Apple turns off data protection in the UK rather than comply with backdoor mandate
Rather than comply with a UK order to make a backdoor into encrypted data, Apple has announced it will no longer offer Advanced Data Protection in that country.
UK Parliament
In 2024, the UK revamped its UK Investigatory Powers Act of 2016 to give itself the authority to legally -- and secretly -- compel Apple to break the end-to-end encryption that its security and privacy depends on. Despite bipartisan protests from the US, the UK issued the order and Apple cannot continue to operate its end-to-end encryption without breaking the law.
Instead of allowing the UK backdoor access to encrypted data, however, Apple has announced that it is switching off the encryption. This technically complies with the law, but means Apple does not create a backdoor that the UK or other bad actors could use.
Apple can no longer offer Advanced Data Protection (ADP) in the United Kingdom to new users and current UK users will eventually need to disable this security feature. ADP protects iCloud data with end-to-end encryption, which means the data can only be decrypted by the user who owns it, and only on their trusted devices.We are gravely disappointed that the protections provided by ADP will not be available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy. Enhancing the security of cloud storage with end-to-end encryption is more urgent than ever before.
Apple remains committed to offering our users the highest level of security for their personal data and are hopeful that we will be able to do so in the future in the United Kingdom. As we have said many times before, we have never built a backdoor or master key to any of our products or services and we never will.
This does not mean that all iCloud services are to lose their encryption within the UK. Apple says that iCloud Keychain and Health, for instance, plus iMessage and FaceTime, will remain end-to-end encrypted.
However, certain other iCloud services will lose their encryption for users in the UK:
- iCloud Backup
- iCloud Drive
- Photos
- Notes
- Reminders
- Safari Bookmarks
- Siri Shortcuts
- Voice memoes
- Wallet passes
- Freeform
The changes are effective immediately for new users, who will not be able to enable encryption on these services. Existing users will have an as yet unspecified period of time before encryption must be disabled.
The message new UK users now get about Advanced Data Protection in Settings
Apple notes that it can't disable the Advanced Data Protection for users itself. Instead, users will have to manually disable the feature in order to keep using iCloud.
The company says that instructions on how to do this will be provided shortly.
Apple also notes that Advanced Data Protection will continue to be available everywhere else in the world.
What happens next
It is conceivable that Apple will ultimately be able to reverse this and reintroduce encryption for the UK, but even if it does happen, it's not known how long that will take.
The reason is that as well as making its demands in secret, the UK government has a unique answer to appeals. Apple can appeal to a UK technical court against the government's demands, but it cannot wait for the result to comply with the order.
Ultimately, the UK has got what it wanted. The original demand was for a backdoor that would allow it access to the data of any iCloud user anywhere in the world.
Given that Apple has previously gone to court to refuse the same request from the FBI, it was never going to capitulate to the UK. But to stay within the law, it had to remove the encryption for the UK.
Which means that UK has the unencrypted access it wanted for its own citizens -- who have not been consulted on this.
Read on AppleInsider
Comments
I thought that’s what the courts were supposed to do and so having a back channel to go into someone’s phone under the authority of the courts isn’t such a bad idea is it? I mean the whole premises if you’re not doing something wrong…
It might lead to slightly less iCloud subscription activity but would be a hardware revenue driver all the same.
The elite absolutely do not want end to end encryption because it’s hampers their ability to control the population and, preferably, keep it in a state of constant fear.
the other alternative would be to make a backdoor to all iPhone end to end encryption in the world and tell no one about it. That's what you'd rather them do? No, you just didn't read carefully.
Also, your house doesn’t offer the same protections as cloud storage. These cloud storage locations have all kinds of protections in place that a consumer NAS doesn’t provide.
How long before the US refuses to do business with the UK because they can’t trust dealing with a country without security?
Yes, it's a bad idea because its incompatible with secure E2EE. A backdoor is also a guarantee that a foreign power or criminals will compromise the back door.
You find the balance by respecting privacy and not trampling the rights of 99.9999% of the people to catch the other 0.0001% who are doing something wrong.
I'll leave you with John Gruber's take, which I agree with completely, for you to ponder [emphasis mine]:
Then, I would hope, Apple would say, "sorry UK customers, we can no longer sell or support iPhone in the UK."