Don’t touch my cloud. Apple unveiled new tools on Wednesday to better protect its users’ personal and professional information, both from hackers and authorities, an announcement that may upset governments worried that law enforcement could access that data.
Customers of their iCloud storage service will soon be able to choose “advanced data protection” mode, which encrypts 9 additional types of content, including photos. The iPhone maker recalled that 14 categories, such as passwords and health information, were already encrypted.
iCloud users will be able to “protect the vast majority of their most sensitive data with end-to-end encryption so that it can only be decrypted on their trusted devices,” Ivan Krstic, head of security systems at Apple, was quoted as saying in a press release.
Only the iCloud mailbox, contacts and calendar will be excluded from this comprehensive protection technology to maintain interoperability with other systems.
The Californian tech giant already uses end-to-end encryption on its iMessage, as well as WhatsApp (Meta) and other communication apps. This system allows the messages to be encrypted and only the sender and receiver have the “keys” to read them. On the cloud, this means that only the owner of the information has access to it.
“Even if the company that stores the data gets hacked, you have additional guarantees that you won’t become a secondary victim,” says Melissa Bischoping, director of research at Tanium, a cybersecurity firm.
“However,” she emphasizes, “it is important to understand that with this additional level of protection, it is more difficult, if not impossible, to recover your data if you do not follow the instructions”.
Apple’s press release cites a study according to which data breaches tripled between 2013 and 2021. However, many governments, even democratic ones, take a dim view of the democratization of these sophisticated methods.
In the USA and in Europe, they claim half a word “back doors”, that is, errors in this software, especially in the name of the fight against terrorism or pedocrime. But Apple has built its reputation in part on respecting its customers’ privacy. “Our commitment to providing the best data security in the world is unwavering,” said Craig Federighi, a group vice president.
Apple has repeatedly received criticism from privacy advocates. In particular, decisions by the company have been seen as compromises with censorship in China. And she has for some time wanted to introduce controversial tools to combat child pornography.
The new algorithms were supposed to better identify sexual images involving children on iCloud and iMessage, but faced with an outcry in the summer of 2021, Apple delayed their implementation. Since then, the company has remained silent on the matter and did not respond to a request from AFP.
In addition to cloud protection, the Apple brand also promised two other new functions on Wednesday for people who are particularly vulnerable to being spied on – journalists, human rights activists, elected officials, etc.
In early 2023, those on iMessage will have additional guarantees against the risk of talking to identity thieves. And their authentication system to unlock their devices will be strengthened.
In September 2021, the company had to urgently repair a computer vulnerability that the Pegasus software from the Israeli company NSO Group was able to exploit to infect iPhones. This computer program at the heart of a scandal is used by governments for espionage purposes.
“The fundamental problem with Internet security is verifying that someone sending you a message is who they say they are. And many vulnerabilities exploited by the NSA and others rely on spoofed messages,” comments John Bambenek, specialist at Netenrich, a California-based cybersecurity firm. “This new feature helps combat both of these issues.”