In a highly-publicized case, Apple is refusing to decrypt a customer’s iPhone to allow the FBI to go on a “legal fishing expedition” to see if maybe there is information on the iPhone of interest to law enforcement. Apple says it can’t provide information that’s stored on iPhones because it doesn’t have access to people’s passcodes. Opening the door to those phones for law enforcement could make your personal information vulnerable to others, Apple argues.
Apple also encourages its customers to place backup copies of email messages, photos, personal notes, contacts and calendar events to Apple’s iCloud. The online service is a convenience that allows customers to track lost or stolen iPads and iPhones, restore damaged devices, and keep lots of music and photos that don’t fit on the device. There is an interesting twist to this, however: in contrast to information stored inside an iPhone, Apple already can access all the information stored in iCloud.
If you are storing information in iCloud, your information is already available to Apple and, with a court order, can be accessed by law enforcement agencies. Of course, if law enforcement agencies can gain access to the information, sooner-or-later hackers, thieves, and others will do the same even without a court order. Anyone who can hack into iCloud could access your personal information. We already have seen many examples where hackers have accessed the private photographs and other information of celebrities.
“iCloud is not private from the government or Apple. iCloud is just someone else’s computer,” said Jonathan Zdziarski, a computer security expert who specializes in Apple products.
You have a choice. You don’t have to backup to iCloud.
If you are concerned about protecting your personal information from prying eyes, you might want to stop using iCloud. Instead, you can backup to encrypted online file storage services that will protect information from prying eyes, including SpiderOak (see my earlier article at https://privacyblog.com/2015/06/17/how-to-safely-and-securely-store-your-private-data-online-with-spideroak/), Tresorit (see my earlier article at https://privacyblog.com/2015/11/03/tresorit-super-secure-online-file-storage-with-tresorit/), and OwnCloud (see my earlier article at https://privacyblog.com/2015/12/18/owncloud-build-your-own-secure-file-storage-system/). However, all of these products are partial solutions; none of them can replace everything that iCloud does.
iMessage (texting) and FaceTime (video chatting) programs are entirely encrypted end-to-end, which means that even Apple can’t spy on those conversations.