End-to-end encryption tools that users can choose to use are a huge step forward for online privacy and security.
Apple Inc. made a relatively unimportant announcement on Wednesday: the company will now provide end-to-end encryption for the vast majority of data backed up to its iCloud service.
In the same way that only the owner of a private key can access their bitcoin wallet, only the user with the authorised device will be able to access their cloud storage. Users can now safeguard their photos, notes, and other documents with the new security feature. However, information like emails, calendar events, and contact details are not included because they require the use of third-party services. By early 2023, Apple plans to roll out encrypted iCloud storage to users all over the world. This news was included in an announcement that detailed Apple’s new, impressive high-security messaging features.
Basically, this shift is a very big deal.
Apple highlights the new system’s strengths in protecting users from cybercriminals. However, the implications for privacy may be even more serious. Up until now, Apple has been able to access most iCloud content when compelled to do so, such as in response to a search warrant or other legal process.
Apple has tried to resist these pressures, most notably in a 2015 court battle with the FBI that ended inconclusively. A new encrypted storage system, however, will make this argument academic, as law enforcement and intelligence agencies will be unable to subpoena or otherwise compel Apple to hand over user data.
It’s for this reason that governments and intelligence agencies have reportedly been putting pressure on Apple for years to keep the feature from being released. It’s commendable that Apple stood firm in the face of that pressure; it could have far-reaching effects on how people view digital privacy.
In short, the world’s largest and most influential maker of digital hardware and software is taking a firm stance in favour of the idea that true online privacy should be permitted to exist. That Apple considers this crucial enough to push back against the U.S. government disproves one of the most flimsy and weak arguments against privacy: that “if you haven’t done anything wrong, you shouldn’t care about privacy.” Obviously, Tim Cook does not agree.
End-to-end encryption is a priority for the cryptocurrency industry because it will help standardise online financial privacy. There has been a rise in attacks on crypto privacy, including the banning of Tornado Cash.
There are two other ways in which crypto will directly benefit from the new Apple systems. At first, they will have an effect on the safety of things like cryptographic keys and digital wallets. Some crypto users have been known to trust iCloud backups with their private keys, either out of ignorance or pure bad judgement.
That leaves them open to attack from hackers and, in one infamous case, the FBI, but Apple’s new encryption will significantly lessen that risk.
And finally, Apple’s new system will expose a massive new user base to the same security practises and interface features also prevalent in crypto, which is a major positive development for the industry as a whole. Many users will be put in the position of managing their own private encryption keys for the first time in the absence of a centralised recovery mechanism. This is analogous to the fact that users of non-custodial crypto apps and protocols must “be their own bank” by safeguarding their own private keys.
Software chief Craig Federighi has called this a “huge responsibility” for Apple because, unlike blockchain systems, Apple can’t simply reset a user’s password and email them a new one. Although specifics are lacking, this cannot be accomplished without effectively giving Apple a backdoor into user files, and thus is unlikely to be attempted.
The Washington Post claims that Apple will also introduce a procedure called “social recovery” to the general public in order to counteract this potential drawback. If a user of encrypted iCloud loses their encryption key, they can choose a second person to help them recover their data. As a means of mitigating the danger of key loss, social recovery and other “multi-signature” backup schemes are gaining popularity in the field of cryptography.
Although we haven’t seen the user interface or the way tasks are performed, we can be sure that Apple has created something beautiful and easy to learn. The most trusted name in computers is about to introduce private key management to hundreds of thousands of users. It’s a short distance to cryptography from there.