The Spy Who Wouldn’t: UK Backs off on iCloud Snooping

The British government will withdraw its demand to have access to Apple users’ encrypted iCloud data, according to US Director of Intelligence Tulsi Gabbard.

Gabbard said in a post on X that the UK had dropped its plans to force Apple and other tech firms to provide backdoor access “to the protected encrypted data of American citizens and encroached on our civil liberties.”

The intelligence director added that this ensures that “Americans’ private data remains private and our Constitutional rights and civil liberties are protected.”

This Limited-Time Microsoft Office Deal Gets You Lifetime Access for Just $39

Sick and tired of subscriptions? Get a lifetime license for Microsoft Office Home and Business 2021 at a great price!

The Financial Times reports that its sources tell it that while the UK has agreed to rescind the order, it has not yet been formally withdrawn. The BBC reports that Apple has not received any formal communication from the US or the UK government.

Earlier this year, we reported that UK security officials were demanding that Apple provide backdoor access to all content stored in iCloud by Apple users, not only in the UK, but worldwide. The demand came via the UK’s Investigatory Powers Act (IPA). This was unprecedented, coming as it did from a so-called “free” country’s government. While several countries have demanded that Apple provide a backdoor to access users’ encrypted data, these demands have been limited to accessing data within a specific country, not globally.

The controversial UK order required Apple to bestow blanket access to all encrypted materials, not merely a specific user’s account. The IPA also makes it illegal for companies to disclose the existence of government demands for the data. It would have required Apple to provide access to data from users outside the UK without their governments’ knowledge. This is what caused the US government to put pressure on the UK government to stand down from the demand.

If Apple had complied, it would have been a significant defeat for user privacy and would have established a precedent allowing governments worldwide to use companies like Apple and Google as privacy-shattering weapons against their citizens.

Apple responded by pulling the plug entirely on its Advanced Data Protection feature for users in the United Kingdom, rather than compromising its security standards. Users attempting to enable ADP in the UK now see a banner that reads, “Apple can no longer offer Advanced Data Protection (ADP) in the United Kingdom to new users.”

While the British government had sought to keep the case details confidential, this effort failed when Apple filed a legal appeal against the order, which meant the UK Home Office could no longer keep the details of the demand from the general public.

In July, iDrop News reported that the UK government was indeed planning to withdraw its demands when “two senior British officials” told the Financial Times that the Home Office will “probably have to retreat in the face of pressure from senior leaders in Washington.”

One of the officials said the UK Home Office had “its back against the wall,” and was “working on a way around it now,” suggesting that UK security officials were trying to figure out a way to back off from its demands, without looking like it was backing off from its demands.

Whether or not UK officials were successful in not looking like they were backing down (they weren’t), it now appears they will withdraw their demands to have access to Apple users’ encrypted iCloud data.