Apple forced to unlock globally encrypted user accounts for surveillance in the UK.

Apple has received an order from the UK government to create a backdoor that would allow security agencies to access users' encrypted iCloud backups. If this measure is implemented, British security services would have access to the backups of any user in the world, not limited to those in the UK, and Apple would be unable to inform users that their encryption has been compromised.

The secret mandate, issued last month, is based on rights granted by the UK's Investigatory Powers Act 2016, known as the Snoopers' Charter. Officials have requested comprehensive access to the end-to-end encrypted files uploaded by users globally, rather than being limited to specific accounts.

Apple's iCloud backups are not encrypted by default, although the Advanced Data Protection option was introduced in 2022 and must be manually activated. This option uses end-to-end encryption, which means that even Apple cannot access the encrypted files. In response to the mandate, Apple is expected to cease offering Advanced Data Protection in the UK, although this would not satisfy the British demand for access to files shared by global users.

Apple has the right to appeal the notification due to the cost of its implementation and the proportionality of the measure concerning security needs. However, any appeal will not delay the implementation of the original order. The UK has notified Apple through a document called a technical capability notice. It is a crime to disclose that the government has made a request. If Apple complies with the UK demands, it would not be able to warn users that its encrypted service is no longer completely secure.

The tech company stated to the UK Parliament in March 2024 that it sees no justification for the UK government to have the authority to decide for the citizens of the world on the security benefits provided by end-to-end encryption. Apple has previously resisted other UK proposals to legislate backdoors in encrypted communications.

UK security services and lawmakers have continually criticized end-to-end encryption services, arguing that they enable terrorists and child abusers to hide from law enforcement. A British government spokesperson claimed in 2022 that end-to-end encryption should not hinder efforts to capture the most dangerous criminals.

On the other hand, U.S. agencies like the FBI have also expressed similar concerns, although they have recently begun recommending encryption as a way to counter hackers linked to China. In December 2024, the NSA and the FBI joined the cybersecurity centers of Canada, Australia, and New Zealand in recommending that web traffic be "encrypted end-to-end to the maximum extent possible."

If Apple grants the UK government access to encrypted data, it is likely that other countries, including the U.S. and China, will try to demand a similar right. The company will have to decide whether to comply with such requests or eliminate its encryption service. Tech companies would also face similar requests if a precedent is established.

Google has offered encrypted Android backups by default since 2018, and Meta also provides encrypted backups for its WhatsApp users. Representatives from both companies did not comment on whether they had received government requests to create backdoors. Google reiterated that it cannot access Android's encrypted backup data, even with a legal order, while Meta emphasized that no backdoors will be implemented.