Apple says it can no longer offer an advanced data encryption feature to users in the United Kingdom, after the British government reportedly demanded the US tech giant provide backdoor access to iCloud data.
The feature, which Apple calls Advanced Data Protection, allows users to increase the security of their iCloud data by switching on end-to-end encryption.
That level of encryption means even Apple cannot access data such as photos, notes, voice memos, and backups of messages and devices in its iCloud servers when such information is requested by users or law enforcement.
The iPhone-maker said on Friday it would switch off the feature for new users in the UK and soon disable it for existing ones.
It was a surprise move given Apple’s tough stance on privacy and data security, but it appeared the company had not complied with the UK government’s original order, which was reportedly much more invasive.
Without referring to the alleged government demand for an iCloud backdoor, Apple told European media it was “gravely disappointed” it could no longer offer Advanced Data Protection to UK users, “given the continuing rise of data breaches and other threats to customer privacy”.
Some iCloud data would remain end-to-end encrypted by default in the UK, the company said, including communications on iMessage and FaceTime, Health app information, and passwords.
The changes to Apple’s security features were the latest in a long history of technology companies which have disagreed with politicians and law enforcement over the merits of accessing encrypted data.
The ‘secret’ demand reportedly made to Apple
The decision to shutter Advanced Data Protection in the UK came after The Washington Post reported British security officials had secretly ordered Apple to create a so-called backdoor into iCloud which would allow authorities access to the encrypted data of users both inside and outside the UK.
The Washington Post’s report stated Britain had given Apple an undisclosed order in January, demanding the company allow unprecedented access to encrypted iCloud material.
Apple can appeal the order, but could not delay complying with the demand.
The order reportedly came in the form of a Technical Capability Notice (TCN) under the UK’s Investigatory Powers Act of 2016, which allows law enforcement officials to compel organisations to help with evidence collection — and makes it an offence to disclose the existence of a request.
Even after a TCN is in place, “law enforcement and the intelligence services must also have the relevant warrant or authorisation in place before they are able to access data”, according to the UK government.
What could it mean for Australians?
Joseph Lorenzo Hall, a technologist with US nonprofit group Internet Society, told the Reuters news agency he believed Australia could follow Britain’s lead by requesting a backdoor.
"The one thing we see with Commonwealth countries is the second one does something, the others tend to do that,” he said.
“And so I would expect Australia to issue a TCN that probably mirrors this, given their own laws."
While Australia has similar laws such as 2018’s Assistance and Access Act — which allows obligations to be put on organisations to assist in law enforcement warrants — companies cannot be forced to build new capabilities for decryption.
A compulsory TCN can be jointly issued by the Attorney-General and the Minister for Communications at the request of a security agency, but it is “expressly prohibited from requiring the building of a capability to decrypt information or remove electronic protection”, according to the Department of Home Affairs.
Companies can still be ordered to use existing functions to provide some assistance to law enforcement, and face fines for not doing so.
Under what is known as a Technical Assistance Notice (TAN), a company can be required to decrypt communications using existing capabilities.
Apple's iCloud service contains sensitive data about most of the company's customers. Image: Shutterstock
Cybersecurity experts have previously warned breaks in encryption could be found and exploited by criminals.
According to a statement on the Department of Home Affairs website, so-called backdoors would “weaken the digital security of Australians and others”.
“This is why notices under the Act cannot require a provider to implement or build systemic weaknesses into electronic protection,” the statement reads.
“The Australian Government has no interest in undermining systems that protect the fundamental security of communications.
“This includes an explicit prohibition on building a decryption capability or requiring that providers make their encrypted systems less effective.”
Law enforcement push decryption, phone hacking
Despite the government’s official stance, law enforcement officials have previously called for legislative changes which would allow them to use decryption to more easily identify and track alleged offenders.
Australian police have also used their own encrypted app to track potential criminals, which has faced its own legal challenges.
Apple has previously pushed back against government efforts to weaken privacy protections.
The company fought against building an iPhone backdoor when the FBI asked it to in the wake of a mass shooting and an attempted bombing in the California city of San Bernardino in 2015.
An Australian firm was later named as the third party which successfully unlocked an iPhone 5C that belonged to one of the perpetrators.
Similar technologies have since been used to access the phone of Thomas Matthew Crooks, who shot at Donald Trump in 2024, and are still in use by Australian authorities.
