Apple going for private iCloud?
Apple is looking into a completely new cloud service that would take it away from the likes of Amazon Web Services and Microsoft’s Azure platform, creating a totally private iCloud and truly secure internet.
The technology giant’s robust approach to privacy has come under the spotlight of light in the case of Apple v the FBI. Essentially the computing and telecommunications giant has refused to co-operate and unlock the iPhone found in the possession of the San Bernadino shooter.
Has the FBI cracked the code?
Reports are now emerging that the FBI has managed to bypass the security on the phone in any case, but it opened a wider debate about cyber security and it has been revealed that the government makes numerous requests to Apple in a bid to unlock phones and access private networks.
Apple refused to co-operate on the grounds that it could open the floodgates for law enforcement agencies to simply expect personal details to be handed over. That would be a PR disaster for Apple, as if it cannot guarantee its users a degree of privacy then they may take their business elsewhere.
Throwing away the keys
Curiously, owning its own private iCloud storage system could give Apple more flexibility as it can simply hand over complete access to the individual owner and disavow itself of any backdoor keys. The FBI will not be satisfied with this and has already tried to implement a 200-year-old ruling in a bid to force Apple’s hand in the San Bernardino case, but a zero knowledge approach could make it easier for Apple to sidestep the requests for information.
SpiderOak already has this system in place and while the FBI and other law enforcement agencies could eventually force through legislation that insists on backdoor access, simply not having the knowledge of what is on the iCloud server could be a shrewd tactic for Apple in its ongoing war for customer protection.
That government backdoor would be a tortuous nightmare to guard and an open invitation to black hat hackers, too. Apple knows this and simply cannot allow its customers to be subjected to constant attacks from cyber criminals that simply know there is a weak spot.
Simple access keys cannot work
A catch-all, TSA-style key simply cannot work for phone security, as once it is in the government’s hands then it is safe to assume it will find its way into the public domain before long. At that point, any iPhone is potentially vulnerable.
One high profile hack can create carnage and, with so much of our business and our personal lives conducted through our smartphone in the modern age, it’s easy to see why Apple is determined to keep our data encrypted and even take further steps to improve the security measures. A totally dark iCloud storage system will appeal to them, as they simply cannot be held responsible if they have no keys.
Hackers attack for fun
Hackers have broken into the CIA, the FBI and even released the details of thousands of cheating spouses with the Ashley Madison scandal. Once a vulnerability is revealed, there are hordes of hackers that will relentlessly attack it until they have found the weakness just for the admiration of their peers.
Apple was always going to build its own data centres in the end in any case. Dropbox and other storage firms found the costs of using public storage facilities were just too high in the end and the high initial investment of building a data centre was more than covered by the savings within just a few years.
This high-profile case, together with Microsoft’s admission that it couldn’t guarantee to scale to Apple’s requirements, especially when there is such a demand from other Enterprise level companies for storage now that cloud computing is becoming the norm across the civilised world, seems to have swung the balance in favour of Apple building its own facility.
Several birds with one stone
It is just a plan right now and the technology giant could simply drop it, but this is looking less and less likely as it seems to provide the solution to a number of separate issues.
A completely secure iCloud is good for the customer, too, as the PR fallout from losing a customer’s data is damaging for a massive corporation. For a smaller business, it could be catastrophic. Could you imagine anybody signing up for an Ashley Madison account right now?
What you can do now?
For now, the best solution is to look at completely secure storage from the likes of SpiderOak, but if you have any kind of front-facing website that you use for business then upgrade to full SSL certified status. This ensures that all data your customer provides, even their name, is fully encrypted and cannot be intercepted.
Also, if you’re using a smartphone outside the office then use a Virtual Private Network, which will ensure that you have a private connection and essentially you get most of the protection you would get on your home or office Wi-Fi, on a public connection.
The rest of the time just be vigilant, and hope that Apple takes Project McQueen to completion and throws away the key.