Your encrypted data is not as safe than you think

Could your encrypted data be secretly accessed by the government? Answer: Yes. Here are the two ways it could happen.

Let's talk data security for today's UnfilteredFriday.

You probably saw the recent reports of the UK government's demand to Apple for the ability to access encrypted user data in Apple's cloud service*.

But isn't the data encrypted, you splutter. Sorry to burst your bubble, but here's how your data could potentially be accessed given enough heft or resources.

*There's no evidence Apple complied.

Software update

I know, every tech firm worth its salt boasts about the strong encryption they use. But have you heard of software updates?

An official software update could introduce a secret backdoor to potentially nullify the encryption - and open a route to access your data.

This is true of all apps that employ end-to-end encryption, assuming the app makers cooperate:

• WhatsApp.
• Telegram.
• Snapchat.

Known security vulnerabilities

The other way to access encrypted data would be through security vulnerabilities. These could be known ones, or "zero days" that hackers or state actors keep in their arsenal.

A couple of examples:

• Windows BitLocker has a vulnerability that could allow an attacker with physical access to load an older bootloader that can be hacked to decrypt the data.
• Every iOS jailbreak is technically a security flaw that was successfully exploited. I understand it's almost impossible to find one now, but that took well over a decade.

Of course, the easiest way to access your encrypted data is simply to force you to reveal the password. Depending on where you stay, some authorities could be very persuasive.

It's practically impossible to resist an overt attempt by extremely well resourced or equipped actors on one's digital assets. But at least you know!