Apple has removed its Advanced Data Protection (ADP) feature for iCloud in the United Kingdom following government demands for backdoor access to encrypted user data. ADP, an optional security setting, ensured that only users’ trusted devices had access to the encryption keys needed to decrypt their iCloud data, including backups, photos, notes, and other personal information. The move is part of a broader concern about privacy as Apple responds to a demand from the UK government, which wanted a backdoor into iCloud content under the Investigatory Powers Act, commonly known as the Snoopers’ Charter.
This decision is particularly alarming given the increasing number of data breaches and threats to customer privacy in the UK.
Apple expressed its disappointment in removing ADP, stating that it would no longer be able to offer its customers in the UK the protection of end-to-end encryption, which prevents anyone, including Apple, from decrypting the data. Users who had enabled ADP will need to manually disable it, as Apple is unable to do so automatically on their behalf, highlighting the unprecedented nature of this shift.
The government’s demand for access to encrypted material without a specific target account was made under the Investigatory Powers Act, a law that has drawn significant concern due to its potential to infringe on privacy rights. This blanket capability for surveillance would give the UK authorities the power to access any iCloud content, undermining the integrity of encrypted data. The move is seen as a concerning precedent for privacy and security standards, especially since encrypted data is increasingly seen as a fundamental tool for protecting sensitive user information.
In response to the government’s actions, U.S. lawmakers, including Senator Ron Wyden and Congressman Andy Biggs, have urged the UK to retract its order. They warned that the decision could jeopardize U.S.-UK cybersecurity arrangements and intelligence sharing, emphasizing the importance of safeguarding privacy on both sides of the Atlantic. Apple’s decision to withdraw ADP in the UK highlights the growing tension between privacy protections and government surveillance efforts, as it continues to raise concerns about the broader implications for digital security.
