According to reports, the UK government has asked Apple to develop a backdoor that would allow security agents to access users’ Apple encryption iCloud backups.
If it were put into effect, Apple would not be allowed to notify consumers that their encryption was hacked, and British security services would have access to the backups of all customers, not just British ones.
UK demands access to Apple users’ encrypted data
According to the Washington Post, the covert order, which was obtained last month, is predicated on rights granted under the UK’s Investigatory Powers Act of 2016, also referred to as the Snoopers’ Charter.
Instead of requesting access to a particular account, officials have reportedly called for universal access to end-to-end encrypted files uploaded by any user globally.
Apple’s iCloud backups aren’t encrypted by default, but the Advanced Data Protection option was added in 2022 and must be enabled manually. It uses end-to-end encryption so that not even Apple can access encrypted files.
In response to the order, Apple is expected to simply stop offering Advanced Data Protection in the UK. This wouldn’t meet the UK’s demand for access to files shared by global users, however.
According to the UK’s requests, Apple would also presumably not be permitted to alert consumers that its encrypted service is no longer completely safe.
As the British parliament debated a change to the Investigatory Powers Act in March 2024, Apple stated, “There is no reason why the UK [government] should have the authority to decide for citizens of the world whether they can avail themselves of the proven security benefits that flow from end-to-end encryption.”
In the past, it has resisted earlier attempts by the UK to enact laws that would have created backdoors to encrypted communications.
In the UK, security services, and MPs have continuously opposed end-to-end encryption services, claiming that the technology facilitates terrorists’ and child abusers’ ability to evade detection.
After Apple first implemented end-to-end encryption, a UK government spokeswoman told The Guardian in 2022 that “efforts to catch perpetrators of the most serious crimes cannot be allowed to be hampered by end-to-end encryption.”
Although the FBI and other US agencies have previously voiced similar concerns; they have more lately started to suggest encryption as a means of thwarting Chinese hackers.
Together with cybersecurity centres in Canada, Australia, and New Zealand, the NSA, and the FBI recommended in December 2024, that web traffic be “end-to-end encrypted to the maximum extent possible” as part of new security best practices.
The security services in the UK did not accompany them. It’s probable that other nations, like the US and China, may perceive a chance to demand the same privilege if Apple allows the UK government access to encrypted data. Apple will have to choose between complying and discontinuing its encryption service.
Since 2018, Google has made encrypted backups available by default for Android devices, and Meta provides encrypted backups for WhatsApp subscribers as well.
Regarding whether they had received demands for backdoors from the government, representatives for both refused to respond to the Washington Post.
While Meta cited an earlier declaration that no backdoors would be put in place, Google’s Ed Fernandez reaffirmed that the corporation “can’t access Android end-to-end encrypted backup data, even with a legal order.”