Following demands from the UK government for backdoor access to encrypted user data, Apple has announced that it will be removing its Advanced Data Protection (ADP) feature for iCloud in the UK, effective immediately.
This development was first reported by Bloomberg.
The ADP feature for iCloud is an optional setting that allows users to ensure their trusted devices are the only ones with access to the encryption keys used to unlock their data stored in iCloud, including iCloud Backup, Photos, Notes, Reminders, Safari Bookmarks, voice memos, and more.
Apple expressed disappointment at the UK government’s demands, stating, “We are gravely disappointed that the protections provided by ADP will not be available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy.”
ADP provides end-to-end encryption for iCloud data, meaning only the user who owns the data can decrypt it, and only on their trusted devices.
Existing ADP users will need to disable the feature manually for an unspecified period, as Apple “does not have the ability to automatically disable it on their behalf.”
This move comes just weeks after reports emerged that the UK government had ordered Apple to create a backdoor to access any Apple user’s iCloud content.
According to The Washington Post, the UK Home Office’s demand under the Investigatory Powers Act (IPA) requires a “blanket capability to view fully encrypted material, not merely assistance in cracking a specific account.”
With the removal of ADP in the UK, Apple now only offers standard data protection for iCloud, which encrypts user data but stores the encryption keys in its data centers, making it accessible to law enforcement with a warrant.
Last week, US Senator Ron Wyden and Member of Congress Andy Biggs sent a letter to Tulsi Gabbard, Director of National Intelligence, urging the UK to retract its order, citing concerns over the privacy and security of American people and the US government.
“If the UK does not immediately reverse this dangerous effort, we urge you to reevaluate US-UK cybersecurity arrangements and programs as well as US intelligence sharing with the UK,” they added.
