UK government order Apple to break iCloud encryption globally without telling its customers anything about it
The United Kingdom government wants Apple to break iCloud encryption and provide backdoor access to all user content anywhere in the world.
The Washington Post reports that the United Kingdom (UK) government in January 2025 secretly issued an order to the iPhone maker, requesting unencumbered access to all encrypted iCloud content from any user across the globe, not just British citizens, basically forcing an end to encryption in the country.
The order also prevents the company from telling customers that it can no longer guarantee that their iCloud data is safe. Given Apple’s firm stance on encryption and privacy, the company is likely to respond by stopping offering encrypted cloud storage in the country, weakening the security of UK iPhone owners.
If Apple does so, it’s only a matter of time before Google is faced with the same choice. You can bet that the United States, China and other governments around the world are watching how the UK situation unfolds and will likely be demanding the same right, not only from Apple but also from other technology companies.
UK government wants access to Apple users’ encrypted iCloud backups
From the report:
Senior national security officials in the Biden administration had been tracking the matter since the UK first told the company it might demand access and Apple said it would refuse. It could not be determined whether they raised objections to Britain. Trump White House and intelligence officials declined to comment.
And:
One of the people briefed on the situation, a consultant advising the United States on encryption matters, said Apple would be barred from warning its users that its most advanced encryption no longer provided full security. The person deemed it shocking that the UK government was demanding Apple’s help to spy on non-British users without their governments’ knowledge. A former White House security adviser confirmed the existence of the British order.
The company is free to appeal the notice, but doing so won’t delay the implementation of the original order.
A spokesman for the UK’s Home Office wouldn’t comment, saying, “We do not comment on operational matters, including for example confirming or denying the existence of any such notices.” Google spokesperson Ed Fernandez told the publication that the company “can’t access Android end-to-end encrypted backup data, even with a legal order,” but wouldn’t say whether the search giant has already received a similar order from the UK government.
Apple knew in March 2023 such a requirement might be coming. “These provisions could be used to force a company like Apple, which would never build a back door into its products, to publicly withdraw critical security features from the UK market, depriving UK users of these protections,” it told the British Parliament.
“There is no reason why the UK should have the authority to decide for citizens of the world whether they can avail themselves of the proven security benefits that flow from end-to-end encryption,” it said.
Enter Advanced Data Protection
Apple’s support page lists the level of security for individual iCloud data types, like contacts, photos, emails and more. Apple is able to decrypt people’s iPhone and iPad backups in iCloud (which include device and Messages backup) with a valid government request because encryption keys are stored on its servers.
However, the company has provided a more secure option, Advanced Data Protection, since 2022 although it’s turned off by default. In contrast, Google has been encrypting Android backups by default since 2018 and Meta’s WhatsApp offers encrypted cloud backups as well.
Manually enabling Advanced Data Protection in settings ensures that the majority of your iCloud data, including iCloud Backup, Photos, Notes, and more, is protected by end-to-end encryption. End-to-end encryption encrypts data on your device, in transit, and in the cloud, offering the highest level of data security.
“End-to-end encrypted data can only be decrypted on your trusted devices where you’ve signed in to your Apple Account,” explains Apple.
“No one else can access your end-to-end encrypted data – not even Apple – and this data remains secure even in the case of a data breach in the cloud. If you lose access to your account, only you can recover this data using your device passcode or password, recovery contact or recovery key,” it adds.
Apple’s firm stance on encryption
A few years ago, Apple successfully fought off the FBI’s request to create a special version of iOS with backdoor access in response to the San Bernardino shooter case. Around that time, the UK government also claimed that it was in talks with Apple about creating a similar version of iOS.
An iOS backdoor would give law enforcement blanket access to all encrypted content on the device itself and in iCloud. Apple issued a public memo explaining that it opposed the US government’s order to build a backdoor into the iPhone.
“In the wrong hands, this software—which does not exist today—would have the potential to unlock any iPhone in someone’s physical possession,” it reads. “The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.”
No backdoors in Apple software
Apple’s point was valid then and even more so today. There’s no such thing as a 100 percent safe software backdoor. Apple also responds to legal requests from law enforcement agencies globally and, if technically possible, provides data responsive to the request. Apple cannot unlock devices because it doesn’t hold encryption keys that protect the data stored on your iPhone or iPad.
“Apple has never created a backdoor or master key to any of our products or services,” the company notes. “We have also never allowed any government direct access to Apple servers. And we never will.”
Source link: https://www.idownloadblog.com/2025/02/07/apple-uk-government-order-icloud-encryption-disable-globally/
Leave a Reply