Apple has withdrawn from providing its UK smartphone and computer users with encrypted cloud storage following a secret government order to require the company to provide back-door access to encrypted data.
The tech firm confirmed it will no longer offer UK users its Advanced Data Protection (ADP) service which allows users to store data in encrypted form on Apple’s iCloud service.
The decision is likely to expose people in the UK using Apple services to greater risk of cyber threat and they will no longer have the ability to fully encrypt their personal data on Apple’s iCloud, though the service will remain available elsewhere in the world.
The move by Apple is designed to head off demands by the Home Office to require Apple to provide a “back door” to give law enforcement and other government agencies access to encrypted data stored by any of its customers worldwide.
Demands by the Home Office to access encrypted data belonging to Apple users throughout the world caused ructions in the US when the US Congress accused the UK of “a foreign cyber attack waged through political means” and led calls for the UK to be thrown out of the Five Eyes intelligence sharing network
“As we have said many times before, we have never built a backdoor or master key to any of our products or services and we never will,” Apple said, in a statement.
“Apple can no longer offer Advanced Data Protection (ADP) in the United Kingdom to new users and current UK users will eventually need to disable this security feature. ADP protects iCloud data with end-to-end encryption, which means the data can only be decrypted by the user who owns it, and only on their trusted devices.”
The company said securing cloud storage through encryption was more urgent than ever given the growing number of security and data breaches.
“We are gravely disappointed that the protections provided by ADP will not be available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy,” Apple added.
“Enhancing the security of cloud storage with end-to-end encryption is more urgent than ever before. Apple remains committed to offering our users the highest level of security for their personal data and are hopeful that we will be able to do so in the future in the United Kingdom.”
Users in the UK who have not already enabled ADP will no longer be able to do so, Apple confirmed.
Apple’s decision means the nine iCloud data categories covered by ADP will be protected by standard data protection, and UK users will not have a choice to benefit from end-to-end encryption for these categories: iCloud Backup; iCloud Drive; Photos; Notes; Reminders; Safari Bookmarks; Siri Shortcuts; Voice Memos; Wallet Passes; and Freeform.
Withdrawing ADP from the UK will not affect the 14 iCloud data categories that are end-to-end encrypted by default. Data such as iCloud Keychain and Health remain protected with full end-to-end encryption. Apple said communication services like iMessage and FaceTime remain end-to-end encrypted globally, including in the UK.
For users in the UK who already enabled ADP, Apple said it will provide additional guidance. Apple cannot disable ADP automatically for these users – instead, UK users will be given a period of time to disable the feature themselves to keep using their iCloud account.
ADP continues to be available everywhere else in the world.
Matthew Hodgson, CEO of Element, a secure communications platform used by governments, said it’s not a surprise to see Apple switch off end-to-end encrypted for iCloud in the UK.
“[Apple] had no choice. You cannot offer a secure service and then backdoor it – because it’s no longer a secure service,” he said.
According to Element research, 83% of UK citizens want the highest level of security and privacy possible, “yet the UK government has just put Apple’s UK customers’ data at risk,” added Hodgson.
“It is impossible to have a safe backdoor into an encrypted system. Time and again it has been proven that any such point of entry is exploited by bad actors,” he said.
“Salt Typhoon is the current and obvious example, which has seen law enforcement backdoors in the US public telephone network being hijacked by a cyber attack group believed to be operated by the Chinese government. The US is urging its citizens to use end-to-end encrypted services. Simultaneously we’re witnessing the UK undermining end-to-end encryption – a key part of the nation’s cyber security.”
Earlier this month, over 100 cyber security experts, companies and civil society groups signed a letter calling for home secretary Yvette Cooper to drop demands for Apple to create a backdoor into its encrypted iCloud service.
The experts warned that the UK’s move to create a backdoor into people’s personal data jeopardises the security and privacy of millions of people, undermines the UK tech sector and sets a dangerous precedent for global cyber security.
