toggle

AAPL Stock: 118.93 ( -0.07 )

Printed from http://www.macnn.com

NPR: Apple to encrypt in-transit iCloud email in near future

updated 06:37 pm EDT, Fri June 13, 2014

Push by EFF to have Internet giants encrypt communications paying off

A statement by Apple to National Public Radio in response to its story about moves the largest Internet providers could do to enhance communication security has revealed a plan to expand end-to-end encryption currently in use to emails sent to other providers. Currently, the company's iMessage offers end-to-end encryption, as does iCloud email (@icloud.com) sent to other iCloud users. However, there is presently no encryption used on email sent to other providers -- a situation Apple says it has already been working on.



NPR recently ran a report based on a survey by the Electronic Frontier Foundation, an consumer and privacy advocacy group. The EFF is pushing for the biggest providers of email and messaging services -- specifically Apple, AT&T, Facebook, Twitter and Google -- to make more use of encryption technology. Specifically, the EFF believes the companies should routinely use security protocols like HTTPS, HSTS (HTTP Strict Transport Security), STARTTLS (protecting emails in transit), forward secrecy (randomly changing the methods and ciphers used in encryptions so that decoding one message does not give attackers the keys to all one's communication history) and in-transit encryption of email.

Google has recently been offering to use STARTTLS for message encryption between companies, but has found few partners so far and has been trying to pressure competitors into using some form of in-transit encryption. Apple told NPR it is working on the issue and will "soon" have a solution for users of @me.com and @mac.com email addresses.

"Apple encrypts e-mail from its customers to iCloud. However, Apple is one of the few global email providers based in the U.S. that is not encrypting any of its customers' email in transit between providers. After we published, the company told us this would soon change. This affects users of me.com and mac.com email addresses. We found that many app installations and iOS updates are sent unencrypted to iPhones. The configuration files that let your telecom company control aspects of how your iPhone works is also unencrypted. Apple says these updates are authenticated and can't be changed. All pre-login browsing/shopping traffic from the Apple Store is unencrypted, including all HTML content, images, etc. So if you are a huge Abba fan the NSA could find out." - NPR


The moves are largely in response not to terror threats, but rather to protect Americans' civil liberties from US government snooping of private communications by agencies such as the National Security Agency (NSA). Former contractor Edward Snowden, who has recently been urging US citizens to adopt their own encryption tools in the fight to regain basic privacy rights against the level of mass-collection of data he believes to be illegal, revealed that various US agencies appear to routinely gather and analyze email and some forms of chat from most if not all US citizens as a matter of course, along with other information-gathering techniques such as web tracking.

The widespread collection of data from domestic communications, which apparently began following the incidents of 9/11, would appear to be in direct contradiction to the tenets of individual liberty and freedom from unreasonable search promised in the US Constitution. All three branches of government have been wrestling with the issue, trying to find the line between legitimate inquiry and collection to thwart potential terror attacks, which it sees as a solumn duty to its citizens, versus the freedoms allegedly guaranteed to all Americans to conduct their lawful business and lives free of unwarranted intrusion. The modification of the secret FISA court system (originally created in 1978 over spying concerns, but extensively modified post-9/11), which does not follow the normally-transparent judicial process, has complicated the issue considerably and in part led Snowden to make his revelations.

Apple in particular has been very vocal and proactive about its resentment of any attempt at mass collection of its users' data, and has recently taken several steps to further ensure its resistance to government collection efforts. The company recently adopted new policies with additional disclosure of government data requests and what was being sought, and has testified before Congress on the issue. It says it routinely rejects low-level data requests that come without warrants, forcing the government to justify to at least a secret court the reasoning for the request. Twitter and Google have also been pro-active in refusing requests they view as unreasonable.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. FastiBook

    Fresh-Faced Recruit

    Joined: 02-17-05

    I think secure receipt and transmission of data should be a huge priority for anyone or any company offering things that have the ability to do so.

  1. Charles Martin

    MacNN Editor

    Joined: 08-04-01

    Its a matter of getting everyone to agree on a standard, presumably. I'm very glad they're all feeling the pressure to implement it.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

IDrive cloud backup and sync service

There are a lot of cloud services out there, and nearly all of them can be used for backing up key files and folders. A few dedicated ...

Plantronics BackBeat Pro Bluetooth headphones

Looking for a pair of headphones that can do everything a user requires is a task that can take some study. Trying to decide on in-ear ...

MaxUpgrades 512GB Retina MacBook Pro SSD

Apple's Retina line of MacBook Pro notebooks have been impressive, right from their debut in 2012. Thinner than the previous model, t ...

toggle

Most Commented