In this day and age, protecting user data is paramount, primarily because cloud storage servers help keep most of it off our devices. End-to-end encryption and its security benefits have often been part of such privacy-related conversations.

On December 7, 2022, Apple announced that it is bringing this measure to its stored iCloud backups before the end of the year.

The decision has ruffled feathers, attracting attention from government bodies, namely the FBI, and here we look into why they are not happy about this change.

Apple Is Encrypting iCloud Backups

An iPhone showing the newly data categories that are protected by Apple's Advanced Data Protection.
Image Credit: Apple

For those unaware, an iCloud Backup is a solution, part of Apple's iCloud service, which enables the easy device setup procedure whenever you switch to a new iPhone, iPad, Apple Watch, or any other Apple device. It does so by creating a copy of your device on cloud servers and downloading it when required.

To date, Apple has mentioned how data stored locally is encrypted and only accessible by users. But if you were using iCloud to secure yourself from data loss, the information could be accessed by Apple at any time to help with retrieval; this also left it open to access for hackers and government bodies.

Encryption of iCloud backups changes this equation as the data is now accessible only by the user, provided they have the necessary credentials.

Apple announced this feature as Advanced Data Protection for iCloud, extending its encryption services from being effective on 14 data categories to 23—now including iCloud Backup, Notes, Photos, and more. It also stated that iCloud Mail, Contacts, and Calendar are exclusions from this protection because of involvement in global systems.

Advanced Data Protection for iCloud is currently only available to users in the United States. Apple plans to roll out this feature to the rest of the world in early 2023.

Why the FBI Isn't Happy With Apple Encrypting iCloud

Certain agencies or government bodies have often shown negative opinions about user data made inaccessible. And in a statement to The Washington Post, the FBI said the impact of end-to-end encryption is one that it finds deeply concerning. The bureau said:

"This hinders our ability to protect the American people from criminal acts ranging from cyber-attacks and violence against children to drug trafficking, organized crime, and terrorism. In this age of cybersecurity and demands for ‘security by design,’ the FBI and law enforcement partners need ‘lawful access by design.’"

Should the FBI Be Concerned?

Apple's Privacy Graphic showcasing the Apple Logo with a Padlock like hook.
Image Credit: Apple

While the FBI has its reasons for concern, we think protecting an iCloud Backup behind end-to-end encryption is a positive move. It will ensure server-side protection that you, as a user, cannot guarantee with just your strong passcode.

There is a multitude of steps that you can and should take to protect your personal data. Ideally, it would be using a proper password and multi-factor authentication. But the harsh reality is that user data is vulnerable, and the weakest link in any security chain can lead to breaches and attacks.

In 2021, the US alone saw 290 million victims of data breaches, according to a research study by Dr. Stuart Madnick from MIT Sloan School of Management and published by Apple. While the leaks can include a wide variety of details, each element poses an element of risk to the unaware user.

In its current state, Advanced Data Protection is an opt-in feature and not compulsorily applied. Interested users will have to activate the feature for iCloud backups manually.

Encryption of iCloud Backups Is a Positive Move

Encryption of iCloud backups will ensure your data is protected even when it is stored away from your eyes and off your hardware, adding an essential element of security that will help deter leaks involving personal information.

But remember, this only applies from a server standpoint, and having a strong and memorable password is key to keeping yourself safe from attacks.