Apple famously tussled with the FBI in 2016 when the agency demanded access to a locked iPhone belonging to the San Bernardino gunman. The FBI dropped its case after finding a company that could crack the device, so Apple was never forced to break its own device encryption. According to a new report, Apple dropped plans that would have made user data even more secure by encrypting backups. It made this course change after the FBI quietly expressed concern that it could harm investigations.
Apple talks about user privacy and security quite often — it was the first major smartphone vendor to implement full device encryption by default. Google followed suit about a year later, requiring all Android OEMs to encrypt phone storage. The FBI publicly chastised the companies for this move, and the disagreement came to a head during the 2016 court battle.
After the dust settled from Apple’s public spat with the Bureau, engineers began working on a project codenamed Plesio or KeyDrop. Apple’s phones periodically conduct full device backups, storing the data in iCloud. Unlike the physical device, Apple holds encryption keys to this data. If ordered by courts, it can decrypt and provide copies of those backups to law enforcement. In the first half of last year, Apple provided law enforcement with iCloud backups from some 6,000 accounts.
The FBI reportedly got wind of Apple’s plans in 2018, and the Bureau’s Cyber Crime division became involved. Agents told Apple that implementing end-to-end encryption on device backups would deny the FBI an important investigative tool. While it’s sometimes possible to unlock iPhones recovered during an investigation, agents can get court orders to search iCloud backups without the target knowing.
Reuters spoke with six different sources inside Apple and the FBI to confirm this story. They all agree that Apple dropped the plan to encrypt iCloud backups shortly after the FBI objected. No one could say for sure what rationale Apple leadership used to justify the change, but several sources say Apple was convinced by the FBI’s arguments that backups provided pivotal evidence in thousands of investigations. A few also suggest Apple didn’t want to “poke the bear” so soon after the 2016 court battle.
Apple has refused to comment on the Reuter’s report. Interestingly, Google followed through with a similar plan to encrypt backups with the user’s lock screen password. Google can’t access it, and neither can law enforcement. There’s no word whether the FBI attempted to stop Google from doing so.
- Australia Becomes First Western Nation to Ban Secure Encryption
- Apple to Block Police iPhone Hacking Tools in Future Update
- FBI Unable to Access Half of All Confiscated Smartphones Due to Encryption