[pksadiq]

> Apple's Reply:

>> Device data is encrypted with a user’s passcode, and access to iCloud data including backups requires the user’s Apple ID and password.

Can't Apple ID password be reset? If so, how can it be a true encryption?

[redial]

> Device data is encrypted with a user’s passcode

I think it uses the passcode you set on your phone, not the password of your iCloud account.

[pksadiq]

> I think it uses the passcode you set on your phone, not the password of your iCloud account.

May be true, but

> access to iCloud data including backups requires the user’s Apple ID and password.

probably doesn't requires the passcode that the user have set, because this data is available across several devices, and the only common thing would be the Apple ID and its password.

[jsolson]

If you've recently set up iOS devices you'll have seen it ask for the passcode for another device before you can access iCloud data on the new one.

[djrogers]

^ This. First time it happened I was a little confused, but once I realized what was happening I was ecstatic about it's implications for iCloud backup security.

[josephg]

Yep. iCloud security is fantastic. Here's a write up on how the keychain security works:

https://tidbits.com/article/14557

It involves hardware security modules, cross-device crypto signing and other fun stuff. Apple cannot access the data they store about you on their servers.

From Apple's documentation:

Apple designed iCloud Keychain and Keychain Recovery so that a user’s passwords are still protected under the following conditions:

- A user’s iCloud account is compromised.

- iCloud is compromised by an external attacker or employee.

- Third-party access to user accounts.

[duskwuff]

Note that the keychain security is a bit of an exception -- it's particularly strong, as it's protecting password data. (My favorite detail, not mentioned in the original white paper: To prevent the iCloud Keychain HSMs from being updated with a more lax policy, the smartcards that would have been required to update them were destroyed in a private ceremony involving a blender.)

Other data in iCloud is generally under less extreme levels of security. This isn't to say that it's insecure, merely that it's not as fanatically protected. Some of it may be accessible by resetting your account password.

[astrange]

Only iCloud Keychain is protected this way. It doesn't apply to backups or other data.

[Someone]

I don't know whether they do, but the data still is on your device, so if you change your password, your phone can overwrite the version in the cloud with a newly encrypted one.

Using Apple ID and password is (for the typical user) fairly weak encryption, though. That could be improved by having your devices exchange encryption keys.

[willstrafach]

There may be a phrasing issue. Parts of iCloud data are protected with a device passphrase / passcode (or specifically: a encryption key generated based on that). Further, your iCloud account is protected with a password of course. So these are two layers of protection, not quite one or the other like the text may imply.

[andmarios]

Maybe the password encrypts the actual encryption key? I don't know about iCloud but that's how LUKS works on Linux.

[peterkelly]

Except that would mean a password reset would involve losing access to all your data (unless you can remember the original).

[eridius]

You can have an HSM that encrypts the data with its own key, and merely verifies that the apple id & password match before decrypting anything, and you can destroy the private keys necessary to reprogram the HSM, so that way you can't be compelled to change it. The HSM would similarly do whatever verification is necessary when resetting the password to ensure that the rules are met.

That said, I don't know what Apple actually does. I know they use HSMs, but most of the info about how that works is about Keychain syncing, which is done a bit differently than other iCloud data syncing.

[wyager]

Yeah, unless you have another iCloud device I believe you lose your data.

[murukesh_s]

That is a valid question.

[piyush_soni]

But everything on the iCloud can be obtained by the government and the law enforcement agencies. Right? (I don't care much, but apparently one of the reasons many people use iPhones instead of Android phones is that their data is perceived to be protected from the government, so might be important for them - and Apple does have a history of giving the iCloud data to them).

[matthewmacleod]

No.

[piyush_soni]

Yes. Not sure why people reject things about their favorite company without checking facts, just like religion. Even the account for which Tim Cook became the privacy crusader, they had already given his iCloud data.

Also, here: http://www.apple.com/in/privacy/government-information-reque...

[willstrafach]

No.

I do not understand why this is even a discussion, either folks are being disingenuous on purpose, or maybe it is truly a matter of not understanding how it works.

Any data on iCloud which is not encrypted (for example: webmail) or Apple servers (example: Activation information) can definitely be requested by LE. This is a known fact, and as Apple has the data they are required by law to hand it over upon getting a proper subpoena for it. Whether they should be retaining those logs is another matter and can surely be debated.

With regards to iCloud data, the Keychain as well as a great deal of the stored data is now encrypted addditionally by your device passphrase. This is new, and was not the case for the SB iPhone 5c, for what it is worth.