UK Orders Apple to Break iCloud Advanced Data Protection
Dominic Preston (Hacker News, MacRumors):
Apple has reportedly been ordered by the UK government to create a backdoor that would give security officials access to users’ encrypted iCloud backups. If implemented, British security services would have access to the backups of any user worldwide, not just Brits, and Apple would not be permitted to alert users that their encryption was compromised.
The Washington Post reports that the secret order, issued last month, is based on rights given under the UK’s Investigatory Powers Act of 2016, also known as the Snoopers’ Charter. Officials have apparently demanded blanket access to end-to-end encrypted files uploaded by any user worldwide, rather than access to a specific account.
[…]
The UK has reportedly served Apple a document called a technical capability notice. It’s a criminal offense to even reveal that the government has made a demand. Similarly, if Apple did accede to the UK’s demands then it apparently would not be allowed to warn users that its encrypted service is no longer fully secure.
While law enforcement has long been able to access encrypted data for which Apple holds the keys, this move would reportedly apply to end-to-end data in which the user holds the keys, such as Apple’s Advanced Data Protection. This law would target end-to-end encrypted data from Google and Meta as well.
This is red alert, five-alarm-fire kind of stuff. Providing a backdoor would be worrying enough for reasons that should be obvious to anybody who knows the barest inkling about technology—to wit, that there exists no mechanism to keep such a tool out of the hands of malicious actors—but the fact that it would apply beyond the UK borders to other countries is a staggering breach of sovereignty. And, moreover, as Menn points out, such a move would no doubt embolden other powers to ask for access to the same capabilities—such as China.
[…]
Ironically, the biggest impediment might come in the form of the European Union, as Apple apparently argued that the implementation would undermine the European right to privacy.
In any case, the reported demands by the U.K. government are an extraordinary abuse of their own. It has global implications for both U.K. access and, I would venture, access by its allies. As a reminder, U.S. and U.K. spy agencies routinely shared collected data while avoiding domestic legal protections. This order explicitly revives the bad old days of constant access.
According to sources that spoke to the publication, Apple is likely to stop offering encrypted storage in the UK as a result of the demand. Specifically, Apple could withdraw Advanced Data Protection, an opt-in feature that provides end-to-end encryption (E2EE) for iCloud backups, such as Photos, Notes, Voice Memos, Messages backups, and device backups.
In this scenario, UK users would still have access to basic iCloud services, but their data would lack the additional layer of security that prevents even Apple from accessing it.
Previously:
- Privacy of Photos.app’s Enhanced Visual Search
- China Possibly Hacking US “Lawful Access” Backdoor
- Proposed EU Chat Control
- iCloud Advanced Data Protection Uptake
- UK Proposal to Weaken Messaging Security
- Apple Opposes Updated UK Investigatory Powers Act
- Advanced Data Protection for iCloud
- Apple Dropped Plans for End-to-End Encrypted iCloud Backups After FBI Objected
Update (2025-02-10): Mike Masnick:
While officials repeatedly insisted they weren’t trying to break encryption entirely, those of us following closely saw this coming. Apple even warned it might have to exit the UK market if pushed too far.
[…]
The UK government is demanding that Apple fundamentally compromise the security architecture of its products for every user worldwide. This isn’t just about giving British authorities access to British users’ data — it’s about creating a master key that would unlock everyone’s encrypted data, everywhere.
This is literally breaking the fundamental tool that protects our privacy and security. Backdoored encryption is not encryption at all.
[…]
This global reach is particularly concerning given the UK’s membership in the Five Eyes intelligence alliance. Any backdoor created for British authorities would inevitably become a tool for intelligence and law enforcement agencies across the US, Australia, Canada, and New Zealand — effectively creating a global surveillance capability without any democratic debate or oversight in those countries.
Apple is likely to turn the feature off for UK users rather than break it for everyone worldwide. Of course, UK users will be able to spoof their location. But this might not be enough. According to the law, Apple would not be able to offer the feature to anyone who is in the UK at any point: for example, a visitor from the US.
And what happens next? Australia has a law enabling it to ask for the same thing. Will it? Will even more countries follow?
This is madness.
Mark Nottingham (via Hacker News):
The UK is presumably interested in Apple providing this functionality because iCloud’s design conveniently makes a massive amount of data convenient to access in one location: Apple’s servers. If that data is instead spread across servers operated by many different parties, it becomes less available.
In effect, this is the decentralize iCloud option. Apple would open up its implementation of iCloud so that third-party and self-hosted providers could be used for the same functions. They would need to create interfaces to allow switching, publish some specifications and maybe some test suites, and make sure that there weren’t any intellectual property impediments to implementation.
[…]
This isn’t a perfect option. Orders could still force weakened encryption, but now they’d have to target many different parties (depending on the details of implementation and deployment), and they’d have to get access to the stored data. If you choose a provider in another jurisdiction, that makes doing so more difficult, depending on what legal arrangements are in place between those jurisdictions; if you self-host, they’ll need to get physical access to your disks.
Update (2025-03-14): Nick Heer:
If Google had not received a technical capabilities notice, it would be able to simply say “no”. Because it says it cannot say anything “if it had”, it seems likely it has also been issued a similar demand for access to user data in a decrypted form.
Update (2025-03-18): Tim Hardwick:
Two human rights groups have filed a legal complaint with the UK’s Investigatory Powers Tribunal (IPT) in an attempt to quash the UK government’s demand for Apple to allow backdoor access to its encrypted data (via Financial Times).
Zack Whittaker (via John Gruber):
A group of bipartisan U.S. lawmakers are urging the head of the U.K.’s surveillance court to hold an open hearing into Apple’s anticipated challenge of an alleged secret U.K. government legal demand.
10 Comments RSS · Twitter · Mastodon
The extraterritorial effect of the law is profoundly troubling, especially the prohibition on revealing the existence of the Technical Capability Notice. However, Apple would almost certainly be subject to lawsuits in the US and EU if it secretly added a backdoor to iCloud Advanced Data Protection, because doing so would violate their privacy policy and would likely give rise to fraud claims. They could kill iCloud Advanced Data Protection entirely, or they could add a backdoor and say there is a backdoor, but they could not, without being exposed to liability, secretly add a backdoor while simultaneously claiming that the data is end-to-end encrypted and nobody other than the user can access the data.
This shows us why centralized power, in this case practised by Apple, is a bad thing, especially when it comes to computers and networking. So should Apple just remove E2EE, where demanded by national laws? Why not?! Apple could even go many steps further, say bye-bye to centralization, and in fact use the opportunity to make even more money by giving all users worldwide a choice: you are free to continue using our traditional centralized iCloud services, but (depending on your jurisdiction) you would have to live with the risk of your government accessing your data… or you can just buy our shiny new hardware, the Mac Home, an Apple home server/NAS with lots of M.2 storage expandability, complete with a server-optimized version of macOS, with RAID5 & RAID6 built into APFS, which runs your own personal instance of iCloud for you and your family, for all your family's client devices, with E2EE for everything, iMessage server, sync for calendar, contacts, photos, passwords/keychains, Apple Home, Notes, email, system/account settings, office documents, remote file sharing etc. pp., Apple dDNS & VPN included for free, plus syncing third-party app data, plus local services like TimeMachine server, caches for Apple Music/TV & OS updates, and an open system for installing 3rd-party services, command-line tools, apps, containers, you know, for those who want to expand the device into an all-round home server. For customers who take the decentralized plunge, Apple's own iCloud infrastructure would then function only as a kind of bootstrap/handshake server. And if a government wants access to Apple's iCloud servers, there's literally nothing for them to see, unless they kick in your own home door, though they'd still need to break the encryption on your personal iCloud instance. --- And to speed things up, Apple could first release an iCloud Home app, which users can install on existing hardware, e.g. a dedicated Mac Mini.
Something I'd like to see clarified with reportage on this - is this purely about iPhone *backups*, or is it covering e2e iMessage "messages in the cloud" storage as well?
ie is it a backdoor to the working iCloud datastores, or is it just the dead storage of the backups?
If it's the latter, you can see why - person arrives at the border, suspected of having prohibited material on their phone, phone is found to have been wiped on the assumption it can be restored once they've cleared customs, etc.
Once again I find out about this shameless authoritarian power-grab by the supposedly social-democratic government of my country, a dank little island I call home, whose leaders and intellectuals simply can't stop banging on about the wonderful freedoms we enjoy and that we've formerly spread around the world, from an international journalist who wasn't afraid of a gagging order intended precisely to deprive us of the opportunity of learning what our "intelligence" apparatus wants. Such a shame that the only feature of our democracy that seems to be operable right now is the ceremony that we call elections.
@Joss I like the way you're dreaming!
@Sebby: yes. The current lot -- not sure they even merit the term ruling class -- are striving to make the UK compete with the good old USSR. But it's not as if there's been a British politician worth electing in the last 2 decades. We truly are recruiting from the shallowest end of the competence-pool these days.
@OUG Jeremy Corbyn certainly had baggage, no doubt about it, but IMNSHO he is what the country needed. Unfortunately when your politics offends the Professional and Managerial Cast (PMC) quite so much as his did, you get buried in shit, both from within and without your party, and every method to bring you down is employed. And it turns out a democracy requires, among other things, an informed public that is willing to put class considerations ahead of performative culture war divisions. See also Brexit, which unfortunately Corbyn did try to both-sides with terrible consequences. The outcomes of the 2017 and 2019 are well worth comparing; Corbyn is remembered for the latter, but did very well in the former, and I have no doubt that Brexit was the deciding factor there. His campaign basically melted down in light of that division and he was reduced to doing the economic populism thing, even promising free broadband, which ended up being a total humiliation. Very sad. Now Labour is just another Tory party, representing the PMC in full bloom; even the propertied and pensioned former Labour voters who rejected Corbyn over the Brexit issue can no longer stand Starmer's new-new Labour.
I'll give your president this: at least he's honest! You know *exactly* what you're getting from him and his ilk.
Yes, AFAICS, Trump is a wolf in wolf's clothing. The rest have been wolves in sheep's clothing. We'll see whether Trump 2.0 actually changes the overall direction of travel significantly, or whether like most of recent US history, he'll just be another president taking his turn tacking: the individual president's direction is a little different from the previous one but for some "strange" reason the overall direction is the same: more for the top 0.001%, less for everyone else. I saw a graph that showed that inequality rose more under Biden than under any other president in the last 40 or 50 years, and more under Clinton than under any other president but Biden, but it went up under all of them.
I had forgotten about Corbyn, and did like him at first. But at this point, it seems politicians simply shake your hand before the election and shake your confidence after it. Bernie & Warren seemed to be pro-people and now seem to be pro-big-pharma. The process seems to corrupt everyone it touches. And not as endearingly as portrayed by Yes Minister.
Anyway, it'll be interesting to see whether any Western government protests this move from the UK government. If they believe in democracy, freedom and privacy they should. Somehow I'm not holding my breath.
The request is so fundamental that simply disabling encryption on iCloud services or even shutting down iCloud services in the UK altogether would not suffice. They are demanding a magic key to access any user's iCloud data worldwide.
So, it's either a long-shot request in a prolonged negotiation or plain obnoxious ignorance. It would be almost impossible for Apple to comply without violating laws in other jurisdictions, making the only real option to pull out of the UK market entirely.
Moreover, it's highly unlikely that Apple will be the only company targeted—Google will be next. And if both Google and Apple pull out of the UK, what are they going to do?
This is a stupid and malicious request that should be canceled immediately, and those responsible for pushing it should be fired.
By the sound of things on Bruce Schneier's website, if Apple can't get support from Trump, they will have to inform everyone everywhere that they have been constrained to shut down iCloud, and then do so.
If I were them, I would then take revenge by dumping the UK entirely (no sales to Britain, no purchases from Britain -- apps, TV programs, access to UK internet sites) and I'd see whether I could get Microsoft/Google/Meta/Amazon/Intel/AMD/NVidia to do the same.
The UK can then try playing their silly games with Huawei, or whoever tries to fill the breach. I'm sure the Chinese will really care about British extraterritorial claims.
Perhaps if this plan of action were made to the British authorities, those in charge would think a little harder about what really matters to them.
