Apple iPhone warning (Image: APPLE)
Millions of UK iPhone, iPad and Mac users will soon find their files and photos aren’t as well protected as before. Until now, has offered some of the highest privacy levels in the world with customer data – stored on its servers – locked behind uncrackable encryption. It’s something the US technology giant prides itself on but one service provided by Apple has just been switched off for new users and will soon be blocked for everyone in the UK.
The worrying and ‘harmful’ block has been announced due to the UK Government recently issuing an order under the Investigatory Powers Act 2016, asking for the ability to access fully encrypted files from Apple users. This goes against all of the tech giant’s rules with the Californian-based firm saying it would never agree to create a “back door” into its systems, as they could also be exploited by bad actors.
Now the iPhone maker has confirmed that it was withdrawing the tool from use in the UK, turning it off as an option for those not already using it, and will introduce a process to move existing users away from it.
We are gravely disappointed that the protections provided by ADP will not be available to our customers in the UK given the continuing rise of data breaches
In a statement, Apple said: “Apple can no longer offer Advanced Data Protection (ADP) in the United Kingdom to new users and current UK users will eventually need to disable this security feature.
“ADP protects iCloud data with end-to-end encryption, which means the data can only be decrypted by the user who owns it, and only on their trusted devices.
“We are gravely disappointed that the protections provided by ADP will not be available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy.
“Enhancing the security of cloud storage with end-to-end encryption is more urgent than ever before. Apple remains committed to offering our users the highest level of security for their personal data and are hopeful that we will be able to do so in the future in the United Kingdom.
“As we have said many times before, we have never built a backdoor or master key to any of our products or services and we never will.”
Apple has confirmed that the changes will affect 9 iCloud data categories covered by ADP including iCloud Backup; iCloud Drive; Photos; Notes; Reminders; Safari Bookmarks; Siri Shortcuts; Voice Memos; Wallet Passes; and Freeform.
It will not afftect the 14 iCloud data categories that are end-to-end encrypted by default. Data like iCloud Keychain and Health remains protected with full end-to-end encryption along with its communication services, like iMessage and FaceTime which all remain end-to-end encrypted globally, including in the UK.
For users in the UK who already enabled ADP, Apple will soon provide additional guidance. Apple cannot disable ADP automatically for these users. Instead, UK users will be given a period of time to disable the feature themselves to keep using their iCloud account.
Security experts are concerned about the changes with some saying the Government’s move is making things less safe for UK tech users.
“While it is difficult to balance concerns around terrorism and serious crime with the privacy rights of individuals, my concern is that the government’s course of action ultimately harms the national interest more than it furthers it,” explained Will Richmond-Coggan, a partner specialising in cybersecurity at Freeths LLP.
“Those who wish to evade surveillance will always be able to source tools that assist them in doing so. But if Apple’s decision has a domino effect on other major technology companies, the UK may no longer be seen as a safe destination for personal data. If that in turn results in the UK losing its adequacy status with the EU, every company doing business in Europe will be subject to additional costly compliance obligations, hampering the government’s plans for growth, and a closer European political relationship.”
What is ADP and how will this block affect you – Martyn Landi explains
Why is it now being withdrawn from the UK?
It was reported earlier this month that the UK Government had made a request to Apple, under the Investigatory Powers Act, to get broad access to encrypted files uploaded to iCloud, including those secured by end-to-end encryption under ADP.
In order to provide such access, Apple would have to create a security “backdoor” – a new key that would allow the Government to get around the encryption and access the files.
However, Apple has said publicly on numerous occasions in the past, including in its statement on Friday about ADP, that it would not create a backdoor and never will.
The company argues that once a backdoor has been created, it could easily be accessed and used by bad actors, breaking its encryption systems and therefore leaving iCloud users around the world vulnerable to data breaches.
So in response to the Government’s request, rather than comply and create a backdoor, Apple has chosen to withdraw ADP from the UK instead.
– Why did the Government want access to encrypted files?
Government, police and security services, and online safety charities have argued for some time that end-to-end encryption is being used by criminals such as terrorists and child abusers to more easily hide their activities online, and has hampered efforts to catch them.
The Government’s request to Apple was an attempt to force the firm to break its own encryption systems, and allow police and security services to more easily access such data when needed.
– What does the removal of ADP mean for UK users?
For many users, very little will actually change as ADP was opt-in and only those who had actively chosen to turn it on in the first place have been using it.
Apple said those already using it will see it withdrawn over time, but it can no longer be turned on for anyone wanting access in the UK now.
But even without ADP in place, Apple said more than a dozen iCloud data categories are still end-to-end encrypted by default, including health data and its password management system, iCloud Keychain.
In addition, Apple said its communications services, such as iMessage and FaceTime, remain end-to-end encrypted globally, including in the UK.
However, cybersecurity experts have warned that this has ultimately made UK users less secure, as they have lost access to a higher level of data protection that will remain available to users elsewhere.