Backdoor Access To Apple User Data Condemned

US lawmakers and human rights advocates have united in making a strong condemnation what is being called the British government's "dangerous" and "shortsighted" request to be able to access encrypted data stored by Apple users worldwide in its cloud service. 

The order has been served by the Home Office under the Investigatory Powers Act, which compels firms to provide information to law enforcement agencies. Under the law, the demand by the Home Office cannot be made public.

Senator Ron Wyden and Congressman Andy Biggs have written to the  newly appointed US National Intelligence Director, Tulsi Gabbard, saying the demand threatens the privacy and security of the US. They urge her to give the British an ultimatum: "Back down from this dangerous attack on US cybersecurity, or face serious consequences."

International human rights organisations including Human Rights Watch (HRW) have condemned a recent order by the United Kingdom government demanding Apple provide access to encrypted user data.The order, reportedly issued by the UK Home Office in January 2025, targets Apple's Advanced Data Protection feature, which employs end-to-end encryption to secure cloud-stored data. 

"The United Kingdom government's order to Apple to allow access to encrypted cloud data harms the privacy rights of users in the UK and worldwide," Amnesty International and Human Rights Watch have said.

This uses end-to-end encryption, where only the account holder can access the data stored. Apple itself cannot see it. It is an opt-in service, and not all users choose to activate it.Apple said that that it views Privacy as a "Fundamental Human Right”, which is on their Website.

Senator Wyden and Congressman Biggs say agreeing to the request would "undermine Americans' privacy rights and expose them to espionage by China, Russia and other adversaries". They state that Apple does not make different versions of its encryption software for each country it operates in and, therefore, Apple customers in the UK will use the same software as Americans.

The UK government has that it does not want to start combing through everybody's data, but it would want to access it if there were a risk to national security and so it would focus on an individual, rather than using it for mass surveillance. British authorities would still have to follow a legal process, have a good reason and request permission for a specific account in order to access data - just as they do now with unencrypted data.

Apple has previously said it would pull encryption services like ADP from the UK market rather than comply with such government demands, telling Parliament it would "never build a back door" in its products.

WhatsApp, owned by Meta, has also said that  it would choose being blocked over weakening message security.
But even withdrawing the product from the UK might not be enough to ensure compliance, the Investigatory Powers Act applies worldwide to any tech firm with a UK market, even if they are not based there.

This change by the UK government has upset privacy campaigners, with Privacy International calling it an "unprecedented attack" on the private data of individuals. however,  the US government itself has also previously asked Apple to break its encryption as part of criminal investigations.

Washington Post   |   BBC   |   BBC   |   Andrew Biggs   |   Tribune India   

Image:  Şeyma D

You Might Also Read: 

Telegram Disables Features Used For Illegal Activity:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 



 

« Ukraine Warns Of Growing Russian Use Of AI In Cyberwar Operations
TikTok Returns To US App Stores »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Cyberis

Cyberis

Cyberis are pioneers in customer-focussed information security. Since 2011, we’ve been helping businesses protect their brands, customers and reputation.

DigiCert

DigiCert

DigiCert is the only provider of enterprise-grade SSL, IoT and PKI solutions. Our certificates are trusted everywhere, millions of times every day, by companies across the globe.

Team Cymru Research NFP

Team Cymru Research NFP

Team Cymru Research is a group of technologists passionate about making the Internet more secure and dedicated to that goal.

Acunetix

Acunetix

Acunetix is a leading web vulnerability scanner, widely acclaimed to include the most advanced SQL injection and XSS black box scanning technology.

Gigasoft

Gigasoft

Gigasoft provide secure online data backup & cloud backup services for the education sector and businesses.

NextLabs

NextLabs

NextLabs provides data-centric security software to protect business-critical data and applications.

GuardKnox

GuardKnox

GuardKnox protects the users of connected vehicles against threats that can endanger their physical safety and the safety of their personal information.

Quadrant Information Security

Quadrant Information Security

Quadrant Information Security is a consulting firm committed to supporting organizations in all vertical markets and protecting their sensitive data.

Cyjax

Cyjax

Cyjax monitors the Internet to identify the digital risks to your organisation, including cyber threats, reputational risks and the Darknet.

ODSC

ODSC

ODSC is a security systems integrator that provides services and expertise in identity management and access.

Pentera Security

Pentera Security

Pentera (formerly Pcysys) is focused on the inside threat. Our automated penetration-testing platform mimics the hacker's attack - automating the discovery of vulnerabilities.

Exceed Cybersecurity & I.T. Services

Exceed Cybersecurity & I.T. Services

Exceed Cybersecurity & I.T. Services is a premier Managed Internet Technology (I.T.) company with a focus in cybersecurity risk management and CMMC compliance management.

Symbol Security

Symbol Security

Through situational learning, simulations, and a gamified user experience, Symbol strengthens the cyber awareness of employees and helps companies lower cyber risk.

Nullify

Nullify

Nullify is your automated security sentry that continuously finds and fixes security issues across your codebase.

Price Forbes

Price Forbes

Building on more than 100 years of specialist insurance broking, Price Forbes partner with clients around the world who are looking to understand and balance today’s risk and plan for the future.

Cybermate

Cybermate

Cybermate is the first affordable, gamified ‘Psybersecurity’ awareness training platform that reduces behavioural risk and achieves compliance with Australian cybersecurity standards.