Apple pulls end-to-end encryption feature from UK after demands for law enforcement access – CyberScoop
Apple has pulled Advanced Data Protection, a feature that provides end-to-end encrypted data storage through iCloud, from the United Kingdom following a fight with the British government over law enforcement access.
Starting Friday, U.K. users who attempt to access the feature on their phones or computers will be denied. Users who already had Advanced Data Protection turned on will be able to continue using it for now, but they will eventually be forced to disable it.
The move will not affect iCloud data that are end-to-end encrypted by default under Apple’s standard data protection plan, such as iMessage and Facetime, or data from iCloud KeyChain and Health. Certain kinds of metadata for iCloud backups, iCloud drive, photos, notes and messages are also encrypted under standard plans.
“We are gravely disappointed that the protections provided by ADP will not be available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy,” an Apple spokesperson said in a statement. “Enhancing the security of cloud storage with end-to-end encryption is more urgent than ever before. Apple remains committed to offering our users the highest level of security for their personal data and are hopeful that we will be able to do so in the future in the United Kingdom.”
The moves follow a broader conflict between Apple and the U.K. government over providing law enforcement access to encrypted data. Earlier this month, the Washington Post reported that British national security officials sent Apple a memo demanding access to Apple iCloud data for criminal and national security investigations.
Apple is no stranger to such fights. In 2015, the company waged a yearslong court battle with the United States over its refusal to provide law enforcement access to the iPhone of Syed Rizwan Farook, who carried out a terrorist attack in San Bernardino that killed 14 people and injured 22 others. The FBI eventually gained access to the shooter’s phone through the use of a third-party vendor, later identified as Azimuth Security.
Unlike many previous debates over “lawful access” to encryption, the U.K. memo appears to require broad, blanket access to iCloud data, rather than access to individual accounts, according to the Post.
The order placed Apple in the position of either developing a technical solution to provide the British government with access — something the company said would break encryption security and provide an opening for other parties to hack or access that same data — or pull the feature completely to comply with U.K. laws. Apple chose the latter.
“As we have said many times before, we have never built a backdoor or master key to any of our products or services and we never will,” the Apple spokesperson said.
Joseph Lorenzo Hall, a technologist at the Internet Society, said Apple’s removal of the feature “will make British Apple users less safe and make their cloud data more susceptible to criminals and other attackers.”
However, Hall indicated that Apple may have chosen the lesser of two evils by protecting its encryption worldwide.
“In choosing to remove the feature rather than building a backdoor into its Advanced Data Protection, Apple ensured that at least its global users would continue to benefit from the security and privacy of end to end encryption,” Hall said in a statement. “However, for UK users, their government ensured that their security and privacy is worse than before.”
Implications for U.S. policy
While Apple’s decision keeps the integrity of its end-to-end encryption intact, the move will also deny all U.K. users the ability to encrypt their most critical data on Apple devices.
That choice has caused some U.S. encryption defenders to worry about how the U.K.’s demands would impact American data privacy, as well as how the company may respond to similar requests in the future from other governments, particularly the Trump administration.
On Feb. 13, Sen. Ron Wyden, D-Ore., and Rep. Andy Biggs, R-Ariz., sent a letter to Director of National Intelligence Tulsi Gabbard, saying that Apple acceding to the U.K.’s request for a technical solution would “seriously threaten the privacy and security of both the American people and the U.S. government.”
“Apple does not make different versions of its encryption software for each market; Apple customers in the U.K. use the same software as Americans,” Wyden and Biggs wrote. “If Apple is forced to build a backdoor in its products, that backdoor will end up in Americans’ phones, tablets, and computers, undermining the security of Americans’ data, as well as of the countless federal, state and local government agencies that entrust sensitive data to Apple products.”
The lawmakers argued that if Apple were to bow to the British government’s demands for a technical bypass for iCloud, then the U.S. should reevaluate its cybersecurity and intelligence-sharing arrangements with the country.
Brandon Pugh, director of cybersecurity and emerging threats at the right-leaning R Street Institute, told CyberScoop that Apple’s decision is largely consistent with its previously stated positions on user privacy and encryption.
“Apple’s position has always been that if we create a back door, is that a way that a bad actor — regardless of how people feel about government authorities — is that something a criminal group could exploit?” Pugh said.
However, there are plenty of supporters in U.S. national security and law enforcement for similar “lawful access” mandates on the private sector. Further, the appointment of Trump loyalists like Kash Patel at the FBI and Pam Bondi at the Department of Justice — who have promised to investigate alleged wrongdoing by Trump’s political enemies — have caused concerns that weakening encryption for U.S. users could facilitate political prosecution.
Pugh said he expects to see the issue gain more interest from U.S. policymakers as they consider the potential ramifications on domestic privacy.
“I think we will see, potentially, members of Congress share their reactions on this because maybe it would foreshadow a similar outcome in the U.S., and perhaps [they want to] get ahead of it,” Pugh said.
The post Apple pulls end-to-end encryption feature from UK after demands for law enforcement access appeared first on CyberScoop.
–
Read More – CyberScoop
