LONDON (AP) — Apple said Friday it will stop offering an advanced data security option for British users after the government reportedly demanded that the company provide backdoor access for any data those users have stored in the cloud. The iPhone maker said its Advanced Data Protection encryption feature is no longer available for new […]
Science
Apple drops encryption feature for UK users after government reportedly demanded backdoor access
Audio By Carbonatix
LONDON (AP) — Apple said Friday it will stop offering an advanced data security option for British users after the government reportedly demanded that the company provide backdoor access for any data those users have stored in the cloud.
The iPhone maker said its Advanced Data Protection encryption feature is no longer available for new users in the United Kingdom and will eventually be disabled for existing users.
Advanced Data Protection, which Apple started rolling out at the end of 2022, is an opt-in feature that protects iCloud files, photos, notes and other data with end-to-end encryption when they’re stored in the cloud.
British security officials demanded in a secret order that the U.S. tech giant create so-called backdoor access so that they could view fully encrypted material, The Washington Post reported earlier this month, citing anonymous sources.
Apple “can no longer offer Advanced Data Protection” in the U.K., the company said in a statement.
“We are gravely disappointed that the protections provided by ADP will not be available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy,” Apple said, without referring to the government demand.
The Washington Post report said the British government served Apple with what’s known as a “technical capability notice” ordering it to provide the access under a sweeping law called the Investigatory Powers Act of 2016, which has been dubbed the snoopers’ charter.
The law officially gives British spies the ability to hack into devices and harvest vast amounts of bulk online data, much of it from outside the U.K. It contains provisions to compel companies to remove encryption to allow for electronic eavesdropping, while making it a criminal offense to reveal that the government has issued such demands.
“We do not comment on operational matters, including for example confirming or denying the existence of any such notices,” the U.K. Home Office said in a brief statement.
Apple did not reveal how many users in Britain have been using Advanced Data Protection. It said the feature would still be available to users in the rest of the world.
Some types of data will still be end-to-end encrypted in the U.K. by default, Apple said, including passwords on the iCloud Keychain, information on the Health app, and communications on services including iMessage and FaceTime.
End-to-end encryption means that messages are scrambled so that only the sender and recipient can see them. If anyone else intercepts the message, all they will see is a garble that can’t be unscrambled without the key.
The episode illustrates “one of the fundamental flaws in government efforts to undermine encryption,” said Mike Chapple, an IT professor at the University of Notre Dame’s Mendoza College of Business. Faced with having to choose between security and complying with government regulations, companies like Apple tend to remove security features entirely, said Chapple, a former computer scientist at the National Security Agency.
“The net effect is reduced security for everyone. If other governments follow the UK’s lead, we risk a future where strong encryption is functionally outlawed, which puts all of us at risk not just to government surveillance but also to eavesdropping by other bad actors.”