Apple Withdraws Advanced Data Protection in the UK
Apple has announced the removal of its Advanced Data Protection (ADP) feature for users in the United Kingdom. This decision comes in response to a demand from the UK government for backdoor access to user data under the Investigatory Powers Act. ADP, introduced by Apple in late 2022, provided end-to-end encryption for iCloud data, ensuring that only account holders could access their stored information. With the feature's removal, data stored in iCloud by UK users will now be accessible by Apple and, upon request, shareable with law enforcement agencies. Apple expressed grave disappointment over this development, emphasizing that the absence of ADP increases vulnerabilities to data breaches and other privacy threats.
Government's Stance and Legal Framework
The UK's demand for access to encrypted data is rooted in the Investigatory Powers Act of 2016, often referred to as the "snoopers' charter." This legislation grants authorities the power to request access to encrypted data for law enforcement purposes. Earlier this month, the Home Office served Apple with a request under this act, compelling the company to provide access to users' encrypted data. A Home Office spokesperson declined to comment on operational specifics, stating, "We do not comment on operational matters, including for example confirming or denying the existence of any such notices."
Implications for Users and Industry Response
As a result of this mandate, new users in the UK will no longer have access to the ADP feature, and existing users will be required to disable it at a later date. Despite this change, services like iMessage and FaceTime will continue to offer end-to-end encryption by default. Cybersecurity experts have criticized the government's approach, suggesting that it undermines user security and may be counterproductive. Professor Alan Woodward from the University of Sussex described the move as "quite an extraordinary development," emphasizing that weakening encryption could make applications less secure for UK users without benefiting intelligence operations.
