Apple says removal of tool after government asked for right to see data will make iCloud users more vulnerable
Apple has made a significant and controversial decision to remove its Advanced Data Protection (ADP) tool from UK customers, following a request from the UK government for “backdoor” access to user data. The move has sparked widespread concern among privacy advocates and cybersecurity experts, who argue that it undermines the security and privacy of Apple users in the UK.
The ADP tool, which uses end-to-end encryption, ensures that only account holders can access their data, such as photos and documents stored in iCloud. This high level of security means that even Apple itself cannot access the encrypted data, providing users with robust protection against data breaches and other privacy threats. However, the UK government’s demand for access to this data has forced Apple to disable the tool for new users and will require existing users to disable the feature at a later date.
Apple expressed “grave disappointment” over the decision, stating that the removal of ADP would leave users more vulnerable to data breaches and other threats to customer privacy. The company emphasized that all data stored in iCloud would now be accessible by Apple, which could share it with law enforcement if they had a warrant. This marks a significant shift from the previous state of affairs, where even Apple could not access the encrypted data.
|The request from the UK government came under the Investigatory Powers Act, which compels companies to provide information to law enforcement agencies. The Home Office served Apple with a request earlier this month, asking for the right to see users’ encrypted data. As a result, at 3 pm on Friday, new users were no longer able to access the ADP tool, and existing users were informed that they would need to disable the security feature at a later date. It is important to note that messaging services like iMessage and FaceTime will continue to be end-to-end encrypted by default.
Apple reiterated its commitment to offering the highest level of security for users’ personal data, stating, “We are gravely disappointed that the protections provided by ADP will not be available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy. Enhancing the security of cloud storage with end-to-end encryption is more urgent than ever before.” The company also emphasized that it has never built a backdoor or master key to any of its products or services and never will.
Cybersecurity experts have criticized the UK government’s approach, arguing that it is both naive and counterproductive. Alan Woodward, a cybersecurity professor from the University of Sussex, described Apple’s move as “quite an extraordinary development.” He said, “It was incredibly naive of the British government to think they could tell Apple what to do. You simply can’t tell a large US technology company what to do. You have to work with them, [practise] diplomacy – that’s what has been tried before and was working. Waving a UK law at them was not going to work.”
Woodward further explained that Apple’s decision sends a clear message: “You cannot weaken encryption for your enemies without weakening it for your friends.” He argued that the government’s actions would only serve to make Apple’s applications less secure for UK users, without providing any tangible benefits for intelligence operations.
Peter Sommer, another cybersecurity expert, pointed out that technologists have been unsuccessful in developing a “foolproof backdoor” over the past 30 years. He suggested that instead of seeking a universal solution, the Home Office should focus on targeted rather than bulk encryption breaches. This approach would ensure that warrants are justified as proportionate and leave innocent users with their privacy intact.
A spokesperson for the Home Office declined to comment on the specifics of the situation, stating, “We do not comment on operational matters, including for example confirming or denying the existence of any such notices.”
The removal of the ADP tool from UK users raises important questions about the balance between national security and individual privacy. While the UK government argues that access to encrypted data is necessary for law enforcement and national security purposes, critics contend that weakening encryption puts users at greater risk of data breaches and other privacy violations. The situation highlights the ongoing tension between technology companies and governments over issues of data security and privacy.
