The UK remains silent on its stance regarding encryption measures.

Recently, the United Kingdom took a significant step in its effort against encryption, which not only affects Apple’s reputation for privacy but could also have big implications for data protection around the world. A few days after Apple withdrew its Advanced Data Protection (ADP) feature from UK users, other companies that provide end-to-end encryption, like Meta, Signal, and Telegram, have not made any official statements about this situation, only seeing some posts from executives on social media.

The UK government seems to have established a new standard for other countries by reportedly insisting that Apple create a backdoor to access iCloud data. Under the Investigatory Powers Act (IPA) from 2016, the UK has the legal authority to demand access to user data for national security and crime prevention purposes. This could involve accessing user data not just in the UK but across the world, even if that data is heavily encrypted.

Recent changes to the IPA in April 2024 increased the UK government’s surveillance powers, enabling intelligence agencies to access large sets of personal data from third parties and permitting the UK government to interfere with communications companies that offer encryption services.

The exact wording of the UK’s order to Apple is not publicly known. Reports from The Washington Post indicate that Apple received a “technical capability notice” under the IPA, requiring the company to create a backdoor that would allow access to fully encrypted materials, not just help in cracking a single account. This interpretation highlights the broad reach of the demands being placed on the tech company.

According to the UK’s Home Office state minister, Dan Jarvis, this notice doesn’t necessarily force companies to hand over specific information. Instead, it requires companies to be capable of responding to individual warrants or authorizations, essentially preventing them from implementing full encryption that would block UK authorities from monitoring communications when desired.

Apple’s situation seems to be unique; this order may be the first of its kind since the IPA was updated. However, other companies may also have received similar orders, but it remains illegal for them to disclose this information. This design allows most of the proceedings to occur without public scrutiny, hiding the UK’s efforts against data encryption behind closed doors. This lack of transparency is concerning; while Apple can appeal the ruling in secret, it cannot confirm the existence of the order or if it is complying.

After the publication of the article revealing this information, Apple pulled its ADP feature, which provided high-level security for various services, including iCloud drives, back-ups, and more. Andrew Crocker from the Electronic Frontier Foundation noted that the UK government’s demand placed Apple in a difficult position and criticized the withdrawal, stating it exposes UK users to greater risks and takes away important privacy protections.

It’s unclear if withdrawing ADP will satisfy the UK government’s demands. This action may create fewer barriers for UK surveillance, potentially making citizens less safe and less free. Apple had previously warned about withdrawing security features from the UK due to opposition against the IPA but now faces criticism for not living up to its privacy-friendly image.

While Apple’s withdrawal from the UK signifies a significant stance against such government actions, other encryption providers, including Meta, Signal, and Telegram, have remained silent regarding their services. Their ongoing provision of encryption in the UK could give the impression that no serious issues exist.

For many users, encryption is vital for safety, and there are serious risks associated with creating backdoors for data access. If such access were to be offered secretly, it could violate privacy and trust on a large scale, as it would become impossible to guarantee that only good actors could access this information. History has shown that bad actors can exploit these weaknesses.

The effects of Apple’s decision are still unfolding, and the situation highlights a growing global trend against end-to-end encryption, with several European Union countries and other members of the “Five Eyes” alliance showing interest in adjusting or weakening encryption laws. There is a significant risk that the UK’s actions could influence other governments to adopt similar stances on encryption, posing a threat to privacy rights and data security for users worldwide.