Apple withdraws cloud encryption service from UK after government order
Unlock the Editor’s Digest for free
Roula Khalaf, Editor of the FT, selects her favourite stories in this weekly newsletter.
Apple is withdrawing its most secure cloud storage service from the UK after the British government ordered the iPhone maker to grant secret access to customer data.
The move marks a significant escalation in the tech industry’s highest profile battle over encryption technology in almost a decade.
“Apple can no longer offer Advanced Data Protection (ADP) in the United Kingdom to new users and current UK users will eventually need to disable this security feature,” the US Big Tech company said on Friday.
The Home Office did not immediately respond to a request for comment.
Last month, Apple received a “technical capability notice” under the UK Investigatory Powers Act, people familiar with the matter told the Financial Times at the time.
The request for a so-called “backdoor” to user data would have enabled law enforcement and security services to tap iPhone back-ups and other cloud data that is otherwise inaccessible, even to Apple itself.
The law, dubbed a “Snooper’s Charter” by its critics, has extraterritorial powers, meaning UK law enforcement could access the encrypted data of Apple customers anywhere in the world, including in the US. The law prevents companies who receive such a notice from publicly acknowledging receipt of such an order.
After reports of the UK’s order emerged earlier this month, the tech industry has rallied to oppose the government’s move.
“If the UK forces a global backdoor into Apple’s security, it will make everyone in every country less safe,” Will Cathcart, head of Meta’s WhatsApp business, said last week. “One country’s secret order risks putting all of us in danger and it should be stopped.”
As the latest amendments to the Investigatory Powers Act were moving through parliament in early 2024, Apple said it was “deeply concerned” by what it described as “unprecedented over-reach” and signalled that it would pull any affected products from the UK.
“Apple remains committed to offering our users the highest level of security for their personal data and are hopeful that we will be able to do so in the future in the United Kingdom,” it said on Friday. “As we have said many times before, we have never built a backdoor or master key to any of our products or services and we never will.”
Apple’s communication services, iMessage and FaceTime, are also end-to-end encrypted and remain available in the UK.
New users can no longer sign up to iCloud ADP as of Friday. Customers in the UK who had already turned the setting on will be required to disable the feature in order to keep using their iCloud account, Apple said.
The way the system is set up means that Apple cannot disable the feature itself. Under the opt-in ADP service, only iCloud customers — not Apple itself — hold the encryption keys needed to unlock their data.
“Weakening encryption for the sensitive personal data that British consumers have on their phones is a worrying step backwards,” said Matthew Sinclair, UK senior director at the Computer & Communications Industry Association, a tech trade group. “Law enforcement authorities should be working with companies to help protect people’s privacy against growing global threats, not forcing them to scrap important security improvements.”
