Where is end-to-end encryption for iCloud?

In a December 2020 video recorded for the European Data Protection & Privacy Conference, Apple’s Craig Federighi touts end-to-end-encryption for iMessage (starting at 55:36):

iPhone users don’t have to worry their private conversations, using iMessage and Facetime, will be intercepted. We’ve designed these features so that bad actors can’t listen to these communications, and neither can anyone at Apple.

Apple has been using this self-congratulatory tone about their encryption efforts for years and I find it increasingly disingenuous. What Federighi fails to mention: if you have iCloud Backup enabled, that last claim (emphasis mine) is not the whole truth. Apple may not be able to listen in on your conversations, but they can decrypt the messages stored in your backups, because data in iCloud backups is not end-to-end encrypted.1

Screenshot: 'Messages are only seen by who you send them to. Apple can’t read your iMessages while they’re being sent between you and the person you’re texting.'
Screenshot from Apple’s privacy marketing page. The key phrase is while they’re being sent.

And it’s not just iCloud backups. Here’s an incomplete list of data sources in iCloud that are not end-to-end-encrypted:

  • iCloud backups
  • Messages (de facto when iCloud Backup is enabled because the backup contains a decryption key for the messages)
  • Photos
  • Files in iCloud Drive
  • Notes
  • Contacts
  • Reminders
  • Calendars
  • Voice memos
  • Bookmarks (your Safari history and open tabs are end-to-end-encrypted)

Source: Apple, iCloud security overview

In other words, if you use Apple services as intended and recommended by Apple, a large portion of your most sensitive data is in fact not securely encrypted. Both Apple and U.S. government agencies (and possibly other governments?) can potentially access it.

At least give us the option

I understand that using end-to-end encryption for everything comes with its own problems:

  • Accessing your iCloud data through a web browser on icloud.com may become impossible.
  • Some users will lose their most precious data when they lose their devices and decryption keys, and Apple won’t be able to recover it for them.

These are real tradeoffs, but I don’t think they’re reason enough for Apple not to offer end-to-end encryption, at least as an option. If you believe a January 2020 Reuters report, they tradeoffs sound more like convenient excuses to not risk another confrontation with U.S. law enforcement and lawmakers:

Apple dropped plans to let iPhone users fully encrypt backups of their devices in the company’s iCloud service after the FBI complained that the move would harm investigations, six sources familiar with the matter told Reuters.

I hope this is wrong and Apple gets its act together to use end-to-end encryption for all user data — it’s long overdue. Until then, I won’t be taking their privacy claims at face value.

  1. If you enable iMessage syncing via iCloud, Apple will use end-to-end encryption to store your messages and will no longer include Messages data in iCloud backups. But that doesn’t change the fundamental problem because iCloud backups will still include a decryption key for your “end-to-end encrypted” messages:

    Messages in iCloud also uses end-to-end encryption. If you have iCloud Backup turned on, your backup includes a copy of the key protecting your Messages. — Apple, iCloud security overview