A new report on Apple’s iCloud service reveals that the company holds a master decryption key and retains the right to screen content, or hand over information to legal authorities.
Ars Technica spoke with several security experts about iCloud about whether user data is secure with Apple. According to the report, a source recently indicated that Apple has the ability to “decrypt and access all data” store on its iCloud servers.
Separately, security researcher Jonathan Zdziarski agreed with the claim. “I can tell you that the iCloud terms and conditions are pretty telling about what the capabilities are at Apple with respect to iCloud, and suggests they can view any and all content,” he said.
The iCloud Terms and Conditions contain provisions for Apple to “pre-screen, move, refuse, modify and/or remove” content that is found to be objectionable. The company also retains the right to “access, use, preserve and/or disclose” account information and content to law enforcement authorities. Apple’s terms also allow it to check content for copyright infringement as per the Digital Millennium Copyright Act.
“If iCloud data was fully encrypted, they wouldn’t be able to review content, provide content to law enforcement, or attempt to identify DMCA violations,” Zdziarski told Ars Technica.
Apple has plans to deeply integrate iCloud into its OS X file system later this year. OS X 10.8 “Mountain Lion” will offer iCloud as an option when saving new files. Documents saved to iCloud will remain tied to their respective applications to protect them from malicious software.
As of February, iCloud had over 100 million users.