EFF Urges Apple to Encrypt iCloud Backups Effectively

We already mentioned here on the site a few times the Electronic Frontier Foundation (EFF), one of the largest NGOs dedicated to advocating for digital rights in the world. The group recently launched their latest campaign, called “Fix It Already” (something like “Fix It Soon”), with a very simple proposition: make a specific request to a number of technology companies, touching the hot spots of their privacy or data handling policies.

In the case of Apple, EFF's request was directed to the iCloud: NGO asks Ma to back up really encrypted of user data on your cloud service.

Explanation: Currently, only data saved locally on users' devices is encrypted so that no other party (be it Apple, security agencies, or third parties) other than yourself has access. ICloud backups are also encrypted, but in addition to the user, Apple also has an unlock key for them that may, according to EFF, pose a security problem.

Apple maintains this standard for a few reasons: First, if the user loses their iCloud access password, the company can verify their identity and retrieve their data (which would not be possible for “full” encryption). And here is the problem, holding a key for access to backups means that Ma can comply with court orders and, when requested, open this data fairly, as detailed every six months in its transparency reports.

That's the request from EFF: Apple gives users a chance to choose whether to have their backups fully encrypted, or risk losing them entirely if a password is forgotten. The NGO recalls that Tim Cook in favorable person idea and quotes the excerpt from an interview of CEO magazine Der spiegelin which he states that "it is difficult to estimate when we will change this practice" but that in the future Apple will no longer have that key.

These were the other requests made by EFF:

  • O Android must let users deny and revoke internet permissions from apps.
  • O Facebook You must leave the phone number of the user where he left you.
  • O Twitter must provide end-to-end encryption on the DMs.
  • O Venmo should let users hide their friend lists.
  • THE Verizon should stop preinstalling spyware on your customers' phones.
  • O Whatsapp You should ask permission before adding you to a group.
  • O Slack should give message retention control to free account users.
  • O Windows 10 should give users the encryption keys of their disks.

Very reasonable, isn't it?

via iPhone Hacks