Secondo questa altra risposta allo stesso thread su Chiedi a , sembra che tutto ciò che è necessario per accedere a un backup iCloud sia la volontà e il desiderio di un dipendente Apple o di qualcuno che ha violato il proprio sistema; l'enfasi è mia:
iCloud uses server-side encryption, not client-side encryption. When
sending data to the cloud, it gets encrypted on your machine with SSL,
then decrypted at the iCloud servers, then re-encrypted using an
encryption key that Apple knows for storage. This means that Apple
employees have the technical ability to read your data. There may be
procedural, technical, or policy controls to make this unlikely, but
the capability is there. That means that if Apple's cloud ever gets
compromised by a sophisticated attacker, the attacker could
potentially access all your data. In other words, any data breach or
accident on Apple's part could potentially expose your data.
Al di là di ciò, Apple stessa afferma nelle linee guida di processo legali ufficiali :
The following information may be available from iCloud:
i. Subscriber Information
When a customer sets up an iCloud account, basic subscriber information such as name, physical address, email address, and
telephone number may be provided to Apple. Additionally, information
regarding iCloud feature connections may also be available. iCloud
subscriber information and connection logs with IP addresses can be
obtained with a subpoena or greater legal process. Connection logs are
retained up to 30 days.
ii. Mail Logs
Mail logs include records of incoming and outgoing communications such
as time, date, sender email addresses, and recipient email addresses.
Mail logs may be obtained with a court order under 18 U.S.C. § 2703(d) or a court order with an equivalent legal standard or a search
warrant. iCloud mail logs are retained up to 60 days.
iii. Email Content
iCloud only stores the email a subscriber has elected to maintain in
the account while the subscriber’s account remains active. Apple does
not retain deleted content once it is cleared from Apple’s servers.
Apple is unable to provide deleted content. Available email content may be provided in response to a search warrant issued upon a showing
of probable cause.
iv. Other iCloud Content. Photo Stream, Docs, Contacts, Calendars, Bookmarks, iOS Device Backups
iCloud only stores content for the services that the subscriber has
elected to maintain in the account while the subscriber’s account
remains active. Apple does not retain deleted content once it is
cleared from Apple’s servers. iCloud content may include stored
photos, documents, contacts, calendars, bookmarks and iOS device
backups. iOS device backups may include photos and videos in the
users’ camera roll, device settings, app data, iMessage, SMS, and MMS
messages and voicemail. iCloud content may be provided in response
to a search warrant issued upon a showing of probable cause.
Quindi, alla fine della giornata, un iDevice crittografato (iPhone, iPad, iPod Touch, ecc.) è un iDevice crittografato. Ma la maggior parte dei dati di iDevice supportati da iCloud di Apple è accessibile dallo staff Apple. Il fatto che tali dati siano condivisi o visualizzati è un concetto protetto solo da procedure, processi e accordi legali; la tecnologia non svolge un ruolo molto importante nella protezione di tali dati.