(Photo by Jeremy Moeller/Getty Images)
On Wednesday, Apple Inc. made an announcement that might sound minor: It will now offer end-to-end encryption for most material its users backup on its iCloud storage service.
That means only a user with an authorized device will be able to access the contents of their cloud storage, in much the same way only the holder of a private key can control a bitcoin wallet. The new feature will protect photos, notes and other files for users who choose to activate it. Email, calendar and contacts material aren't included, however, because they need to interact with multiple services. In an announcement that also outlines impressive new high-security messaging features, Apple said encrypted iCloud storage will begin rolling out worldwide in early 2023.
This change is, in fact, a huge deal.
Apple emphasizes the benefits of the new system for defending against hackers. But the privacy implications are arguably more profound. Until now, most materials on iCloud could be accessed by Apple under duress, such as when a search warrant or other court order forced them.
Apple has tried to stand up to those demands, for instance in its inconclusive 2015 court battle with the FBI. But the new encrypted storage system will render the legal debate moot: law enforcement and intelligence agencies will not be able to subpoena or otherwise compel Apple to hand over user data, because Apple will simply not have the technological ability to comply.
That's why governments and intelligence agencies have reportedly pressured Apple for years not to release the feature. Apple's defiance of that pressure is admirable, and has potentially immense benefits for public perception of digital privacy.
The most influential digital hardware and software maker on the planet, in short, is making a strong stand for the idea that real digital privacy should be allowed to exist. That Apple regards this as important enough that it is pushing back against the U.S. government puts the lie to one of the most shallow and cowardly arguments against privacy: the idea that "if you haven't done anything wrong, you shouldn't care about privacy." Clearly, Tim Cook disagrees.
The move towards end-to-end encryption should in turn help normalize online financial privacy, a major agenda item for the cryptocurrency industry. Crypto privacy has been under mounting attack in cases like the sanctioning of Tornado Cash.
The new Apple systems will benefit crypto more directly in two other ways. First, they will have some direct impact on the security of things like crypto keys and wallets. Whether through negligence or truly bad judgment, some crypto users have been known to store their security keys in iCloud backups. That makes them vulnerable to both hackers and, in one notorious instance, the FBI – but with Apple's new encryption, that risk will be massively reduced.
The final notable upside for crypto is that Apple's new system will introduce a huge new userbase to security practices and interface features also widespread in crypto. It will be the first time many users are asked to manage their own personal encryption keys, without a centralized recovery process. It's not dissimilar to how non-custodial crypto apps and protocols require users to keep track of private keys to "be their own bank."
Apple's software chief Craig Federighi has called this a major responsibility, because, much as with blockchain systems, Apple won't be able to simply reset and send a new password when a user loses theirs. Though technical details are scarce, this is likely impossible to do without effectively giving Apple a backdoor to user files.
To mitigate this downside, Apple will also introduce a process known as "social recovery" to a mass audience, according to the Washington Post. An encrypted iCloud user can name another person who will have to participate if they ever lose their encryption key. Social recovery or other "multi-signature" backup schemes are becoming more widespread in crypto as a solution to the risk of key loss.
We haven't gotten a look at the interface or workflow yet, but you can bet Apple has designed something elegant and intuitive. Hundreds of thousands of users are about to be introduced to private key management by the most respected name in computing. From there, crypto is just a hop and a skip away.
– David Z. Morris