Take that, FBI: Apple goes all in on encryption

Apple’s newest encryption tool better secures files on all its devices, just the latest in a move to widespread encryption in the tech industry

Apple revealed a slew of new software features for iPhone, iPad, Apple Watch and desktop computers on Monday – yet omitted an important new technology that will better protect customers’ private data stored on Apple devices.

Apple File System, or APFS, is a new version of the technology Apple’s products use to save and retrieve information, and improves the way information is organized and protected to make it faster and more secure.

The new feature is just the latest move towards more widespread encryption in consumer technology products following Apple’s standoff with the FBI earlier in 2016, in which it refused to help the agency weaken its own security processes to access information on an iPhone belonging to a terrorist. Facebook and Google both pledged support for Apple during the fight, and both are subsequently reported to be planning encrypted versions of their messaging apps. WhatsApp went first, opting to fully encrypt all conversations by default.

As part of the new system, developers building software for Apple’s devices will be able to opt for users’ information to have no encryption, single-key encryption, or multi-key encryption “with per-file keys for file data and a separate key for sensitive metadata” – comparable to leaving a door unlocked, using one key, or using two keys.

In its documentation of APFS, Apple explains that full disk encryption has been available on OS X since version 10.7 Lion. APFS differs in that it encrypts files individually rather than as a one unit, similar to other encryption mechanisms Apple introduced to its iOS platform in 2010. It also encrypts related metadata – the basic summary attached to each file – and will keen data secure even when the device has been physically hacked.

Since its battle with the FBI, Apple has made a number of important changes to increase security and tighten encryption. Apple itself couldn’t decrypt information the agency demanded, but the company did have the keys to access information stored in the shooter’s iCloud account. The company is now reportedly considering a system that wouldn’t allow it to access iCloud data.

Demonstrators display iPads with messages against FBI’s proposals to weaken data security on their screens, outside an Apple store in Boston in February 2016.
Demonstrators display iPads with messages against FBI’s proposals to weaken data security on their screens, outside an Apple store in Boston in February 2016. Photograph: Steven Senne/AP

Many of the features announced at WWDC expand security of user data, something Apple has been keen to promote as “protecting user privacy”. Safeguards include running artificial intelligence on the device itself, rather thanin the cloud, and using a technology called “differential privacy,” which anonymizes data Apple does collect from its customers.

Those features focus on protecting data in transit, yet APFS is more like a bank vault on a device that secures information even if someone gains physical access to their computer, phone, tablet, watch or Apple TV.

Apple declined to comment on the new feature.

ACLU staff technologist Daniel Kahn Gillmor said that the expansion of AFPS is likely to have been prioritised after Apple’s spat with the FBI. “Protecting the privacy of user data is one of the critical tasks of modern computing hardware and software. If Apple didn’t offer powerful encryption features for their filesystems, they’d be remiss.”

When Amazon removed full-disk encryption from the Fire OS software used by its Kindle Fire tablets, one security analyst described how the company was “chastised by the marketplace”. Encrypting data is resource-intensive, and Amazon had apparently decided to ditch encryption in favour of improving speed and memory. It later backtracked and reinstated encryption.

Apple seems intent on avoiding similar controversy.

Yet Gillmor says encryption should be switched on by default, rather than being optional, in newer versions of Apple’s macOS desktop software. “Most people don’t deviate from the vendor-supplied defaults,” he says. Gillmor also cautions that APFS hasn’t been finalised and he isn’t sure Apple has any plans to make underlying code available for public scrutiny, a practice common among the security community. There are good reasons to care about the impact of APFS. Stronger encryption doesn’t just keep information from law enforcement agencies – it also protects people from hackers who might try to grab their data by breaking into a device, whether by stealing it or by poking around a carelessly discarded hard drive. That might not be as exciting as the ability to finally remove the Stocks app from your home screen, but it’s still something.


Nathaniel Mott in New York

The GuardianTramp

Related Content

Article image
FBI confirms it won't tell Apple how it hacked San Bernardino shooter's iPhone
Bureau will not tell Apple about the security flaw it exploited to break into the iPhone 5C, in part because it didn’t buy the rights to the technical details

Danny Yadron in San Francisco

28, Apr, 2016 @11:32 AM

Article image
Is the FBI v Apple PR war even about encryption?
What the US intelligence agency is asking the tech company to do may not affect mobile security as much as its CEO Tim Cook wants you to believe

Alex Hern

23, Feb, 2016 @10:39 AM

Article image
'Worth it': FBI admits it paid $1.3m to hack into San Bernardino iPhone
The hefty price paid for the software that hacked Syed Farook’s iPhone, which Apple refused to help the FBI break into, signals a growing ‘exploit market’

Danny Yadron in San Francisco

21, Apr, 2016 @8:33 PM

Article image
Apple fixes HomeKit bug that allowed remote unlocking of users' doors
Security flaw in latest iPhone and iPad iOS 11.2 software meant hackers could potentially gain remote control of lights, cameras and locks in smart homes

Samuel Gibbs

08, Dec, 2017 @10:41 AM

Article image
The snooper’s charter is flying through parliament. Don’t think it’s irrelevant to you | Scarlet Kim
While the Apple v FBI row makes world headlines, people in the UK are disregarding a bill that permits hacking and gagging

Scarlet Kim

14, Mar, 2016 @10:30 AM

Article image
$100 store-bought kit can hack into iPhone passcodes, researcher claims
The technique known as NAND mirroring, which focuses on bypassing limit on password retry attempts, can be used to break into any model up to the 6

Olivia Solon in San Francisco

20, Sep, 2016 @9:55 PM

Article image
Apple is 'arrogant' and encryption is 'oversold', ex-NSA lawyer tells SXSW
Stewart Baker claims the tech company has cooperated with the Chinese government – and compares Tim Cook to Doris Day in the Apple v FBI debate

Jemima Kiss in Austin, Texas

15, Mar, 2016 @5:23 PM

Article image
Apple says the FBI is making access demands even China hasn't asked for
The tech company claims San Bernardino government workers botched an attempt to access gunman Syed Farook’s iCloud account and reset his password

Danny Yadron in San Francisco

20, Feb, 2016 @2:06 AM

Article image
Your iPhone's password demands aren't just annoying. They're a security flaw
A developer has warned it is possible to create a phishing attack based on a fake sign-in request for Apple ID credentials

Alex Hern

12, Oct, 2017 @11:17 AM

Article image
Apple transparency report: over 1,000 government requests for user data
Requests pertain to services such as iMessage, email, photos and backups, and the number of requests went up from 971 – with inquiries from the NSA going up

Danny Yadron in San Francisco

19, Apr, 2016 @5:37 PM