Zoe Kleinman
Technology editor•[1]@zsk
[grey-placeholder.png] Getty Images The apple logo on a clear round
store is visible in amongst the skyscrapers in a city Getty Images
The UK government has demanded to be able to access encrypted data
stored by Apple users worldwide in its cloud service.
Currently only the Apple account holder can access data stored in this
way - the tech giant itself cannot view it.
The demand has been served by the Home Office under the Investigatory
Powers Act (IPA), which compels firms to provide information to law
enforcement agencies.
Apple declined to comment, but [2]says on its website that it views
privacy as a "fundamental human right".
Under the law, the demand cannot be made public.
The news was first reported by [3]the Washington Post quoting sources
familiar with the matter, and the BBC has spoken to similar contacts.
The Home Office said: "We do not comment on operational matters,
including for example confirming or denying the existence of any such
notices."
Privacy International called it an "unprecedented attack" on the
private data of individuals.
"This is a fight the UK should not have picked," said the charity's
legal director Caroline Wilson Palow.
"This overreach sets a hugely damaging precedent and will embolden
abusive regimes the world over."
'Back doors'
The demand applies to all content stored using what Apple calls
"Advanced Data Protection" (ADP).
This uses something called end-to-end encryption, where only the
account holder can access the data stored - even Apple itself cannot
see it.
It is an opt-in service, and not all users choose to activate it.
This is because, while it makes your data more secure, it comes with a
downside - it encrypts your data so heavily that it cannot be recovered
if you lose access to your account.
It is unknown how many people choose to use ADP.
It's also important to note that the government notice does not mean
the authorities are suddenly going to start combing through everybody's
data.
It is believed that the government would want to access this data if
there were a risk to national security - in other words, it would be
targeting an individual, rather than using it for mass surveillance.
Authorities would still have to follow a legal process, have a good
reason and request permission for a specific account in order to access
data - just as they do now with unencrypted data.
Apple has previously said it would pull encryption services like ADP
from the UK market rather than comply with such government demands -
telling Parliament it would "never build a back door" in its products.
Cyber security experts agree that once such an entry point is in place,
it is only a matter of time before bad actors also discover it.
And withdrawing the product from the UK might not be enough to ensure
compliance - the Investigatory Powers Act applies worldwide to any tech
firm with a UK market, even if they are not based in Britain.
Still, no Western government has yet been successful in attempts to
force big tech firms like Apple to break their encryption.
The US government has previously asked for this, but Apple has
pointedly refused.
In 2016, [4]Apple resisted a court order to write software which would
allow US officials to access the iPhone of a gunman - though this was
resolved after the FBI were able to successfully access the device.
That same year, the US [5]dropped a similar case after it was able to
gain access by discovering the person's passcode.
Similar cases have followed, including in 2020, [6]when Apple refused
to unlock iPhones of a man who carried out a mass shooting at a US air
base.
The FBI later said it had been able to "gain access" to the phones.
'Stunned'
The tech giant can appeal against the government's demand but cannot
delay implementing the ruling during the process even if it is
eventually overturned, according to the legislation.
The government argues that encryption enables criminals to hide more
easily, and the FBI in the US has also been critical of the ADP tool.
Professor Alan Woodward, cyber security expert from Surrey University,
said he was "stunned" by the news, and privacy campaigners Big Brother
Watch described the reports as "troubling".
"This misguided attempt at tackling crime and terrorism will not make
the UK safer, but it will erode the fundamental rights and civil
liberties of the entire population," the group said in a statement.
UK children's charity the NSPCC has previously described encryption as
being on the front line of child abuse because it enables abusers to
share hidden content.
But Apple says that privacy for its customers is at the heart of all
its products and services.
In 2024 the company contested proposed changes to the Investigatory
Powers Act, calling it an "unprecedented overreach" of a government.
The changes also included giving the government the power to veto new
security measures before they were implemented. They were passed into
law.
"The main issue that comes from such powers being exercised is that
it's unlikely to result in the outcome they want," said Lisa Forte,
cyber security expert from Red Goat.
"Criminals and terrorists will just pivot to other platforms and
techniques to avoid incrimination. So it's the average, law abiding
citizen who suffers by losing their privacy."
References
1.
https://twitter.com/zsk
2.
https://www.apple.com/uk/privacy/
3.
https://www.washingtonpost.com/technology/2025/02/07/apple-encryption-backdoor-uk/
4.
https://www.bbc.co.uk/news/world-us-canada-35914195
5.
https://www.bbc.co.uk/news/technology-36139981
6.
https://www.bbc.co.uk/news/world-us-canada-51104296