trueNetLab ⚡️
Britain's Surveillance Policy Forces Apple to Abandon Encryption

Britain's Surveillance Policy Forces Apple to Abandon Encryption


The digital world is once again facing a fundamental debate between privacy protection and government surveillance—and the United Kingdom is currently the scene of a decisive clash. At the heart of it lies Apple’s controversial decision to drop end-to-end encryption for British iCloud users under pressure from the government.
As a Brit by birth, I view this development with great concern. Although I now live in Dubai and am not directly affected, I find state-mandated “backdoors” fundamentally problematic and dangerous.

Meta: The UK is forcing Apple to abandon end-to-end encryption for iCloud—a pivotal moment for privacy and digital security worldwide.

Background to the decision: pressure from UK law

In February 2025 Apple announced that its “Advanced Data Protection” (ADP)—full end-to-end encryption for iCloud data—would no longer be offered in the United Kingdom. The trigger was an order from British authorities invoking the Investigatory Powers Act (IPA), better known as the “Snoopers’ Charter” (Reuters report).

This order forced Apple either to build in a technical backdoor or—Apple’s eventual choice—to disable ADP entirely, so as not to undermine the integrity of its system.

Technically this means iCloud backups in the UK can no longer be safeguarded at the higher security level, making users’ data in principle more accessible.

How does end-to-end encryption work?

End-to-end encryption ensures that data in transit or at rest can be read only by the authorised endpoints—neither the service provider nor third parties can access its contents.
In practice this is usually achieved with public-key cryptography. Sender and recipient each own unique cryptographic keys: a message is encrypted with a public key and can be decrypted only with the matching private key. Even if the data are intercepted in transit or stored on servers, they remain unreadable without the correct key.
In plain terms, when iCloud data are end-to-end encrypted, not even Apple can decipher them—not even under a government order, because Apple itself does not hold the decryption keys. This offers strong protection against unauthorised access: even in the event of data leaks or a server hack, end-to-end-encrypted information remains useless to attackers because they cannot read it.

Why is Apple weakening encryption?

In an official statement Apple stressed that it has never built—and never will build—a backdoor or master key into its products or services. Nonetheless the company was compelled to deactivate enhanced data protection for iCloud backups in the UK. Highly sensitive data such as passwords synced via iCloud Keychain and health data will, however, remain end-to-end encrypted. This shows Apple has not capitulated completely but has instead sought a middle ground between political pressure and technical integrity.

It’s worth noting that many users have never enabled Advanced Data Protection for iCloud at all. The option arrived via an OS update but is not activated by default. Who actually enables it apart from technicians like me?

The Investigatory Powers Act (IPA): political pressure on companies

This development is a direct consequence of the expanded Investigatory Powers Act, the “Snoopers’ Charter,” which allows the UK government to issue secret orders to tech companies. The demand on Apple came under this law, which makes it easier for law-enforcement agencies to access digital communications.

Apple had warned publicly a year earlier that the IPA could endanger user security worldwide. The UK government not only sought access to British iCloud accounts but also wanted the technical ability to access all iCloud backups globally. This provoked international protest, especially from the United States, where critics argued the move might violate existing UK-US agreements.

Even more worrying, the IPA does not target Apple alone. There are signs that other encrypted-service providers such as WhatsApp, Signal or Threema could also be pressured. That would further erode privacy for millions of users and shows the battle against encryption is not confined to the UK.

Apple’s move in the UK: what was switched off?

With Advanced Data Protection Apple offered the option to encrypt many iCloud data types fully end-to-end. Under ADP, iPhone backups, photos and notes were protected so that not even Apple itself could access them in clear text. Under pressure from the UK government Apple has now disabled this feature for users in Britain. New iCloud users in the UK can no longer turn ADP on, and existing users will be prompted to switch it off. Apple calls this a “deeply disappointing” step, stressing it had to comply with legal requirements (Apple can no longer offer Advanced Data Protection in the United Kingdom to new users – Apple Support). Without ADP, Apple can once again access user data stored in the cloud and hand it over to authorities under lawful demand.

The change primarily affects the additional data categories protected by ADP. While 14 iCloud data types (such as iCloud Keychain for passwords or health data) remain end-to-end encrypted by default, other areas now revert to the less stringent Standard Data Protection. According to Apple, UK users can no longer end-to-end encrypt these nine iCloud data categories:

  • iCloud Backup (device backups and saved iMessage histories)
  • iCloud Drive (documents stored in the cloud)
  • Photos (iCloud Photo Library)
  • Notes
  • Reminders
  • Safari Bookmarks
  • Siri Shortcuts
  • Voice Memos
  • Wallet passes and Freeform content

These data are now stored only with server-side encryption without an exclusive user key—meaning Apple retains access. Services like iMessage and FaceTime remain end-to-end encrypted, but once iMessage chats land in an unencrypted iCloud backup they could, in theory, be viewed via Apple. In short, Apple has rolled back its most secure cloud-encryption level in the UK. Security researchers call this a setback for user data security. Turning off ADP forces British customers to forgo a key safeguard that protected them from both state surveillance and cyber-criminals.

What does this mean for users?

The consequences are serious:

  • iCloud backups can now be requested by law-enforcement or other state agencies.
  • Anyone relying on Apple’s enhanced data protection can no longer activate it in the UK.
  • iMessage chats may be indirectly compromised via iCloud backups, since backups include either the messages or the keys.
  • The decision could serve as a template for other countries to make similar demands of Apple and other tech firms.
  • UK users who had already enabled enhanced data protection will soon have to turn it off if they wish to keep using iCloud.
  • Users worldwide may wonder whether Apple will act similarly elsewhere if government pressure increases.

Which data are now vulnerable?

The above-mentioned iCloud contents are now especially exposed to unwanted access. iCloud backups are considered particularly sensitive: they contain complete device snapshots—including chat histories, photos, contacts and app data. Without ADP, law-enforcement agencies have long been able to find copies of iMessage conversations in such backups because these messages are not end-to-end encrypted by default—something Apple itself noted and sought to fix with ADP. By disabling ADP, these backups in the UK remain accessible. Apple can now decrypt and hand over data from iCloud backups, given a legal order. Thus private photos, documents, notes and voice memos of UK users are, in principle, retrievable by authorities if a court warrant is issued.

From an IT-security perspective this is alarming: the same weakening can also be exploited by criminals and hackers. Experts warn that any intentionally created backdoor will sooner or later be discovered and abused by malicious actors. Andrew Crocker of the Electronic Frontier Foundation criticised that Apple’s decision leaves British users “at the mercy of bad actors” and deprives them of a vital privacy technology. Without end-to-end protection, data are not only accessible to authorities but could also be stolen in clear text through insider abuse, server vulnerabilities or mass surveillance—an increased risk of personal information falling into the wrong hands.

USA: reaction from the Trump administration

Britain’s secret demand that Apple build a backdoor into iCloud has caused significant upset in Washington. US President Donald Trump sharply criticised the British government’s approach and compared it to authoritarian regimes such as China. In an interview with the British political magazine The Spectator Trump said he had made it clear to UK Prime Minister Keir Starmer that such a measure was unacceptable.

Apple had received a secret order under the contentious Investigatory Powers Act in early February. Until mid-March 2025 Apple was barred from even acknowledging the order’s existence; after a decision by the Investigatory Powers Tribunal the mere fact of ongoing proceedings is now public.

The 2016 Apple-FBI case

The US is hardly squeaky clean on privacy either—PRISM scandal aside. In the 2016 Apple–FBI case the FBI, investigating the San Bernardino terror attack, demanded that Apple create special software to bypass the security features of an iPhone 5c belonging to one of the attackers. The FBI argued the move was necessary to secure vital evidence, while Apple refused, stating such a measure would open a backdoor and compromise user security and privacy. The bureau eventually unlocked the phone via a third-party, dropping its immediate demand of Apple.

Raised at a White House meeting

The issue has also been discussed diplomatically. Trump recently hosted Prime Minister Keir Starmer at the White House to talk about Ukraine and a bilateral trade deal, and confronted Starmer directly about Britain’s demand of Apple. The Spectator, once edited by former Prime Minister Boris Johnson, reports the topic continues to stir controversy within UK Conservative circles.
The US government worries the British move could set a precedent encouraging other nations to make similar demands of tech companies.

Britain’s secret iCloud backdoor demand has drawn sharp criticism in the US. President Trump publicly condemned the UK government and likened its tactics to China’s authoritarian measures. In The Spectator interview he said he made clear to Starmer that such action was unacceptable.

The Trump administration is reviewing whether the UK’s approach violates bilateral agreements, notably the CLOUD Act Agreement, which forbids requesting data belonging to US persons without US government consent. If a violation is confirmed, diplomatic consequences may follow. Director of National Intelligence Tulsi Gabbard has tasked lawyers with the review. A preliminary assessment suggests a possible breach, meaning the UK may not demand data on US citizens without American approval.

What can users do?

There are few alternatives for users:

  • Stop using iCloud backups in the UK and create local backups instead.
  • Disable messenger iCloud backups for maximum protection—only then are iMessage or WhatsApp contents stored solely on the devices, not on Apple’s servers.
  • Use open-source messengers: apps such as Signal or Element offer strong end-to-end protection for chats and calls.
  • Where possible, opt for services that still provide robust end-to-end encryption.
  • Explore alternatives to Apple and Google cloud-services that are less susceptible to government interference.
  • Apply political pressure to reinforce privacy rights even in democratic states.
  • Use VPNs and secure communication services: the UK law targets stored data and messages, but hardening all your communication doesn’t hurt.

Latest developments (March 2025)

Suspected secret backdoor orders for Google as well (Technical Capability Notice, TCN)

  • According to heise online (18 March 2025) there is growing evidence that Google too has received a secret TCN under the Investigatory Powers Act. Both Apple and Google told US Senator Ron Wyden’s office they were not allowed to say whether they had received a TCN—a clear sign an order is in place.
  • TCNs compel companies to maintain the technical capability to make encrypted content accessible upon request. Recipients may publicly neither confirm nor deny their existence.

Apple sues over the secret order

  • Apple has filed an official complaint with the Investigatory Powers Tribunal (IPT) against the TCN, aiming to challenge the demanded backdoor as disproportionate and dangerous to data security.

Bipartisan pressure from the US

  • A bipartisan open letter from Senator Ron Wyden and four co-signatories urges the IPT to relax secrecy around TCNs at least for US companies, so their security experts can examine the technical requirements. The senators warn the enforced backdoors jeopardise US national security and erode free-speech and privacy rights.

Court strikes down secrecy over procedural details

  • In an interim ruling on 17 March 2025 the IPT rejected a Home Office motion: the existence of the case Apple v. Home Office and the parties’ names may now be made public. Substantive details remain sealed, but this is a partial victory for transparency and for Apple’s freedom to communicate.

Implications for this article:

  • The suspicion that Apple is not a one-off has been confirmed.
  • The legal dispute is no longer entirely secret; Apple may now at least confirm it is suing.
  • Users and observers can henceforth follow the case partly in the open.

Final words

This case once again shows that even democratic states are stepping up pressure on tech companies to weaken digital encryption and gain access to private data. Apple has chosen a pragmatic, least-bad path by disabling end-to-end encryption for British users. Yet the core problem does not lie with Apple but with political decisions in the UK—and likely soon elsewhere.

For users this is a clear warning: data in the cloud are not automatically safe. Encryption remains one of the few effective tools to protect digital privacy. At the same time, more and more people wonder how many companies might already have installed backdoors under political pressure.

Undoubtedly the topic is complex and the average user often feels overwhelmed. I myself live in a “tech bubble”—as do most of my close friends. That is precisely why I believe this discussion must be conducted openly and accessibly.

The disabling of end-to-end encryption for British iCloud users vividly illustrates the collision between state surveillance demands and digital privacy. Weakening encryption opens the door not only to authorities but potentially to other actors seeking sensitive data. The crucial question, therefore, is how much surveillance a democratic society can tolerate without putting its freedom at risk.

Users should protect their data more consciously while also becoming active citizens: stay informed, raise awareness and defend digital civil liberties. The UK precedent is a stark reminder that privacy is not a given. Security and privacy are not opposites but essential pillars of a functioning democracy—and they are worth fighting for.

Until next update, Joe

© 2025 trueNetLab