h1

Apple holds the master decryption key when it comes to iCloud security, privacy

April 5, 2012

Apple can potentially decrypt and access all data stored on iCloud servers. This includes contacts, notes, unencrypted e-mails, application preferences, Safari bookmarks, calendars, and reminders.

This was recently confirmed by a source speaking to Ars, and security researcher and forensic data analysis expert Jonathan Zdziarski agreed. “I can tell you that the iCloud terms and conditions are pretty telling about what the capabilities are at Apple with respect to iCloud, and suggests they can view any and all content,” Zdziarski told Ars.

In particular, Zdziarski cited particular clauses of iCloud Terms and Conditions that state that Apple can “pre-screen, move, refuse, modify and/or remove Content at any time” if the content is deemed “objectionable” or otherwise in violation of the terms of service. Furthermore, Apple can “access, use, preserve and/or disclose your Account information and Content to law enforcement authorities” whenever required or permitted by law. Apple further says that it will review content reportedly in violation of copyright under DMCA statutes.

“If iCloud data was fully encrypted, they wouldn’t be able to review content, provide content to law enforcement, or attempt to identify DMCA violations,” Zdziarski told Ars.

Source

Advertisements
%d bloggers like this: