Ride the Lightning

Did Apple Cave to the FBI in Dropping iCloud Encryption?

January 29, 2020

Naked Security reported on January 23 that, according to a new allegation, Apple has been far more accommodating than the FBI has been willing to admit. Specifically, according to six sources – one current and three former FBI officials and one current and one former Apple employee – a few years ago, Apple, under pressure from the FBI, backed off plans to let iPhones users have end-to-end encryption on their iCloud backups.

Same old allegation – that this would impede FBI investigations.

We've heard US Attorney General William Barr and President Trump fume at Apple over its refusal to break encryption per FBI requests.

But if the recent allegation proves true, it means that Apple has been far more accommodating to US law enforcement than previously believed.

The sources told Reuters that more than two years ago, Apple told the FBI that it planned to offer end-to-end encryption for iCloud backups, primarily as a way to thwart hackers. If it had gone through with the plan, it would have meant that Apple wouldn't have a key to unlock encrypted data and would thus be unable to turn over content in readable form, even if served with a court order to do so.

The next year, in private talks with the FBI, the plan to fully encrypt iCloud backups had disappeared. Reuters couldn't determine why, but without giving details, a former Apple employee said it wasn't hard to fill in the blanks Allegedly, Apple's legal folks killed the idea, because Apple didn't want to run the risk of "being attacked by public officials for protecting criminals, sued for moving previously accessible data out of reach of government agencies or used as an excuse for new legislation against encryption."

That hasn't gone very well if that was the plan. Apple has been excoriated on Capitol Hill for its refusal to put in a backdoor that would enable the government to read encrypted messages.

Last month, responding to Apple and Facebook reps who testified about the worth of intact encryption, Sen. Lindsey Graham had this to say about the government's ongoing quest for a backdoor: "You're going to find a way to do this or we're going to do this for you."

Backdoors, as security experts will say, do not work. The bad guys get them as well as the good guys. So far, Apple has held firm in its refusal to implement backdoors.

A former FBI official who wasn't involved in the iCloud encryption talks said that during the fight over encryption of the San Bernardino shooter's iPhone, the bureau managed to convince Apple that evidence from iCloud backups had made a difference in thousands of cases.

The allegation relies on hearsay. Reuters doesn't have solid proof. But one former Apple employee suggested that the encryption project – variously code-named Plesio and KeyDrop – might have been abandoned for other reasons besides legal trepidation, such as the possibility that customers would get disgruntled over being locked out of their data more often. At any rate, as three of Reuters' sources tell it, Apple pulled about 10 experts off the encryption project after deciding to dump it.

Apple has handed over iCloud backups in 1,568 cases, covering about 6,000 user accounts. In fact, the company has turned over at least some data for 90% of the requests it's received.

It's much easier to get at the online backups than it is to crack an iPhone, for a number of reasons. It can be done secretly, for one. You don't need to physically possess the device to get at its data if you can get access to its iCloud backups.

And even though investigators have access to tools to bypass the iOS lock screen – tools believed to be used by companies such as Grayshift and Cellebrite – the window of time to extract a device's data sometimes runs out before a full extraction has been done.

One example arose in 2018, in a case concerning an investigation into a pedophile ring in the US state of Ohio.

Investigators with a warrant searched a suspect's house, demanding that he use Face ID to unlock the iPhone X that they found. He complied, which gave the FBI access to photos, videos, correspondence, emails, instant messages, chat logs, web cache information and more on the iPhone.

Or, at least, that's what the search warrant authorized investigators to seize. However, they couldn't get everything that they were after before the phone locked. A device can be unlocked by using Face ID, but unless you know the passcode, you can't do a forensic extraction. The clock starts ticking down, and after an hour, the phone will require a passcode.

According to the suspect's lawyer, the FBI wanted to use Cellebrite tools to get more data from his client's phone, but they weren't successful.

Neither Apple nor the FBI has responded to media requests for comment on the reported abandonment of iCloud encryption. Not a surprise, eh?

Hat tip to Dave Ries.

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225|Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson