UK reportedly orders Apple to hand over access to encrypted user dataUK reportedly orders Apple to hand over access to encrypted user data

Last month Apple received something called a ‘technical capability notice’ under the UK IPA of 2016 (the so-called Snoopers’ Charter), which would require it to create a ‘back door’ to its encrypted iCloud storage service, according to The Washington Post which initially published the report citing people familiar with the matter. The BBC says it has spoken to similar contacts.  

What this means is that law enforcement and security services in the UK could access iPhone back-ups and other cloud data that even Apple doesn’t currently have access to, and apparently this includes access to the encrypted data of Apple customers anywhere in the world.

Apple is likely to stop offering encrypted storage in the UK, the spokespeople told the WP, rather than break the security guarantees.

“The British government’s undisclosed order, issued last month, requires blanket capability to view fully encrypted material, not merely assistance in cracking a specific account, and has no known precedent in major democracies,” reads the WP report. “Its application would mark a significant defeat for tech companies in their decades-long battle to avoid being wielded as government tools against their users, the people said, speaking under the condition of anonymity to discuss legally and politically sensitive issues.”

The report quotes a Home Office spokesperson who said: “We do not comment on operational matters, including for example confirming or denying the existence of any such notices.”

Encryption secures individuals’ personal data, but there is an argument often made by security services that these same privacy measures make it harder to gather digital evidence for prosecuting criminals.

It’s a hugely contentious subject, and brings up fundamental issues of privacy as well as the security implications of opening up such back doors at all. Tech blogger Ben Thompson posted:

Meanwhile Epic CEO Tim Sweeny, who has been a prominent critic of Apple in the past over the issue of third-party payment systems posted:

Commenting on the news, Graeme Stewart, head of public sector at Check Point Software, said, "This is one of the biggest battles yet in the privacy vs. security debate, and the UK is on the verge of opening Pandora’s box. Forcing Apple or any company to create a backdoor doesn’t just impact British citizens; it sets a dangerous global precedent that authoritarian regimes, cyber criminals, and hostile states will be all too eager to exploit. The Investigatory Powers Act doesn’t stop at UK borders; its reach is worldwide.

"But here’s the problem. Encryption doesn’t just protect criminals. It safeguards millions of law-abiding people, businesses, and critical infrastructure from cyber threats, fraud, and oppressive surveillance. Once a backdoor exists, it won’t stay in the right hands forever. Can any government truly guarantee it won’t be misused, not just today but in whatever world we wake up to tomorrow?”

Erich Kron, security awareness advocate at KnowBe4, added, "This is a scary proposition for anyone concerned about their personal privacy. Because it impacts more than just British citizens, the legal troubles this could cause are considerable and likely to take years to resolve. Data encryption has always been a challenge for law enforcement organisations but it is a critical tool for privacy-minded individuals and organisations looking to protect themselves from bad actors.

“The use of encryption does not infer that the individual encrypting data has anything to hide or is doing anything illegal, but demands like this from the government will make many people feel as if the government is greatly crossing the boundaries of personal freedoms.”

In 2023 Apple reportedly warned the government that it will remove services such as FaceTime and iMessage from the UK if it were to pursue proposed changes under the IPA which would give the Home Office permission to demand security features of communication service providers be disabled without notifying the public.

Apple can appeal the capability notice, says the WP report, which would involve a ‘secret technical panel.’ Technology and security types alike will be watching the outcome of this one closely.