Apple’s Encryption vs. the UK’s “Snooper’s Charter”
In a dramatic standoff over user privacy, Apple faced a significant challenge. Apple decided to withdraw its Advanced Data Protection (ADP) feature from the UK market. This decision was made rather than bow to government pressure. ADP is Apple’s optional setting. It extends end-to-end encryption to iCloud backups, photos, notes, and more. This means only the account holder can access that cloud data. Not even Apple can access it. Cybersecurity experts lauded this extra security layer as a critical step to protect users amid rising data breaches.
The UK government’s Home Office issued a secret demand under the Investigatory Powers Act (IPA) 2016. This law is often dubbed the “Snooper’s Charter” for its sweeping surveillance powers. It required Apple to build a backdoor so authorities could access even those encrypted iCloud contents. Apple’s response? A firm “No, thank you” – followed by the total removal of ADP for UK users.
As of February 2025, new UK users can’t enable end-to-end iCloud encryption. Existing users will be informed that they need to turn it off to keep using iCloud. Apple stated it is “gravely disappointed” to be forced into this move. Apple emphasizes that it will never create backdoors or master keys for any of its products. In Apple’s view, weakening encryption even just for the “good guys” would fundamentally undermine the security of all users.
The Home Office demand, reportedly made under IPA’s provisions, wasn’t limited to UK iCloud accounts either. It sought the ability to access any Apple user’s encrypted cloud data worldwide, effectively asking for a universal skeleton key. One expert described this as “a brazen, imperialist manoeuvre” by the UK. They suggested it is the overreach you’d sooner expect from an authoritarian regime than a Western democracy. Faced with such an ultimatum, Apple’s drastic countermeasure is to pull ADP entirely. This action sends a sharp message. Rather than weaken its encryption for one country, it would sooner withdraw a security feature. This choice even means leaving UK customers with less protection.
Experts Warn: Weakening Encryption Leaves Brits Exposed
Apple’s hard line stance has been met with widespread agreement among cybersecurity experts. Privacy advocates have criticized the UK government’s approach. They see it as short-sighted and dangerous. Professor Alan Woodward, a computer security expert, argued that strong encryption is non-negotiable for safety. He said Apple’s refusal delivers a “strong message”. According to him, compromising security for government access is unacceptable.
Digital rights organisations are even more scathing. Big Brother Watch said the secret order is “outrageous.” They stated, “from today Apple’s UK customers are less safe and secure.” The Open Rights Group echoed that sentiment. They criticised the government for depriving millions of Britons of a key security feature.
Those on the front lines of privacy litigation agree. Andrew Crocker, surveillance litigation director at EFF, said the UK had put Apple in an “untenable position”. Apple’s choice to disable ADP for UK users “could well be the only reasonable response” given the circumstances. Still, this decision “leaves those people at the mercy of bad actors.”
Even globally, alarm bells are ringing. The Global Encryption Coalition includes over 100 tech companies, experts, and civil society groups. They called on the UK to reverse course. Privacy advocacy group Access Now likewise slammed the order as “equivalent to mandating vulnerability” in UK products. By forcing a major provider to remove end-to-end encryption, the UK creates a significant gap in security. It is now “the weakest link in the chain” of international data security.
Lessons from Real-World Breaches
The UK authorities insist their intentions are to fight crime and threats. But, security experts counter that you can’t build a “good guys only” backdoor. Any weakness will eventually be found and exploited by bad actors. There have been multiple real-world examples where government-mandated vulnerabilities have been exploited by hackers:
- Juniper Networks Incident (2015): A hidden backdoor in Juniper firewall software, allegedly introduced by a government agency, was later hijacked by attackers, exposing corporate and government data.
- FREAK & DROWN Attacks: These attacks exploited old encryption standards that governments had originally mandated to be weak, demonstrating that intentionally weakening encryption has long-term consequences.
- Salt Typhoon Hack: Chinese state-linked hackers reportedly hijacked law enforcement backdoors in the US telephone network, proving that backdoors built for one government can and will be exploited by others.
UK vs The World: How Do Data Protection Laws Compare?
The UK’s approach to encrypted data access is increasingly making it an outlier among liberal democracies:
- EU: The General Data Protection Regulation (GDPR) protects encryption as a fundamental right. The European Commission has explicitly stated it will “not weaken encryption (no backdoors).”
- US: While law enforcement has lobbied for backdoors, no law like IPA exists. Apple successfully resisted the FBI’s demands to unlock an iPhone in the San Bernardino case.
- Australia: Passed a law allowing authorities to force companies to decrypt data. Yet, it has not yet tested the law at scale. Apple has strongly opposed these measures.
What Can UK Consumers Do to Protect Their Data?
With Apple’s ADP gone, UK consumers should take proactive steps:
- Manually encrypt files before uploading to the cloud using services like Boxcryptor, Cryptomator, or VeraCrypt.
- Use local backups with encrypted storage options rather than relying solely on iCloud.
- Allow multi-factor authentication (MFA) on all accounts to add an extra layer of security.
- Consider privacy-focused services like ProtonMail or Signal, which still offer end-to-end encryption.
- Stay informed and engaged with digital rights organisations advocating for stronger privacy protections.
Conclusion
Apple’s UK encryption pull-out is a watershed moment in the global privacy vs. surveillance debate. The UK government claims this is about national security. Yet, security experts argue that forcing backdoors into encryption exposes everyone to greater risks. The tech world will be watching closely. They want to see whether this decision sparks a rethink in Westminster. It also sets a dangerous precedent for other countries to follow.
Sources:
| Source | Description |
|---|---|
| TechRound | Coverage of Apple’s ADP withdrawal and expert commentary |
| The Guardian | Reports on the UK government’s secret demands under IPA 2016 |
| Big Brother Watch | Advocacy statements against encryption backdoors |
| Open Rights Group | Criticism of the UK government’s approach to encryption |
| European Commission | Official stance on encryption within GDPR |
| Electronic Frontier Foundation | Expert analysis on encryption and legal implications |
| Global Encryption Coalition | Industry-wide response to UK policy |
| Access Now | International perspective on encryption vulnerabilities |
| Wired | Reports on historical encryption backdoor abuses |
| The Register | Analysis of UK surveillance laws and global comparisons |
