Synopsis: Apple is ending its iCloud strong encryption in the UK. The Cupertino company is stopping Advanced Data Protection (ADP) for new and existing users. The decision is motivated by the request of the British security services to access the private data of people around the world.
Apple spokesperson Julien Trosdorf told The Verge:
“Apple can no longer offer Advanced Data Protection in the UK to new users, and current UK users will eventually have to disable this security feature. We are deeply disappointed that the protections offered by ADP are no longer available to our customers in the UK despite the continued rise in data breaches and other threats to user privacy.”
UK demands access to iCloud data
ADP provides end-to-end encryption of iCloud data, making it impossible for anyone other than the account owner to decrypt it. Launched in late 2022, the feature protects file backups and photos, among other things.
Turning it off in the UK means that authorities will have access to UK users’ data upon presentation of a warrant. Some iCloud data will still be encrypted by default in the UK: passwords, health data, payment information, and iMessage history. However, backups of files, photos, notes, and voice memos will lose this enhanced protection.
Apple won’t be able to automatically disable ADP on existing iCloud accounts because of end-to-end encryption. Trosdorf says UK users will have a deadline to do this themselves if they want to continue using their iCloud account, but no timeline has been shared.
Access to user data from around the world
The spokesperson reaffirms Apple’s commitment:
“We remain committed to providing our users with the highest level of security for their personal data and hope to be able to do so in the UK in the future. As we have said many times, we have never created a backdoor or master key for our products or services and we never will.”
The Washington Post reveals that the British Home Office, headed by Yvette Cooper, has demanded access to encrypted files of users around the world via a “technical capability notice” under the Investigatory Powers Act 2016.
Apple can appeal the request, but there is no way for the California company to delay its implementation.
The British security services explain that end-to-end encryption allows terrorists and criminals to evade justice. A government spokesperson told The Guardian in 2022:
“End-to-end encryption cannot hinder efforts to catch the perpetrators of the most serious crimes.”
Apple had challenged this request before the British Parliament in March 2024:
“There is no reason why the British government should have the authority to decide for citizens around the world whether they can benefit from the proven benefits of end-to-end encryption.”
ALSO READ: 55 Security Flaws Detected by Microsoft: 2 were Exploited by Hackers
SOURCE: The Verge