CUPERTINO, CALIFORNIA – JUNE 06: Apple CEO Tim Cook looks at a display of brand new redesigned MacBook Air laptop during the WWDC22 at Apple Park on June 06, 2022 in Cupertino, California. Apple CEO Tim Cook kicked off the annual WWDC22 developer conference. (Photo by Justin Sullivan/Getty Images)
Justin Sullivan | Getty Images News | Getty Images
Apple announced on Wednesday that it plans to allow users to encrypt additional kinds of iCloud data on its servers, including full backups, photos and notes.
The feature, called Advanced Data Protection, will prevent Apple from seeing the contents of some of the most sensitive user data stored on its servers, and will make it impossible for Apple to provide the content of an encrypted backup to law enforcement.
Encrypted backups will be opt-in, according to Apple, and will be available in the U.S. before the end of the year.
While Apple has previously encrypted a lot of data it stores on servers, entire device backups that included text messages, contacts, and other important data were not end-to-end encrypted, and Apple previously had access to the contents of the backups.
The move will please security advocates, many of whom previously pointed to unencrypted iCloud backups as a weak link in Apple’s privacy policy. It also means that user data content would not be exposed if Apple’s servers were ever breached.
It could upset law enforcement, which has used Apple’s policy of not encrypting backups as a way to obtain materials in investigations even though Apple’s iMessage and devices are encrypted.
Apple famously fought the FBI’s attempt to force it through the courts to unlock an encrypted iPhone used by a terrorist in San Bernardino. At the time, Apple said that an unencrypted iCloud backup on its servers was an option to get the same data.
Law enforcement officials around the world generally oppose encryption because it allows suspects to “go dark,” and denies law enforcement access to potential evidence they could previously access under lower levels of security.
Apple also announced two other security features on Wednesday. Users will soon be able to use a physical key as second-factor protection for Apple ID logins. Another update allows users facing significant security threats to confirm that text messages aren’t being intercepted.
Last year, in an apparent effort to appease law enforcement, Apple announced a system to scan for illegal content such as child sexual abuse materials using a complicated system that would still allow Apple to encrypt user photos on its servers. The system was opposed by privacy advocates who said that it would essentially allow Apple to scan people’s hard drives.
The development of the system has been stopped, according to the Wall Street Journal.