The UK government has ordered Apple to create a backdoor allowing security officials to access users’ encrypted iCloud backups without the users being aware they are being spied on.
According to the Washington Post, the covert order, which was obtained last month, is predicated on rights granted under the UK’s Investigatory Powers Act of 2016, sometimes referred to as the Snoopers’ Charter. Instead of requesting access to a particular account, officials have reportedly called for universal access to end-to-end encrypted files uploaded by any user globally.
Apple’s iCloud backups are not encrypted by default, but the Advanced Data Protection option, added in 2022, requires manual activation. Apple is expected to discontinue Advanced Data Protection in the UK.
Apple may challenge the notification based on the cost of implementation and whether the demand is reasonable given security concerns, but the appeal cannot postpone the original order’s execution.
The UK has served Apple a technical capability notice, a criminal offence, preventing Apple from warning users about the security of its encrypted service.
In March 2024, during a debate over a change to the Investigatory Powers Act, Apple told the British parliament, “There is no reason the UK [government] should have the authority to decide for citizens of the world whether they can avail themselves of the proven security benefits that flow from end-to-end encryption.” In the past, it has resisted earlier attempts by the UK to enact laws that would have created backdoors to encrypted communications.
UK security services and lawmakers oppose end-to-end encryption services, arguing it enables terrorists and child abusers to evade law enforcement, despite Apple’s introduction of the technology.
US agencies, including the FBI, have recently recommended encryption to counter hackers linked to China, joining Canada, Australia, and New Zealand in recommending end-to-end web traffic encryption.
US agencies, including the FBI, have recently recommended encryption to counter hackers linked to China, joining Canada, Australia, and New Zealand in recommending end-to-end web traffic encryption.
Apple’s UK government access to encrypted data could lead to similar requests from the US and China, prompting Apple to decide whether to comply or remove its encryption service.
