Two years after Apple introduced an encrypted storage feature for iPhone users, the company is pulling those security protections in Britain rather than comply with a government request that it create a tool to give law enforcement organizations access to customers’ cloud data.
Starting on Friday, iPhone users in Britain will begin seeing a message on their phones saying Apple can no longer offer its Advanced Data Protection feature. The capability allowed users to encrypt almost all of their iCloud data, making messages, notes, photos and iPhone backups indecipherable, even when the information was stored in cloud computing centers.
Apple is removing the feature after the British government demanded the company create a back door that would allow intelligence agencies and law enforcement officials to retrieve iPhone user data from data centers around the world, according to two people familiar with the request, who spoke on the condition of anonymity because of the sensitive nature of the British government’s demand.
The government request came in a secret order early this year, after Britain amended its Investigatory Powers Act of 2016, which allows it to compel companies to turn over data and communications to law enforcement and intelligence agencies.
Last year, Apple protested the amendments in a submission to Parliament, saying it could give the British government power to issue secret orders to break encryption services and create a back door into software products.
By eliminating the feature, Apple hopes that the British government will drop its request that it create a back door to users’ cloud data, the people said. But there is a chance that the British government could continue to press for that access, arguing that people who might use the service overseas pose a threat to British interest.
“We are gravely disappointed,” Fred Sainz, an Apple spokesman, said in a statement. He said Advanced Data Protection had offered British customers protection against hacks and security breaches.
“As we have said many times before, we have never built a back door or master key to any of our products or services, and we never will,” Mr. Sainz added.
The British Home Office didn’t immediately have a statement.
The Washington Post previously reported on the British government’s request.
Apple’s elimination of Advanced Data Protection turns back the clock on the amount of iPhone users’ data that is accessible to the British authorities. Before its introduction, Apple had refused to assist law enforcement in unlocking iPhones, but it fulfilled requests for iCloud backups that included unencrypted messages and photographs.
The gap in Apple’s encryption in data centers made it possible for law enforcement to obtain confidential messages in high-profile cases. In the United States, law enforcement officials were able to request the iCloud backup of Paul Manafort, chairman of President Trump’s 2016 campaign. The request gave them access to Mr. Manafort’s WhatsApp messages, which were used to build a case against him.
For years, Apple resisted fully encrypting iCloud data because it wanted to make it easier for customers to retrieve their information if they were locked out of their accounts. But as data breaches around the world increased, the company moved to expand its encryption offerings in 2022 with Advanced Data Protection. The feature is optional and must be turned on by users.
The clash between Apple and the British government is reminiscent of the fight the company had with the Federal Bureau of Investigation in 2016 over access to an iPhone used by an attacker who had killed 14 people in San Bernardino, Calif. The F.B.I. wanted Apple to unlock the attacker’s iPhone, but Apple refused. The government eventually gained access with help from a hacking firm.
In the years since, Apple has marketed its devices as more private than its competitors’, promising that what is on an iPhone stays on an iPhone. The company aired a commercial last year showing surveillance cameras, which are common on British streets, flying around and looking over people’s shoulders as they look at their phones. When iPhone users open their Safari browser, the cameras explode.
Views on encryption have shifted across the U.S. government after a recent sophisticated breach of American telecommunications. During last year’s election, a hacking operation linked to the Chinese government by a group called Salt Typhoon targeted the devices of Mr. Trump and JD Vance, his running mate. Afterward, the U.S. Cybersecurity and Infrastructure Security Agency urged smartphone users to use encrypted communication systems.
“Encryption is the glue and mortar that holds the bricks of our digital lives together,” said Joseph Lorenzo Hall, a distinguished technologist at the Internet Society, a nonprofit that advocates the infrastructure of the internet. “This would lead to not only collapses but catastrophic collapses.”
Source link
