The UK Labour government has been handed an embarrassing setback by Apple, over its attempts to gain backdoor access to the iPhone maker’s end-to-end iCloud encryption product.
Bloomberg reported on Friday that Apple has withdraw the cloud encryption product known as Advanced Data Protection (ADP), from the United Kingdom.
ADP provides end-to-end encryption for iCloud data including Photos, Notes, Messages backups, and device backups.
It comes after The Washington Post had reported earlier this month that UK security officials had ordered Apple create a backdoor allowing them to retrieve the encrypted content of any Apple user worldwide that has been uploaded to its cloud service.
ADP withdrawn
This British request immediately triggered privacy and security concerns, and two US lawmakers (Ron Wyden a Democrat who serves on the Senate Intelligence Committee, and Andy Biggs, a Republican on the House Judiciary Committee), wrote to US national intelligence director Tulsi Gabbard asking her to demand the UK retracts its order.
If the UK does not withdraw the order, the US should consider limiting intelligence sharing and cybersecurity co-operation with the UK, the lawmakers said.
The UK order was particularly controversial as it would have required Apple to provide access to iCloud data from users outside the UK without their governments’ knowledge.
Additionally, the UK order makes it illegal for companies to disclose the existence of such government demands.
Now Bloomberg has reported that Apple has withdrawn its Advanced Data Protection iCloud feature from the United Kingdom.
British customers who are already using Advanced Data Protection, or ADP, will need to manually disable it during an unspecified grace period to keep their iCloud accounts, according to the report.
Apple reportedly said it will issue additional guidance in the future to affected users and that it “does not have the ability to automatically disable it on their behalf.”
Encryption backdoor
The UK government demand for backdoor access came after it had issued a “technical capability notice” that requires blanket access, rather than just assistance to access a specific account.
A technical capability notice comes under the sweeping UK Investigatory Powers Act of 2016 (otherwise known as the “snoopers’ charter”), which authorises UK law enforcement to compel assistance from companies when needed to collect evidence.
A “technical capability notice” requires Apple to create a backdoor that would allow British security officials to access encrypted iCloud data globally.
Apple and many other tech firms had been a vocal critic of the Investigatory Powers Act when it was being debated in 2015, warning it could force companies to install encryption backdoors and weaken user security.
In January 2024 Apple had also publicly warned that upcoming changes being considered for the Investigatory Powers Act of 2016 could effectively give the UK government the means to “secretly veto” new security protections worldwide.
Apple statement
Apple provided the following statement to Bloomberg.
“We are gravely disappointed that the protections provided by ADP will not be available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy,” Apple said in a statement. “ADP protects iCloud data with end-to-end encryption, which means the data can only be decrypted by the user who owns it, and only on their trusted devices.”
“Enhancing the security of cloud storage with end-to-end encryption is more urgent than ever before,” Apple told Bloomberg. The company added that it “remains committed to offering our users the highest level of security for their personal data and are hopeful that we will be able to do so in the future in the United Kingdom.”
It should be noted that the loss of Advanced Data Protection in the UK does not affect Apple’s existing end-to-end encryption offerings on other Apple products in the UK, such as iMessage, FaceTime, password management, and health data.
Privacy stance
Apple’s decision to pull the feature rather than comply with the UK’s demands should have been expected by the UK Labour government, as the tech giant has consistently stated it would consider withdrawing encrypted services from the UK rather than compromise security.
Apple has long opposed creating backdoors in its products, maintaining that such access points would inevitably be discovered by malicious actors.
Apple famously in 2016 engaged in a prolonged clash with the FBI and US government, after it refused to unlock the iPhone of the San Bernardino terrorist, Syed Rizwan Farook.
Apple CEO Tim Cook at the time commented on the refusal to help the FBI unlock that iPhone, saying the FBI’s request to create a new operating system, was the “software equivalent to cancer”.
Apple also at the time said that this new OS would constitute the creation of a backdoor, and refused point blank to co-operate.
In the end the FBI paid a third-party to hack the iPhone in question.