Apple has withdrawn its most secure cloud storage service from the UK, marking the latest development in an ongoing battle between US tech companies and successive British governments. The dispute revolves around end-to-end encryption, a method of secure communication that allows only the sender and receiver to view messages.
Ministers have argued that the current form of this technology is hindering law enforcement agencies in catching criminals, including terrorists and paedophiles. However, Apple and other tech companies refuse to compromise on the privacy commitments they have made to their customers.
In an attempt to address this issue, the UK government introduced client-side scanning under the Online Safety Act 2023. This move was met with resistance from Meta’s WhatsApp and Signal, leading the government to rethink its approach.
Now, the government has utilized the Investigatory Powers Act (IPA) to compel Apple to grant security authorities access to encrypted cloud data, which Apple itself cannot access. Instead of creating a backdoor for the government, Apple has chosen to disable Advanced Data Protection (ADP) in the UK, its most advanced encryption tool for cloud security.
While this compliance with the law satisfies the government’s demands, it means that UK users have lost an additional layer of security. The government justifies its actions by pointing to an increase in offences related to online indecent images of children and public support for technological solutions that enable the identification of such crimes.
Despite the government’s stance, tech companies and security experts argue that creating a backdoor could compromise the security and privacy of all users. Many have been unsuccessful in developing a viable solution over the past 30 years.
In addition to tech companies, civil society organizations, companies, and cybersecurity experts have raised concerns about the implications of the government’s demands on security and privacy rights. They argue that the move sets a dangerous precedent for global cybersecurity.
Although the US government has previously asked Apple to assist with criminal investigations by breaking encryption, the UK government’s decision to take on major US tech companies presents a significant challenge.