Apple removes advanced data protection tool after UK government request | Apple

Apple has taken the unprecedented step of removing its strongest data security tool from customers in the UK, after the government demanded “backdoor” access to user data.

UK users will no longer have access to the advanced data protection (ADP) tool, which uses end-to-end encryption to allow only account holders to view items such as photos or documents they have stored online in the iCloud storage service.

UK users will now be more vulnerable to data breaches from bad actors, and other threats to customer privacy, Apple said. It will also mean that all data is accessible by Apple, which can share it with law enforcement if they have a warrant.

Earlier this month the Home Office served Apple a request under the Investigatory Powers Act, which compels firms to provide information to law enforcement agencies, asking for the right to see users’ encrypted data, which currently not even Apple can access.

After the change at 3pm on Friday, new users will not have access to the ADP tool and current users will need to disable the security feature at a later date. Messaging services like iMessage and FaceTime will remain end-to-end encrypted by default.

Apple said: “We are gravely disappointed that the protections provided by ADP will not be available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy. Enhancing the security of cloud storage with end-to-end encryption is more urgent than ever before.

“Apple remains committed to offering our users the highest level of security for their personal data and are hopeful that we will be able to do so in the future in the UK. As we have said many times before, we have never built a backdoor or master key to any of our products or services and we never will.”

Alan Woodward from the University of Sussex said Apple’s move was “quite an extraordinary development”. The cybersecurity professor said: “It was incredibly naive of the British government to think they could tell Apple what to do.

“Unpleasant a fact of life as it may be, you simply can’t tell a large US technology company what to do. You have to work with them, [practise] diplomacy – that’s what has been tried before and was working. Waving a UK law at them was not going to work.”

He said Apple was sending a message that “you cannot weaken encryption for your enemies without weakening it for your friends”, and that all the government could achieve would be to make its applications less secure for UK users, while obtaining no benefit for intelligence operations.

Cybersecurity expert Peter Sommer said technologists have unsuccessfully tried to develop a “foolproof backdoor” for the last 30 years.

He said: “Instead of looking for a universal solution, the Home Office should be concentrating on targeted rather than bulk encryption breach”, given that this ensured “warrants are justified as proportionate and leave the innocent with their privacy”.

A Home Office spokesperson said: “We do not comment on operational matters, including for example confirming or denying the existence of any such notices.”