Apple is taking the unprecedented step of removing its highest level data security tool from customers in the UK, after the government demanded access to user data.
Advanced Data Protection (ADP) means only account holders can view items such as photos or documents they have stored online through a process known as end-to-end encryption.
But earlier this month the UK government asked for the right to see the data, which currently not even Apple can access.
Apple did not comment at the time but has consistently opposed creating a “backdoor” in its encryption service, arguing that if it did so, it would only be a matter of time before bad actors also found a way in.
Now the tech giant has decided it will no longer be possible to activate ADP in the UK.
It means eventually no UK customer data stored on iCloud – Apple’s cloud storage service – will be encrypted, making it all accessible by Apple and shareable with law enforcement, if they have a warrant.
The BBC has approached the government for comment.
In a statement Apple said it was “gravely disappointed” that the security feature would no longer be available to British customers.
“As we have said many times before, we have never built a backdoor or master key to any of our products, and we never will”, it continued.
The ADP service started to be pulled for new users at 1500GMT on Friday. Existing users’ access will be disabled at a later date.
It is not known how many people have signed up for ADP since it became available to British Apple customers in December 2022.
Prof Alan Woodward – a cyber-security expert at Surrey University – said it was a “very disappointing development” which amounted to “an act of self harm” by the government.
“All the UK government has achieved is to weaken online security and privacy for UK based users”, he told the BBC.
“It was naïve of the UK government to think they could tell a US technology company what to do globally”, he added.
The request was served by the Home Office under the Investigatory Powers Act (IPA), which compels firms to provide information to law enforcement agencies.
Apple would not comment on the notice and the Home Office refused to either confirm or deny its existence, but the BBC and the Washington Post spoke to a number of sources familiar with the matter.
It provoked a fierce backlash from privacy campaigners, who called it an “unprecedented attack” on the private data of individuals.
Two senior US politicians said it was so serious a threat to American national security that the US government should re-evaluate its intelligence-sharing agreements with the UK unless it was withdrawn.
It is not clear that Apple’s actions will fully address those concerns, as the IPA order applies worldwide and ADP will continue to operate in other countries.
In its statement, Apple said it regretted the action it had taken.
“Enhancing the security of cloud storage with end-to-end-encryption is more urgent than ever before,” it said.
“Apple remains committed to offering our users the highest level of security for their personal data and are hopeful that we will be able to do so in future in the UK.”
The row comes amid growing push-back in the US against regulation being imposed on its tech sector from elsewhere.
In a speech at the AI Action Summit in Paris at the beginning of February, US Vice President JD Vance made it clear that the US was increasingly concerned about it.
“The Trump administration is troubled by reports that some foreign governments are considering tightening the screws on US tech companies with international footprints,” he said.
Leave a Reply