Comment by abalone

> One scenario would be somebody in an airport and security officials are searching your device under the Counter Terrorism Act

No, it's much broader than that. The UK is asking for a backdoor to your data and backups in the cloud, not on your device. Why bother with searching physical devices when they can just issue a secret subpoena to any account they want?

It's actually pretty amazing that Apple made ADP possible for the general public. This is the culmination of a major breakthrough in privacy architecture about ten years ago.

Traditionally you had to make a choice between end-to-end encryption and data recoverability. If you went with E2EE, it's only useful if you use a strong password, but if you forget it then Apple can't help you recover your account (no password reset possible). So that was totally unsuitable for precious memories like photos for the average user.

Apple's first attempt to make this feasible was a recovery key that you print out and stuff in a drawer somewhere. But you might lose this. The trusted contact feature is also not totally reliable either, because chances are it's your spouse and they might also lose their device at that same time as you (for example in a house fire).

So while recovery keys and trusted contacts help, the solution that really made the breakthrough for ADP was iCloud Keychain Backup. This thing is low-key so cool and kind of rips up the previous assumptions about E2EE.

iCloud Keychain Backup makes it possible to recover your data with a simple, weak 6 digit passcode that you are virtually guaranteed never to forget, yet you are also protected from brute force attacks on the server. It is specifically designed to work on "adversarial clouds" that are being actively attacked. This is... sort of not supposed to be possible in the traditional thinking. But they added something called hardware security modules to limit the number of guesses an attacker can make before it wipes your key.

And crucially it ensures you don't forget this passcode because it's your device passcode which the OS keeps in sync with the backup key. This is part of the reason your iPhone asks you to enter your passcode now and then even though your biometrics work just fine.

It is a true secret that only you know and can keep in your brain even when your house burns down and nobody (hopefully) can derive from something they can research about you. This didn't really exist for the general populace until smartphones came along. And that ultimately was the breakthrough that allowed for changing the conventional wisdom on E2EE.

iCloud Keychain Backup came out about a decade ago and it has taken this long to gradually test the feasibility of going 100% E2EE without significantly risking customer data loss. The UK is kind of panicking but when people see how well ADP protects their most personal data from breaches, I think they will demand it. It just wasn't practical before.