By Ed Uthman, MD - Own work by the original uploader, CC BY-SA 2.5,
Apple has announced that it will discontinue its advanced data security feature for users in the United Kingdom following reports that the government requested the company to implement backdoor access to user data stored in the cloud.
On Friday, the iPhone manufacturer stated that its Advanced Data Protection encryption feature will no longer be available for new users in the UK and will eventually be deactivated for current users. Introduced at the end of 2022, Advanced Data Protection is an opt-in feature that secures iCloud files, photos, notes, and other data with end-to-end encryption while stored in the cloud.
According to a report from The Washington Post earlier this month, British security officials issued a secret order demanding that the American technology company create backdoor access to view fully encrypted content, citing anonymous sources.
In a statement, Apple expressed that it “can no longer offer Advanced Data Protection” in the UK.
The company expressed its deep disappointment that the protections afforded by Advanced Data Protection will not be accessible to its UK customers, especially in light of the increasing incidence of data breaches and threats to customer privacy, without directly addressing the government’s request.
The report from The Washington Post indicated that the British government had served Apple with a “technical capability notice,” compelling the company to provide access under the Investigatory Powers Act of 2016, often referred to as the snoopers’ charter.
This legislation grants British intelligence agencies the authority to infiltrate devices and collect extensive amounts of online data, much of which originates from outside the UK. It includes provisions that require companies to disable encryption to facilitate electronic surveillance, while making it a criminal offense to disclose the issuance of such government demands.
The UK Home Office issued a brief statement, stating, “We do not comment on operational matters, including, for example, confirming or denying the existence of any such notices.” Apple has not disclosed the number of users in the UK utilizing Advanced Data Protection. The company confirmed that this feature will remain accessible to users in other regions worldwide.
According to Apple, certain types of data will continue to be end-to-end encrypted by default in the UK, including passwords stored in the iCloud Keychain, data from the Health app, and communications via services such as iMessage and FaceTime.
End-to-end encryption ensures that messages are encoded in such a way that only the sender and the intended recipient can access them. If the message is intercepted by a third party, it will appear as indecipherable text that cannot be decoded without the appropriate key.
This situation highlights “one of the fundamental flaws in government attempts to weaken encryption,” remarked Mike Chapple, an IT professor at the Mendoza College of Business at the University of Notre Dame. He noted that when companies like Apple are forced to choose between maintaining security and adhering to government mandates, they often opt to eliminate security features altogether. Chapple, a former computer scientist at the National Security Agency, emphasized that this ultimately leads to diminished security for all users.
“If other governments adopt similar measures to those of the UK, we may face a future where robust encryption is effectively banned, exposing everyone not only to government surveillance but also to potential eavesdropping by malicious entities.”
