Apple Will Boost Privacy Protection With New Email Encryption

Source: Thinkstock

Source: Thinkstock

Users of Apple’s (NASDAQ:AAPL) iCloud-based services will soon receive improved data privacy protections thanks to a recently revealed email encryption initiative, reports Apple Insider.  Although Apple already encrypts iMessage communications from end to end, a recent NPR survey of tech companies’ efforts to protect the privacy of users’ data found that the Cupertino-based company was not providing in-transit encryption for emails between iCloud users and users of other providers’ services.  As noted by NPR, the iPhone maker “is one of the few global email providers based in the U.S. that is not encrypting any of its customers’ email in transit between providers.” NPR based its survey on information provided by nonprofit civil liberties watchdog group the Electronic Frontier Foundation (EFF) and Google (NASDAQ:GOOG) (NASDAQ:GOOGL).

However, soon after the NPR published the results of its user data privacy survey, Apple contacted NPR and revealed that it was currently taking additional steps to ensure that emails in transit between its iCloud customers and users of other providers are given the same level of protection afforded to communications between users of Apple’s services. As noted by NPR, this will boost data protection for users of me.com and mac.com email addresses. Apple did not offer a specific timeline for when this encryption will take effect.

According to NPR, the STARTTLS extension is what allows the encryption of text communications in transit between service providers. However, both service providers involved in the communication must enable the extension in order for it to operate. Although many companies have promised to implement this type of encryption, Google found that many providers have still not started using the STARTTLS extension. However, as noted by NPR, the number of service providers enabling in-transit email encryption has been steadily increasing since Google started “naming and shaming” companies that left in-transit emails unencrypted.

While it’s unfortunate that Apple does not already provide this type of privacy protection for its users, it should be noted that the iPhone maker has already vastly improved its privacy protection efforts over the past year. The EFF recently gave Apple the highest possible ranking in the digital rights organization’s latest “Who Has Your Back?” report. The annual report rates companies based on how well they protect their users’ privacy and resist government requests for their data.

The “Who Has Your Back?” report uses six criteria to rank companies’ privacy protection efforts, including requiring a warrant for content of communications; telling users about government data requests; publishing transparency reports; publishing law enforcement guidelines; fighting for users’ privacy in courts; and publicly opposing mass surveillance. As noted by the EFF, companies are given a star in a category if they have fulfilled the related requirements. Apple received six stars this year, after earning only one star in each of the previous three years.

Apple also released its first transparency report last year that revealed how many requests for information about users the company has received from the government. However, the amount of information that Apple is allowed to share in its transparency reports is still restricted by the U.S. government. Apple and many other major tech companies have generally boosted privacy protections for their users over the past year in reaction to the public’s increased concern over privacy issues following the exposure of the NSA’s bulk data collection program by former NSA contractor Edward Snowden.

Several tech companies have also lobbied the government to rein in its surveillance programs based on concerns that it could harm their businesses. Apple and eight other major tech companies sent an open letter to the U.S. Senate earlier this week asking it to reform the NSA, reports The Hill. “Over the last year many of our companies have taken important steps, including further strengthening the security of our services and taking action to increase transparency,” wrote the coalition of tech companies. “But the government needs to do more.”

More from Wall St. Cheat Sheet:

Follow Nathanael on Twitter (@ArnoldEtan_WSCS)