Despite Apple’s commitment to privacy, data backed up on Apple’s iCloudÂ isn’t as privateÂ as data stored on its physical devices.
Although iCloud data is encrypted, Apple holds the encryption key — which means the company can retrieve the data at any time.
“iCloud is not private from the government or Apple. iCloud is just someone else’s computer,” Jonathan Zdziarski, a computer security expert, told CNN Money on Monday.
That may change soon, however, as Apple prepares to make data stored on its iCloud inaccessible to company engineers, according to the Financial Times. Users would still be able to get their data, but Apple would render itself unable to complywith government requests to turn over data stored on iCloud. Such a move from AppleÂ could make iCloud the next battleground in Apple’s fight with the FBI.
Apple’s ability to access iCloud data is good news if you forget your iCloud passcode or lose your device. If that happens, Apple can retrieve whatever youâ€™ve backed up. But it also means that if Apple is ordered to turn over your backup files to the feds, it probably has to comply.
â€œIn certain cases, we are asked to provide customersâ€™ iCloud content, which may include stored photos, email, iOS device backups, documents, contacts, calendars, and bookmarks,â€ Appleâ€™s 2015Â transparency reportÂ states. â€œWe consider these requests very carefully and provide account content when the legal request is a search warrant.â€
By completely shutting off its access to iCloud data, Apple may be able to wriggle out of future data requests more easily, according to Jeffrey Paul, a cyber security expert and data privacy consultant.
“Apple doesnâ€™t want to have this capability; as we can see it ends up being a liability for them when the government starts unnecessarily pointing fingers,” Paul told HuffPost in an email on Friday.
We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business.Tim Cook, Apple CEO
Apple received requests for access to 2,727 iCloud and iTunes accounts from law enforcement in 2015, according to its transparency report. The company disclosed data in 81 percent of cases.
In the San Bernardino case, AppleÂ turned over all of the backup data stored on the iCloud account of Syed Farook, one of two suspected shooters. It was only because Farook stopped backing up his iPhone on Oct. 19, 2015 — six weeks before the San Bernardino attack — that the FBI sought Appleâ€™s help in retrieving data from Farookâ€™s device, according to the Los Angeles Times.
In response to the FBI’s request, Apple CEO Tim Cook insisted that the company keeps user data off-limits even to its own engineers:Â â€œWe have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business,â€ Cook wrote in a letter to customers.
But at least for now, Apple can still access data stored on iCloud. The company encourages its customers to use the cloud service, and in 2014,Â Apple was estimated to have 500 million iCloud accounts, according to tech consulting firmÂ Asymco.
The iCloud service has long been a weak spot in Appleâ€™s security apparatus. In 2014, hackers obtained nude photos of several celebrities after reportedly breaking into their iCloud accounts.
Making iCloud data inaccessible to Apple would make that data more private, but it could also seriously inconvenience users. If Apple throws away the iCloud key, it wonâ€™t be able to recover backup data for users when they lose their passcode.
“Nobody would be able to recover it, ever. Not you, not the FBI, not your heirs when you die,” Ross Anderson, a security engineering professor at the University of Cambridge, told CNN Money on Monday.
ByÂ Casey Williams,Â Editorial Fellow, The Huffington Post