UK Government Demands Global Access to Apple Users’ Encrypted Data

Apple has reportedly been ordered by the UK government to create a backdoor allowing security officials access to users’ encrypted iCloud backups, impacting users globally. This directive, based on the Investigatory Powers Act of 2016, demands blanket access to end-to-end encrypted files, not just specific accounts.

While Apple’s iCloud backups are not encrypted by default, the Advanced Data Protection feature introduced in 2022 offers end-to-end encryption, ensuring that even Apple cannot access these files. In response to the UK’s order, Apple may choose to discontinue Advanced Data Protection in the UK, but this would not satisfy the government’s demand for global access.

Apple has the option to appeal the order, citing implementation costs and proportionality concerns, but any appeal would not delay the original directive. The UK government has issued a technical capability notice, making it a criminal offense for Apple to disclose this demand. If Apple complies, it would also be prohibited from informing users about the compromise of their encryption.

Apple has previously argued against such backdoor demands, emphasizing that no government should dictate encryption standards for global citizens. UK officials contend that end-to-end encryption facilitates criminal activity, claiming it hinders law enforcement’s ability to combat serious crimes.

While U.S. agencies, including the FBI, have voiced similar concerns, they recently shifted towards promoting encryption as a defense against hackers. The NSA and FBI, alongside cyber security centers from Canada, Australia, and New Zealand, have recommended extensive end-to-end encryption practices. However, UK security services have not joined this initiative.

If Apple complies with the UK’s demands, it may set a precedent for other countries, including the U.S. and China, to request similar access. This scenario would pressure Apple and other tech companies to either comply or abandon encryption services altogether. Google and Meta have already established their own encryption measures but have not commented on receiving similar backdoor requests. Google maintains that it cannot access encrypted Android backup data, while Meta asserts its commitment to not implementing backdoors.