Apple is forced to stop end-to-end encryption of iCloud backups in the UK. The company is doing so under government pressure and as a way out of having to provide a backdoor into iCloud.
Apple customers in the United Kingdom are losing access to the Advanced Data Protection feature in iCloud. This allows users to encrypt their data end-to-end in the cloud. Such encryption ensures that only the owner of the data has access to it and no one – not even Apple – is able to read it.
Secret order
The UK government took offense to that. Under the pretext of security, the country issued a secret order to Apple requiring the company to build in a security backdoor. As we described earlier, such a demand rests on a fundamental misunderstanding of how encryption works, and by giving in to it, Apple would leave data from all of its customers susceptible to misuse by hackers and spies.
read also
UK busting Apple security worldwide, US prattling against
Apple therefore refuses to build loopholes into its own solutions. Therefore, the only legal option for the company is to stop offering encryption in the UK. Thus, while all Advanced Data Protection users in the U.K. bear the brunt of their government’s order, Apple must not compromise the security of the solution for users elsewhere in the world.
Apple is clear
In a response, Apple said the following: ““Apple can no longer offer Advanced Data Protection (ADP) in the United Kingdom to new users and current UK users will eventually need to disable this security feature. ADP protects iCloud data with end-to-end encryption, which means the data can only be decrypted by the user who owns it, and only on their trusted devices. We are gravely disappointed that the protections provided by ADP will not be available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy.”
The company further explains, “Enhancing the security of cloud storage with end-to-end encryption is more urgent than ever before. Apple remains committed to offering our users the highest level of security for their personal data and are hopeful that we will be able to do so in the future in the United Kingdom. As we have said many times before, we have never built a backdoor or master key to any of our products or services and we never will.”
Dubious victory
The result of the UK injunction is now that government agencies can theoretically read into criminals’ data in iCloud, assuming they continue to use iCloud without encryption. As a certain side effect, all data from iCloud customers who haven’t done anything wrong does become worse protected from misuse by criminals.