Apple Has Master Decryption Key For iCloud
Data you store in iCloud is safe from most outsiders, but Apple retains the ability to decrypt and access any data stored on in iCloud’s servers, a recent report has found. The master decryption key allows Apple access to all the data iCloud users store in their accounts.
According to a report from Google+Reader”>Ars Technica, the master decryption key allows Apple to enforce clauses in iCloud’s Terms and Conditions that give Apple permission to ensure that users are complying with the terms and conditions, as well as provide them to law enforcement or the government when required. Here is the relevant paragraph in full:
Apple reserves the right to take steps Apple believes are reasonably necessary or appropriate to enforce and/or verify compliance with any part of this Agreement. You acknowledge and agree that Apple may, without liability to you, access, use, preserve and/or disclose your Account information and Content to law enforcement authorities, government officials, and/or a third party, as Apple believes is reasonably necessary or appropriate, if legally required to do so or if we have a good faith belief that such access, use, disclosure, or preservation is reasonably necessary to: (a) comply with legal process or request; (b) enforce this Agreement, including investigation of any potential violation thereof; (c) detect, prevent or otherwise address security, fraud or technical issues; or (d) protect the rights, property or safety of Apple, its users, a third party, or the public as required or permitted by law.
In an earlier paragraph, Apple also claims the right to “pre-screen, move, refuse, modify and/or remove” your content, should it be “found to be in violation of this Agreement or is otherwise objectionable.”
Now, at first glance this seems like cause for a major privacy freakout. Upon closer examination, though, it’s not surprising that Apple would have a means to access the data it stores. Ars Technica spoke with several security experts who point out that this kind of master decryption key is a necessary evil for a company like Apple. Not only does it allow them to respond to warrants and copyright violation claims, it also allows them to do something as simple as display your data on the iCloud website.
In fact, as one expert said, Apple’s practice in this case follows both industry standards and best practice for the handling of user data. Apple takes steps – both internally and externally – to make sure a users’s data is as secure as it can be, while retaining the ability to comply with legal requests – from both the user and the government.