Apple, in a first, drops end-to-end cloud encryption for UK users

After the government reportedly requested that Apple provide backdoor access to any data that users have stored in the cloud, it has announced that it will no longer offer British users advanced data security options.

The iPhone maker announced on Friday that the Advanced Data Protection encryption feature would eventually be disabled for existing users in the United Kingdom.

Advanced Data Protection, which Apple started rolling out at the end of 2022, is an opt-in feature that protects iCloud files, photos, notes and other data with end-to-end encryption when they’re stored in the cloud.

The Washington Post reported earlier this month about the request by British security officials to grant a secret order to the US tech giant to grant them access to fully encrypted material, citing anonymous sources.

Apple “can no longer offer Advanced Data Protection” in the UK, the company said in a statement.

Given the ongoing rise of data breaches and other threats to customer privacy, Apple said, without making any reference to the government demand. “We are gravely disappointed that ADP’s protections will not be available to our customers in the UK.”

According to a report from the Washington Post, the British government gave Apple access under a broad law known as the Investigatory Powers Act of 2016, or “snoopers’ charter,” known as a “technical capability notice.”

British spies are legally permitted to hack into devices and access a large volume of online data, much of it coming from abroad. It makes it illegal to reveal that the government has made such demands while also making it a criminal offence to compel businesses to remove encryption to make it possible for electronic eavesdropping.

“We do not comment on operational matters, including, for example, confirming or denying the existence of any such notices”, the UK. Home Office said in a brief statement.

“Reduced security”

Apple did not disclose how many people have used Advanced Data Protection in the UK. Users in the rest of the world would still be able to use the feature, according to the statement.

Some types of data will still be end-to-end encrypted in the UK by default, Apple said, including passwords on the iCloud Keychain, information on the Health app, and communications on services including iMessage and FaceTime.

End-to-end encryption allows only the sender and recipient to see encrypted messages because they have been encrypted at all levels. All they will see is a garble that can’t be unscrambled without the key if someone else intercepts the message.

According to Mike Chapple, an IT professor at the University of Notre Dame’s Mendoza College of Business, the episode highlights “one of the fundamental flaws in government efforts to undermine encryption.” Companies like Apple typically completely remove security features, according to Chapple, a former computer scientist at the National Security Agency, because they have to make a decision between complying with government regulations and security.