Critics Sound the Alarm: UK’s Secret Apple iCloud Backdoor Mandate Poses Global Danger
In a recent development aimed at compromising strong encryption protections, the U.K. government has allegedly issued an under-the-radar directive to Apple, instructing them to create a backdoor that would grant British security forces access to the encrypted cloud storage of Apple users globally.
This concealed mandate, enacted under the U.K.’s Investigatory Powers Act 2016 (often referred to as the Snoopers’ Charter), seeks to erode an opt-in feature from Apple that offers end-to-end encryption (E2EE) for iCloud backups, known as Advanced Data Protection. This encryption feature ensures that only Apple users have access to their backup data stored in iCloud — even Apple lacks access to it.
While the U.K. government has not responded to TechCrunch’s requests for comment on the report, British officials have consistently contended that E2EE complicates the process of gathering digital evidence for criminal investigations and hinders national security intelligence efforts.
Upon activation, Apple’s encrypted backup feature eliminates a vulnerability that law enforcement previously utilized to gain access to cloud-stored data, which would otherwise remain encrypted on most modern iPhones using device encryption.
According to The Washington Post, which first reported the situation, Apple may cease offering the iCloud encryption option to its U.K. users due to the covert order, rather than compromising encryption for users worldwide.
Previously, Apple expressed concerns that its encrypted communication services, including FaceTime and iMessage, could be jeopardized in the U.K. amid proposals seeking to expand governmental surveillance capabilities.
Global Implications
If Apple withdraws advanced iCloud encryption for users in the U.K., the consequences would extend far beyond the nation’s borders.
Rebecca Vincent, director of the privacy and civil liberties advocacy organization Big Brother Watch, warned that the U.K. government’s “draconian” directive would not enhance public safety but would instead “undermine the fundamental rights and civil liberties of the entire population.”
Although the specifics of the U.K. directive’s implementation remain unclear — as the removal of Advanced Data Protection would solely affect U.K. users’ cloud data — the news of this order has sparked concerns that millions of Apple device users worldwide could face increased security risks.
Security and privacy advocates caution that the U.K. could set a perilous global precedent that authoritarian regimes and cybercriminals might readily exploit — any backdoor established for governmental purposes could likely be misused by hackers and foreign states.
Thorin Klosowski, a privacy advocate at the Electronic Frontier Foundation in the U.S., warned in a blog post that the U.K.’s actions will have international reverberations, calling the covert directive an “emergency for us all.” James Baker from the Open Rights Group described the proposals as “alarming… and would compromise safety for everyone.”
A Security Lesson Unheeded
The potential global consequences of the U.K. government’s directive on its citizens have raised alarms, particularly regarding possible tensions with some of its closest allies.
This news comes shortly after U.S. security officials urged Americans to use encrypted messaging applications to safeguard their communications from interception by hostile nations. This advisory followed reports of an extended covert hacking campaign by Chinese government agents targeting critical U.S. infrastructure and major telecommunications firms.
The Computer & Communications Industry Association, a U.S. tech industry organization, stated that the hacking activities attributed to the “Typhoon” hacker group associated with China highlight how “end-to-end encryption may be the only barrier separating Americans’ sensitive personal and business information from foreign adversaries.”
“Decisions affecting Americans’ privacy and security should be made in the United States, transparently and openly, rather than through secretive orders from abroad demanding backdoors,” the CCIA declared.
Chris Mohr, president of the Software & Information Industry Association in the U.S., expressed similar views, calling the U.K. directive “both misguided and perilous.”
“Especially in light of Salt Typhoon, we need policies that enhance security rather than diminish it,” Mohr argued, referencing the China-backed group targeting telecommunications firms. “We urge the Trump Administration and U.S. Congress to strongly oppose this concerning development.”
Recent hacking incidents aimed at telecommunications giants — including AT&T and Verizon — underscore why the U.K. government’s demands for a backdoor from Apple are problematic.
Salt Typhoon executed these breaches, regarded as some of the largest hacks in recent history, by exploiting a legally mandated backdoor that requires telecom companies to provide law enforcement and intelligence agencies access to customer data upon request.
“This lesson will repeat until learned: no backdoor can guarantee access solely to the good while barring the bad,” cautioned the Electronic Frontier Foundation. “It’s time for all to acknowledge this and take necessary steps to ensure genuine security and privacy for everyone.”