The UK Government Just Made Everyone Less Safe As Apple Shuts Down iCloud Encryption

by
Mike Masnick
from Techdirt on (#6VH53)
Story Image

In a stunning display of government overreach, the UK has effectively forced Apple to disable its iCloud encryption for British users. Earlier this month, we wrote about the UK wielding the Investigatory Powers Act - aka The Snooper's Charter" - to demand Apple create a backdoor in its iCloud encryption for all users globally. Despite Apple's long-standing warnings that it would rather exit the UK market than compromise encryption, the UK government doubled down.

The ensuing public outcry and warnings of serious consequences" from US politicians fell on deaf ears. While the government's exact demands remain secret (because of course they do), Apple's response speaks volumes: they're shutting down iCloud encryption for UK users entirely rather than create a global backdoor.

Apple disabled its most secure data storage offering for new customers in Britain on Friday rather than comply with a secret government order that would have allowed police and intelligence agencies to access the encrypted content.

That sounds like the UK isn't backing down.

This is a terrible result for everyone, making Apple users globally (but especially in the UK) more vulnerable. Law enforcement's tired narrative frames this as a trade-off between privacy and safety, but that's dangerously wrong. Encryption isn't just about privacy - it's a fundamental security mechanism that protects against identity theft, financial fraud, corporate espionage and much more. This move effectively dismantles both privacy and safety, not because law enforcement lacks investigative tools, but because they're really just lazy and demanding a convenient" backdoor that inevitably creates new security risks.

While this compromise gives UK law enforcement their coveted access to British users' iCloud data, it creates a dangerous precedent and leaves user data vulnerable to bad actors ranging from cybercriminals to hostile nation-states. Even worse, this solution" likely falls short of the government's reported demands for global backdoor access - suggesting this might just be round one of a longer fight.

As the folks at EFF note, this would have been a disaster:

Had Apple complied with the U.K.'s original demands, they would have been required to create a backdoor not just for users in the U.K., but for people around the world, regardless of where they were or what citizenship they had. As we've said time and time again, any backdoor built for the government puts everyone at greater risk of hacking, identity theft, and fraud.

This blanket, worldwide demand put Apple in an untenable position. Apple has long claimed it wouldn't create a backdoor, and in filings to the U.K. government in 2023, the company specifically raised the possibility of disabling features like Advanced Data Protection as an alternative. Apple's decision to disable the feature for U.K. users could well be the only reasonable response at this point, but it leaves those people at the mercy of bad actors and deprives them of a key privacy-preserving technology. The U.K. has chosen to make its own citizens less safe and less free.

It's not just EFF folks saying this. Lots of security experts are horrified.

Mike Salem, UK country associate for the Consumer Choice Center, called on opposition parties to voice their discontent and demand the government outlines its reasoning.

The UK government has set a precedent, and cast a new reputation that underscores the erosion of personal liberties and privacy in a digital age where these values are needed more than ever," he said.

This marks a very sad day for the basic principle of consumer privacy in the 21st century, depriving users of the tools that leave UK citizens exposed to governments, criminals and malicious hackers. The fact this has been done without debate, oversight or advance warning to UK Apple users is extremely concerning,"Salem said.

David Ruiz, senior privacy advocate at Malwarebytes, described the news as a disaster" for the UK and one with potential global consequences.

To demand access to the world's data is such a brazen, imperialist manoeuvre that I'm surprised it hasn't come from the US. This may embolden other countries, particularly those in the Five Eyes, to make a similar demand of Apple," he argued.

Others have pointed out that if Apple had caved to the UK's stupid demand, they would have almost immediately faced identical demands from other countries, including Russia, Turkey, Iran... you name it.

It is difficult to think of a more shortsighted move than what the UK has done here. It has put its own citizenry at greater risk, while threatening some of the basic fundamentals of private storage.

It's good that Apple is taking a stand, but it feels like this is just one battle in a war that is far from over.

External Content
Source RSS or Atom Feed
Feed Location https://www.techdirt.com/techdirt_rss.xml
Feed Title Techdirt
Feed Link https://www.techdirt.com/
Reply 0 comments