Securing iCloud: Why it's time for an end-to-end encryption option for our backups

How to view and delete old iPhone backups in iCloud
How to view and delete old iPhone backups in iCloud (Image credit: Joseph Keller/iMore)

A lot of digital ink has already been spilled on the topic of encryption, or lack thereof, for iCloud backups. Should iCloud backups be encrypted? Should they be readily available for law enforcement? Did Apple kill end-to-end encryption for the FBI?

The fundamental question, I believe, comes down to what Apple's responsibility is regarding the data that its customers store. Does Apple have a responsibility to keep our data reasonably safe? I believe the answer is yes. But does Apple have the responsibility of keeping our data so secure that even it can't retrieve it should that be necessary? Well, that's a bit more complicated. I ultimately think the answer here is also yes, but there's one major caveat to think about before we insist that Apple encrypt our data.

What we're talking about when we talk about encryption

First things first, we should clear some things up: Apple does encrypt your iCloud backups. Those backups are protected. The issue is end-to-end encryption. Your backups are encrypted but they're not end-to-end encrypted. Your phone is encrypted, the transmission of your backup to iCloud is encrypted, and the stored data is encrypted. It's just that Apple can access that backup when it needs to, such as when it's compelled to by law enforcement.

But just what is end-to-end encryption, and how is it different from "standard" encryption? Well, all encryption, simple and complex, is achieved by obfuscating information so that no one but the intended recipient of that information can read it. The intended recipient will have a key, which allows them to decipher the encrypted information. In the time of, say, the American Revolution, these keys could be things like books owned by both sender and recipient which could be used to construct and decipher a coded message. These days, these keys are built with a lot of math.

In end-to-end encryption, only the people for whom a piece or collection of information is intended have keys to that information. With an end-to-end encrypted messaging service, such as iMessage, the devices you and your message recipients are using essentially have the only keys to the conversation, while Apple doesn't. Conversely, standard SMS is technically encrypted in a basic sense, but the carriers have keys to those conversations.

End-to-end encryption ensures that the only people that can see a piece of information are the ones who are supposed to.

So the issue is really about keys. iCloud backups are encrypted, and you can get to them, but so can Apple. They're not end-to-end encrypted because Apple has keys to access them, even though it's not actually the intended recipient of that backup data. iCloud backups would be end-to-end encrypted if the customers who created them were the only ones able to access them.

Should Apple end-to-end encrypt iCloud backups?

This is a hard question to answer. I think that by default, no, Apple shouldn't put end-to-end encryption on iCloud backups. This goes to the primary reason why Apple doesn't in the first place: because it'd be a damned inconvenience for anyone looking to retrieve an iCloud backup after forgetting the password and identification key for their account.

Because that's what would happen if you enabled end-to-end encryption for iCloud backups. Users would be solely responsible for making sure they could access their data. Did you somehow lose access to your account? Too bad, that iCloud backup you were hoping to use is gone. And no, Apple can't recover it for you. If it could, then the backup wouldn't be end-to-end encrypted, and we'd be back where we are now.

Apple should offer an option that allows us to fully encrypt our backups so that we're the only ones with access. It's important for reasons that I'll get to shortly. But the option shouldn't be on by default, and most people probably shouldn't activate it if ever appears. You're more likely to need Apple to help you get to your data, rather than need it to keep your data safe from law enforcement. But some do need it, and for those people, it should absolutely be an option.

Why an end-to-end encryption option matters

Political dissidents. Activists. Journalists. These are groups of people who could benefit from an end-to-end encryption option for their iCloud backups. These people are often the targets of governments, political opponents, or criminals, and the ability to keep their information completely secure is necessary for their safety and/or livelihood.

No government can be fully trusted with the privacy of its citizens.

No government anywhere has a spotless record when it comes to handling activists, for instance. There's not a power structure in existence that doesn't see dissent and at least say to itself "we should keep an eye on that." In the U.S., the F.B.I. has its own issues when it comes to the privacy of activists, going all the way back to its founding. And even if your own government is, to borrow a phrase, a Xanadu Bureaucracy of the Seraphim Incorruptible, not every government around the world is, and they might try to get at the data in things like iCloud backups. This is why tools like encryption are important.

But it's also important for everyday citizens to at least have the option for end-to-end encryption. Whether you're worried about criminals getting their hands on your data, or you're concerned that you might have ticked off a government agency or two somehow, having the option to more thoroughly secure your data should be available to all of Apple's customers.

Just think about what your iPhone knows about you. Every phone call you make, every message you send, every note you write, every location you visit, and all of your health data. While some of this data is encrypted independently, a lot of it is accessible through your iCloud backups. Think about all of that, then ask yourself if you'd be okay if someone got their hands on it. Are you okay with not have at least the option of protecting it further than you already can?

Some argue that offering an encryption option would ultimately make us less safe. I'm not sure this argument holds water. You're more likely to be the target of a criminal looking to access your data than an FBI or law enforcement investigation looking to do the same thing. This is also why Apple offers strong encryption on the iPhone. It's not to keep law enforcement out, it's to keep criminals out. It's just a side effect that the FBI has a harder time getting into iPhones in their possession. They actually can get into those phones, it's just not as easy as it would be with a back door.

But at the end of the day, it's not Apple's job to make things easier for law enforcement. It's Apple's job to keep the data that its customers trust it with safe. For many, policies that limit the power of social engineering, implementing 2FA, and increased vigilance on Apple's part are enough. iCloud backup data is generally well protected. But for those looking for increased security, or maybe just increased peace of mind, adding end-to-end encryption is a necessary tool that should be offered as soon as Apple can.

Final thoughts

It's likely that you don't need to use this option. As Apple analyst and Vector host, Rene Ritchie, has talked about in the past, there is a certain tendency amongst some to over-fetishize security to the point where most people's devices and services would become unusable. Most people want services that are fail-safe, rather than fail-secure. At the end of the day, you'll probably want Apple to be able to help you recover your data more than you'll need them to keep it out of the hands of law enforcement.

But the option to enable end-to-end encryption should still exist. Whether you're a political dissident, a journalist, or just an ordinary person who wants to keep their data absolutely private, you deserve to have that choice, especially from a company whose products and services are so heavily intertwined in our lives on a daily basis.

Joseph Keller

Joseph Keller is the former Editor in Chief of iMore. An Apple user for almost 20 years, he spends his time learning the ins and outs of iOS and macOS, always finding ways of getting the most out of his iPhone, iPad, Apple Watch, and Mac.