Apple removed its data protection tool amid a UK government dispute.

UK NewsUK News
Apple removed its data protection tool amid a UK government dispute.

Apple is taking the extraordinary step of withholding its top-tier data security tool from UK users after the government asked for access to personal data.


Advanced Data Protection (ADP) means that only account holders may view items such as images or documents stored online using end-to-end encryption.


However, early this month, the UK government requested access to the data, which is now inaccessible even to Apple.


Apple did not remark at the time but has repeatedly opposed installing a "backdoor" in its encryption service, claiming that if it did, bad actors would soon find a way in.


Now, the tech behemoth has decided that activating ADP in the United Kingdom will be impossible.


This means that not all UK consumer data held on Apple's cloud storage service, iCloud, will eventually be fully encrypted.


Apple has access to data with standard encryption and can share it with law enforcement if a warrant is provided.

The Home Office responded to the BBC: "We do not comment on operational matters, including, for example, confirming or denying the existence of any such notices."


In a statement, Apple said it was "gravely disappointed" that British consumers will no longer have access to the security function.


"As we have said many times before, we have never built a backdoor or master key to any of our products, and we never will," he added.


The ADP program is opt-in, which means consumers must sign up to receive the protection it offers.


From 1500GMT on Friday, any Apple customer in the UK attempting to turn it on received an error message.

Existing users' access will be revoked at a later date.


It's unclear how many individuals have signed up for ADP since it became accessible to British Apple users in December 2022.


Prof Alan Woodward, a cyber-security expert at Surrey University, described it as a "very disappointing development" and "an act of self-harm" by the government.


"All the UK government has achieved is to weaken online security and privacy for UK-based users," he told the BBC, adding it was "naïve" of the UK to "think they could tell a US technology company what to do globally".


Caro Robson, an online privacy expert, said it was "unprecedented" for a corporation to "simply withdraw a product rather than cooperate with a government".


"It would be a very, very worrying precedent if other communications operators felt they simply could withdraw products and not be held accountable by governments," she shared with the BBC.


Meanwhile, Bruce Daisley, a former senior executive at X, then known as Twitter, told BBC Radio 4's PM program that "Apple saw this as a point of principle - if they were going to concede this to the UK, every other government around the world would want this."


What did the United Kingdom ask for?


The Home Office served the request under the Investigatory Powers Act (IPA), which requires companies to submit information to law enforcement agencies.


Apple declined to comment on the warning, and the Home Office refused to confirm or deny its existence. Still, the BBC and Washington Post spoke with many persons acquainted with the situation.


It sparked a heated outcry from privacy advocates, who described it as an "unprecedented attack" on individuals' private data.


Last Monday, WhatsApp CEO Will Cathcart reacted to a post on X expressing his concerns over the government's request.


He wrote: "If the UK pushes a global backdoor into Apple's security, it will make everyone in the world less protected. One country's secret order puts all of us in danger, and it must be stopped."


Two top US legislators warned it posed such a major threat to American national security that the US government should reconsider its intelligence-sharing agreements with the UK unless they were terminated.


It is unclear whether Apple's steps would adequately resolve such concerns, given that the IPA ruling extends globally and ADP will continue to operate in other countries.


One of those US senators, Senator Ron Wyden, told BBC News that Apple's withdrawal of end-to-end encrypted backups from the UK "sets a dangerous precedent that authoritarian countries will undoubtedly follow."


Senator Wyden feels the measure will "not be enough" to convince the UK to withdraw its demands, which would "seriously threaten" US customers' privacy.


In its statement, Apple expressed remorse for the measures it had taken.


"Enhancing the security of cloud storage with end-to-end encryption is more urgent than ever before," according to the report.


"Apple remains committed to offering our users the highest level of security for their data and is hopeful that we will be able to do so in the future in the UK."


Rani Govender, policy manager for child safety online at the NSPCC, stated that the organization wants tech companies such as Apple to ensure that they balance child and user safety with privacy.


"As Apple looks to change its approach to encryption, we're calling on them to make sure that they also implement more child safety measures so that children are properly protected on their services," she told the BBC's News.


According to a UK children's organization, end-to-end encrypted services can impede child safety and protection initiatives, such as detecting the distribution of child sexual abuse material(CSAM).


However, Emily Taylor, the co-founder of Global Signal Exchange, which gives insights into supply-chain scams, stated that encryption was more about safeguarding consumer privacy and was not the same as the dark web, where CSAM is typically distributed.


"The trouble with this long-running debate, the zero-sum debate about encryption and child protection, is that the tech companies can come out sounding incredibly callous, but that's not the point," she discussed on Radio 4's Today show.


"Encryption is something that we use every day; whether it's communicating with our bank, whether it's on messaging apps that are end-to-end encrypted, encryption is a form of privacy in an otherwise very insecure online world."


The dispute comes amid growing opposition in the United States to foreign-imposed regulation on the country's technology sector.


In an address at the AI Action Summit in Paris in early February, US Vice President JD Vance stated unequivocally that the US was growing increasingly concerned about it.


"The Trump administration is troubled by reports that some foreign governments are considering tightening the screws on US tech companies with international footprints," he told reporters.