Apple is currently embroiled in a very public battle with the FBI over the question of whether it’s obligated to help the government agency crack the iPhone used by a suspect in the San Bernardino mass shooting. It’s been reported that Apple is working on strengthening the security of the next iPhone, which could result in an iPhone that even Apple couldn’t unlock. The security updates that Apple adds to the iPhone in the future would keep both hackers and Apple out of users’ iPhones, and would likely mean that Apple wouldn’t be able to help a government agency like the FBI crack a suspect’s iPhone, even if it wanted to cooperate. But if Apple makes the iPhone more secure, that may, by necessity, make it less user-friendly.
Kaveh Waddell reports for The Atlantic that Apple’s new security measures could include a change that would render users’ information inaccessible even to Apple. But that change would likely make Apple’s products more difficult to use — a difficult proposition at a time when Apple has been criticized for the increased complexity of its software. Waddell notes that so far, the changes that Apple has made with successive versions of its hardware and software “have largely stayed out of the user’s way.”
A 2014 update to iOS encrypted the contents of compatible iPhones and iPads in their entirety, while still enabling users to unlock their devices with a simple four-digit passcode. And when the company equipped its iPhones with TouchID fingerprint readers, it enabled them to unlock their devices without even having to enter their passcodes. But Apple is reported to be considering a change that would significantly upgrade the security of its users’ data, at what Waddell reports could be “a potentially high cost to usability.”
In briefings with reporters, Apple executives have hinted that the company is looking to strengthen security by making changes that would affect the company’s servers instead of users’ devices. New iPhones and iPads are equipped with full-disk encryption, which scrambles the entirety of a device’s contents and enables them to be decoded only with the combination of two keys: a unique hardware key embedded in each device and a passcode chosen by the user.
This form of encryption has proven a stumbling block for the FBI, which is demanding that Apple help it to break into an iPhone 5c used by Syed Farook. While the data on the iPhone is locked and inaccessible even to Apple, there is another factor at play: the company would be able to easily retrieve any information that the phone sent to its servers in the form of routine iCloud backups. In this case, the phone stopped sending data to iCloud several weeks before the attack, suggesting that it was manually turned off.
But if the setting had remained on, law enforcement would have been able to use a subpoena to compel Apple to turn over backup data from its own servers — as it did with the 295 different iCloud accounts that were the subject of government requests in the first half of 2015. Waddell notes that Apple’s ability to access iCloud backups is, essentially, a security hole. The changes that Apple is reportedly considering would put iCloud data out of the reach even of Apple’s employees, so that if the police asked Apple for someone’s iCloud backups, the company would only be able to hand over encrypted data without the keys needed to decrypt it.
Of course, there’s a catch. Apple currently “hangs on to the keys for its customers’ backups” because if an iCloud user forgets his or her password, Apple can “act as a locksmith” and let the user back in once his or her identity is verified, and then help to change the locks with a new password. If Apple were to encrypt iCloud data so that even its employees can’t unlock it, a lost password would leave the data permanently encrypted, and therefore unusable.
For many people, iCloud can be the only backup for an address book assembled over many years, an archive of digital notes, or a lifetime of family photos — a lot to lose if you happen to forget your password, as many people occasionally do. Users who have chosen complex and hard-to-remember passwords would be especially vulnerable. Waddell posits that the decrease in convenience, and the potential for lost data, could lead Apple to make strong iCloud encryption an option that it would recommend “only for particularly security-conscious users.” The company could even choose to forego implementing the feature altogether if it decides that the “usability downsides are too extreme.”
Apple already has some usability issues to remedy in its apps, and it needs to fix many of its apps for iOS and OS X, which have failed in both big and small ways to live up to the high standard implicitly promised by one of Steve Jobs’s favorite phrases, “It just works!” Complaints about sluggish software, broken features, and services that don’t keep up with their rivals have grown more commonplace, and a pattern of cloud-related issues erode the quality of users’ experiences with Apple’s products and platforms. It’s too early to predict how users would react if Apple opts to make its next iPhones more secure and therefore less user-friendly.