Backdoored backup? Apple nixed iCloud encryption after FBI complained your data is a valuable resource

Helen Buyniski is an American journalist and political commentator at RT.

22 Jan, 2020 22:14

Apple was barred from offering customers encrypted iCloud storage because US intelligence agencies insisted on maintaining open access to users’ files, their primary means of evidence-gathering, sources claim.

The FBI quashed a planned feature that would have allowed Apple users to encrypt their iCloud storage, claiming that it would cut the agency off from its best source of evidence against iPhone-using suspects, according to sources who spoke to Reuters on Wednesday. Apple reportedly went along with the agency, hoping to avoid being made an example of in the media or used as the test case for a draconian new anti-encryption law, and the program was put to bed two years ago – yet the crusading surveillance state has returned in the wake of the Pensacola naval air base shooting to demand still greater incursions on user privacy.

Also on rt.com Big Tech joins up with Big Brother to turn your private health data into $38bn ‘public treasure’

When Apple tipped the FBI off to the new feature (codenamed “Plesio” or “KeyDrop”), which would have fortified users’ data against both hackers and governments so that even Apple wouldn’t have been able to access the information, representatives from the FBI’s cybercrime and operational technology division told Apple to reconsider the plan. The agency was apparently getting too much good information out of iPhone users who kept their files in the cloud for Apple to derail the gravy train with petty privacy concerns.And iCloud stores much more than what users deliberately put there, as Pavel Durov, founder of encrypted messenger Telegram, reminded his followers on Wednesday in the wake of the Reuters report. “Apps that are relying on [iCloud] to store your private messages (such as WhatsApp) are part of the problem,” he said. While WhatsApp, a subsidiary of Facebook, is at least nominally encrypted, it has been weaponized by Israeli tech firm NSO Group to implant undetectable spyware on targets’ phones and has been vulnerable to man-in-the-middle attacks since at least 2017. Durov’s own Telegram is not 100% secure itself – vulnerabilities surface regularly – but Telegram at least has its own cloud.

A year after the FBI representatives met with Apple to dissuade it from encrypting iCloud, the company had obeyed, sources told Reuters, explaining that management didn’t want to be raked over the coals for “protecting criminals” or sued for hiding data from government agencies. Appeasement carried the day, even for supposedly privacy-conscious Apple. So why is an aborted encryption initiative from two years ago in the news?

Apple’s appeasement didn’t go far enough for the Five Eyes, apparently. US intelligence agencies came away from the annual Five Eyes conference in July sounding the alarm that encryption enables terrorists and child abusers and must be destroyed. As if on cue, Apple is once again at the center of a wholly-manufactured war over the technology, being publicly excoriated by Attorney General William Barr for refusing (i.e. being unable to) unlock the phone of Pensacola naval base shooter Mohammad Alshamrani. Apple turned over not only Alshamrani’s iCloud backups, but his account and financial information and other data – “gigabytes of information” – in response to FBI requests, only stopping short of unlocking the actual phones, one of which was shot by a sheriff’s deputy while Alshamrani was being neutralized. Indeed, Apple said in a statement it had provided the agency “all of the data in our possession.”

Also on rt.com Apple trips over its privacy record in encryption battle over Pensacola shooter’s iPhone

But that wasn’t enough for the FBI, which claimed in a letter from general counsel Dana Boente that agents had been reduced to sitting around a table with other law enforcement agencies forlornly guessing passwords, unable to move forward with their investigation unless Apple could crack the code. Whether the gunshot damage prevented the FBI from paying an Israeli spyware firm millions of taxpayer dollars to bypass the encryption – or whether that expensive procedure found “nothing significant,” as allegedly happened when the FBI and Israeli tech firm Cellebrite cracked a phone belonging to one of the shooters in 2016’s San Bernadino attack – was not made clear. Reports have thus far merely presented Encryption as the demon, and Barr’s boys as the exorcists determined to cast it out of the iPhone market entirely.

Apple faces a thorny dilemma: it can allow Washington to cast it as the enemy in Barr’s low-budget encryption drama and negotiate away a few more civil liberties until the next time the FBI needs some good security theater – a route that will allow the trillion-dollar company to stay out of court and keep raking in the cash, until customers realize they’re getting Google-level privacy for Apple-level prices. Or the company can remind the FBI how much of the government’s functioning has been outsourced to Big Tech, remind the agency it actually needs Apple’s cooperation, and tell Barr to back off – an option that might require a few legal escapades, but will earn it the undying appreciation of its customers.

Think your friends would be interested? Share this story!