UK Orders Apple to Create Secret Backdoor for iCloud Spying

The UK government has secretly ordered Apple to create a backdoor allowing security officials to access all encrypted iCloud data worldwide, sources told The Washington Post. This unprecedented demand was issued through a technical capability notice under the Investigatory Powers Act 2016, commonly known as the "Snoopers' Charter." Unlike previous requests for targeted access, this order requires blanket decryption capabilities, setting a new precedent among major democracies.

Apple's Response and Potential Consequences

Rather than comply and compromise its global security measures, Apple is likely to stop offering end-to-end encrypted storage in the UK. However, this wouldn’t satisfy the UK’s demand for worldwide access. The company has the option to appeal to a secret technical panel and a judge, but the law requires compliance during the appeal process.

Back in March 2024, Apple had warned UK lawmakers that such demands would impact users globally, stating:

"There is no reason why the UK government should have the authority to decide for citizens of the world whether they can avail themselves of the proven security benefits that flow from end-to-end encryption."

An Apple spokesperson declined to comment on the latest order, while the UK Home Office stated it does not discuss operational matters.

International Reactions and Privacy Concerns

The Biden administration has been tracking the situation since the UK first hinted at enforcing access, though it’s unclear whether US officials have intervened. A former White House security adviser confirmed the British order, while a US encryption consultant found it alarming that the UK was attempting to spy on non-British users without their governments’ knowledge.

Senator Ron Wyden (D-Oregon) strongly criticized the UK’s approach, warning:

"Trump and American tech companies letting foreign governments secretly spy on Americans would be unconscionable and an unmitigated disaster for Americans’ privacy and our national security."

Meredith Whittaker, president of the encrypted messaging app Signal, called it a dangerous move:

"This will position the UK as a tech pariah, rather than a tech leader. If implemented, the directive will create a dangerous cybersecurity vulnerability in the nervous system of our global economy."

The Bigger Encryption Debate

Governments, particularly the UK and FBI, have long argued that strong encryption enables criminals to hide, especially in cases related to terrorism and child exploitation. Tech companies, on the other hand, maintain that creating backdoors weakens security for all users, as they can be exploited by hackers and authoritarian regimes.

While most communication services, including Apple’s iMessage and Meta’s WhatsApp, are encrypted end-to-end, backups stored in the cloud often remain accessible. Apple’s Advanced Data Protection feature, introduced in 2022, ensures that even cloud backups remain encrypted. The UK’s demand challenges this security model.

Potential Global Impact

If the UK succeeds in forcing Apple to grant access, other countries—such as China—could demand the same. This might push Apple to withdraw encrypted cloud storage worldwide rather than compromise security on a country-by-country basis.

Google, which has encrypted Android backups by default since 2018, could be next in line. A Google spokesperson confirmed:

"Google can’t access Android end-to-end encrypted backup data, even with a legal order."

Meta also offers encrypted backups for WhatsApp, but it remains unclear if it has faced similar government requests.

The Broader Cybersecurity Landscape

The demand for backdoors comes at a time when US agencies, including the FBI and NSA, are urging stronger encryption to counter cyberattacks from foreign adversaries. A December 2024 joint statement advised:

"Ensure that traffic is end-to-end encrypted to the maximum extent possible."

The UK notably did not endorse this recommendation, highlighting a growing divide in how governments approach cybersecurity and privacy.

As the legal battle unfolds, Apple faces a tough decision comply with UK demands and risk global security, or withdraw its encrypted storage service from one of its major markets.