Apple Ordered To Give Access To Users' Encrypted Data

Uploaded on 2025-02-10 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Law, BUSINESS-Services-IT & Telecoms

British law enforcement agencies have demanded access to encrypted data stored by Apple users in its global cloud service. In particular, Apple has been asked to create a back door to encrypted data.

Apple has long promoted itself as a privacy leader, promising to protect their users' data from third-party access and, ss a consequence of this development, Phone, iPad and Mac users might be wondering what this development means for them.

Right now, only the Apple account holder can access their cloud-stored data. Its standard terms say “Apple Intelligence is the personal intelligence system that helps you write, express yourself and get things done effortlessly. With groundbreaking privacy protections, it gives you peace of mind that no one else can access your data, not even Apple.” However, the  demand from the British government Home Office, which has been made under the Investigatory Powers Act (IPA), insists Apple is obliged to provide  information requested.

The Investigatory Powers Act applies worldwide to any tech firm with a UK market, even if they are not located in Britain.

The demand applies to all content stored using what Apple calls "Advanced Data Protection" (ADP), which uses end-to-end encryption, where only the account holder can access the data stored, although this is an  opt-in service, which not all users choose choose to activate. his is because, while it makes your data more secure, it comes with a downside, it encrypts your data so heavily that it cannot be recovered if you lose access to your account.

The number of Apple users who choose to use ADP  is unknown and withdrawing the ADP from UK users might not be enough to ensure compliance. Apple has previously said it would withdraw encryption services like ADP from the UK market rather than comply with such government demands, telling the UK Parliament it would "never build a back door" in its products.

It is thought that the British government wants to access this data because of a risk to national security. It is required to follow a legal process and  have a good reason and request permission for a specific account in order to access data, just as they do with unencrypted data. It's also important to note that the government notice does not mean British government authorities are going to indiscriminately investigate  Apple users's data.

To date, no Western government has been successful in attempts to force big tech firms like Apple to break their encryption. Indeed, the US government has previously asked for this, but Apple refused. 

In 2016, Apple argued against a court order to write software which would allow US officials to access the iPhone of a gunman in a deadly massacre in San Bernardino, California. though this was resolved after the FBI were able to successfully access the device. Also in 2016, the US government dropped a similar action after it was able to gain access by discovering the person's passcode.

Similar cases have followed, including in 2020, when Apple would not unlock iPhones of a man who carried out a mass shooting at a US air base. The FBI later said it had been able to "gain access" to the phones.

Apple can appeal against the government's demand but cannot delay implementing the ruling during the process even if it is eventually overturned, according to the legislation. The government argues that encryption enables criminals to hide more easily, and the FBI in the US has also been critical of the ADP tool.

  • The renowned cyber security expert from Surrey University, Professor Alan Woodward, said he was "stunned" by the news, and privacy campaigners Big Brother Watch described the reports as "troubling".  
  • The  UK-based charity that defends and promotes the right to privacy, Privacy International, called it an "unprecedented attack" on the private data of individuals. "This misguided attempt at tackling crime and terrorism will not make the UK safer, but it will erode the fundamental rights and civil liberties of the entire population," the group said in a statement.
  • In contrast, UK children's charity the NSPCC has previously described encryption as being on the front line of child abuse because it enables abusers to share hidden content. 

Apple maintains that privacy for its customers is at the heart of all its products and services. In 2024 the company contested proposed changes to the Investigatory Powers Act, calling it an "unprecedented over-reach" of a government. These changes also included giving the UK government the power to veto new security measures before they were implemented, and these measures were passed into law.

Apple   |     Apple   |   BBC   |   Guardian   |    Washington Post  |    Reuters   |   USA Today

Image: Ideogram

You Might Also Read: 

Apple Uses Surveillance To Detect Child Abuse:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Combating Cyber Threats In The Age Of AI 

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Voyager Networks

Voyager Networks

Voyager Networks is an IT solutions business with a focus on Enterprise Networks, Security and Collaborative Communications.

Opengear

Opengear

Opengear ensures network resilience to enterprises by enabling business continuity with the Network Resilience Platform.

Attivo Networks

Attivo Networks

Attivo Networks is an award winning provider of deception for in-network threat detection, attack forensic analysis, and continuous threat response.

SISA

SISA

SISA is a global forensics-driven cybersecurity solutions company, trusted by leading organizations for securing their businesses with robust preventive and corrective cybersecurity solutions.

OneWelcome

OneWelcome

Onegini and iWelcome have merged to become OneWelcome, the largest European Identity Access Management Saas Vendor.

Phirelight Security Solutions

Phirelight Security Solutions

Phirelight empowers an enterprise to easily understand how their networks behave, while at the same time assessing and managing cyber threats in real time.

Proficio

Proficio

Proficio is a world-class Managed Security Service Provider providing managed detection and response solutions, 24×7 security monitoring and advanced data breach prevention services worldwide.

Havelsan

Havelsan

HAVELSAN is a leading technology company in Turkey developing indigenous systems for domestic and foreign military, public and private sector clients.

LightEdge Solutions

LightEdge Solutions

LightEdge’s highly-trained compliance and security experts take the guesswork out of keeping your business protected.

Synectics Solutions

Synectics Solutions

Synectics deliver solutions for reducing risk, combating financial crime, and enabling organisations to meet their compliance and regulatory commitments.

Knovos

Knovos

Knovos is a leading technology innovator developing solutions for automating, integrating, and innovating Information Governance.

Enea

Enea

Enea is one of the world’s leading specialists in software for telecommunications and cybersecurity. Our products are used to enable services for mobile subscribers, enterprise customers and IoT.

Robo Shadow

Robo Shadow

Robo Shadow are trying to bridge the gap between the top tier organisations that can afford everything and everyone else who has to “Make it up as they go along” when it comes to Cyber.

Think|Stack

Think|Stack

Think|Stack is a managed IT services company specializing in cloud and cybersecurity with human-centered design.

Digital Catapult

Digital Catapult

Digital Catapult is the UK authority on advanced digital technology. We bring out the best in business by accelerating new possibilities with advanced digital technologies.

Staley Technologies

Staley Technologies

Staley Technologies is a US nationwide structured cabling, technology integrator, and Managed IT & Cyber Security provider.