The UK Demanded That Apple Grant It Access to Encrypted Storage Globally

Joseph Menn, writing for The Washington Post:

Security officials in the United Kingdom have demanded that Apple create a back door allowing them to retrieve all the content any Apple user worldwide has uploaded to the cloud, people familiar with the matter told The Washington Post.

The British government’s undisclosed order, issued last month, requires blanket capability to view fully encrypted material, not merely assistance in cracking a specific account, and has no known precedent in major democracies. Its application would mark a significant defeat for tech companies in their decades-long battle to avoid being wielded as government tools against their users, the people said, speaking under the condition of anonymity to discuss legally and politically sensitive issues.

Menn reports that in response, Apple will likely stop offering encrypted storage in the UK. That does not, however, address the order’s demand for access to storage in other countries.

The UK order reportedly applies to Advanced Data Protection, an end-to-end encryption feature added by Apple in 2022 that ensures that not even Apple has access to users’ cloud storage. Apple is not commenting presumably because to do so would be a criminal violation under UK law, but it did comment in 2024 when given a draft of the order, that has now been issued:

During a debate in Parliament over amendments to the Investigatory Powers Act, Apple warned in March that the law allowed the government to demand back doors that could apply around the world. “These provisions could be used to force a company like Apple, that would never build a back door into its products, to publicly withdraw critical security features from the UK market, depriving UK users of these protections,” it said in a written submission.

As Menn points out, even the F.B.I., which has pressured Apple to offer backdoor access to its encrypted services in the past, recently endorsed the use of encrypted services to counter recent hacks of U.S. communications systems.

I don’t think any government should have this sort of access over their citizens’ data, but the UK law is particularly egregious because it applies worldwide. Tech companies have faced government pressure for this sort of access for years. On the surface, it may seem like a good way to ‘catch the bad guys,’ but once the backdoor is created, there’s no way to ensure it will be used only by ‘the good guys.’