From a wide-ranging interview from October 2018 (filtered through Google Translate):
Spiegel Online: Is the data as secure on your iCloud online
service as on the devices?
Cook: Our users have a key there, and we have one. We do this
because some users lose or forget their key and then expect help
from us to get their data back. It is difficult to estimate when
we will change this practice. But I think that in the future it
will be regulated like the devices. We will therefore no longer
have a key for this in the future.
I believe “regulated” is an idiomatic glitch in the translation. In English we tend to reserve that word for rules and laws from the government; Cook I think clearly is talking about Apple’s own policies.
[Update: Via my friend Glenn Fleishman, who speaks German: “You are correct about the Spiegel story. The machine translation is quite good, but ‘regulated’ was translated from the verb ‘regeln’ which can be regulated, but also controlled/set/etc. So it would be better to say, ‘I believe that in the future, it will be handled like on devices.’ ”]
Joseph Menn’s blockbuster report for Reuters today claims Apple abandoned its plans for encrypting iCloud backups “about two years ago”. Something in the timeline doesn’t add up there. (It’s also very clear from the Der Spiegel interview that Cook is keenly aware of how encryption works with Apple’s devices and services.)
★ Tuesday, 21 January 2020