When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

The U.K. government can now access your iCloud data after forcing Apple to weaken encryption

Neowin · with 17 comments

Apple iCloud

The U.K. government has forced Apple to remove its advanced data protection (ADP) feature for users in the U.K., due to a government order requiring the company to create a backdoor for accessing encrypted user data. This means that data stored on iCloud will no longer be end-to-end (E2E) encrypted in the United Kingdom, and law enforcement authorities in the U.K., can access the data whenever they deem necessary.

Apple currently has two methods of encrypting iCloud data. The standard data protection (SDP) is the default setting for iCloud users, where the encryption keys are secured in Apple data centers. In this case, only certain data is E2E encrypted and Apple can help users with data recovery in case of any issues.

However, the second method, advanced data protection (ADP) offers the highest level of security on Apple devices and the encryption keys remain only on the user's trusted devices. In this case, not even Apple has access to the iCloud data, and only the user can recover this data. Unfortunately for users in the U.K., this feature will no longer work for iCloud data storage, device backups, web bookmarks, voice memos, notes, photos, reminders, and text message backups.

The U.K. government issued this order under the Investigatory Powers Act, which has already faced significant backlash. Apple, in a statement to Bloomberg, said that it is "gravely disappointed" by this decision.

“We are gravely disappointed that the protections provided by ADP will not be available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy. ADP protects iCloud data with end-to-end encryption, which means the data can only be decrypted by the user who owns it, and only on their trusted devices.”

Those customers who are already using ADP will need to manually disable it in the U.K. during a grace period, to keep their data in their iCloud accounts. Apple also said that it would issue additional guidance for the affected user in the U.K. and that it doesn't have the ability to automatically disable E2E encryption on their behalf.

Apple will continue to offer E2E encryption on other features such as iMessage, FaceTime, Passwords, and Apple Health data, where the encryption is turned on by default.

Source: Bloomberg

Report a problem with article
Next Article

Save 93% on an Ultimate Candlestick Trading & Analysis Masterclass Bundle

Xi Jinping
Previous Article

OpenAI bans accounts used to develop Chinese surveillance tools targeting the West

Join the conversation!

Login or Sign Up to read and post a comment.

17 Comments - Add comment