The thing that convulsed the internet for much of yesterday was this Reuters report that Apple decided against throwing away its keys to users’ encrypted iCloud backups after the FBI complained about encryption.
The word “after” does a lot of work in that formulation — it reads as though it’s meant to be about cause but might just simply be about chronology. Reuters itself didn’t come out and say that Apple chose to retain the ability to unlock your iCloud backups because it was worried about the FBI freaking out if it locked them down, but didn’t not not say that either. One source told the outlet that “Apple didn’t want to poke the bear,” the bear being the FBI.
The news isn’t that the iCloud loophole exists — we’ve always known that. If Reuters’ reporting is correct (and I have no reason to doubt it), the news is Apple’s rare about-face on its march to protect your data.
It’s caused a stir because the larger context is that the US Attorney General is accusing Apple of refusing to help with FBI investigations, a claim Apple strenuously denies. But inside that denial is also the awkward fact that Apple has access to that data in the first place via the iCloud loophole.
Apple set itself up as the paragon of privacy over the past year. I’d argue that Apple’s own rhetoric around privacy and security meant that anything less than perfectly private and secure data would be seen as a failure. And friends: there is no such thing as perfectly private and secure data.
To be clear, Apple really is doing a lot to try to limit the collection and spread of your data — that’s one of the core issues. It also has been way out ahead of the rest of big tech when it comes to on-device encryption. Other big tech companies should be doing more to follow Apple’s example when it comes to device encryption and tracking. Credit where due.
Apple’s choices for iCloud backups involve trade-offs that reasonable people can argue about. I don’t know that I agree with them, but it would be nice to have an open, nuanced discussion about them. The problem is that, as Cieplinski tweeted, nuance and reason are in pretty short supply when it comes to discussions about encryption