The UK government has demanded to be able to access encrypted data stored by Apple users worldwide in its cloud service.
The news was first reported by the Washington Post quoting sources familiar with the matter, and the has spoken to similar contacts.
Legally, the notice, served by the Home Office under the Investigatory Powers Act, cannot be made public, and Apple declined to comment.
The Home Office said: “We do not comment on operational matters, including for example confirming or denying the existence of any such notices.”
The notice applies to all content stored using Apple’s Advanced Data Protection (ADP), which encrypts the data meaning that Apple itself cannot see it.
It is an opt-in service and not all users choose to activate it.
If they lose access to their account, the added encryption means there is no way of retrieving any of their data.
The firm has previously said it would pull security services from the UK market rather than comply with any government demands to weaken them by creating so-called “back doors” to grant the authorities access to user data on demand.
Cyber security experts agree that once such an entry point is in place, it is only a matter of time before bad actors also discover it.
And withdrawing the product from the UK might not be enough to ensure compliance – the Investigatory Powers Act applies worldwide to any tech firm with a UK market, even if they are not based in Britain.
The tech giant can appeal against the government’s demand but cannot delay implementing the ruling during the process even if it is eventually overturned, according to the legislation.
The government argues that encryption enables criminals to hide more easily, and the FBI in the US has also been critical of the ADP tool.
Professor Alan Woodward, cyber security expert from Surrey University, said he was “stunned” by the news, and privacy campaigners Big Brother Watch described the reports as “troubling”.
“This misguided attempt at tackling crime and terrorism will not make the UK safer, but it will erode the fundamental rights and civil liberties of the entire population,” the group said in a statement.
UK children’s charity the NSPCC has previously described encryption as being on the front line of child abuse because it enables abusers to share hidden content.
But Apple says that privacy for its customers is at the heart of all its products and services.
In 2024 the company contested proposed changes to the Investigatory Powers Act, calling it an “unprecedented overreach” of a government.
The changes also included giving the government the power to veto new security measures before they were implemented. They were passed into law.
“The main issue that comes from such powers being exercised is that it’s unlikely to result in the outcome they want,” said Lisa Forte, cyber security expert from Red Goat.
“Criminals and terrorists will just pivot to other platforms and techniques to avoid incrimination. So it’s the average, law abiding citizen who suffers by losing their privacy.”
