Apple burnishes data security reputation; the FBI just burns
Apple again is beefing up data security and, again, the FBI is displeased.
Executives are boasting three new or updated functions, including a welcome (by some) upgrade for cloud security. The other two announcements involve iMessage verification and support for physical security keys.
The FBI is not a fan of end-to-end encryption for obvious reasons. The bureau already is shut out of iMessage traffic between Apple devices, and user momentum to back up more data to Apple’s iCloud shows no sign of slackening.
Editors of The Washington Post said they received a written statement from FBI officials in the wake of the news expressing deep concern with the “threat” of greater security. Private industry security protocols and applications that prevent law enforcement from monitoring communications between citizens are allegedly dangerous.
The government is rejecting the security-by-design mentality for “lawful access by design,” according to the FBI’s statement.
Here is what Apple has announced.
Nine new categories of sensitive data now can enjoy protection using Advanced Data Protection for iCloud. The company had already designated 14 categories that are sheltered by the feature.
Three of the newly protected groups are iCloud Backup, Photos and Notes. Company executives say the only “major” categories of protected data are iCloud Mail, Contacts and Calendar.
Advanced Data Protection is Apple’s “highest level of cloud data security,” executives say. It envelops “the vast majority” of customers’ cloud-stored data in end-to-end encryption as it streams on the internet. Designated trusted devices alone can send or receive the information.
IMessage Contact Key Verification also is a new feature, available next year, and it is marketed to people with the most to lose by having private conversation intercepted. Among those, in Apple’s judgment, are journalists, governments and human rights activists.
Anyone using it would get automatic warnings “if an exceptionally advanced adversary, such as a state-sponsored attacker” were to access a cloud server to monitor conversations.
The third announcement is that mobile Apple customers beginning early next year can augment the company’s security features by using third-party hardware security keys.
Here, too, the company sees this addition as something especially vulnerable people will need.
Hardware keys would be one of two factors available for users. It will prevent an “advanced attacker” from phishing a user’s second factor, according to Apple.