Apple has reportedly been ordered by the British government to create a backdoor that lets security services access users’ encrypted iCloud backups.
If this measure is put into place, British security services will be able to access the backups of every user worldwide—not just those in the UK. Moreover, Apple might then be prevented from warning users that their encryption has been compromised.
According to The Washington Post, the secret order was issued last month under the powers granted by the Investigatory Powers Act of 2016—often called the Snoopers’ Charter. Officials are reportedly demanding blanket access to all end-to-end encrypted files uploaded by users around the globe, rather than access to specific accounts.
While iCloud backups aren’t encrypted by default, Apple introduced an Advanced Data Protection option in 2022 that users must enable manually. This feature uses end-to-end encryption, which means that even Apple cannot access the encrypted files.
In response to the recent injunction, Apple was expected to stop offering Advanced Data Protection in the UK. However, this move wouldn’t satisfy the UK government’s requirement to access globally shared files.
Apple cannot delay implementation
Apple does have the right to appeal the order, arguing that the requirement is neither cost-effective nor proportionate. But even if they appeal, the implementation cannot be delayed. The UK has reportedly issued Apple a Technical Capability Notice—a document so secret that disclosing its existence is a criminal offense. If Apple complies with the government’s demands, it won’t be allowed to warn users that their encrypted service is no longer completely secure.
Apple’s stance on this issue is clear. The company argues that the British government shouldn’t decide whether citizens worldwide can benefit from the proven security of end-to-end encryption. This was the message Apple delivered to the British Parliament in March 2024 during a debate on an amendment to the Investigatory Powers Act. The company has previously opposed other British efforts to undermine encryption.
British security services and lawmakers have long campaigned against end-to-end encryption, arguing that the technology allows terrorists and child abusers to evade detection. In their view, encryption should not stand in the way of tracking down serious criminals.
FBI adapts policy
U.S. agencies such as the FBI have expressed similar concerns in the past, but they have recently started to endorse encryption as an important defense against hackers, particularly those from China. In December 2024, the NSA and FBI—along with cybersecurity agencies from Canada, Australia, and New Zealand—recommended that as much Web traffic as possible be end-to-end encrypted as part of new security guidelines. British security agencies, however, did not support that advice.
If Apple gives the UK access to encrypted data, it’s likely that other countries, including the U.S. and China, will make the same demand. Apple will then have to choose whether to comply with these requests or shut down its encryption services entirely. Other tech companies are almost certain to face similar pressures.
Since 2018, Google has provided encrypted backups by default for Android users, and Meta does the same for WhatsApp users. Representatives from both companies declined to tell The Washington Post whether they have received similar government requests. Google’s Ed Fernandez emphasized that the company does not have access to Android users’ end-to-end encrypted backup data—even with a court order—while Meta referenced an earlier statement confirming that there will be no backdoors.
Also read: App Store developers required to provide their address and number