The UK government has demanded to be able to access encrypted data stored by Apple users worldwide in its cloud service.
Currently only the Apple account holder can access data stored in this way. The tech giant itself cannot view it.
Legally, the notice, served by the Home Office under the Investigatory Powers Act, cannot be made public, and Apple declined to comment.
The news was first reported by the Washington Post quoting sources familiar with the matter, and the BBC has spoken to similar contacts.
The Home Office said: “We do not comment on operational matters, including for example confirming or denying the existence of any such notices.”
The notice applies to all content stored using Apple’s Advanced Data Protection (ADP), which encrypts the data meaning that Apple itself cannot see it.
This is an opt-in service and not all users choose to activate it because if they lose access to their account for any reason, the added encryption means that there is no way to retrieve your photos, videos and other information saved that way.
But the government notice does not mean the authorities are suddenly going to start combing through everybody’s data.
They would still have to follow a legal process, have a good reason and request permission for a specific account in order to access data – just as they do now with unencrypted data.
Apple has previously said it would pull security services from the UK market rather than comply with any government demands to weaken them by creating so-called “back doors” to grant the authorities access to user data on demand.
Cyber security experts agree that once such an entry point is in place, it is only a matter of time before bad actors also discover it.
And withdrawing the product from the UK might not be enough to ensure compliance – the Investigatory Powers Act applies worldwide to any tech firm with a UK market, even if they are not based in Britain.
The tech giant can appeal against the government’s demand but cannot delay implementing the ruling during the process even if it is eventually overturned, according to the legislation.
The government argues that encryption enables criminals to hide more easily, and the FBI in the US has also been critical of the ADP tool.
Professor Alan Woodward, cyber security expert from Surrey University, said he was “stunned” by the news, and privacy campaigners Big Brother Watch described the reports as “troubling”.
“This misguided attempt at tackling crime and terrorism will not make the UK safer, but it will erode the fundamental rights and civil liberties of the entire population,” the group said in a statement.
UK children’s charity the NSPCC has previously described encryption as being on the front line of child abuse because it enables abusers to share hidden content.
But Apple says that privacy for its customers is at the heart of all its products and services.
In 2024 the company contested proposed changes to the Investigatory Powers Act, calling it an “unprecedented overreach” of a government.
The changes also included giving the government the power to veto new security measures before they were implemented. They were passed into law.
“The main issue that comes from such powers being exercised is that it’s unlikely to result in the outcome they want,” said Lisa Forte, cyber security expert from Red Goat.
“Criminals and terrorists will just pivot to other platforms and techniques to avoid incrimination. So it’s the average, law abiding citizen who suffers by losing their privacy.”
