Apple has confirmed it is withdrawing a key data security feature, Advanced Data Protection (ADP), from the UK following a dispute with the government.
This opt-in tool for iCloud users provided end-to-end encryption for most file types, including photos and notes, meaning not even Apple could access the data.
However, a recent government request to access this encrypted information led to a standoff, culminating in Apple’s decision to pull the feature.
ADP offered users enhanced privacy, restricting access to their data solely to the account holder.
This robust security measure became a point of contention when the government sought access, raising concerns about the balance between national security and individual privacy. Apple’s decision to remove ADP in the UK highlights the ongoing debate surrounding data encryption and government access.
What is Advanced Data Protection and what does it do?
Apple’s iCloud, like many cloud services, uses encryption to protect user data when it is stored on their servers. This means it cannot be accessed by outsiders, but could be by Apple if they were legally compelled to do so or if a user asked the firm to help them recover lost data.
The next level up from this is end-to-end encryption, which completely locks out anyone but the account holder from the files in question and leaves them as the sole actor able to recover it.
This is what ADP offers, applying it to the “majority” of iCloud data, and locking it away from anyone else, including Apple itself.
But it is an opt-in feature, meaning users have to choose to turn it on in order to take advantage of it and is therefore not used by every iCloud user.
Why is Apple’s Advanced Data Protection being withdrawn from the UK?
It was reported earlier this month that the UK Government had made a request to Apple, under the Investigatory Powers Act, to get broad access to encrypted files uploaded to iCloud, including those secured by end-to-end encryption under ADP.
In order to provide such access, Apple would have to create a security “backdoor” – a new key that would allow the Government to get around the encryption and access the files.
However, Apple has said publicly on numerous occasions in the past, including in its statement on Friday about ADP, that it would not create a backdoor and never will.
The company argues that once a backdoor has been created, it could easily be accessed and used by bad actors, breaking its encryption systems and therefore leaving iCloud users around the world vulnerable to data breaches.
So in response to the Government’s request, rather than comply and create a backdoor, Apple has chosen to withdraw ADP from the UK instead.
Government, police and security services, and online safety charities have argued for some time that end-to-end encryption is being used by criminals such as terrorists and child abusers to more easily hide their activities online, and has hampered efforts to catch them.
The Government’s request to Apple was an attempt to force the firm to break its own encryption systems, and allow police and security services to more easily access such data when needed.
What does the removal of Apple’s Advanced Data Protection mean for UK users?
For many users, very little will actually change as ADP was opt-in and only those who had actively chosen to turn it on in the first place have been using it.
Apple said those already using it will see it withdrawn over time, but it can no longer be turned on for anyone wanting access in the UK now.
But even without ADP in place, Apple said more than a dozen iCloud data categories are still end-to-end encrypted by default, including health data and its password management system, iCloud Keychain.
In addition, Apple said its communications services, such as iMessage and FaceTime, remain end-to-end encrypted globally, including in the UK.
However, cybersecurity experts have warned that this has ultimately made UK users less secure, as they have lost access to a higher level of data protection that will remain available to users elsewhere.
