A new post from the EFF (Electronic Frontier Foundation) today has announced a new initiative called “Fix It Already.” The first post describes specific privacy and security issues that Apple and eight other major tech companies should fix right now.
Here’s how the EFF describes Fix It Already:
Today we are announcing Fix It Already, a new way to show companies we’re serious about the big security and privacy issues they need to fix. We are demanding fixes for different issues from nine tech companies and platforms, targeting social media companies, operating systems, and enterprise platforms on issues ranging from encryption design to retention policies.
The idea is to call users to action to share experiences to get these companies to make changes.
We want to see companies bring their products in line with what consumers expect and deserve. And we need to hear from you to do it. How have these problems affected you, or people you know? What risks do you face as a result? What workarounds have you used to try to make these products and platforms work for your security and privacy concerns? Head to Fix It Already and tell us—and these companies—what these issues mean to you.
The specific issue that the EFF believes Apple needs to address is offering users the option to encrypt iCloud backups. Currently Apple is able to decrypt a user’s iCloud backup in the event of government requests, and potentially leaves customer data vulnerable to hackers and Apple employees. For now, users can only elect to encrypt backups of their devices with iTunes.
Data on your Apple device is encrypted so that no one but you can access it, and that’s great for user privacy. But when data is backed up to iCloud, it’s encrypted so that Apple, and not just the user, can access it. That makes those backups vulnerable to government requests, third-party hacking, and disclosure by Apple employees. Apple should let users protect themselves and choose truly encrypted iCloud backups.
On the bright side, the post notes that Tim Cook is positive on the idea:
The good news is that Apple CEO Tim Cook already thinks that encrypting iCloud backups is a good idea and seems to want to implement it in the future.
However, the EFF wants Apple to act now on the issue:
The future is now, Tim. While some users may find it helpful for Apple to be able to recover their backups when they forget their passwords, that’s not true for all users. It’s time to let users choose security and encrypt their iCloud backups so only they have the key.
Other companies called out in this first installment of Fix It Already include: Google, Facebook, Slack, Twitter, Verizon, Venmo, WhatsApp, and Microsoft. Check out the full post here.