iPhone, iPad, and Mac owners living in the UK will lose access to the highest tier of data protection from Apple. The security tool — known as Advanced Data Protection (ADP) — used end-to-end encryption to scramble the "majority" of your files before they were uploaded to iCloud for backup.
This process meant that only you could access the contents of the files. Not even Apple is able to peek at the files, photographs, and other data stored via its iCloud service.
The Californian company said it was "gravely disappointed" by a request to unlock these encrypted files from the UK Government, which can issue a legally-binding request under the Investigatory Powers Act 2016, nicknamed the Snoopers' Charter, which was passed under the last Conservative Government.
This law empowers the police and security services to request internet connection records, intercept communications — like text messages and calls, and conduct bulk data collection on Britons.
Broadband providers, smartphone manufacturers, chat app developers, and other companies must enable this surveillance under warrants. And that's exactly what has happened to Apple.
Earlier this month, it was reported that Keir Starmer's Government had issued an order under the Investigatory Powers Act 2016 to access totally encrypted files from Apple users.
The $3.7 trillion company did not comment at the time. However, chief executive Tim Cook has previously spoken out about the dangers of creating a way to access encrypted data — known as a “back door” — as it could also be exploited by hackers.
Apple went toe-to-toe with the FBI back in 2016 when it refused a request to create a backdoor for an iPhone used by the San Bernardino shooter, citing user privacy and security risks. The FBI, which eventually accessed the contents on the device using a third-party tool, filed a lawsuit against Apple over its refusal.
The case sparked a global debate over encryption, privacy rights, and government surveillance powers. At the time, CEO Tim Cook described the request for a backdoor into its encryption like "a master key capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes".
The 64-year-old executive said "No reasonable person would find that acceptable."
And now the Cupertino-based company has once again been asked to strip away its strongest level of protection. Apple says it will withdraw its Advanced Data Protection tool from the UK, turning it off as an option for those not already using it — and introduce a process to shift existing iCloud users away from the tool.
In a statement, Apple said: “Apple can no longer offer Advanced Data Protection (ADP) in the United Kingdom to new users and current UK users will eventually need to disable this security feature.
“ADP protects iCloud data with end-to-end encryption, which means the data can only be decrypted by the user who owns it, and only on their trusted devices.
“We are gravely disappointed that the protections provided by ADP will not be available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy.
“Enhancing the security of cloud storage with end-to-end encryption is more urgent than ever before. Apple remains committed to offering our users the highest level of security for their personal data and are hopeful that we will be able to do so in the future in the United Kingdom.
“As we have said many times before, we have never built a backdoor or master key to any of our products or services and we never will.”
Apple says 14 types of data that can be stored on its iCloud service will remain end-to-end encrypted, including health records. iMessage and FaceTime calls will remain encrypted globally, including in the UK.
A number of online safety charities, as well as police and security services around the world long warned of the dangers of end-to-end encrypted services, arguing that they allow offenders such as terrorists and child abusers to hide more easily.
Rani Govender, policy manager for child safety online at the NSPCC said this was an opportunity for Apple and other firms to consider other ways of protecting users, particularly children.
“We know that end-to-end encryption allows offenders to groom and manipulate children and build communities where they can share vile child sexual abuse material without detection,” Ms Govender said. “As Apple change their approach to encryption on their services, they must take this opportunity to ensure that they are considering other measures they can put in place to better protect children.
"All tech companies should be finding ways to tackle online risks to children whilst upholding privacy of their users, and Ofcom and Government should hold them accountable for doing so.”
According to one security expert, the decision by Apple to strip its highest level security tool from millions of device owners in the UK will make them “more vulnerable to cyber threats”.
Dray Agha, senior manager of security operations at cybersecurity firm Huntress said: “Apple’s decision to pull Advanced Data Protection in the UK is a direct response to increasing Government demands for access to encrypted user data. Weakening encryption not only makes UK users more vulnerable to cyber threats but also sets a dangerous precedent for global privacy.
“Governments argue this helps law enforcement, but history shows that any backdoor created for one party can eventually be exploited by bad actors. The broader concern is that this move could pressure other companies to weaken their security, putting personal data worldwide at greater risk.”
Additional Reporting By Martyn Landi, PA Technology Correspondent
Find Out More...