Yesterday, I saw the iCloud announcement in the Apple WWDC Keynote. At first, I wasn't too interested because IMHO, cloud services are kind of over-hyped. However, iCloud does look really promising. It could be a game changer. The question is only: For better or worse. Personally, I won't use it unless I know for sure that they do their best to protect my privacy ... so ... inspired by the keynote I thought about what would make me feel like my privacy is properly handled by iCloud. I've also shared those thoughts with Steve Jobs ... not sure if he'll even read that mail I sent him but I thought it was worth a try. In any case:
Here's a solution I believe would be "good enough":
a) Every iCloud device generates a public / private key pair; the public key is published to the cloud and available to everyone, the secret key can optionally be backed up via iTunes (which will also take it into TimeMachine), and transmitted to other devices via AirDrop
b) All privacy relevant data is encrypted with the public keys of all devices that legitimately should have access to that data (if I choose to share appointments or documents with other people, that would include their devices)
c) Only encrypted files are transmitted to and stored in the cloud (files that belong to the user, like photos and documents; stuff the user only licenses isn't critical from a privacy perspective, so no encryption needed here)
d) Like Webkit, the solution is open sourced (Apple might even be able to use an existing open source implementation like GnuPG as foundation to cut development costs and build on existing trust in a rock-solid solution - while they're at it they could add GnuPG to the Apple Mail implementations, especially the mobile ones). That way, Apple can also easily prove that there are no secret backdoors: When the encryption code is available as open source, one could encrypt the files like they would be encrypted on the devices with a tool that can be code-reviewed. If the output is exactly the same, and the tool has no backdoor, it should be safe to say that no backdoor can be implemented on device. We'd need to be able to check the exact files the devices send into the cloud, though.
Benefits:
a) When Apple uses strong encryption, iCloud would be fully business ready, as it would have no significant risk of trade secrets leaking!
b) Apple could gain reputation for protecting their customers' privacy.
c) Since encryption is fully handled on the devices, Apple wouldn't burden their data center - it can simply store and distribute the encrypted data. And even if someone breaks into the data center and steals all the data not much could be done with that because the private keys are only on the devices.
Challenge (just one - and a solution is already there):
a) When a new device is added, as the files weren't encrypted with its public key, the encrypted files cannot trivially be sent to that new device. The easy solution: The user can send the private key of an existing device to the new device via AirDrop. That way, all data immediately becomes available to that new device. Problem solved with just one easy extra step for the user. This works in all cases (also when data is shared between different people; of course they can't send their private keys around - but when you have access with one device, you can gain access with other devices by sharing your private key among your own devices). Of course, there's a potential for leaks when people sell devices with private keys - but when you sell your device without first wiping it clean you're not someone I'd want to share stuff with anyways ;-)