Apple defies FBI and offers encryption by default on new operating system
The latest version of Apple’s operating system for desktop and laptop computers, Mac OS X 10.10 “Yosemite”, encourages users to turn on the company’s FileVault disk encryption, as the company hardens its pro-security stance.
The decision to encourage encryption, so that users must opt out – rather than opting in as has been the case since FileVault was introduced in 2003 – shows the company refusing to back down to pressure from the US government to restrict the availability of cryptographic tools to the public.
On Thursday, the FBI’s director, James Comey, decried the company’s decision to offer similar tools on mobile devices running iOS 8.
“With Apple’s new operating system, the information stored on many iPhones and other Apple devices will be encrypted by default,” Comey told the Brookings Institute in Washington DC. “Shortly after Apple’s announcement, Google announced plans to follow suit with its Android operating system. This means the companies themselves won’t be able to unlock phones, laptops, and tablets to reveal photos, documents, email, and recordings stored within.”
Comey continued: “At the outset, Apple says something that is reasonable – that it’s not that big a deal … Apple argues, for example, that its users can back up and store much of their data in ‘the cloud’ and that the FBI can still access that data with lawful authority. But uploading to the cloud doesn’t include all the stored data on a bad guy’s phone, which has the potential to create a black hole for law enforcement.”
But despite Comey’s pleas, the company shipped Yosemite with the FileVault option intact. The install process for the new operating system asks users if they would “like to use FileVault to encrypt the disk” on their Macs. Ticked by default are two boxes, “Turn on FileVault disk encryption” and “Allow my iCloud account to unlock my disk”.
That means that unless the user actively declines the offer, their hard drives will be encrypted.
Unlike a standard password-protected computer, which leaves the contents of a hard-drive accessible to anyone with the patience to remove the drive, FileVault encrypts the entire contents of a device at disk level, rendering it impossible for anyone without the login password to access the data on the computer.
While the FBI has condemned Apple’s new commitment to security, civil liberties organisations have welcomed the decision. “We applaud tech leaders like Apple and Google that are unwilling to weaken security for everyone to allow the government yet another tool in its already vast surveillance arsenal,” said the American Civil Liberties Union’s Laura Murphy following Comey’s speech. “We hope that others in the tech industry follow their lead and realize that customers put a high value on privacy, security and free speech.”
Users on older versions of Mac OS X can still enable FileVault, but must dig into the operating system’s settings to do so; the feature is buried under the Security & Privacy option in the system preferences. Windows users have long had access to a similar tool, also not enabled by default, called BitLocker, which can be turned on using Windows Explorer. It is not yet known whether Microsoft will make BitLocker use opt-out in its forthcoming Windows 10 release, expect next year and presently in developer testing.