"Gravely disappointed" – UK hit Apple with encryption backdoor order, again

News
By published

British users' data is now the sole target

A flag with the Apple logo flies as people line up outside Apple Store to purchase Apple's new iPhone 16 on Regent Street in London, United Kingdom on September 20, 2024.
(Image credit: Photo by Rasid Necati Aslim/Anadolu via Getty Images)
  • The UK hit Apple with a new encryption backdoor request, targeting only British user data this time
  • Authorities made a U-turn on the previous demand back in August, after mounting pressure from the US
  • Apple killed iCloud's end-to-end encryption feature in the UK in February, after receiving the first Technical Capability Notice (TCN)

Just when Apple thought it had finally won the battle to save its advanced encryption in the UK, authorities dropped a new order to demand a backdoor into the Big Tech giant's cloud storage service. This time, British users' data are the sole target.

The Home Office first served Apple with a Technical Capability Notice (TCN) under the 2016 Investigatory Powers Act back in January. A request that prompted the US company to kill its iCloud's end-to-end encryption feature in February to avoid building the requested backdoor.

Fast-forward to August, and the UK agreed to make a U-turn following mounting pressure from US authorities. Despite being welcomed, the decision left digital rights experts with a bittersweet taste as the power to undermine encryption would remain in the UK law.

Now, less than two months later, experts' concerns turn out to be well-founded. As the Financial Times reported on Wednesday (October 1), the Home Office issued a new encryption backdoor demand in early September, which would only apply to the data of British citizens.

The Home Office has refused to either confirm or deny the existence of such an order.

Privacy campaigners, however, see the government's demand as an assault on people's privacy and security that could ultimately have repercussions for the UK economy at large.

"Today it's Apple, but tomorrow the same secret demand could be made of other companies. If global firms see the UK as a market where they must weaken security, they may leave rather than forfeit the trust of their customers," said Robin Wilton, Internet Society's Senior Director for Internet Trust. "The UK must not set a precedent that jeopardises security, privacy, and trust, whether worldwide or at home.”

What's the order mean for Apple's UK users?

A hand holding an iPhone with the iCloud logo on screen.

(Image credit: Shutterstock / nikkimeel)

Talking to the Financial Times on Wednesday, Apple said it's "gravely disappointed" that the company won't be able to reintroduce its iCloud Advanced Data Protection (ADP) for UK users.

While not a default feature, once enabled, Apple's Advanced Data Protection (ADP) provides an extra layer of protection across all iCloud-stored data by using end-to-end encryption technology, meaning not even Apple can access the files. An extra security measure that Brits have been unable to use for months.

As the company explains in an official blog post, however, all Apple's communication services, such as iMessage and FaceTime, remain end-to-end encrypted globally, including in the UK.

Nonetheless, "We are gravely disappointed that the protections provided by ADP are not available to our customers in the UK, given the continuing rise of data breaches and other threats to customer privacy," said Apple.

We have never built a back door, and we never will

Apple

Encryption is a crucial piece of technology that the likes of Signal, WhatsApp, ProtonMail, and even the best VPN apps use to protect our private communications and data from unauthorized access.

Events like the Salt Typhoon attack on all the major US telecoms have shown, time and time again, how encryption is crucial for the privacy and safety of everyone's data. Even FBI and CISA experts have called on citizens to switch to encrypted services in the aftermath of this unprecedented cyberattack.

Matthew Hodgson, the CEO of Element (a UK-based firm developing encrypted messaging and collaboration solutions), points out how the UK government remains unperturbed by how other nations and experts value end-to-end encryption.

He said: "This is not a question of balance between security and privacy. Weakening encryption by default makes everyone less secure. It is impossible to create a 'safe' backdoor in an encrypted system. History has shown us that a backdoor for the government is a backdoor for criminals to exploit."

That's exactly why Apple remains firm in its position. "As we have said many times before, we have never built a back door or master key to any of our products or services, and we never will."

You might also like

See more Computing News
TOPICS
Chiara Castro
Chiara Castro
News Editor (Tech Software)

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life – wherever cybersecurity, markets, and politics tangle up. She believes an open, uncensored, and private internet is a basic human need and wants to use her knowledge of VPNs to help readers take back control. She writes news, interviews, and analysis on data privacy, online censorship, digital rights, tech policies, and security software, with a special focus on VPNs, for TechRadar and TechRadar Pro. Got a story, tip-off, or something tech-interesting to say? Reach out to chiara.castro@futurenet.com

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.