The Wall Street Journal is corroborating several reports from February that Apple is working on new iCloud backup encryption methods that will prevent it from being able to decrypt data without a passcode. Right now, although iCloud backups are encrypted, they are not entangled with a user passcode. This means law enforcement can get access to user content with ease; Apple has complied with thousands of these requests in the past for a variety of court cases.
Apple wants to re-engineer the iCloud backup system so even if law enforcement asked Apple to hand over such information in future, it would be impossible to decrypt without the correct passcode also being supplied at time of retrieval.
That being said, the Wall Street Journal reports that Apple is having to balance enhanced privacy against overall user experience for customers. The report notes that if iCloud backups were entangled, then users who forget their password would lose access to all of their stored information, like photos or documents.
The flip side here is Apple does not want to keep hold of the keys as it does today, to prevent it from being legally compelled to hand them over. It seems that the problem is less to do with technology and more to do with design: how far does Apple want to compromise user convenience in order to improve the security of its products?
Apple’s court case with the FBI formally begins on March 22nd. The case has forced Apple to re-evaluate its security procedures in light of the understanding that it could be asked to hack itself to retrieve sensitive private information. This possibility had not really been considered until the FBI filed the motion to compel Apple to do exactly that.