There is a lot of debate right now about the importance of encryption. I’ve seen the dark side of not using encryption on a network when a hacker highjacked my email credentials in the early days for WiFi and my PayPal account hacked (and yes, I did have some money taken from my account, but the bank covered it, thankfully!)
Since my unfortunate experience, I have always been an advocate of using encryption where necessary. Whether it be on a public WiFi (using VPN) or when backing up my data onto encrypted hard disks. However, there is an essential point to take into consideration – that encryption also hampers law enforcement efforts and having encryption everywhere could make the police’s job challenging.
In recent news articles, it has been reported (for example, https://www.reuters.com/article/us-apple-fbi-icloud-exclusive-idUSKBN1ZK1CT) that Apple has cancelled its effort to encrypt user’s backups on their servers with end-to-end encryption. Many journalists have rushed out to report that this is an example of them not taking user privacy seriously and giving in to the FBI’s demands. Much more needs to be considered for this assumption to be the only reason for the decision.
Firstly, Apple must receive a considerable number of requests from people who legitimately lose their devices, and want to recover data. If it were to use end-to-end encryption, and Apple did not know the key, then it would be impossible for them to recover data. It’s not like they’re storing the data on the servers with no encryption at all, they are encrypting everything in iCloud – just not using end-to-end encryption. This means that Apple has a key and they can unlock if you lose your password, device, or if the authorities request access. The only issue would come if the data were released and then the authority in question leaked some personal information or got hacked. Then there is the potential for misuse of data.
Secondly, if the FBI, or any other official investigation agency, need to find information, it is because someone has done something terrible. They’re not going to go demanding Apple give out user’s data for no reason. By using too much end-to-end encryption, we are letting people get away with crimes. Finding criminals is something that needs to be possible for law enforcement; otherwise, murders, rapes and other horrendous crimes will go unsolved.
Thirdly, if people are so worried about dodgy information in their backups, putting it in a public cloud is never a good idea. You can back up securely yourself and ensure that your sensitive data is safe.
It is unquestionably a controversial topic, and everyone will have a different opinion. I do not mind if the police or any other authority has access to my data, if it will help in an investigation. If I were up to no good though, I’m sure my opinion would be different. While half of the Internet seems to be bothered by all this, I do not see it as a huge issue. Yes, encryption is good, but iCloud is encrypted. So, only people with good reason are going to be able to access the data. Keep using that VPN and stop worrying about your backups, unless the FBI are after you of course!