I responded with a bit of assurance and techno-speak which explained that, for the right people (government spooks, the phone company, criminals, and hackers), it’s all trivial, but using a password on Mac, iPhone, and iPad makes the spying job more difficult because encryption and security et al. Then I wondered, “Why doesn’t Apple just encrypt everything, end-to-end?”
The reason we have encryption (it used to be illegal) is because humans basically are paranoid. The government is paranoid that citizens– good or bad– might be up to something, so they don’t want encryption for the masses, but use it themselves (albeit, not all that well, it seems). Businesses use encryption to protect data from outside influence or theft (albeit, not all that well, too, it seems).
Yet, plenty of encryption tools exist which would make it next to impossible for government spooks, spies, hackers, criminals or anyone else to gain easy access to personal data. Quantum computing might get there but at the same time we might have quantum encryption, so there’s that.
Encryption protects trillions of online transactions every day. Whether you’re shopping or paying a bill, you’re using encryption. It turns your data into indecipherable text that can only be read by the right key. We’ve been protecting your data for over a decade with SSL and TLS in Safari, FileVault on Mac, and encryption that’s built into iOS. We also refuse to add a “backdoor” into any of our products because that undermines the protections we’ve built in. And we can’t unlock your device for anyone because you hold the key — your unique password. We’re committed to using powerful encryption because you should know the data on your device and the information you share with others is protected.
But why not encrypt everything? Messages between Mac, iPhone, and iPad users are encrypted end-to-end but Mail messages are not (they can be, but Messages is handled automatically while getting encryption into Mail is a convoluted problem with social issues). More websites are serving secure pages these days, from server to browser, so that improves privacy and security.
Even the Mac has a built-in security function with FileVault. Most Mac users don’t know it’s there or what it does. Open System Preferences, click on Security & Privacy, then select FileVault.
WARNING: You will need your login password or a recovery key to access your data. A recovery key is automatically generated as part of this setup. If you forget both your password and recover key, the data will be lost.
There is that ominous warning, though.
Tying this topic back to my mother’s text questions regarding the telephone, Apple’s FaceTime has end-to-end encryption. Like Messages, that means the FaceTime video, if captured between the sender and recipient, cannot be viewed.
Your communications are protected by end-to-end encryption across all your devices when you use iMessage and FaceTime, and with iOS and watchOS, your iMessages are also encrypted on your device in such a way that they can’t be accessed without your passcode. Apple has no way to decrypt iMessage and FaceTime data when it’s in transit between devices.
Messages and SMS text messages get backed up on iCloud, but that can be turned off, and FaceTime calls are not stored. Apple has a good reputation for privacy and security, especially when compared to Google, Microsoft, and others. iCloud Data encrypts Photos, Documents, Calendars, Contacts, the iCloud Keychain, Bookmarks, Reminders, Notes, and Mail.
The caveat here is that Mail is encrypted in transit, not encrypted between users. That’s my issue. Encrypting email from user to user is a convoluted, confusing, cumbersome system of keys, public keys, and recipients who have a similar set up. Email, more than 20 years after the public interwebs swept the world, remains a scourge; everyone online has it, most of us use email, many of us hate it, but if there’s an insecure app that remains ubiquitous and insecure, it’s email.
Dear Apple, encrypt everything. Including email.
I know that requires some effort with other major players but how hard would it be for Apple, Google, Microsoft, and the Linux community to establish a built-in de facto encrypted email system that just works?