Apple on Wednesday presented new tools to better protect the personal and professional information of its users, both from hackers and the authorities, an announcement that may displease governments concerned that law enforcement can access this data.
Customers of its iCloud storage service will soon be able to choose “advanced data protection” mode, which encrypts 9 additional types of content, including photos. The iPhone manufacturer recalled that 14 categories, such as passwords and health information, were already coded.
iCloud users will be able to “protect the vast majority of their most sensitive data with end-to-end encryption so that it can only be decrypted on their trusted devices”, said Ivan Krstic, the head of security systems at Apple, quoted in a press release.
Only the iCloud mailbox, contacts and calendar will be excluded from this comprehensive protection technology to maintain interoperability with other systems.
The Californian tech giant already uses end-to-end encryption on its iMessage, as well as WhatsApp (Meta) and other communication apps. This system allows the messages to be scrambled, and only the sender and the addressee have the “keys” to read them.
On the cloud, this means that only the owner of the information will have access to it.
– Reputation –
“Even if the company storing the data is hacked, you have additional guarantees that you won’t be a secondary victim,” says Melissa Bischoping, research director at Tanium, a cybersecurity firm.
“Nevertheless,” she points out, “it is important to understand that with this additional level of protection it is more complicated, if not impossible, to recover your data if you do not follow the instructions”.
Apple’s statement cites a study that found data breaches tripled between 2013 and 2021.
However, many governments, even democratic ones, take a dim view of the democratization of these sophisticated methods.
In the United States and Europe, they are half-whispering for “backdoors”, that is to say flaws in this software, in the name of the fight against terrorism or pedocrime, in particular.
But Apple has partly built its reputation on respecting the privacy of its customers.
“Our commitment to providing the best data security in the world is unwavering,” said Craig Federighi, a vice president of the group.
Apple has repeatedly drawn criticism from privacy advocates.
Decisions by the firm have notably been seen as compromises with censorship in China.
– Spying –
And she has a time wanted to put in place controversial tools to fight against child pornography.
The new algorithms were supposed to better identify sexual images involving children, on iCloud and iMessage, but faced with an outcry in the summer of 2021, Apple delayed their implementation.
Since then, the company has remained silent on this subject, and has not responded to a request from AFP.
In addition to cloud protection, the Apple brand also promised two other new features on Wednesday for people who are particularly at risk of being spied on – journalists, human rights activists, elected officials, etc.
At the beginning of 2023, on iMessage, they will have additional guarantees against the risk of conversing with identity thieves. And their authentication system to unlock their devices will be strengthened.
In September 2021, the company had to urgently repair a computer vulnerability that the Pegasus software, from the Israeli firm NSO Group, was able to exploit to infect iPhones. This computer program at the heart of a scandal is used by governments for espionage purposes.
“The fundamental problem of internet security is verifying that someone sending you a message is who they say they are. And many vulnerabilities exploited by NSA and others rely on forged messages,” comments John Bambenek, a specialist at Netenrich, a Californian cybersecurity company. “This new feature helps combat both of these issues.”