Apple Reduces Encryption in the United Kingdom: What are the Implications?
Apple has recently discontinued its Advanced Data Protection (ADP) feature for users living in the United Kingdom, in response to requests from the UK government under the Investigatory Powers Act 2016. This decision has caused concerns regarding data security and user privacy.
What is Advanced Data Protection?
Advanced Data Protection, first introduced in December 2022, extended end-to-end encryption to a broader range of iCloud data, including backups, photographs, and notes. This ensured that only the user possessed the decryption keys necessary to access their data. By discontinuing Advanced Data Protection, Apple will now retain encryption keys for these categories, allowing authorities to access the data, if legally compelled to do so
What is the impact for users:
- Reduced Security: iCloud backups and other data categories will no longer be fully encrypted, rendering them accessible to Apple and potentially law enforcement.
- Mandatory Downgrade: Existing Advanced Data Protection users in the UK will be required to disable the feature to continue using iCloud services.
- Remaining Protected: Services such as iMessage, FaceTime, Health Data, and iCloud Keychain will continue to benefit from end-to-end encryption.
What is the impact for Law Firms and their customers:
With clients now expecting to use convenient communication methods like FaceTime and picture-sharing through Apple technology, there’s a real dilemma. These methods pose significant and highly public risks, prompting firms to question whether they can fulfil their data protection and privacy obligations. Clients should be informed about alternative secure communication and sharing technologies, and that using Apple features carries additional risks.
Furthermore, the potential for law enforcement to access previously encrypted data raises legal challenges and ethical dilemmas, especially when privileged information is involved. This should be considered retrospectively and integrated into firms’ future risk assessments.
Apple’s Response:
Apple has expressed its disappointment, restating its opposition to the creation of encryption backdoors. This action underscores the escalating tension between privacy-oriented policies and the demands of government surveillance.
As digital security concerns continue to grow, this shift may serve as a precedent for other countries. The question remains: should governments have greater control over user data, or should privacy and encryption remain an indisputable fundamental right?
Matt Faulkner
074854 85025
Latest Articles
Keep It Real 5: Backups – The Last Line of Defence (Often Untested)
Most organisations say they have backups. Few can say, confidently, that they’ll work when the worst happens and they are needed. Backups are treated as a background safety net but in ransomware attacks, system failure or data loss they’re not a nice-to-have; they’re...
Keep It Real 4: Access Control. Who Actually Has Access to What?
Most organisations assume access is under control: logins exist, permissions are assigned and systems sit behind authentication. On paper it looks tidy but in reality access piles up over time, with little visibility and less removal. “Access creep” is one of the most...
Keep It Real 3: Software Updates, The Patch You Didn’t Apply
We tend to picture cyber breaches as sophisticated attacks beating sophisticated defences. In reality many breaches exploit something simpler such as a known vulnerability with a fix that was never applied. Patching is one of the most basic and effective security...
Talk to us today
Get In Touch
