Users of Apple’s (NASDAQ:AAPL) iCloud-based services will soon receive improved data privacy protections thanks to a recently revealed email encryption initiative, reports Apple Insider. Although Apple already encrypts iMessage communications from end to end, a recent NPR survey of tech companies’ efforts to protect the privacy of users’ data found that the Cupertino-based company was not providing in-transit encryption for emails between iCloud users and users of other providers’ services. As noted by NPR, the iPhone maker “is one of the few global email providers based in the U.S. that is not encrypting any of its customers’ email in transit between providers.” NPR based its survey on information provided by nonprofit civil liberties watchdog group the Electronic Frontier Foundation (EFF) and Google (NASDAQ:GOOG) (NASDAQ:GOOGL).
However, soon after the NPR published the results of its user data privacy survey, Apple contacted NPR and revealed that it was currently taking additional steps to ensure that emails in transit between its iCloud customers and users of other providers are given the same level of protection afforded to communications between users of Apple’s services. As noted by NPR, this will boost data protection for users of me.com and mac.com email addresses. Apple did not offer a specific timeline for when this encryption will take effect.
According to NPR, the STARTTLS extension is what allows the encryption of text communications in transit between service providers. However, both service providers involved in the communication must enable the extension in order for it to operate. Although many companies have promised to implement this type of encryption, Google found that many providers have still not started using the STARTTLS extension. However, as noted by NPR, the number of service providers enabling in-transit email encryption has been steadily increasing since Google started “naming and shaming” companies that left in-transit emails unencrypted.