Despite Apple's commitment to privacy, data backed up on Apple's iCloud isn't as private as data stored on its physical devices.
Although iCloud data is encrypted, Apple holds the encryption key -- which means the company can retrieve the data at any time.
"iCloud is not private from the government or Apple. iCloud is just someone else's computer," Jonathan Zdziarski, a computer security expert, told CNN Money on Monday.
That may change soon, however, as Apple prepares to make data stored on its iCloud inaccessible to company engineers, according to the Financial Times. Users would still be able to get their data, but Apple would render itself unable to comply with government requests to turn over data stored on iCloud. Such a move from Apple could make iCloud the next battleground in Apple's fight with the FBI.
Apple's ability to access iCloud data is good news if you forget your iCloud passcode or lose your device. If that happens, Apple can retrieve whatever you’ve backed up. But it also means that if Apple is ordered to turn over your backup files to the feds, it probably has to comply.
“In certain cases, we are asked to provide customers’ iCloud content, which may include stored photos, email, iOS device backups, documents, contacts, calendars, and bookmarks,” Apple’s 2015 transparency report states. “We consider these requests very carefully and provide account content when the legal request is a search warrant.”
By completely shutting off its access to iCloud data, Apple may be able to wriggle out of future data requests more easily, according to Jeffrey Paul, a cyber security expert and data privacy consultant.
"Apple doesn’t want to have this capability; as we can see it ends up being a liability for them when the government starts unnecessarily pointing fingers," Paul told HuffPost in an email on Friday.
“We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business.”
- Tim Cook, Apple CEO
Apple received requests for access to 2,727 iCloud and iTunes accounts from law enforcement in 2015, according to its transparency report. The company disclosed data in 81 percent of cases.
In the San Bernardino case, Apple turned over all of the backup data stored on the iCloud account of Syed Farook, one of two suspected shooters. It was only because Farook stopped backing up his iPhone on Oct. 19, 2015 -- six weeks before the San Bernardino attack -- that the FBI sought Apple’s help in retrieving data from Farook’s device, according to the Los Angeles Times.
In response to the FBI's request, Apple CEO Tim Cook insisted that the company keeps user data off-limits even to its own engineers: “We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business,” Cook wrote in a letter to customers.
But at least for now, Apple can still access data stored on iCloud. The company encourages its customers to use the cloud service, and in 2014, Apple was estimated to have 500 million iCloud accounts, according to tech consulting firm Asymco.
The iCloud service has long been a weak spot in Apple’s security apparatus. In 2014, hackers obtained nude photos of several celebrities after reportedly breaking into their iCloud accounts.
Making iCloud data inaccessible to Apple would make that data more private, but it could also seriously inconvenience users. If Apple throws away the iCloud key, it won’t be able to recover backup data for users when they lose their passcode.
"Nobody would be able to recover it, ever. Not you, not the FBI, not your heirs when you die," Ross Anderson, a security engineering professor at the University of Cambridge, told CNN Money on Monday.