- Advanced Data Protection. Advanced Data Protection. Advanced Data Protection. Advanced Data Protection
is our most advanced form of protection for customers'
personal data in iCloud. - [Joanna] There he is, Apple's
lead data security guard. Okay, fine. Senior Vice president
of software engineering. And he's announcing
the company's new, yes. - An Advanced Data Protection. - Or what most techie people know as end-to-end encryption, a security feature to
keep our data more secure. Apple will soon offer
end-to-end encryption to most of iCloud, including
backups of your device and messages, photos, notes, and more. It's a big step, which privacy groups have called on the
company to make for years. What took so long? - Some of the steps we took over a decade ago in designing iCloud and the way we encrypt it, were necessary precursors
to build toward this moment. And using end-to-end encryption
for the other types of data like passwords and browser
history and so forth, helped prove out that technology. - [Joanna] What technology
is that exactly? I asked Federighi to
break down all of this, and the bigger implications
of security tools like this. Can we take a picture
here, a little selfie? Allow me to explain end-to-end
encryption with a photo. Can I get like a bunny fingers? - Sure. I can't see where my fingers
are, but. (chuckling) - Okay, now this photo lives
in my iCloud Photos account. With Apple's standard data protection, which is what we all have now, the photo is encrypted by the device with a key that can unencrypt
or unlock the photo. All that is encrypted while
it goes to Apple's server. And Apple holds a key that
can recover the photo. If hackers got access to Apple's servers and that key, they could see the photo. But if I had Apple's Advanced
Data Protection turned on, that selfie would be end-to-end encrypted, meaning Apple doesn't have the key at all and can't see or unlock that photo. - Well now with Advanced Data Protection, we're giving users the
option to keep that key only on their devices, which means that even if an attacker were to successfully breach the Cloud and access all that data, they'd
lack the key to decrypt it. - So you'll never see that photo, Craig? - We do not wanna see your photo. - [Joanna] Which gets to
one of the biggest issues Apple's had with end-to-end
encryption, data recovery. If you can't get into your device, you wouldn't be able to access your data because you're the only
one with the key now. Apple doesn't have it. - But there are incidences and, you know, we do see it happen where customers not only lose their device, they also forget their device passcode. - Oh, yes. It's like you've
met my mother-in-law. - (chuckling) Well, I think
we all have those. Yeah. And so in that case, if your
mother-in-law had set up you, say, as her recovery contact, you would actually be able, with information you
couldn't use directly, but that you could use to assist her, you'd be able to help her recover her data that was protected with
Advanced Data Protection. - [Joanna] Apple requires you set up a backup recovery method
in case you need to recover end-to-end encrypted data. One option, a Recovery Contact
where you can set up a friend or family member to assist
you with recovering info. There's also a Recovery Key option, so you can generate a key that you can print out and
keep in a secure location. While Apple already had
end-to-end encryption on services like Health
and iCloud Key Chain, the company's now bringing
it to a total of 23 services, but you'll have to turn it on yourself. Why not make this something
that's turned on by default? - A user activating this feature is taking on an additional responsibility. They're taking on responsibility
for their data recovery, for setting up a Recovery Contact or securing a Recovery Key. All users may not be ready
or willing to do that. - With this sort of encryption enabled, companies, even under court order, cannot hand over user data because they technically
can't even get it themselves. End-to-end encryption has long
been great for user privacy but awful for law
enforcement and governments who are trying to get their hands on data to help investigate crimes. Is this something that
weighed into Apple's decision as you roll this out? - We deeply appreciate the
work of law enforcement and support the work of law enforcement. We view that we're really have
the same mission at heart, which is to keep people safe. Ultimately, keeping customers' data safe has big implications on
our safety more broadly. There's sensitive information that were an ill-intentioned attacker, whether that be a foreign
adversary or organized crime to get access to information
of our political leaders or others who have particular secrets, or access to systems, could
be disastrous for us all. And so we see this as important to accomplishing the the mission we share, which is to keep users safe. - End-to-end encrypted iCloud
backups will come to US users before the end of the year and
be released globally in 2023. Does that include China? - Oh yeah, we believe so. We wanna roll out across the world. - Do you know how the Chinese
government feels about this? - They have not told me. - In 2020, Reuters reported
that Apple dropped plans to let iPhone users fully
encrypt their backups after the FBI complained that the move would harm investigations. Was this at all part of Apple's delay? - No, you know, I've heard that rumor, but I don't know where it came from. - In addition to all of this, Apple's also introduced a new Message Contact Key Verification, which further verifies
the sender and receiver for those who require extreme security. You can also now use a
hardware security key made by other companies, such as Yubico, to authenticate your Apple account. What's the prompt for all
these new security features? How much of it is aimed at
Pegasus and other recent attacks? - As customers have put more and more of their personal
information of their lives into their devices, these
have become more and more the subject of attacks by advanced actors. The only way to ultimately
secure against these things is to stay one step
ahead of the attackers. - [Joanna] The next step,
though, lies with us and whether we decide to turn
on Advanced Data Protection.
