Apple Announces New Security And Privacy Measures Amid Surge In Cyber-Attacks – On Wednesday, Apple introduced a suite of security and privacy improvements that the company is pitching as a means to help customers protect their data from hackers, including one that civil liberties and privacy organizations have long advocated for. The tech giant will soon allow users to choose to secure more of the data backed up to their iCloud using end-to-end encryption, which means no one but the user will be able to access that information.
Apple says the changes will help users protect their digital lives from hackers in the exceptional case that an advanced state actor was able to breach the company servers. However, privacy advocates such as the founder of the Surveillance Technology Oversight Project, Albert Fox Cahn, argue that these modifications may have an immediate impact on the types of user data law enforcement and government agencies can obtain from Apple. These changes “acknowledge the massive public backlash against expanded spying on our devices,” particularly in the aftermath of the supreme court’s reversal of federal abortion protections, he said.
People Also Read: Meta Faces Lawsuit For Harvesting Financial Data From Tax Prep Websites
“This type of protection is most valuable in protecting against not cyber criminals, but people who are abusing government power to force the company to hand over data,” Cahn said. “Apple has long been in the position where it’s had to be the long arm of the police for years. Their law enforcement manual shows dozens of ways that they can help with investigations and now for people who opt into the protection feature, there will be a safeguard going forward.” That might be a cause of concern for government agencies looking to get a hold of user data to aid in their investigations.
Apple declined to comment on whether the company has discussed the changes with law enforcement or government agencies. Companies such as Apple have become an increasingly appealing entity for hackers and law enforcement alike due to the vast amounts of information they hold about people. Recent years have seen an increase in cyber attacks and data breaches on a global scale. According to a report from the Identity Theft Resource Center, there were 404 publicly reported data breaches in the first quarter of 2022, an increase of 14% from the same quarter the previous year.
The number of data breaches increased by 68% between 2020 and 2021. According to Apple’s most recent transparency report, the number of requests for user data from law enforcement and government agencies has also increased. The company received more than 12,000 requests for various types of user information between January and July of 2021, up from more than 10,000 requests in the last six months of 2020.
The end-to-end encryption of user information stored on iCloud, which Apple is calling “advanced data protection for iCloud,” will first be rolled out to a small subset of test users before launching widely in the US before the end of the year and globally in 2023. Messages, notes, and photos backed up to iCloud will be fully encrypted with this new offering. Contacts, calendar information, and email will not be encrypted, and users must opt-in to the feature. The device will store the encryption key, or the code used to gain access to the secure data.
The company says that it made these features opt-in because the system requires users to be responsible for the encryption keys and other means to regain and recover access to that information. “If you lose access to your account, only you can recover this data, using your device passcode or password, recovery contact, or recovery key,” according to Apple’s website. In addition to iCloud data protection, Apple plans to roll out a physical security key system for people signing into their iCloud account on any new device. It acts as a hardware-based two-factor authentication system.
For those who opt to use this additional layer of security, they will be required to plug a physical security key into the charging port on the phones to verify their identity when they sign into their iCloud account on a new device. However, users who choose to use this to secure their iCloud accounts will be responsible for storing both the primary and backup security keys. Lastly, the company is implementing a code system that enables users to confirm that their messages are only reaching the designated destination and are not being intercepted by hackers. The procedure may be familiar to users of the Signal software for encrypted messaging.
In the case of Apple, two individuals who have activated the system will be able to share their unique codes, and their devices will automatically recognize whether a third party with a different code has joined the conversation. Automatic alerts will pop up in conversations between users who have enabled this verification feature “if an exceptionally advanced adversary, such as a state-sponsored attacker, were ever to succeed breaching cloud servers and inserting their own device to eavesdrop on these encrypted communications,” the company said in the news release announcing the products.