Apple has stopped offering its end-to-end encrypted iCloud storage, Advanced Data Protection (ADP), to new users in the UK, and will require existing users to disable the feature at some point in the future. The move comes following reports earlier this month that UK security services requested Apple grant them backdoor access to worldwide users’ encrypted backups.
“Apple can no longer offer Advanced Data Protection (ADP) in the United Kingdom to new users and current UK users will eventually need to disable this security feature,“ says Apple spokesperson Julien Trosdorf in a statement to The Verge. “We are gravely disappointed that the protections provided by ADP will not be available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy.”
ADP works by protecting iCloud data with end-to-end encryption, meaning it can only be decrypted by the person who owns the iCloud account on their own devices. Apple originally launched ADP in late 2022, allowing iCloud data like backups, messages, and photos to be protected by the feature. Removing ADP means that British users’ files will be accessible to Apple, and shareable with law enforcement, though that would still require a warrant.
Apple has already stopped offering Advanced Data Protection to new users in the UK, advising them that it “can no longer offer” the service. Apple won’t be able to disable ADP automatically on existing iCloud accounts, because of the way the end-to-end encryption feature works. Trosdorf tells The Verge that UK users will be given an amount of time to disable ADP to keep using their iCloud account at some point in the future, though the company has not said when the deadline will be.
“Apple remains committed to offering our users the highest level of security for their personal data and are hopeful that we will be able to do so in the future in the United Kingdom,” says Trosdorf. “As we have said many times before, we have never built a backdoor or master key to any of our products or services and we never will.”
Earlier this month The Washington Post reported that the UK Home Office, led by Home Secretary Yvette Cooper, had demanded backdoor access to encrypted files uploaded not only by Brits, but by users worldwide. The company was reportedly served a document called a technical capability notice under the UK’s Investigatory Powers Act of 2016, also known as the Snoopers’ Charter. Apple has the right to appeal any demand made under the act, but not to delay implementation of the order.
It was reported then that Apple was likely to disable its UK encryption instead of granting security services a backdoor, but that this might not placate the Labour government. Apple did not issue any statement at the time, and even now has not explained why ADP is being disabled, but even revealing that the government had made a demand under the Investigatory Powers Act would be a criminal offense.
UK security services have repeatedly pushed back against end-to-end encrypted services in the past, making the argument that encryption is used by terrorists and child abusers to hide from law enforcement. “End-to-end encryption cannot be allowed to hamper efforts to catch perpetrators of the most serious crimes,” a government spokesperson told The Guardian in 2022 when Apple first introduced end-to-end encryption.
Apple is not the only tech company to offer end-to-end encrypted backups. Google has offered encrypted backups to Android users since 2018, and Meta also offers the option to encrypt WhatsApp backups. Both are currently still available in the UK.
Developing…
Recent Comments