to interoperate with multiple providers.
Apple met the FBI halfway. The FBI wasn’t satisfied with the compromise. Instead, its directors spent years claiming Apple allowed criminals to escape justice and made the nation less safe and secure. But the FBI’s leverage is still nonexistent, despite all the time it’s wasted fighting the inevitable.
Here’s what I said when Apple introduced its “Lockdown Mode:”
Expect the FBI to take the lead on the complaining.
The FBI didn’t say much about that mode, but it is first in line for criticizing the encryption of iCloud content.
Late Wednesday, the FBI said it was “deeply concerned with the threat end-to-end and user-only-access encryption pose.”
“This hinders our ability to protect the American people from criminal acts ranging from cyber-attacks and violence against children to drug trafficking, organized crime and terrorism,” the bureau said in an emailed statement. “In this age of cybersecurity and demands for ‘security by design,’ the FBI and law enforcement partners need ‘lawful access by design.’”
This statement was followed by zero statements from any other law enforcement agency located in the United States or elsewhere in the world. The FBI is the old man in the bathrobe, yelling angrily about kids cutting across its lawn before ducking back inside to peer suspiciously through the blinds at the foreigners living down the street. The FBI has zero credibility on the encryption issue. It has spent four years refusing to correct its overstatements on encrypted devices in its possession. Successive directors have beclowned themselves by proclaiming a solution that keeps encryption secure while allowing at-will law enforcement access is only a nerd or two away from reality.
When it bitches about this latest Apple rollout, the FBI is showing nothing but its disdain for the privacy and security of millions of phone users. The FBI is unable to see that what it wants is impossible to deliver. But that won’t keep it from complaining about reality every chance it gets.
Filed Under: cloud encryption, encryption, fbi, icloud, imessage