The UK government has allegedly directed Apple to build a backdoor that would grant security officials access to users’ encrypted iCloud backups.
If enforced, this would allow British authorities to access backups of users worldwide, not just those in the UK. Apple, however, would be prohibited from notifying users that their encryption had been compromised.
According to The Washington Post, the order was issued under the UK’s Investigatory Powers Act of 2016, often called the “Snoopers’ Charter.” The directive reportedly demands unrestricted access to all end-to-end encrypted files stored in iCloud, rather than targeting specific accounts.
Apple’s iCloud backups aren’t encrypted by default, but in 2022, the company introduced Advanced Data Protection (ADP), an optional feature that offers end-to-end encryption, preventing even Apple from accessing user data. In response to the UK’s demand, Apple is expected to discontinue ADP in the country. However, this move wouldn’t fully satisfy the UK’s request, which seeks access to encrypted files from users worldwide.
Apple has the option to appeal the order, arguing that implementing it would be overly costly or disproportionate to security needs. However, any appeal wouldn’t halt the immediate enforcement of the directive. The UK has reportedly issued Apple a technical capability notice, making it a criminal offense for the company to disclose the government’s request. If Apple complies, it would be barred from informing users that their encrypted data is no longer secure. “There is no reason why the UK government should have the authority to dictate global access to end-to-end encryption, which provides proven security benefits,” Apple stated in March 2024 while addressing UK lawmakers regarding potential amendments to the Investigatory Powers Act. The company has previously resisted similar government attempts to weaken encryption security.
UK security officials have long opposed end-to-end encryption, arguing that it facilitates criminal activities, including terrorism and child exploitation. “Encryption cannot be allowed to obstruct efforts to catch serious offenders,” a UK government spokesperson told The Guardian in 2022, following Apple’s introduction of ADP. While agencies like the FBI have historically raised similar concerns, they have recently shifted towards endorsing encryption as a defense against cyber threats. In December 2024, the NSA and FBI—alongside cybersecurity agencies from Canada, Australia, and New Zealand—recommended encrypting web traffic “to the maximum extent possible.” The UK, notably, did not participate in this endorsement.
If Apple concedes to the UK government’s request, other nations, including the US and China, may follow suit, demanding similar access. This would force Apple to choose between compliance and removing its encryption features altogether. The move could also put pressure on other tech giants. Google has provided default encrypted Android backups since 2018, while Meta offers encryption for WhatsApp backups. When asked by The Washington Post whether they had received similar governmental demands, representatives from both companies declined to comment. Google’s Ed Fernandez reaffirmed that Android’s encrypted backups remain inaccessible—even under legal orders—while Meta reiterated its commitment to maintaining encryption without backdoors. As the debate over encryption and privacy intensifies, Apple’s decision on this matter could set a precedent for the entire tech industry and impact user data security on a global scale. (via: theverge)
