According to a report from Reuters, Apple abandoned plans to release an end-to-end encrypted version of iCloud backups after facing complaints from the FBI who told Apple that it would hinder their investigations.
The report says that Apple was working on the feature more than two years ago, but it was cancelled after the FBI raised concerns. One employee said “legal killed it, for reasons you can imagine”.
End-to-end encryption works by making an encryption key based on factors that are not stored on the server. This may mean entangling the key with a user password, or some cryptographic key stored on the hardware of the local iPhone or iPad. Even if someone hacked into the server and got access to the data, the data would look like random noise without having the entangled key to decode it.
Apple currently stores iCloud backups in a non end-to-end encrypted manner. This means that the decryption key is stored on Apple’s servers. If a police entity comes to Apple with a subpoena, then the company has to give over all of the iCloud data — including the decryption key. This has further rounds of ramifications. For instance, whilst the iMessage service is end-to-encrypted, the conversations stored in an iCloud backup are not.
In the case of the widely-publicized Pensacola shooter, Apple said that it handed over gigabytes of iCloud information (likely mostly consisting of user photos) when attorney general Barr criticized the company for not doing enough to help.
In 2016 in fact, both The New York Times and the Financial Times said that Apple was developing more comprehensive end-to-end encryption features. No changes to iCloud Backup have been rolled out in the years since, though, and the Reuters report today suggests it is no longer on the roadmap either.
Reuters says that it is possible that other factors led to the decision to drop the initiative, such as the fear that customers would accidentally enable end-to-end backups without realizing the consequences, then forget their password and lose all access to important personal information like their photo library.
As shown on this webpage, Apple uses end-to-end encryption selectively. Data such as the Health database or Home configuration, iCloud Keychain and WiFi passwords is stored in an end-to-end encrypted form. However, the most personal and most sensitive categories of information like email, photos and iCloud Drive files do not offer that extra level of security, even as an option for those that would want it. Messages are also stored using end-to-encryption but as said earlier, this is nullified if the user also enabled iCloud Backup.
The Electronic Frontier Foundation has repeatedly requested that Apple and other tech companies offer end-to-end backup solutions.