Apple Ordered To Give Access To Users' Encrypted Data

Uploaded on 2025-02-10 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Law, BUSINESS-Services-IT & Telecoms

British law enforcement agencies have demanded access to encrypted data stored by Apple users in its global cloud service. In particular, Apple has been asked to create a back door to encrypted data.

Apple has long promoted itself as a privacy leader, promising to protect their users' data from third-party access and, ss a consequence of this development, Phone, iPad and Mac users might be wondering what this development means for them.

Right now, only the Apple account holder can access their cloud-stored data. Its standard terms say “Apple Intelligence is the personal intelligence system that helps you write, express yourself and get things done effortlessly. With groundbreaking privacy protections, it gives you peace of mind that no one else can access your data, not even Apple.” However, the  demand from the British government Home Office, which has been made under the Investigatory Powers Act (IPA), insists Apple is obliged to provide  information requested.

The Investigatory Powers Act applies worldwide to any tech firm with a UK market, even if they are not located in Britain.

The demand applies to all content stored using what Apple calls "Advanced Data Protection" (ADP), which uses end-to-end encryption, where only the account holder can access the data stored, although this is an  opt-in service, which not all users choose choose to activate. his is because, while it makes your data more secure, it comes with a downside, it encrypts your data so heavily that it cannot be recovered if you lose access to your account.

The number of Apple users who choose to use ADP  is unknown and withdrawing the ADP from UK users might not be enough to ensure compliance. Apple has previously said it would withdraw encryption services like ADP from the UK market rather than comply with such government demands, telling the UK Parliament it would "never build a back door" in its products.

It is thought that the British government wants to access this data because of a risk to national security. It is required to follow a legal process and  have a good reason and request permission for a specific account in order to access data, just as they do with unencrypted data. It's also important to note that the government notice does not mean British government authorities are going to indiscriminately investigate  Apple users's data.

To date, no Western government has been successful in attempts to force big tech firms like Apple to break their encryption. Indeed, the US government has previously asked for this, but Apple refused. 

In 2016, Apple argued against a court order to write software which would allow US officials to access the iPhone of a gunman in a deadly massacre in San Bernardino, California. though this was resolved after the FBI were able to successfully access the device. Also in 2016, the US government dropped a similar action after it was able to gain access by discovering the person's passcode.

Similar cases have followed, including in 2020, when Apple would not unlock iPhones of a man who carried out a mass shooting at a US air base. The FBI later said it had been able to "gain access" to the phones.

Apple can appeal against the government's demand but cannot delay implementing the ruling during the process even if it is eventually overturned, according to the legislation. The government argues that encryption enables criminals to hide more easily, and the FBI in the US has also been critical of the ADP tool.

  • The renowned cyber security expert from Surrey University, Professor Alan Woodward, said he was "stunned" by the news, and privacy campaigners Big Brother Watch described the reports as "troubling".  
  • The  UK-based charity that defends and promotes the right to privacy, Privacy International, called it an "unprecedented attack" on the private data of individuals. "This misguided attempt at tackling crime and terrorism will not make the UK safer, but it will erode the fundamental rights and civil liberties of the entire population," the group said in a statement.
  • In contrast, UK children's charity the NSPCC has previously described encryption as being on the front line of child abuse because it enables abusers to share hidden content. 

Apple maintains that privacy for its customers is at the heart of all its products and services. In 2024 the company contested proposed changes to the Investigatory Powers Act, calling it an "unprecedented over-reach" of a government. These changes also included giving the UK government the power to veto new security measures before they were implemented, and these measures were passed into law.

Apple   |     Apple   |   BBC   |   Guardian   |    Washington Post  |    Reuters   |   USA Today

Image: Ideogram

You Might Also Read: 

Apple Uses Surveillance To Detect Child Abuse:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Combating Cyber Threats In The Age Of AI 
DeepSeek Exposes Sensitive Data »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

ISACA

ISACA

ISACA is a global professional association and learning organization for members who work in information security, governance, assurance, rissk and privacy.

Security Audit Systems

Security Audit Systems

Security Audit Systems is a website security specialist providing website security audits and managed web security services.

Claroty

Claroty

Claroty was conceived to secure and optimize OT networks that run the world’s most critical infrastructures.

EdgeWave

EdgeWave

EdgeWave provides simple but highly effective data security and advanced threat protection in solutions that are affordable, scalable and easy to use.

SecuTech Solutions

SecuTech Solutions

SecuTech is a global leader in providing strong authentication and software licensing management solutions.

Me Learning

Me Learning

Me Learning provides engaging, informative and clearly explained learning materials for complex and challenging professional environments in areas including GDPR and Information Governance.

AAROH

AAROH

AAROH helps customers in Government, Law Enforcement, and Enterprises to identify, prevent, detect, resolve and protect from threats, crimes, breaches & fraud.

STM

STM

STM provides system engineering, technical support, project management, technology transfer and logistics support services for the Turkish Armed Forces.

Expanse

Expanse

Expanse SaaS-delivered products plus service expertise reduce your internet edge risk to prevent breaches and successful attacks.

Baffin Bay Networks

Baffin Bay Networks

Baffin Bay Networks operates globally distributed Threat Protection Centers™, offering DDoS protection, Web Application Protection and Threat Inspection.

Department of Justice - Office of Cybercrime (DOJ-OOC)

Department of Justice - Office of Cybercrime (DOJ-OOC)

The Office of Cybercrime within the Philippines Department of Justice is the Central Authority in all matters relating to international mutual assistance and extradition for cybercrime.

Internet 2.0

Internet 2.0

Internet 2.0 is a Cyber Security technology company with a core focus on developing affordable but sophisticated cyber security solutions.

Bit Sentinel

Bit Sentinel

Bit Sentinel is an information security company. We help companies like yours discover, prioritize, and effectively remediate potential cybersecurity risks.

Cybersecurity Dubai

Cybersecurity Dubai

Protect your business from cyber-attacks with Cybersecurity Dubai, your partner in online security solutions.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

OpenZiti

OpenZiti

OpenZiti is the world’s most used and widely integrated open source secure networking platform. OpenZiti provides both zero trust security and overlay networking as pure open source software.