Is the NSA spying on iCloud?

Apple is reportedly building its own iCloud servers to thwart the ability of the government to intercept its server hardware while in the mail.

Privacy is a big worry for many people these days, particularly when it comes to the cloud. Even huge companies like Apple worry about government spying on their customers and business. 

The company has apparently been building its own iCloud servers to thwart the possibility of its server hardware being intercepted and tampered with by the government while in the mail system.

Zack Whittaker reports for ZDNet in an article from back in March:

Apple is reportedly building its own servers amid suspicions that its hardware is being intercepted prior to its arrival at the company's datacenters.

A report by The Information (paywalled) said that the iPhone and iPad maker has "long suspected" that servers it orders from the traditional supply chain were intercepted while they were in the mail. That's where "unknown third parties" would add chips and modify firmware to "make them vulnerable to interception."

It became so much of a concern that the company would assign people to "take photographs of motherboards and annotate the function of each chip, explaining why it was supposed to be there," the report said.

Building its own servers in-house on motherboards it designed and manufactured would be a "surefire way" to prevent such interception.

More at ZDNet

Maybe I'm just a bit naive, but I must admit that it had not occurred to me that the NSA or other government agencies would stoop so low as to intercept hardware and then essentially bug it so they could intercept data being transmitted to and from iCloud. If it’s true then it’s yet another example of the government overstepping its bounds and violating the privacy of citizens of these United States.

I commend Apple for doing whatever it takes to put a stop to this sort of spying. One of the company’s best qualities has always been its deep and steadfast commitment to its customer’s privacy. It’s one of the reasons why so many people continue to buy Apple’s products.

So it’s quite understandable that Apple would take even the possibility of its server hardware being intercepted by the government seriously. If the government is doing that, then Apple should do whatever it takes to stop it.

I tilt to the Libertarian right for the most part in my politics. So when I read about this kind of nonsense, it really makes my blood boil. And I’m not alone in feeling that kind of anger either, many other people have similar feelings and are grateful that a company like Apple is working hard to protect their privacy rights.

The folks in the Apple subreddit shared their thoughts in a recent thread about Apple designing its own iCloud servers to avoid government surveillance. I'll leave you with this selection of comments from that thread:

Whydowefallbruce: “Anytime I consider leaving apple, I remember their stance on security and I stick around. Love Apple for this…”

Gertygertrude: “You just made me realize how important security is.

I'm constantly thinking about whether or not I want to switch back to android. The HTC 10 and Google Pixel are just so nice, but now that you bring up security, I'm really happy with my SE

Also I'm not switching because I'm buying Super Mario Run! Can't wait to buy it!!!

EDIT: I feel I sound sarcastic, but I'm being 100% serious on the matter.”

Kingfang: “This is precisely why I am happy to pay 2.99 a month for 200gb of iCloud storage. Say what you will about price, but the security built into the system itself is why I pay for it.”

Cariboobs: “I use icloud too, but how do we know it is safe atm?”

Jbaughb: “The way I look at it data is guaranteed to be mined if I use Google services. With Apple services at least that's not the intention...and it's something they do whatever it takes to make sure it won't happen.”

Pmjm: “The biggest risk is in their suppliers. We know from the Snowden docs that RSA was compromised by the NSA, it stands to reason that makers of chips that perform critical functions for iPhones (and Androids/Windows Phones/BlackBerries too to be fair) may be compromised as well.

If the NSA compromised these suppliers' designs and added some measure of predictability to the random number generators, they can easily crack most forms of strong encryption performed by the device.”

A_deneb: “Why rely on anybody? Why not encrypt your stuff prior to uploading it in the cloud?”

Battles: “This isn't a stance on security so much as it is an organizational reluctance to create more work for themselves. It is quite a bit cheaper for apple to design a system and then say 'we can't crack it, uncrackable,' than it is to for them to comply with police and other investigators requests. It would be very expensive and time consuming if Apple had to pull data every time an iphone owner commited a crime with the phone in their pocket. The whole point of the 'stand' against the FBI in the San Bernadino case was to prevent further requests from police departments and the FBI for information.”

Jugalator: “Yes, and it's a consequence of them building their business upon hardware and software, rather than prying out user information to sell like some other big companies today. They have no pressure to sell data or user habits with stupid defenses like "We promise we handle it responsibility even if we sell some of it trust us plz ok?", so then they can as well go the opposite direction and work for privacy. It's a smart move because companies who do need to sell information can't go there.”

Toyg: “All of this is theater, if those servers are then located in the US: it only takes a National Security Letter (and some court-provided rubber to stamp it with) to open their doors to NSA and friends. You can have the strongest crypto and safest hardware in the world, but if you are then forced to hand out your keys to The Man, it's all for naught. ”

More at Reddit

Did you miss a post? Check the Eye On Apple home page to get caught up with the latest news, discussions and rumors about Apple.

Copyright © 2016 IDG Communications, Inc.

7 secrets of successful remote IT teams