Apple has removed its Advanced Data Protection (ADP) tool in the UK following a request from the UK government under the Investigatory Powers Act (IPA). The Home Office demanded that the company create a backdoor enabling UK authorities to view fully encrypted material stored on its iCloud servers.
In a statement, an Apple spokesperson said: "We are gravely disappointed that the protections provided by ADP will not be available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy. Enhancing the security of cloud storage with end-to-end encryption is more urgent than ever before." The company also reiterated its commitment to user security and stated it has never and will never create backdoors or master keys for its products.
As of Friday, new UK users can no longer enable ADP and existing users will be required to deactivate it at a later date. iMessage and FaceTime will remain end-to-end encrypted.
Commenting on the article in The Guardian, computer security expert Professor Alan Woodward criticised the government's approach, deeming it "incredibly naive." He argued that the government should have pursued diplomatic solutions instead of attempting to impose its demands unilaterally. He sees Apple's move as a strong message against compromising encryption.
According to a blog article by Alec Muffet (later reported in The Telegraph (£)) reveals that only a few months ago, the National Cyber Security Centre (NCSC) called for the public to switch on the cybersecurity feature. The NCSC advised people to "turn on the free encryption products included with your Windows or Apple devices, so cyber attackers can't access your sensitive data if your device is lost or stolen. Make sure encryption is enabled on your mobile device."
While the guidance has recently been removed from the NCSC website, a copy archived on the WayBackMachine explains that the measures would significantly "reduce the likelihood of becoming victims of a cyberattack."
The Telegraph article also features comments from the former defence secretary, Ben Wallace, who said: "the people who love encryption most are paedophiles," adding "in our democracies, with independent judiciaries, paedophiles, organised crime, spies and terrorists ... exploit and benefit from such high levels of security."
Across the Atlantic, the Financial Times (£) reports that National Intelligence Director Tulsi Gabbard has condemed the UK government's demand. In a written response to two members of the US Congress, Gabbard said she shared "your grave concern about the serious implications of the UK, or any foreign country, requiring Apple or any company to create a 'back door' that would allow access to Americans' personal encrypted data."
Gabbard went on to say: "This would be a clear and egregious violation of Americans' privacy and civil liberties, and open up a serious vulnerability for cyber exploitation by adversarial actors."
Gabbard also confirmed that she had instructed lawyers and intelligence officials to examine the implications of the UK's demand under the 2019 Cloud Act agreement, adding that an "initial review" suggested the UK "may not issue demands for data of US citizens, nationals or lawful permanent residents".
Meanwhile, Bloomberg (£) highlights that the Home Office has gained more than it initially asked. As things stand, Apple can technically respond to any government request for data stored by UK citizens on the iCloud platform. The article highlights a quote from independent analyst Benedict Evans, which asks: “What will the UK government say when China… orders Apple to to hand over UK citizens’ data?”
Elsewhere, responses by digital rights groups and privacy activists were also highly critical of the UK government's actions.
In a statement, interim director of privacy and civil liberties campaign group Big Brother Watch, Rebecca Vincent, said: "This decision by Apple is the regrettable consequence of the Home Office's outrageous order attempting to force Apple to breach encryption. As a result, from today Apple's UK customers are less safe and secure than they were yesterday – and this will quickly prove to have much wider implications for internet users in the UK.
"We once again call on the Home Office to immediately rescind this draconian order and cease attempts to break encryption before the privacy rights of millions are eroded and the UK further ostracises itself from other democracies around the world."
A separate statement by the Platform Power Programme Manager at Open Rights Group, James Baker, said: "The Home Office's actions have deprived millions of Britons from accessing a security feature. As a result, British citizens will be at higher risk of their personal data and family photos falling into the hands of criminals and predators."
An opinion shared by Privacy International described the UK government's secret power to "undermine security everywhere is ridiculous, and disturbing."
£ - These articles may require a subscription.
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 5,750 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.
