Apple is working on beefing up iCloud security so that even the company itself won’t be able to access user information stored in the cloud, “people familiar with the matter” have told the Wall Street Journal.
While the consensus is that iCloud security needs to be hardened, how to do that without inconveniencing users divides Apple executives, according to the WSJ.
But Apple executives are wrestling with how to strengthen iCloud encryption without inconveniencing users. Apple prides itself on creating intuitive, easy-to-use software, and some in the company worry about adding complexity.
If a user forgets a password, for example, and Apple doesn’t have the keys, the user might lose access to photos and other important data. If Apple keeps a copy of the key, the copy be “can be compromised or the service can be compelled to turn it over,” said Window Snyder, a former Apple security and privacy manager who is now chief security officer at Fastly, a content-delivery network.
Apple currently has access to data kept in the cloud so it can help law enforcement agencies with relevant information if they produce the appropriate legal authorization.
But there is some data stored in iCloud that even Apple can’t access: Keychain Access data. Now the company wants to bring that kind of protection to iCloud backups as well, so even they can’t access it, not to mention law enforcement agencies.
The move also means that Apple needs to address its effort to balance a user-friendly approach with improved privacy. The Wall Street Journal’s sources corroborate earlier reports about beefing up iCloud security.
An Apple spokeswoman pointed to comments by Craig Federighi, the company’s senior vice president of software engineering, in a March 6 opinion piece in the Washington Post. “Security is an endless race—one that you can lead but never decisively win,” Mr. Federighi wrote. “Yesterday’s best defenses cannot fend off the attacks of today or tomorrow.”
However, every step Apple takes to protect its users will likely antagonize law enforcement agencies, considering the ongoing legal battle with the FBI over unlocking of the seized iPhone 5c used by Syed Farook, one of the San Bernardino shooters.