Apple has been ordered by the UK government to create a backdoor that would give security officials access to users' encrypted iCloud backups, according to a report by The Washington Post. This secret order, issued last month, would grant British security services blanket access to end-to-end encrypted files uploaded by any user worldwide, not just UK citizens.
The demand is based on rights given under the UK's Investigatory Powers Act of 2016, also known as the Snoopers' Charter. The UK government has served Apple a technical capability notice, which is a criminal offense to even reveal. If Apple complies, it would not be allowed to warn users that their encryption has been compromised, raising significant concerns over user privacy and security.
Apple is expected to respond by stopping its encrypted storage service, Advanced Data Protection, in the UK. However, this would not meet the UK's demand for access to files shared by global users. Apple has the right to appeal the notice on the basis of the cost of implementation and whether the demand is proportionate to security requirements, but any appeal cannot delay the original order.
This development is part of a broader trend of governments pushing back against end-to-end encryption services, citing concerns that they make it easier for terrorists and child abusers to hide from law enforcement. US agencies, including the FBI, have expressed similar fears in the past, but have more recently begun recommending encryption as a way to counter hackers linked to China.
Apple's iCloud backups are not encrypted by default, but the Advanced Data Protection option was added in 2022 and must be enabled manually. It uses end-to-end encryption, meaning not even Apple can access encrypted files. Other tech giants, such as Google and Meta, also offer encrypted backups for their users. While they declined to comment on whether they had received similar governmental requests, Google reiterated that it "can't access Android end-to-end encrypted backup data, even with a legal order."
This development has significant implications for global user privacy and security. If Apple is forced to create a backdoor, it could set a dangerous precedent for governments around the world to demand similar access to encrypted data. The move could also undermine trust in tech companies and their ability to protect user data.
As the debate around encryption and government access continues, it remains to be seen how Apple will respond to the UK's demands and what implications this will have for the tech industry as a whole. One thing is clear: the stakes are high, and the outcome will have far-reaching consequences for users around the world.