Most people have a desire to keep certain information private, but that concern is heightened for lawyers and other professionals with a legally-imposed duty of maintaining confidentiality. Most folks keep information on their iPhones, iPads, etc. that would be considered confidential—either because it is a personal photograph or because it is a document subject to a confidentiality agreement. But if you backup your device to Apple using iCloud, are you maintaining the confidentiality of the information? The confidentiality of cloud storage has been discussed countless times by legal ethics authorities over the years (for example, see here and here), but the key is always to be reasonable in protecting the confidentiality of information. For example, putting confidential documents on an open website that doesn't have a password is unwise, but storing those same documents on encrypted and password-protected servers in the cloud is typically fine.
Up until now, iCloud backups have been encrypted in transit—meaning the information is encrypted as it travels from your iPhone to Apple's iCloud server. But once on that server, Apple has a key that it could, in theory, use to unlock the data and look at it. For example, if a criminal suspect backs up his iPhone to iCloud and the police obtain an appropriate warrant, the police can often obtain from Apple a copy of the backed-up data without having to access the iPhone itself. (As Joanna Stern of the Wall Street Journal reports, last year, Apple responded to thousands of such requests in the United States.) Or, if Apple was hacked, a hacker could potentially gain access to your data on iCloud—although Apple says that this hasn't happened in the past.
Yesterday, Apple announced that when iOS 16.2 comes out later this month, it will include a new feature called Advanced Data Protection. It will work in the United States immediately, and will roll out to the entire world in 2023. When you turn this on—it is turned off by default—Apple will store your iCloud data in a way that is encrypted such that even Apple cannot read the data. And this doesn't just work with iCloud; Apple says it works with 22 other categories of information such as Photos, Reminders, Notes, iMessages, and Voice Memos.
What's the catch? With Advanced Data Protection turned on, only you have the key to your secure data, such as the password that you use to unlock your iPhone. If you forget your password, Apple cannot help you because it has no way to unlock your encrypted information. However, Apple offers two ways that you can get help unlocking your encrypted backup even if you forget your password.
First, you can designate a recovery contact, such as a family member or a close friend, somehow who can verify your identity and help you regain access to your account and all of your data if you ever get locked out.
Second, you can create a recovery key, a randomly generated 28-character code that you should store someplace very secure such as a lock box.
Advanced Data Protection sounds like a fantastic idea for attorneys and others who want extra protection for their data on Apple's cloud servers. However, with the extra security comes extra responsibility, so think long and hard about how you will use the recovery contact and/or recovery key feature.
Joanna Stern of the Wall Street Journal conducted a fantastic, short interview with Craig Federighi of Apple to discuss the new Advanced Data Protection feature. If you have any interest in turning this on once it becomes available later this month, I strongly recommend that you watch this video:
0 comments:
Post a Comment