Apple can decode and access anything stored in iCloud

Users of Apple’s iCloud service are protected by industry-leading protection – 128 bit encryption, data transmission via SSL, the whole nine yards. In short, it’s very unlikely that any outside party could ever access your iCloud data without your permission.

Unless they asked Apple.

A recent security analysis conducted on behalf of Ars Technica has demonstrated that Apple keeps a key that lets them decode anything stored in iCloud at any time. Moreover, the Terms and Conditions you sign when you elect to use iCloud show that Apple expressly keeps the right to do so at any time they see fit. Apple retains the right to “pre-screen, move, refuse, modify and/or remove” any content they deem objectionable, and “access, use, preserve and/or disclose” any of that content to law enforcement officials.

Of course any company must comply with a court order if they are sent one, but Apple’s T&C don’t specify a court order as a requirement – they simply have the right to screen your iCloud data, remove it if they like, or pass it along to the FBI if they feel it’s in their best interest.

Should you be worried? The trite answer is “only if you are doing something wrong”, but it really comes down to how much you trust Apple with your data when you know they can access it at any time. It’s not the only way Apple could have elected to design iCloud – a fully encrypted system would not have let Apple spy on the data either, much the way Microsoft can’t see what’s on a fully encrypted version of Windows 7 without your password. Of course BlackBerry's have a system like that, and it's gotten them into very public trouble in some countries.

But Apple likes control, and prefers to trust its own judgment as to when action should be taken, and their T&C allow that. It lets them avoid a public altercation like RIM ran into, since Apple doesn't have to alert anyone to share data with local authorities. It also protects them against claims that iCloud is being used for rampant pirating, since they can check for (and remove) material that violates copyright.

It’s easy to get all worked up over privacy issues, and we don’t want to cause undue alarm. Instead, you need to be an informed consumer; if you work in a field where you keep trade secrets, then iCloud probably isn’t for you. If you are uneasy with allowing Apple access to your encrypted data, you may want to select a different cloud storage solution. For most users it probably won’t be a big deal.

What do you think about Apple’s back-door access to iCloud data? Let us know in the comments below.

source: Ars Technica via AppleInsider