Skip to content
At 3pm UK time last Friday, Apple started blocking access to their Advanced Data Protection feature for people in the UK, following a request from the Home Office to introduce a backdoor to users encrypted data.
Advanced Data Protection (ADP) was an optional free feature which, when enabled, would increase security of user data such as photos and backups stored in iCloud through the use of end-to-end encryption, meaning nobody except the account holder (not even Apple) could decrypt the data.
In a statement Apple said it was “gravely disappointed” that it would no longer be able to offer the security feature to British customers, after the UK government demanded the ability to see the data.
Why has this happened?
This news follows a secretive request called a “technical capability notice” by the Home Office to Apple under the Investigatory Powers Act of 2016, which gives the British government the ability to compel service providers to provide access to users encrypted data. Notably, this request was supposed to be confidential, until an anonymous whistleblower gave the details to news agencies.
A Home Office spokesperson said: “We do not comment on operational matters, including, for example, confirming or denying the existence of any such notices.”
What’s interesting to see is that the technical capability notice reportedly requested a backdoor for end-to-end encryption for everyone, globally, regardless of their UK citizenship. Rather than provide this, Apple have instead withdrawn the feature from the UK. If the recent reports of the Home Office’s request are accurate then it’s possible Apple have fell afoul of the order with this move, but critics argue the UK government still got what they wanted, which many suspect was the ability to see the personal data of British citizens.
Is it the right move?
Cyber-security experts and privacy advocates worldwide have staunchly opposed the move as invasive and a huge increase in cyber-security risk for little apparent gain. Some have even gone as far as to describe the ordeal as an “own goal” by the government, pointing out that cyber-criminals can simply turn off iCloud, or use de-centralised encrypted platforms, leaving the rest of the UK population with weaker protection against threats and compromised privacy.
What happens now?
If you haven’t switched Advanced Data Protection on, you’ll no longer be able to do so. Instead, the following message will appear: “Apple can no longer offer Advanced Data Protection (ADP) in the United Kingdom to new users.”
It means the following data types won’t be protected:
- Anything in iCloud Backups, including stored messages
- iCloud Drive
- Photos
- Notes
- Reminders
- Safari Bookmarks
- Siri Shortcuts
- Voice Memos
- Wallet Passes
- Freeform
For people who already have Advanced Data Protection turned on, it’s not yet clear what will happen as Apple can’t disable the feature from their side without the decryption keys, but it’s possible they will require users to disable the feature themselves in order to keep using iCloud.
Are you affected by this change? Do you support or oppose the governments move? Make your voice heard by writing directly to your MP: https://www.writetothem.com/write
