Apple has announced its plans to transfer iCloud encryption key management to account holders, a move which could stand in the way of or even prevent the FBI and other law enforcement agencies from requesting users’ information.
The tech giant currently manages the encryption key management for all iCloud account holders.
eWeek reports that because of this level of control, Apple provided federal authorities with several iCloud backups of Syed Rizwan Farook, an individual who participated in a mass shooting and attempted bombing in San Bernardino, California back in December. The company cooperated with authorities even as it refused to help them unlock the suspected terrorist’s iPhone.
But the times they are a-changin’.
Back in 2014, many account holders experienced a crisis of faith when a hacker allegedly leaked the nude pictures of several well known celebrities from their private iCloud accounts.
Although the breach may have been assisted by users falling for phishing messages, Apple vowed to explore ways to further enhance the security of its services and devices.
It is against this backdrop that we have seen the ongoing Apple-FBI controversy.
Over the past few months, several well known figures in the tech field, including the CEO of Google, have supported Apple’s decision to not comply with the FBI’s demands that it help authorities unlock Farook’s iPhone.
The future of this case is uncertain. Just recently, a federal court granted the FBI’s request to postpone all court proceedings while it takes the time to investigate a method of unlocking the suspected terrorist’s iPhone that would not require Apple’s assistance.
But even if the U.S. Department of Justice decides to drop this particular case, it is almost certain that the tech giant will face more and more requests to access customer data in the future.
With that in mind, Apple’s decision to hand over encryption key management to iCloud account holders will render many of these requests irrelevant. Without the encryption keys, Apple will have no way to access users’ encrypted iCloud data regardless of how much the U.S. government wants it.
The onus of data management will therefore shift to the users themselves.
There is admittedly some risk in that transition; if users forget their passwords, Apple will have no way of restoring access to their accounts. This might lead some users to create easy-to-remember passwords that by their nature could weaken the security of their iCloud accounts.
It is therefore important that iCloud users begin thinking about password security now. I recommend that users consider creating an account with one of the leading password managers (examples include Dashlane, LastPass and 1Password). These services not only remember passwords for users, but many of them can also generate strong passwords automatically.
A password manager could ultimately be the perfect tool to help iCloud users handle their own encryption key.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.