- Need a Windows 10 alternative? Still miss XP? This Linux distro is for you - and it's free
- The best password generator of 2025: Expert tested
- Michigan Man Indicted for Dark Web Credential Fraud
- This $300 Motorola has a better display and battery life than iPhone 16e - at half the price
- Navigating the AI Era as a CCIE
Experts Slam Government After “Disastrous” Apple Encryption Move
Security and consumer rights experts have urged lawmakers to hold the UK government to account, after Apple removed end-to-end encryption (E2EE) in iCloud following data access demands from the Home Office.
Although the access request was made in secret under the controversial Investigatory Powers Act (IPA), also dubbed the ‘Snooper’s Charter’, it was widely reported as happening earlier this month.
However, as long argued by Apple and other tech companies, it’s impossible to create an E2EE “backdoor” for government and law enforcement without putting all customers at risk.
That’s why Apple has taken the decision to remove the opt-in Advanced Data Protection (ADP) feature for UK customers.
“We are gravely disappointed that the protections provided by ADP will not be available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy,” Apple said in a statement.
“Enhancing the security of cloud storage with end-to-end encryption is more urgent than ever before. Apple remains committed to offering our users the highest level of security for their personal data and are hopeful that we will be able to do so in the future in the United Kingdom.”
Read more on E2EE: UK’s Privacy Tsar Mounts Fierce Defense of End-to-End Encryption.
However, it’s not known if the removal of ADP will be enough to satisfy the government, given its demands theoretically applies globally, in countries where the feature is still in place.
Rik Ferguson, VP of security intelligence at Forescout, said it was realistically the only path Apple could have taken after being forced into a corner by the government.
“First, a backdoor giving UK gov global access to everyone’s encrypted data everywhere was never going to happen. Backdoors don’t discriminate and the global threat actor hunt to exploit it would be immediate and it would be rapidly effective,” he said.
“Second, where would the line be drawn? If the UK government gets its own backdoor, what stops France, the US or eventually Russia, Iran, or any other nation from demanding the same? In some places, even holding up a blank sheet of paper or wearing the ‘wrong’ clothing can already see you hauled off the streets, or worse.”
Will Richmond-Coggan, a partner at Freeths LLP, argued that the move may harm the national interest by imperilling data flows between the UK and EU.
“Those who wish to evade surveillance will always be able to source tools that assist them in doing so. But if Apple’s decision has a domino effect on other major technology companies, the UK may no longer be seen as a safe destination for personal data,” he said.
“If that in turn results in the UK losing its adequacy status with the EU, every company doing business in Europe will be subject to additional costly compliance obligations, hampering the government’s plans for growth, and a closer European political relationship.”
A “Disaster” for the UK
Mike Salem, UK country associate for the Consumer Choice Center, called on opposition parties to voice their discontent and demand the government outlines its reasoning.
“The UK government has set a precedent, and cast a new reputation that underscores the erosion of personal liberties and privacy in a digital age where these values are needed more than ever,” he said.
“This marks a very sad day for the basic principle of consumer privacy in the 21st century, depriving users of the tools that leave UK citizens exposed to governments, criminals and malicious hackers. The fact this has been done without debate, oversight or advance warning to UK Apple users is extremely concerning,” Salem said.
David Ruiz, senior privacy advocate at Malwarebytes, described the news as a “disaster” for the UK and one with potential global consequences.
“To demand access to the world’s data is such a brazen, imperialist manoeuvre that I’m surprised it hasn’t come from the US. This may embolden other countries, particularly those in the Five Eyes, to make a similar demand of Apple,” he argued.
He said it may put at risk the UK’s “data bridge” agreement for cross-border data flows with the US.
“In short, the loss of end-to-end encryption is bad, yes. But the global impact of this demand has extremely dangerous and idiotic potential,” Ruiz concluded.
Image credit: kovop / Shutterstock.com
