The secret order would give the UK access to encrypted backups belonging to any user — not just Brits.
In a shocking development, Apple has reportedly been ordered by the UK government to create a backdoor in its encryption system, giving British security services unfettered access to users’ encrypted iCloud backups worldwide. If enforced, this directive could have far-reaching consequences for digital privacy, setting a precedent for global government surveillance.
The Secret Order and Its Implications
According to The Washington Post, this order—issued last month under the UK’s Investigatory Powers Act of 2016, commonly known as the Snoopers’ Charter—compels Apple to provide blanket access to encrypted backups stored in iCloud. Crucially, this directive extends beyond UK citizens, granting access to data from users across the world, all without their knowledge.
Unlike targeted surveillance measures that focus on specific individuals under suspicion, this broad demand seeks unrestricted entry into any end-to-end encrypted files uploaded by users. To make matters worse, Apple is reportedly forbidden from alerting users that their encryption has been compromised, meaning individuals would unknowingly have their private data exposed to government scrutiny.
A Threat to End-to-End Encryption
Apple introduced Advanced Data Protection in 2022 as an opt-in feature for iCloud users seeking an extra layer of security. This feature employs end-to-end encryption, ensuring that even Apple itself cannot access protected files. However, under pressure from UK authorities, the company may be forced to remove Advanced Data Protection from its UK services entirely.
While this move may satisfy UK regulators, it does not address their overarching demand for access to encrypted files stored globally. If Apple complies, the implications could be staggering, as it would mean undermining the fundamental security features designed to protect millions of users worldwide.
Apple’s Right to Appeal—With Strings Attached
Apple does have the legal option to appeal the order, but there’s a catch: any appeal must be based on the cost of implementation or whether the demand is proportionate to national security needs. More critically, even if Apple chooses to challenge the order, it cannot delay its enforcement while the appeal is being considered.
Compounding concerns, the UK government has reportedly issued a technical capability notice, a document that legally binds Apple to secrecy. This means Apple cannot even disclose that such a demand has been made, making transparency with its users virtually impossible. If Apple complies, users would be left in the dark about the security of their data being compromised.
A Longstanding Battle Over Encryption
Apple has been one of the most vocal defenders of encryption, frequently resisting government attempts to create backdoors into private data. In March 2024, Apple testified before the British Parliament, stating:
“There is no reason why the UK government should have the authority to decide for citizens of the world whether they can avail themselves of the proven security benefits that flow from end-to-end encryption.”
The company has consistently pushed back against similar legislation in the past. The UK, however, remains adamant that encryption must not obstruct law enforcement investigations. The government argues that criminals, terrorists, and child predators exploit these security measures to evade detection, thereby justifying their demands for unrestricted access.
A UK government spokesperson previously told The Guardian in 2022:
“End-to-end encryption cannot be allowed to hamper efforts to catch perpetrators of the most serious crimes.”
Despite this, digital security experts warn that weakening encryption creates vulnerabilities that could be exploited not only by law enforcement but also by malicious actors, including hackers and foreign governments.
Global Ramifications: A Dangerous Precedent
If Apple complies with the UK’s demand, the repercussions will likely extend far beyond Britain. Governments around the world—including the United States, China, Russia, and India—could seize the opportunity to impose similar requirements, pressuring Apple and other tech giants into dismantling encryption protections entirely.
For context, the FBI and NSA—both historically critical of end-to-end encryption—recently took an unexpected stance in December 2024, recommending that web traffic be encrypted to the highest possible level as a defense against cyber threats, particularly those linked to China. However, the UK notably did not sign onto this guidance, further underscoring its resistance to robust encryption protocols.
How Other Tech Companies Are Responding
The UK’s demand for an encryption backdoor raises questions about how other major tech companies will respond. Google, which has offered encrypted Android backups by default since 2018, and Meta, which provides encrypted backups for WhatsApp, both declined to comment when approached by The Washington Post.
However, Google’s Ed Fernandez reaffirmed that:
“We can’t access Android end-to-end encrypted backup data, even with a legal order.”
Meanwhile, Meta referenced a prior statement confirming that it would not introduce any backdoors into its encryption services.
This silence from tech giants suggests that companies may be facing similar governmental pressures but are unwilling to publicly acknowledge them due to secrecy laws.
What Happens Next?
The fate of Apple’s encryption service now hangs in the balance. The company must decide whether to:
- Comply with the UK’s order, setting a dangerous precedent that could lead to global government overreach.
- Remove Advanced Data Protection entirely, sacrificing privacy for the sake of avoiding compliance.
- Fight back through legal appeals, though this carries financial and legal risks, especially given the UK’s strict secrecy laws.
Whatever path Apple chooses, the outcome will shape the future of digital privacy and government surveillance worldwide. If one government can force a tech giant to weaken encryption, others are sure to follow.
The battle between security and privacy is far from over—and the world is watching.
