Apple was planning to roll out end-to-end encryption for device backups on iCloud, but backed off the plan after pushback from the FBI, according to a new report from Reuters.
Apple reportedly notified the government of its intention to introduce the security measure more than two years ago, four current or former FBI personnel and two current or former Apple employees told Reuters.
As it stands today, iCloud is encrypted, such that only users and Apple have keys to backups stored on the company's servers. However, enabling end-to-end encryption would have eliminated the company's ability to access or recover users' backups — something government officials feared would have hindered criminal investigations involving suspects using iPhones.
"Legal killed it, for reasons you can imagine," one Apple employee said of the initiative to Reuters. The same individual said the company wanted to avoid criticism for protecting criminals, as it had previously come under fire for neglecting to unlock an iPhone used by the attacker behind the December 2015 San Bernardino, California, mass shooting that killed 14 people and seriously injured 22 others.
While data stored locally on iPhones and iPads are fully encrypted by default, and communications over iMessage are end-to-end encrypted as well, Apple has yet to extend the same security to backups stored on iCloud.
These backups present a full snapshot of a device's contents at a given point in time, including logs of encrypted-messaging chats, so they're tremendously valuable to investigators. (That said, some messaging services, like Signal, avoid iCloud entirely.)
Reuters' report comes one week after U.S. Attorney General William Barr rebuked the Cupertino tech giant for not providing the government with "substantial assistance" in accessing two locked iPhones belonging to a Saudi air force officer responsible for a shooting at a Pensacola, Fla. navy base in December.
Assistant Attorney General John Demers added days later that he's "never seen the atmosphere here in D.C. to be so conducive to passing some kind of encryption legislation or lawful access legislation as it is today," according to the Washington Post.
The numbers suggest Apple is complying
Barr's comment might lead you to believe Apple has been stonewalling investigators' pleas left and right, but the data tells a different story.
In the first half of 2019, Apple handed over account data (that includes iCloud backups, but could also contain users' personally identifiable information and photos, emails, contacts and calendars) in 90% of requests from the U.S. government. That translates to 3,259 cases out of 3,619 inquiries. What's more, 1,568 of those requests fulfilled involved actual content, not just account identifiers.
Evidently, the FBI isn't satisfied with the status quo; they'd rather enforce and ensure tech companies' cooperation via legislation. An Apple spokesperson told the Wall Street Journal in the face of Barr's accusations that its "responses to [the government's] many requests since the attack have been timely, thorough and are ongoing."
As it turns out, some decision makers within Apple might actually be coming around to the FBI's viewpoint. Reuters says two of the former FBI officials it interviewed believe that the government provided Apple with evidence of how access to suspects' data, including iCloud backups, had been crucial in assisting thousands of investigations.
"It’s because Apple was convinced,” one such source told Reuters. "Outside of that public spat over San Bernardino, Apple gets along with the federal government."
Clarification: An earlier version of this story didn't specify that iCloud backups are currently encrypted, but not end-to-end encrypted. We've corrected the error.