Apple Ordered To Give Access To Users' Encrypted Data

Uploaded on 2025-02-10 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Law, BUSINESS-Services-IT & Telecoms

British law enforcement agencies have demanded access to encrypted data stored by Apple users in its global cloud service. In particular, Apple has been asked to create a back door to encrypted data.

Apple has long promoted itself as a privacy leader, promising to protect their users' data from third-party access and, ss a consequence of this development, Phone, iPad and Mac users might be wondering what this development means for them.

Right now, only the Apple account holder can access their cloud-stored data. Its standard terms say “Apple Intelligence is the personal intelligence system that helps you write, express yourself and get things done effortlessly. With groundbreaking privacy protections, it gives you peace of mind that no one else can access your data, not even Apple.” However, the  demand from the British government Home Office, which has been made under the Investigatory Powers Act (IPA), insists Apple is obliged to provide  information requested.

The Investigatory Powers Act applies worldwide to any tech firm with a UK market, even if they are not located in Britain.

The demand applies to all content stored using what Apple calls "Advanced Data Protection" (ADP), which uses end-to-end encryption, where only the account holder can access the data stored, although this is an  opt-in service, which not all users choose choose to activate. his is because, while it makes your data more secure, it comes with a downside, it encrypts your data so heavily that it cannot be recovered if you lose access to your account.

The number of Apple users who choose to use ADP  is unknown and withdrawing the ADP from UK users might not be enough to ensure compliance. Apple has previously said it would withdraw encryption services like ADP from the UK market rather than comply with such government demands, telling the UK Parliament it would "never build a back door" in its products.

It is thought that the British government wants to access this data because of a risk to national security. It is required to follow a legal process and  have a good reason and request permission for a specific account in order to access data, just as they do with unencrypted data. It's also important to note that the government notice does not mean British government authorities are going to indiscriminately investigate  Apple users's data.

To date, no Western government has been successful in attempts to force big tech firms like Apple to break their encryption. Indeed, the US government has previously asked for this, but Apple refused. 

In 2016, Apple argued against a court order to write software which would allow US officials to access the iPhone of a gunman in a deadly massacre in San Bernardino, California. though this was resolved after the FBI were able to successfully access the device. Also in 2016, the US government dropped a similar action after it was able to gain access by discovering the person's passcode.

Similar cases have followed, including in 2020, when Apple would not unlock iPhones of a man who carried out a mass shooting at a US air base. The FBI later said it had been able to "gain access" to the phones.

Apple can appeal against the government's demand but cannot delay implementing the ruling during the process even if it is eventually overturned, according to the legislation. The government argues that encryption enables criminals to hide more easily, and the FBI in the US has also been critical of the ADP tool.

  • The renowned cyber security expert from Surrey University, Professor Alan Woodward, said he was "stunned" by the news, and privacy campaigners Big Brother Watch described the reports as "troubling".  
  • The  UK-based charity that defends and promotes the right to privacy, Privacy International, called it an "unprecedented attack" on the private data of individuals. "This misguided attempt at tackling crime and terrorism will not make the UK safer, but it will erode the fundamental rights and civil liberties of the entire population," the group said in a statement.
  • In contrast, UK children's charity the NSPCC has previously described encryption as being on the front line of child abuse because it enables abusers to share hidden content. 

Apple maintains that privacy for its customers is at the heart of all its products and services. In 2024 the company contested proposed changes to the Investigatory Powers Act, calling it an "unprecedented over-reach" of a government. These changes also included giving the UK government the power to veto new security measures before they were implemented, and these measures were passed into law.

Apple   |     Apple   |   BBC   |   Guardian   |    Washington Post  |    Reuters   |   USA Today

Image: Ideogram

You Might Also Read: 

Apple Uses Surveillance To Detect Child Abuse:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Leading Israeli Cyber Security Companies 
DeepSeek Exposes Sensitive Data »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

NetFort

NetFort

NetFort provides software products to monitor activity on virtual and physical networks.

Sage Designs

Sage Designs

Sage Designs is a provider of SCADA, Security & Industrial Automation products and training programs.

Achtwerk

Achtwerk

Achtwerk manufacture the security appliance IRMA for critical infrastructures and networked automation in production plants.

MER Group

MER Group

MER Group is a world-leading solutions provider specializing in Homeland Security (HLS), Cyber and Intelligence, Communication Infrastructure and Tactical Communication Systems.

NESECO

NESECO

NESECO is an IT security integration and consulting firm providing security products, solutions, support, consulting, and training services.

Aspisec

Aspisec

Aspisec is a cybersecurity company specialized in Firmware Security and Critical Infrastructure Protection.

LinkShadow

LinkShadow

LinkShadow is a next-generation cybersecurity solution that provides unparalleled detection of even the most sophisticated threats.

NanoVMs

NanoVMs

NanoVMs is the industry's only unikernel platform available today. NanoVMs runs your applications as secure, isolated virtual machines faster than bare metal installs.

Enso Security

Enso Security

Enso is the first Application Security Posture Management (ASPM) solution, helping security teams everywhere eliminate their AppSec chaos with application discovery, classification and management.

LogMeIn

LogMeIn

LogMeIn makes it possible for millions of people and businesses around the globe to do their best work simply and securely—on any device, from any location and at any time.

Tetra Defense

Tetra Defense

Tetra Defense is a leading incident response, cyber risk management and digital forensics firm.

The IoT Academy

The IoT Academy

The IoT Academy is a reputed Ed-Tech Institute that provides training in emerging technologies such as embedded systems, the Internet of Things (IoT), Data Science and many more.

PatchAdvisor

PatchAdvisor

PatchAdvisor core services include Vulnerability Assessments/Penetration Testing, Application Vulnerability Assessments, and Incident Response.

Bestman Solutions

Bestman Solutions

As a specialist cyber security practice, we believe that people are an organisation’s most valuable asset. Success depends on hiring the right people, and this is where we come in.

Axiler

Axiler

Axiler’s AI-driven self-healing architecture seamlessly detect, patch, and neutralize threats in real-time, ensuring systems remain secure and ever-adaptable.

Wirespeed

Wirespeed

Managed Detection & Response (MDR) has never been faster or easier: Onboard in minutes, Respond in seconds, Secure instantly.