Zoe Kleinman

  Technology editor•[1]@zsk

  [grey-placeholder.png] Getty Images The apple logo on a clear round
  store is visible in amongst the skyscrapers in a city Getty Images

  The UK government has demanded to be able to access encrypted data
  stored by Apple users worldwide in its cloud service.

  Currently only the Apple account holder can access data stored in this
  way - the tech giant itself cannot view it.

  The demand has been served by the Home Office under the Investigatory
  Powers Act (IPA), which compels firms to provide information to law
  enforcement agencies.

  Apple declined to comment, but [2]says on its website that it views
  privacy as a "fundamental human right".

  Under the law, the demand cannot be made public.

  The news was first reported by [3]the Washington Post quoting sources
  familiar with the matter, and the BBC has spoken to similar contacts.

  The Home Office said: "We do not comment on operational matters,
  including for example confirming or denying the existence of any such
  notices."

  Privacy International called it an "unprecedented attack" on the
  private data of individuals.

  "This is a fight the UK should not have picked," said the charity's
  legal director Caroline Wilson Palow.

  "This overreach sets a hugely damaging precedent and will embolden
  abusive regimes the world over."

'Back doors'

  The demand applies to all content stored using what Apple calls
  "Advanced Data Protection" (ADP).

  This uses something called end-to-end encryption, where only the
  account holder can access the data stored - even Apple itself cannot
  see it.

  It is an opt-in service, and not all users choose to activate it.

  This is because, while it makes your data more secure, it comes with a
  downside - it encrypts your data so heavily that it cannot be recovered
  if you lose access to your account.

  It is unknown how many people choose to use ADP.

  It's also important to note that the government notice does not mean
  the authorities are suddenly going to start combing through everybody's
  data.

  It is believed that the government would want to access this data if
  there were a risk to national security - in other words, it would be
  targeting an individual, rather than using it for mass surveillance.

  Authorities would still have to follow a legal process, have a good
  reason and request permission for a specific account in order to access
  data - just as they do now with unencrypted data.

  Apple has previously said it would pull encryption services like ADP
  from the UK market rather than comply with such government demands -
  telling Parliament it would "never build a back door" in its products.

  Cyber security experts agree that once such an entry point is in place,
  it is only a matter of time before bad actors also discover it.

  And withdrawing the product from the UK might not be enough to ensure
  compliance - the Investigatory Powers Act applies worldwide to any tech
  firm with a UK market, even if they are not based in Britain.

  Still, no Western government has yet been successful in attempts to
  force big tech firms like Apple to break their encryption.

  The US government has previously asked for this, but Apple has
  pointedly refused.

  In 2016, [4]Apple resisted a court order to write software which would
  allow US officials to access the iPhone of a gunman - though this was
  resolved after the FBI were able to successfully access the device.

  That same year, the US [5]dropped a similar case after it was able to
  gain access by discovering the person's passcode.

  Similar cases have followed, including in 2020, [6]when Apple refused
  to unlock iPhones of a man who carried out a mass shooting at a US air
  base.

  The FBI later said it had been able to "gain access" to the phones.

'Stunned'

  The tech giant can appeal against the government's demand but cannot
  delay implementing the ruling during the process even if it is
  eventually overturned, according to the legislation.

  The government argues that encryption enables criminals to hide more
  easily, and the FBI in the US has also been critical of the ADP tool.

  Professor Alan Woodward, cyber security expert from Surrey University,
  said he was "stunned" by the news, and privacy campaigners Big Brother
  Watch described the reports as "troubling".

  "This misguided attempt at tackling crime and terrorism will not make
  the UK safer, but it will erode the fundamental rights and civil
  liberties of the entire population," the group said in a statement.

  UK children's charity the NSPCC has previously described encryption as
  being on the front line of child abuse because it enables abusers to
  share hidden content.

  But Apple says that privacy for its customers is at the heart of all
  its products and services.

  In 2024 the company contested proposed changes to the Investigatory
  Powers Act, calling it an "unprecedented overreach" of a government.

  The changes also included giving the government the power to veto new
  security measures before they were implemented. They were passed into
  law.

  "The main issue that comes from such powers being exercised is that
  it's unlikely to result in the outcome they want," said Lisa Forte,
  cyber security expert from Red Goat.

  "Criminals and terrorists will just pivot to other platforms and
  techniques to avoid incrimination. So it's the average, law abiding
  citizen who suffers by losing their privacy."

References

  1. https://twitter.com/zsk
  2. https://www.apple.com/uk/privacy/
  3. https://www.washingtonpost.com/technology/2025/02/07/apple-encryption-backdoor-uk/
  4. https://www.bbc.co.uk/news/world-us-canada-35914195
  5. https://www.bbc.co.uk/news/technology-36139981
  6. https://www.bbc.co.uk/news/world-us-canada-51104296