SEARCH FINANCIAL SERVICES INFRASTRUCTURE SECURITY SCIENCE INTERVIEWS

 

     

Apple allegedly made nice with FBI by dropping iCloud encryption plan

By Lisa Vaas, Sophos

January 23, 2020

In spite of Apple having turned over the shooter’s iCloud backups in the case of the Pensacola, Florida mass shooting last month, the US government has been raking it over the coals for supposedly not helping law enforcement in investigations.

But according to a new allegation, Apple has been far more accommodating than the FBI has been willing to admit. Specifically, according to six sources – Reuters relied on the input of one current and three former FBI officials and one current and one former Apple employee – a few years ago, Apple, under pressure from the FBI, backed off of plans to let iPhones users have end-to-end encryption on their iCloud backups.

The bureau had griped that such encryption would gum up its investigations.

Last week, US Attorney General William Barr fumed at Apple over its refusal to break encryption per FBI request:

So far, Apple has not given any substantive assistance.

President Donald Trump piled on, tweeting that Apple refuses to unlock phones used by “killers, drug dealers and other violent criminal elements.”

But if the recent allegation proves true, it means that Apple has been far more accommodating to US law enforcement than headlines, politicians’ ire, and Apple’s marketing would indicate.

Its sources told Reuters that more than two years ago, Apple told the FBI that it planned to offer end-to-end encryption for iCloud backups, primarily as a way to thwart hackers. If it had gone through with the plan, it would have meant that Apple wouldn’t have a key to unlock encrypted data and would thus be unable to turn over content in readable form, even if served with a court order to do so.

The next year, in private talks with the FBI, the plan to fully encrypt iCloud backups had disappeared. Reuters couldn’t determine why, but without giving details, a former Apple employee said it wasn’t hard to fill in the blanks:

Legal killed it, for reasons you can imagine.

Reuters’ source said that Apple didn’t want to run the risk of “being attacked by public officials for protecting criminals, sued for moving previously accessible data out of reach of government agencies or used as an excuse for new legislation against encryption.”

If that was indeed Apple’s intent, it hasn’t worked out all that well. The company has been excoriated on Capitol Hill for its refusal to put in a backdoor that would enable the government to read encrypted messages.

Last month, responding to Apple and Facebook reps who testified about the worth of intact encryption, Sen. Lindsey Graham had this to say about the government’s ongoing quest for a backdoor:

You’re going to find a way to do this or we’re going to do this for you.

Backdoors are a product-crippling move that Apple has declined to take in spite of the FBI’s many demands to do so since the case of the San Bernardino terrorists.

One of Reuters’ sources said that it was that 2016 court battle with the FBI that subsequently made Apple back down:

They decided they weren’t going to poke the bear anymore.

A former FBI official who wasn’t involved in the iCloud encryption talks said that during the fight over encryption of the San Bernardino shooter’s iPhone, the bureau had managed to convince Apple that evidence from iCloud backups had made a difference in thousands of cases.

It’s because Apple was convinced. Outside of that public spat over San Bernardino, Apple gets along with the federal government.

The allegation relies on hearsay. Reuters doesn’t have solid proof. But one former Apple employee suggested that the encryption project – variously code-named Plesio and KeyDrop – might have been abandoned for other reasons besides legal trepidation, such as the possibility that customers would get disgruntled over being locked out of their data more often. At any rate, as three of Reuters’ sources tell it, Apple pulled about 10 experts off the encryption project after deciding to dump it.

Apple has handed over iCloud backups in 1,568 cases, covering about 6,000 user accounts, Reuters reports. In fact, the company has turned over at least some data for 90% of the requests it’s received.

Terms of Use | Copyright © 2002 - 2020 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement