Apple Ordered To Give Access To Users' Encrypted Data

Uploaded on 2025-02-10 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Law, BUSINESS-Services-IT & Telecoms

British law enforcement agencies have demanded access to encrypted data stored by Apple users in its global cloud service. In particular, Apple has been asked to create a back door to encrypted data.

Apple has long promoted itself as a privacy leader, promising to protect their users' data from third-party access and, ss a consequence of this development, Phone, iPad and Mac users might be wondering what this development means for them.

Right now, only the Apple account holder can access their cloud-stored data. Its standard terms say “Apple Intelligence is the personal intelligence system that helps you write, express yourself and get things done effortlessly. With groundbreaking privacy protections, it gives you peace of mind that no one else can access your data, not even Apple.” However, the  demand from the British government Home Office, which has been made under the Investigatory Powers Act (IPA), insists Apple is obliged to provide  information requested.

The Investigatory Powers Act applies worldwide to any tech firm with a UK market, even if they are not located in Britain.

The demand applies to all content stored using what Apple calls "Advanced Data Protection" (ADP), which uses end-to-end encryption, where only the account holder can access the data stored, although this is an  opt-in service, which not all users choose choose to activate. his is because, while it makes your data more secure, it comes with a downside, it encrypts your data so heavily that it cannot be recovered if you lose access to your account.

The number of Apple users who choose to use ADP  is unknown and withdrawing the ADP from UK users might not be enough to ensure compliance. Apple has previously said it would withdraw encryption services like ADP from the UK market rather than comply with such government demands, telling the UK Parliament it would "never build a back door" in its products.

It is thought that the British government wants to access this data because of a risk to national security. It is required to follow a legal process and  have a good reason and request permission for a specific account in order to access data, just as they do with unencrypted data. It's also important to note that the government notice does not mean British government authorities are going to indiscriminately investigate  Apple users's data.

To date, no Western government has been successful in attempts to force big tech firms like Apple to break their encryption. Indeed, the US government has previously asked for this, but Apple refused. 

In 2016, Apple argued against a court order to write software which would allow US officials to access the iPhone of a gunman in a deadly massacre in San Bernardino, California. though this was resolved after the FBI were able to successfully access the device. Also in 2016, the US government dropped a similar action after it was able to gain access by discovering the person's passcode.

Similar cases have followed, including in 2020, when Apple would not unlock iPhones of a man who carried out a mass shooting at a US air base. The FBI later said it had been able to "gain access" to the phones.

Apple can appeal against the government's demand but cannot delay implementing the ruling during the process even if it is eventually overturned, according to the legislation. The government argues that encryption enables criminals to hide more easily, and the FBI in the US has also been critical of the ADP tool.

  • The renowned cyber security expert from Surrey University, Professor Alan Woodward, said he was "stunned" by the news, and privacy campaigners Big Brother Watch described the reports as "troubling".  
  • The  UK-based charity that defends and promotes the right to privacy, Privacy International, called it an "unprecedented attack" on the private data of individuals. "This misguided attempt at tackling crime and terrorism will not make the UK safer, but it will erode the fundamental rights and civil liberties of the entire population," the group said in a statement.
  • In contrast, UK children's charity the NSPCC has previously described encryption as being on the front line of child abuse because it enables abusers to share hidden content. 

Apple maintains that privacy for its customers is at the heart of all its products and services. In 2024 the company contested proposed changes to the Investigatory Powers Act, calling it an "unprecedented over-reach" of a government. These changes also included giving the UK government the power to veto new security measures before they were implemented, and these measures were passed into law.

Apple   |     Apple   |   BBC   |   Guardian   |    Washington Post  |    Reuters   |   USA Today

Image: Ideogram

You Might Also Read: 

Apple Uses Surveillance To Detect Child Abuse:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Leading Israeli Cyber Security Companies 
DeepSeek Exposes Sensitive Data »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Northwave

Northwave

Northwave offers an Intelligent combination of cyber security services to protect your information.

Cydome

Cydome

Cydome offers full-spectrum cybersecurity solutions tailored for the maritime industry.

Syhunt Security

Syhunt Security

Syhunt is a leading player in the web application security field, delivering its assessment tools to a range of organizations across the globe.

BeDefended

BeDefended

BeDefended is an Italian company operating in IT Security and specialized in Cloud and Application Security with years of experience in penetration testing, consulting, training, and research.

HOBI International

HOBI International

HOBI International is a leading mobile, IT and data center asset management provider with solutions for device management, reverse logistics, data erasure, refurbishment and recycling.

GlobalPass

GlobalPass

Covering 200+ countries with 78 000 databases, GlobalPass provides sophisticated facial biometrics verification and deep screening, delivering peace of mind to every client.

Conduent

Conduent

Conduent delivers mission-critical technology services and solutions on behalf of businesses and governments. Solution areas include digital risk and compliance.

Liongard

Liongard

Liongard automates the management and protection of modern IT environments at scale for IT MSPs - Managed Service Providers and Enterprise IT Operations.

Acreto

Acreto

Acreto is an end-to-end security infrastructure that protects all your technologies with a single, simple cloud service.

Data#3 Limited (DTL)

Data#3 Limited (DTL)

Data#3 Limited (DTL) is a leading Australian IT services and solutions provider.

Capital Network Solutions

Capital Network Solutions

Capital Network Solutions are a highly accredited managed IT services and consultancy provider, specialising in cyber security, infrastructure and communications.

META-Cyber

META-Cyber

META-cyber was founded by engineers with experience in process and control-protection to provide cyber security for industrial infrastructure.

Surefire Cyber

Surefire Cyber

Surefire Cyber delivers swift, strong response to cyber incidents such as ransomware, email compromise, malware, data theft, and other threats with end-to-end response capabilities.

Paramount Defenses

Paramount Defenses

Paramount Defenses have unrivaled capability in two of the most critical areas in cyber security today – Active Directory Security and Privileged Access.

Miggo Security

Miggo Security

Miggo is the first Application Detection and Response (ADR) platform on a mission to stop application breaches.

Ryan Financial Lines

Ryan Financial Lines

Ryan Financial Lines Cyber provides risk transfer solutions for complex cyber and technology exposures, globally.