Apple Delays iCloud Encryption in UK Due to Government Demand

Apple Discontinues Advanced iCloud Security Feature in the UK

Apple has officially announced on Friday that it is no longer able to provide its Advanced Data Protection (ADP) security feature to users located in the United Kingdom.

Statement from Apple

According to a statement released to TechCrunch, Apple spokesperson Fred Sainz confirmed that ADP will not be available for new users. Existing U.K. users “will eventually need to disable this security feature.”

The company expressed its disappointment, stating that the inability to offer ADP protections is particularly concerning given the increasing frequency of data breaches and threats to user privacy.

Apple emphasized that bolstering the security of cloud storage through end-to-end encryption is critically important at this time.

Government Request for Backdoor Access

This decision follows reports that the U.K. government requested Apple earlier this year to create a backdoor. This would grant British authorities unrestricted access to user data stored on Apple’s cloud servers, even if it were end-to-end encrypted.

Privacy and security experts have voiced alarm over this request, characterizing it as unprecedented for a modern democracy. They fear that if successful, it could establish a dangerous precedent for authoritarian regimes.

How Advanced Data Protection Works

Apple’s ADP feature allows users to enable end-to-end encrypted iCloud backups. This encryption ensures that no one, including Apple and government entities, can access data stored in iCloud by users who have opted into this enhanced security measure.

Response from the U.K. Home Office

TechCrunch reached out to a spokesperson for the U.K. Home Office for comment, but did not receive an immediate response.

Implementation for Existing Users

Apple has not yet detailed the process for users who previously activated ADP to disable the feature.

Concerns from Digital Rights Advocates

James Baker, representing the U.K. digital rights organization Open Rights Group, stated that the Home Office’s actions have deprived millions of British citizens of a vital security feature. He warned that this increases the risk of personal data and sensitive information falling into the wrong hands.

Data Types Affected

Certain data types, such as health data, iCloud messages, and payment information, are already end-to-end encrypted by default for all users and will remain protected. However, U.K. users will no longer have the option to enable end-to-end encryption for other data types like photos, notes, backups, and other data previously secured by ADP.

Guidance for ADP Users

Apple plans to provide further guidance to users who currently have ADP enabled, along with a timeframe for disabling the feature if they wish to continue using iCloud.

Global Impact and Other Services

ADP remains unaffected for users outside of the United Kingdom. Furthermore, end-to-end encrypted communication services like FaceTime and iMessage are not impacted by this change.

Apple reiterated its commitment to user privacy, stating, “As we have said many times before, we have never built a backdoor or master key to any of our products or services and we never will.”

Timeline of the Change

BBC News reported that ADP ceased being offered as an option for new users starting at 3 p.m. U.K. time on Friday. TechCrunch independently verified that ADP is no longer available for new users in the United Kingdom.

Historical Context of Encryption Debates

Governments worldwide have long debated the implications of encryption, arguing that it could hinder law enforcement efforts to combat crime and terrorism. However, authorities have consistently found alternative methods, such as accessing unencrypted backups or utilizing spyware, to gain access to data on individuals’ devices.

Expert Recommendation

Matthew Green, a cryptography expert and teacher at Johns Hopkins University, advised on X (formerly Twitter) that users outside the U.K. should enable ADP immediately. He believes that increased adoption will make it more difficult to implement similar restrictions in other regions.

“The more people who use it, the harder it will be to shut off this way,” Green stated.

Clarification was added regarding the types of data protected under Advanced Data Protection in the ninth paragraph.

This article was updated to include a statement from James Baker.