EFF Calls on Apple to Let Users Encrypt iCloud Backups as Part of ‘Fix It Already’ Initiative

The Electronic Frontier Foundation (EFF), perhaps the most well-known digital rights non-profit, today launched a new "Fix It Already" campaign with the aim of getting technology companies to implement new privacy features in areas where privacy is lacking.

According to the EFF, the issues that it is demanding a fix for are "well-known privacy and security issues" that have "attainable fixes." From Apple, the EFF wants the company to implement user-encrypted iCloud backups that are inaccessible to the company and thus to law enforcement.


iCloud content uploaded to Apple is encrypted at the location of the server and, with the proper legal requests, Apple can provide iCloud information that includes name, address, email, mail logs with date/time stamps, photos, Safari browsing history, iMessages, and more, with full details outlined by Apple on its privacy site. [PDF]

The EFF says that Apple should "let users protect themselves" and elect for "truly encrypted iCloud backups."

Apple has not encrypted iCloud backups because doing so would prevent Apple from being able to restore iCloud backups for users who have forgotten their passwords. As the EFF points out, though, Apple CEO Tim Cook has said in the past that Apple may move towards encrypted iCloud backups in the future. From an interview Cook did with German site Der Spiegel:
There our users have a key and we have one. We do this because some users lose or forget their key and then expect help from us to get their data back. It is difficult to estimate when we will change this practice. But I think that will be regulated in the future as with the devices. So we will not have a key for it in the future.
The EFF has demands for other technology companies in addition to Apple. Android, it says, should let users deny and revoke apps' internet permissions, while Twitter should end-to-end encrypt direct messages and Facebook should stop using phone numbers provided for account creation for targeted advertising.

WhatsApp should obtain user consent before adding users to groups, Slack should give free workspace administrators control over data retention, and Verizon should stop pre-installing spyware on some smartphones.

Tag: EFF

This article, "EFF Calls on Apple to Let Users Encrypt iCloud Backups as Part of 'Fix It Already' Initiative" first appeared on MacRumors.com

Discuss this article in our forums

EFF Says iOS 11’s Wi-Fi and Bluetooth Toggles in Control Center Are Misleading and Compromise Security

Apple recently confirmed that Wi-Fi and Bluetooth are not fully disabled when toggled off in Control Center on iOS 11, and the change has generated some fresh criticism from a prominent non-profit digital rights group.


For background, when Wi-Fi and Bluetooth are toggled off, an iPhone or iPad on iOS 11 merely disconnects from a Wi-Fi network and Bluetooth accessories. The actual Wi-Fi and Bluetooth radios in the device remain activated.

Moreover, Wi-Fi and Bluetooth automatically reenable at 5:00 a.m. local time each day, or if the device is restarted.

iOS 11 works this way so that Wi-Fi and Bluetooth continue to be available for AirDrop, AirPlay, Apple Pencil, Apple Watch, Location Services, and Continuity features like Handoff and Instant Hotspot.


As a result of the change, the Electronic Frontier Foundation believes that iOS 11 compromises users' security. In a critical article, the EFF said the toggles are "misleading" and "bad for user security."
When a phone is designed to behave in a way other than what the UI suggests, it results in both security and privacy problems. A user has no visual or textual clues to understand the device's behavior, which can result in a loss of trust in operating system designers to faithfully communicate what’s going on. Since users rely on the operating system as the bedrock for most security and privacy decisions, no matter what app or connected device they may be using, this trust is fundamental.
The EFF said the "loophole in connectivity" can potentially leave users open to new attacks, and it linked to a white paper that unveils apparent zero day vulnerabilities and security flaws in modern Bluetooth stacks.

The article added that, at a bare minimum, Apple should keep the Control Center toggles off until the user flips them back on, rather than overriding the user's choice at 5:00 a.m. local time the next morning.

Overall, the EFF's arguments are generally the same as those shared by iOS 11 users who are unhappy with the change. The toggles still behave the same in the iOS 11.1 beta, however, so there's no indication Apple will reverse course.

iOS 11 users can still completely disable Wi-Fi and Bluetooth for all networks and devices by toggling them off in the Settings app. A device can also be placed in Airplane Mode with Wi-Fi and Bluetooth disabled.

In a support document, Apple said users should try to keep Wi-Fi and Bluetooth turned on for the best experience on an iOS device.


Discuss this article in our forums