AAPL Stock: 118.03 ( -0.85 )

Printed from

NPR: Apple to encrypt in-transit iCloud email in near future

updated 06:37 pm EDT, Fri June 13, 2014

Push by EFF to have Internet giants encrypt communications paying off

A statement by Apple to National Public Radio in response to its story about moves the largest Internet providers could do to enhance communication security has revealed a plan to expand end-to-end encryption currently in use to emails sent to other providers. Currently, the company's iMessage offers end-to-end encryption, as does iCloud email ( sent to other iCloud users. However, there is presently no encryption used on email sent to other providers -- a situation Apple says it has already been working on.

NPR recently ran a report based on a survey by the Electronic Frontier Foundation, an consumer and privacy advocacy group. The EFF is pushing for the biggest providers of email and messaging services -- specifically Apple, AT&T, Facebook, Twitter and Google -- to make more use of encryption technology. Specifically, the EFF believes the companies should routinely use security protocols like HTTPS, HSTS (HTTP Strict Transport Security), STARTTLS (protecting emails in transit), forward secrecy (randomly changing the methods and ciphers used in encryptions so that decoding one message does not give attackers the keys to all one's communication history) and in-transit encryption of email.

Google has recently been offering to use STARTTLS for message encryption between companies, but has found few partners so far and has been trying to pressure competitors into using some form of in-transit encryption. Apple told NPR it is working on the issue and will "soon" have a solution for users of and email addresses.

"Apple encrypts e-mail from its customers to iCloud. However, Apple is one of the few global email providers based in the U.S. that is not encrypting any of its customers' email in transit between providers. After we published, the company told us this would soon change. This affects users of and email addresses. We found that many app installations and iOS updates are sent unencrypted to iPhones. The configuration files that let your telecom company control aspects of how your iPhone works is also unencrypted. Apple says these updates are authenticated and can't be changed. All pre-login browsing/shopping traffic from the Apple Store is unencrypted, including all HTML content, images, etc. So if you are a huge Abba fan the NSA could find out." - NPR

The moves are largely in response not to terror threats, but rather to protect Americans' civil liberties from US government snooping of private communications by agencies such as the National Security Agency (NSA). Former contractor Edward Snowden, who has recently been urging US citizens to adopt their own encryption tools in the fight to regain basic privacy rights against the level of mass-collection of data he believes to be illegal, revealed that various US agencies appear to routinely gather and analyze email and some forms of chat from most if not all US citizens as a matter of course, along with other information-gathering techniques such as web tracking.

The widespread collection of data from domestic communications, which apparently began following the incidents of 9/11, would appear to be in direct contradiction to the tenets of individual liberty and freedom from unreasonable search promised in the US Constitution. All three branches of government have been wrestling with the issue, trying to find the line between legitimate inquiry and collection to thwart potential terror attacks, which it sees as a solumn duty to its citizens, versus the freedoms allegedly guaranteed to all Americans to conduct their lawful business and lives free of unwarranted intrusion. The modification of the secret FISA court system (originally created in 1978 over spying concerns, but extensively modified post-9/11), which does not follow the normally-transparent judicial process, has complicated the issue considerably and in part led Snowden to make his revelations.

Apple in particular has been very vocal and proactive about its resentment of any attempt at mass collection of its users' data, and has recently taken several steps to further ensure its resistance to government collection efforts. The company recently adopted new policies with additional disclosure of government data requests and what was being sought, and has testified before Congress on the issue. It says it routinely rejects low-level data requests that come without warrants, forcing the government to justify to at least a secret court the reasoning for the request. Twitter and Google have also been pro-active in refusing requests they view as unreasonable.

by MacNN Staff



  1. FastiBook

    Fresh-Faced Recruit

    Joined: 02-17-05

    I think secure receipt and transmission of data should be a huge priority for anyone or any company offering things that have the ability to do so.

  1. Charles Martin

    MacNN Editor

    Joined: 08-04-01

    Its a matter of getting everyone to agree on a standard, presumably. I'm very glad they're all feeling the pressure to implement it.

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented