Apple Hasn't Decided What To Do About iCloud Encryption — Yet
The company's top lawyer says Apple has not moved to bring iPhone-level encryption to its iCloud remote storage service. He also dismisses claims that Apple has secretly cooperated with the Chinese government.
Apple has not yet decided whether it will continue to retain access to its customers' information stored in the cloud, the company's general counsel told members of Congress Tuesday, during a hearing on encryption and law enforcement.
"We have made no announcement — no decision has been made," said Bruce Sewell, addressing a lawmaker's question on Apple's internal discussions about applying "passcode encryption to the next generation of iCloud.”
While Apple cannot access the encrypted data stored on consumers’ iPhones, the company is capable of retrieving copies of iCloud backups, which it provided to the FBI during the initial stages of the investigation into the San Bernardino terrorist attack last year.
Sewell also denied that Apple has ever provided source code to the Chinese government. He told lawmakers that while Beijing has requested source code from Apple within the past two years, the company refused to turn it over. In the San Bernardino case, federal prosecutors suggested that Apple had previously cooperated with the Chinese government, attempting to portray the company’s legal challenge in the U.S. as hypocritical and duplicitous.
Sewell was among a panel of technology experts summoned by Congress to address the so-called "going dark" crisis facing law enforcement, an era in which encrypted communications interfere with the work of investigators.
The FBI argues that robust encryption can place potential leads and crucial evidence outside the reach of the law, offering criminals and terrorists a space to conspire without fear of government eavesdropping.
But rather than impose new laws restricting the types of strong encryption that technology companies like Apple can offer their customers, Sewell and every other tech expert who testified agreed that the FBI should invest in its own technological capabilities, in order to crack secure devices on its own.
In the San Bernardino case, an unidentified outside party showed the FBI how to successfully access the data on a locked iPhone 5c. But the surprise breakthrough occurred only after a divisive and public battle between Apple and the Justice Department. Since then, lawmakers and technologists have questioned why the FBI did not exhaust every possible alternative to access the device before going after Apple — and why the agency needed outside help in the first place.
Matthew Blaze, a computer science professor at the University of Pennsylvania, told lawmakers that Washington’s focus on government-mandated encryption policy “leaves unexplored potentially viable alternatives that may be fruitful for law enforcement,” such as exploiting preexisting security flaws.
Even as Tuesday’s hearing ended without any concrete policy proposals, the Justice Department’s latest clash with Apple continues in Brooklyn. There, the government has demanded that Apple extract data from a locked iPhone belonging to an accused drug dealer. Apple has formally challenged the Justice Department’s request. The government has until Friday to respond to the New York court.