According to a number of press reports, Apple is in the process of revamping its iCloud storage service to increase security by divesting itself of the task of keeping users’ encryption keys.
Currently Apple keeps the keys to access iCloud accounts, which means, among other things, that Apple can provide information to authorities when presented with a warrant. The company provided such information from the iCloud account of Sayed Farook, the terrorist who killed 14 county employees late last year in in San Bernardino, Calif. Apparently that’s now about to change. If the reports are correct, Apple is planning to offload the storage of encryption keys so that users control their keys, and they’re accessible only through a password.
This way, even Apple cannot gain access to your encrypted data, no matter how much it may want to and no matter how many government subpoenas it receives. It can’t honor court orders to provide the data because the company has no way to decrypt it.
In effect, Apple is following the lead of secure cloud services such as SpiderOak which has been offering what it calls “Zero Knowledge” cloud storage. By that, SpiderOak retains no information about whatever is stored in its cloud service, nor the means of gaining access to it. How good is this? SpiderOak even has a quote from former National Security Agency analyst Edward Snowden praising the zero knowledge approach.
The change should be no surprise. Apple took quite a hit on the lack of security for its iCloud service in 2014 when compromising information regarding a number of celebrities was made public.
While it has since been revealed the personal accounts were compromised by phishing attacks that targeted specific users, the case still prompted a number of changes at Apple, including encryption of iOS devices by default and now, stronger encryption for iCloud.
This strong encryption for iOS devices has led to a continuing battle between Apple and the FBI, for which no resolution appears to be in sight. The reason this legal battle hasn’t extended to iCloud is because up until now Apple has been able to bypass the encryption and has done so in response to law enforcement requests when they were accompanied by a warrant.
But those free and easy days are about to end. Once Apple issues an update to iCloud, the company will no longer be able to provide law enforcement agencies with access to data in any iCloud account. This will likely lead to another series of courtroom standoffs between Apple and the FBI.
No doubt the government will claim that Apple’s new encryption is actually an evil plot to enable communications for terrorists and child exploiters. Apple in its turn will claim that it’s all in the name of privacy from government intrusion.
What such a move would mean to users is unclear. If it’s handled in a manner similar to SpiderOak, then if you lose your password, you’re out of luck. Your data is private but unreachable. SpiderOak does not have a way to provide access to your data.
However, Apple currently has a means of regaining access if you forget your password. The company provides a Recovery Key that you can use to request a password reset. Once you provide Apple with the key, you gain access to the password reset page and you can get back in to your data.
Whether the company will continue to support the use of Recovery Keys is also unclear. On one hand, Apple would have a significant problem with people who can’t remember user names and passwords losing access to their data and demanding help. If the company keeps the Recovery Key system in place, then Apple will avoid that problem.
However, the Recovery Key is delivered on a document that itself can be the subject of a warrant and that could let investigators into your supposedly secure iCloud account. This may be how the FBI was able to change the Apple ID password to Farook’s account. But in any event if Apple is so strongly against providing access, it’s likely that the company will also dump the Recovery Key concept.
If Apple actually goes ahead with a zero knowledge approach to iCloud, Apple customers may find the outcome to be much less than user friendly. Lost passwords will not be recoverable, which means that users will have to find a place to store them, either in a password manager or on a piece of paper or something like that. Or, more likely, they will give their iCloud account a password that’s the same as one they have on everything else they use.
The result will be that while their data is encrypted, it’s actually less secure than it is now. After all, who is going to take a chance at creating a strong password they might forget? This means that access to iCloud by hackers will become easier than it is because passwords will be easier to guess. Worse, if the hackers find one password, they’ll effectively find more. Their data will be just as open as it was before the 2014 breach.