UK Pressures Apple for Access to Encrypted User Data

[Social Media]

 

The UK government has formally demanded access to encrypted data stored in Apple's cloud services worldwide, a move that could significantly impact user privacy. Currently, only the account holder can access their stored data, with Apple itself unable to view the contents.

 

This request has been issued under the Investigatory Powers Act (IPA), which mandates that companies provide data to law enforcement when required. Apple has not commented on the matter but maintains on its website that privacy is a "fundamental human right."

 

Due to the law's provisions, the request remains confidential. Initial reports on the issue surfaced in the Washington Post, citing anonymous sources, and the BBC has since corroborated these claims with similar contacts. The Home Office, for its part, has refused to confirm or deny the existence of such a demand, stating, "We do not comment on operational matters."

 

Privacy International has denounced the request as an "unprecedented attack" on individual privacy. Caroline Wilson Palow, the charity's legal director, criticized the move, stating, "This is a fight the UK should not have picked. This overreach sets a hugely damaging precedent and will embolden abusive regimes the world over."

 

The demand specifically targets data stored under Apple's "Advanced Data Protection" (ADP), an optional feature employing end-to-end encryption. This ensures that only the user can access their data, with even Apple itself locked out. While ADP significantly enhances security, it comes with the downside of rendering data unrecoverable if a user loses access to their account. The exact number of people who opt for this feature remains unknown.

 

Despite fears of mass surveillance, the UK government's request appears to focus on national security concerns. It is believed that law enforcement would need to follow a legal process and obtain specific permissions to access data on an individual basis, similar to the existing protocol for unencrypted data.

 

Apple has previously taken a strong stance against government demands to weaken encryption. The company has stated it would rather withdraw services like ADP from the UK market than comply with requests to create "back doors" in its products. Cyber security experts caution that any such access point could eventually be exploited by malicious actors.

 

Furthermore, the reach of the Investigatory Powers Act extends beyond UK borders, applying to any technology firm with a presence in the UK, regardless of where they are headquartered. To date, no Western government has successfully compelled major tech companies like Apple to compromise their encryption standards.

 

Apple has a history of resisting such demands. In 2016, it refused a U.S. court order to develop software granting officials access to the iPhone of a mass shooter. The FBI ultimately found an alternative method to bypass the encryption. Similar cases have since emerged, including a 2020 incident where Apple declined to unlock the phones of a perpetrator involved in a mass shooting at a U.S. air base. The FBI later confirmed it had managed to access the devices independently.

 

The legislation dictates that while Apple can appeal the UK government's demand, it must comply in the interim, even if the ruling is ultimately overturned. The UK government argues that encrypted services hinder criminal investigations, a stance echoed by the FBI in its criticism of ADP.

 

Cyber security experts have reacted with concern. Professor Alan Woodward of Surrey University said he was "stunned" by the news, while privacy group Big Brother Watch described it as "troubling." The organization warned that "this misguided attempt at tackling crime and terrorism will not make the UK safer, but it will erode the fundamental rights and civil liberties of the entire population."

 

On the other hand, the NSPCC, a UK children's charity, has argued that encryption enables child abusers to share illicit content without detection. However, Apple has consistently maintained that privacy remains a core principle of its products and services.

 

In 2024, Apple challenged proposed changes to the Investigatory Powers Act, labeling them an "unprecedented overreach" by the government. The amendments included provisions granting the government veto power over new security measures before they could be implemented—changes that have since been enshrined in law.

 

Lisa Forte, a cyber security expert from Red Goat, remains skeptical about the effectiveness of such measures. "The main issue that comes from such powers being exercised is that it's unlikely to result in the outcome they want," she said. "Criminals and terrorists will just pivot to other platforms and techniques to avoid incrimination. So it's the average, law-abiding citizen who suffers by losing their privacy."

 

Based on a report by BBC 2025-02-10

 

 

[Smokey and the Bandit]

"The UK government has formally demanded access to encrypted data stored in Apple's cloud services worldwide, a move that could significantly impact user privacy. Currently, only the account holder can access their stored data, with Apple itself unable to view the contents. "

 

If Apple can't view the contents because its encrypted, surely the UK Government can't, so what the point?

[ukrules]

13 hours ago, Social Media said:

Despite fears of mass surveillance, the UK government's request appears to focus on national security concerns.

lol, that's what they always say. It's a lie.

[ukrules]

2 hours ago, Smokey and the Bandit said:

If Apple can't view the contents because its encrypted, surely the UK Government can't, so what the point?

The point is to remove or alter the encryption in some way so that it's no longer effective.

 

One simple way to do this is key sharing, your phone or computer or whatever will use an encryption key - this is just a big random number which is then encrypted by another key that's generated based on a password you enter. So now there's 2 keys - one generated from the password and then the real key which is encrypted and can only be accessed if the correct password is provided.

The actual key should be stored and remain on your device and never leave it and that's what they tell you at Apple, etc.

What they want is a way to get hold of the encrypted key on the device, in order to do that Apple would need to keep a copy of this secret key and then provide it on demand to 'the government' to keep you safe.

 

So effectively they're demanding that Apple hold in escrow everyones keys - for everyone all around the world, just in case they need it to make their job a little easier.

 

Apple will be outraged by this, the British Government are well known for mission creep especially when it comes to spying on peoples data. At one point even local council officials had the authority to access all your data due to badly written laws.

Also GCHQ have been known to sub contract for Americans as the US isn't allowed to spy on its own citizens without warrants but the UK doesn't care - so they just paid the UK to do it for them - and a law like this provides exactly what they need to access anything and Apple are not playing ball here.

This isn't new, they've been attempting varying levels of this type of thing for decades and it goes back to the 'clipper chip' in the US where Clinton decided it would be  good idea for everyone in the US to provide the government with backdoor access to all encrypted data whenever they wanted it - that failed.

This should fail like all other attempts that came before it but who knows, this current PM seems very authoritarian and they have a large majority with the Labour party kicking MPs out of the party when they don't vote as instructed by their whips!

 

It will backfire in a spectacular manner though.