What just happened? Apple has caved to pressure from the UK government and scrapped its toughest encryption safeguards for new users nationwide. As of this week, new iPhone owners in the country are being stripped of Apple’s uber-secure “Advanced Data Protection” feature. Meanwhile, existing ADP users will have to disable the feature manually during an unspecified grace period.
The about-face comes after months of Apple pushing back against demands that it create a backdoor to allow government snooping on encrypted data. Rather than cave and risk compromising the integrity of its systems worldwide, Apple decided to simply yank the Advanced Data Protection option for new UK users.
Advanced Data Protection was Apple’s extra layer of security that encrypted synced iCloud content such as photos, notes, reminders, bookmarks, and iCloud backups in such a way that only users could access it on trusted devices. It was essentially end-to-end encryption that stored the keys on the user’s device instead of Apple.
This doesn’t mean that encryption has been entirely disabled. It’s merely being downgraded to standard encryption, which still keeps things safe in transit. The only difference this time is that it’s Apple holding the decryption keys.
This makes it easier for the UK authorities to request user data from Apple since the keys now lie with the company – a potentially dangerous scenario for users in the country.
However, Apple is clearly not waving the white flag just yet. Pulling the encryption feature entirely instead of building a backdoor is already a clear rebuke of the order. The company laid it out plainly in Friday’s statement: “we have never built a backdoor or master key to any of our products or services and we never will.”
For now, it appears that Apple is digging in its heels in this battle. That said, if the UK fully bends Apple to its will, it could set a precedent where other countries follow suit if their law enforcement agencies take issue with the company’s hardline security stance.
Of course, not everything is being thrown under the unencrypted bus. Bloomberg’s Mark Gurman reports that Apple is keeping end-to-end encryption in place for health data, passwords, Apple Pay info, iMessages, FaceTime calls, and more core iPhone services.
Still, Apple is clearly frustrated. The company says it’s “gravely disappointed” at not being able to provide the maximum level of protection in the face of “continuing rise of data breaches and other threats.”
Masthead credit: charlesdeluvio
