Apple Pulls Encrypted iCloud Security Feature in UK Amid Government Backdoor Demands

[MacRumors]

Apple has withdrawn its Advanced Data Protection iCloud feature from the United Kingdom following government demands for backdoor access to encrypted user data, according to Bloomberg. The move comes after UK officials secretly ordered Apple to provide unrestricted access to encrypted iCloud content worldwide.

Customers who are already using Advanced Data Protection, or ADP, will need to manually disable it during an unspecified grace period to keep their iCloud accounts, according to the report. Apple said it will issue additional guidance in the future to affected users and that it "does not have the ability to automatically disable it on their behalf."

The UK government's demand came through a "technical capability notice" under the Investigatory Powers Act (IPA), requiring Apple to create a backdoor that would allow British security officials to access encrypted user data globally. The order would have compromised Apple's Advanced Data Protection feature, which provides end-to-end encryption for iCloud data including Photos, Notes, Messages backups, and device backups.

"We are gravely disappointed that the protections provided by ADP will not be available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy," Apple said in a statement. "ADP protects iCloud data with end-to-end encryption, which means the data can only be decrypted by the user who owns it, and only on their trusted devices."

Apple's decision to pull the feature rather than comply with the UK's demands is consistent with the company's previous statements that it would consider withdrawing encrypted services from the UK rather than compromise security. Apple has long opposed creating backdoors in its products, maintaining that such access points would inevitably be discovered by malicious actors.

Notice UK iCloud users now see after the feature was pulled​

The UK order was particularly controversial as it would have required Apple to provide access to data from users outside the UK without their governments' knowledge. Additionally, the IPA makes it illegal for companies to disclose the existence of such government demands.

US security agencies, including the FBI and NSA, have been advocating for increased use of encryption to protect against Chinese cyber threats, creating potential conflicts between UK and US security interests.

"Enhancing the security of cloud storage with end-to-end encryption is more urgent than ever before,” said Apple on Friday, per Bloomberg. The company added that it "remains committed to offering our users the highest level of security for their personal data and are hopeful that we will be able to do so in the future in the United Kingdom."

Note that the loss of Advanced Data Protection in the UK does not affect the existing end-to-end encryption of several other Apple features available in the country, including iMessage, FaceTime, password management and health data.

Note: Due to the political or social nature of the discussion regarding this topic, the discussion thread is located in our Political News forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Article Link: Apple Pulls Encrypted iCloud Security Feature in UK Amid Government Backdoor Demands

 

[sniffies]

The sad and scary thing is that this could set off a domino effect.

 

[JonathanParker]

This is so disgusting.
I cannot believe what I'm seeing.

 

[canadianreader]

Slippery slope!

 

[that be me]

Is there any rational explanation why the UK government is demanding the change?

 

[STOCK411]

The sad and scary thing is that this could set off a domino effect.

Imo. I think it would have only set off a domino affect if they complied.

This is the correct move to heed that off

 

[So@So@So]

It's really a bad thing and one more reason to not store sensitive data in any cloud!

 

[GMShadow]

Apple should take out lots of ads to make sure people know why this happened.

Run a Herr Starmer campaign, even.

 

[STOCK411]

Is there any rational explanation why the UK government is demanding the change?

Government going to government (IOW no. Its just a government doing stupid things like usual)

 

[Aquaporin]

No ADP to new users or any users in the UK?

 

[User 6502]

This is disgusting, I hope the British government reconsiders this silly demand as it is clearly against people’s interests.

 

[Radeon85]

The UK government can go to hell.

 

[jarman92]

Reporters are missing something with this story. If Apple had been asked to compromise encryption globally, pulling ADP from only the UK doesn't accomplish that at all. And even without ADP, Apple services are still E2EE. So should UK users regard this move as confirmation that Apple is complying with mass surveillance of UK users?

 

[Harrycooke]

Is there any rational explanation why the UK government is demanding the change?

This and the previous government have a pattern of chipping away at our rights. The right to protest, and now privacy it seems. People have been prosecuted for considering protesting in a way that isn’t permitted.

There is no rational thinking in our politicians.

 

[Will Co]

I suspect we've not heard the last of this. So far, it's been on a slowish burn - sort of under the radar. The BBC is making it headline news and rightly so. A lot of people will be pi**ed off about this and it will come back to bite the government come voting time. And remember, the IPA law doesn't just affect Apple. This needs to be answered by Google and others too. When I say a lot of people, I mean everyone who has a smart-phone and who values their data security and privacy.

 

[klasma]

Is there any rational explanation why the UK government is demanding the change?

It’s being made under the Investigatory Powers Act 2016.

 

[zorinlynx]

Is there any rational explanation why the UK government is demanding the change?

They want to be able to spy on people.

That's it. They'll make every excuse under the sun, talking about "protecting the children" or whatnot, but in the end, it's about spying on people.

I'm pissed off about this. There's a good chance it will happen in the US too considering the political situation here.

 

[turbineseaplane]

The best move Apple could have made given the situation

As an FYI, this will not affect:

iMessage encryption
iCloud Keychain
FaceTime
Health data

These will remain end-to-end encrypted.
Other services like iCloud Backup and Photos will not be end-to-end encrypted without ADP.

However, watch out for iMessages backed up to iCloud, because those will then be unencrypted in the iCloud backup

Also a BBC article for more

 

[Regulus67]

It is a troubling development. A good reason to start using local storage options, for those of us residing in Europe as well.

 

[Expos of 1969]

Boris was a sleazy loser, Starmer is proving to be no better.

 

[RemedyRabbit]

Yet more dark news. This will not end well.

No doubt the security services are absolutely delighted, but there will inevitably be data breaches. It’s terrible news for the privacy of law abiding folk.

Better hurry and remove all of your saucy personal photos from iCloud!

 

[DougieS]

Is there any rational explanation why the UK government is demanding the change?

My local MP is refusing to respond to my emails.. this is disgusting behaviour.

 

[virginblue4]

Whilst I don’t agree with the government at all and hope they go back on this I would imagine the majority of users (not those on Macrumors) don’t even have ADP activated. Having just asked 10 people in my office (of various ages) most didn’t even know what it was. Only one person had it activated.

Even I don’t have it activated as although I have the latest iPhone and iPad, due to not having an up to date Mac and not wanting to remove it from my Apple account, I can’t activate it anyway.

Of course, this doesn’t justify the governments behaviour whatsoever.

 

[GMShadow]

Reporters are missing something with this story. If Apple had been asked to compromise encryption globally, pulling ADP from only the UK doesn't accomplish that at all. And even without ADP, Apple services are still E2EE. So should UK users regard this move as confirmation that Apple is complying with mass surveillance of UK users?

Apple already complies with court orders to hand over un-encrypted data, but data protected by ADP isn't accessible by Apple so they would just say "We can't, sorry". The UK wanted Apple to make a backdoor to be able to hand over that data too.

 

[contacos]

so what is the solution to this? Less and less reasons to remain using only Apple devices / services.

Local backup on your laptop faster to restore from anyway