UK Govt Orders Apple to Create Backdoor Access for Encrypted iCloud Backups

The UK government has reportedly issued a secret order to Apple, compelling the tech giant to create a backdoor for accessing encrypted iCloud backups globally.

This unprecedented demand, made under the UK’s Investigatory Powers Act of 2016, commonly referred to as the “Snoopers’ Charter,” would grant British security agencies unrestricted access to users’ encrypted data worldwide, not just within the UK.

According to sources cited by The Washington Post, Apple would also be prohibited from informing users if their encryption was compromised.

The order, issued last month via a “technical capability notice,” demands blanket access to all encrypted files uploaded by any user globally rather than targeted access to specific accounts.

UK Govt Orders Apple to Create Backdoor iCloud Backups

Apple’s Advanced Data Protection feature, introduced in 2022, provides end-to-end encryption for iCloud backups and other data categories, ensuring that even Apple cannot access this information.

However, this feature is not enabled by default and must be activated manually by users.

In response to the order, Apple is reportedly considering discontinuing its Advanced Data Protection service in the UK rather than compromising its global encryption standards.

Such a move would leave UK users without access to enhanced encryption but would not address the broader demand for global access to encrypted data.

Apple has previously resisted similar demands from governments, including its high-profile standoff with the FBI in 2016 over unlocking an iPhone linked to the San Bernardino terrorist attack.

The UK government justifies its position by citing national security concerns and the need to combat terrorism and child exploitation.

Critics argue that mandating backdoors undermines user privacy and creates vulnerabilities that hackers and authoritarian regimes could exploit.

Civil liberties groups have long opposed the Investigatory Powers Act, claiming it grants excessive surveillance powers with insufficient safeguards.

The implications of this demand extend beyond the UK. If Apple complies, other countries, including China and the United States, may seek similar access.

Conversely, if Apple resists, it risks legal battles and the potential withdrawal of services from key markets. The situation highlights a broader conflict between governments seeking access for law enforcement and tech companies prioritizing user privacy.

Apple has the right to appeal the order on the grounds of proportionality and cost but cannot delay compliance during the appeal process. The company has not yet commented publicly on this latest development due to legal restrictions under UK law.

PCI DSS 4.0 & Supply Chain Attack Prevention – Free Webinar