Apple has pulled the plug on its highest level data security tool in the UK, with it confirming that the encryption of UK customer data stored on its cloud storage service, iCloud, has come to an end.
The move follows a row between the American tech firm and the UK Government, which has demanded to be allowed access to encrypted data stored by Apple users worldwide in its cloud service – data that Apple could not even access.
Such data held by UK customers can now be accessed by Apple and is shareable with UK law enforcement if they have a warrant.
The UK Home Office had reportedly made the demand under the Investigatory Powers Act (IPA), which compels organisations to provide information to law enforcement agencies.
The Home Office had not publicly confirmed it had made such a request, previously stating: “We do not comment on operational matters, including for example confirming or denying the existence of any such notices.”
Apples’ Advanced Data Protection, external (ADP) ensures that only account holders can view items such as photos or documents they have stored online through end-to-end encryption.
Apple, which says it views privacy as a fundamental human right, said it was “gravely disappointed” that ADP is no longer available to UK customers.
It added: “As we have said many times before, we have never built a backdoor or master key to any of our products, and we never will.”
Nick France, CTO of website security company Sectigo, said the Investigatory Powers Act amendment, with its push for encryption backdoors and the ability to grant, or not, permission for companies to patch vulnerabilities, is raising alarm bells in the tech sector.
“It’s a double-edged sword, hampering innovation and competitiveness while simultaneously weakening security,” he explained.
“Companies fear the loss of consumer and business trust, potentially driving talent and opportunities to more privacy-friendly regulatory environments. This creates a chilling effect on innovation, as companies weigh the risks of reduced trust and security against the potential benefits of cooperating with the government. Ultimately, the amendment may achieve the opposite of its stated purpose, jeopardising national security and economic growth in the pursuit of increased surveillance capabilities.”
Alan Woodward, a computer security Professor at the University of Surrey, described it as an act of self harm by the UK Government, adding that he considered it to be a very disappointing development.
He said: “All the Government has achieved is to weaken online security and privacy for UK-based users. It was naïve of them to think they could tell a US technology company what to do globally.”
Photo by Matheus Cenali on Unsplash
Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.
