Sunday, May 25, 2025
HomeCyber AttackUK Pressures Apple to Create Global Backdoor To Spy on Encrypted iCloud...

UK Pressures Apple to Create Global Backdoor To Spy on Encrypted iCloud Access

Published on

SIEM as a Service

Follow Us on Google News

United Kingdom has reportedly ordered Apple to create a backdoor allowing access to all encrypted content stored in its iCloud service.

The demand, issued under the U.K.’s controversial Investigatory Powers Act of 2016, has raised alarm among privacy advocates and tech experts.

If implemented, this order would allow British authorities to bypass encryption protections not only for U.K. users but also for Apple customers worldwide.

- Advertisement - Google News

The Home Office said Thursday that its policy was not to discuss any technical demands.

“We do not comment on operational matters, including for example confirming or denying the existence of any such notices,” a spokesman said.

Unprecedented Scope of Access

Unlike previous government requests targeting specific accounts, the U.K.’s order seeks blanket access to fully encrypted material.

This approach is unprecedented among major democracies and could set a global precedent for undermining encryption.

Experts warn that such a demand could weaken user trust in technology companies and expose sensitive data to potential misuse.

Apple, which has long positioned itself as a champion of user privacy, is reportedly considering withdrawing its encrypted storage services from the U.K. rather than compromising its security promises globally.

However, this move would not satisfy the U.K.’s demand for access to encrypted data stored in other countries, including the United States.

The order was delivered through a “technical capability notice,” a legal instrument under the Investigatory Powers Act often criticized as the “Snoopers’ Charter.”

“The British government’s undisclosed order, issued last month, requires blanket capability to view fully encrypted material, not merely assistance in cracking a specific account, and has no known precedent in major democracies.” Washington Post reported.

The law allows the government to compel companies to assist in surveillance efforts while prohibiting them from disclosing such demands.

 “The person deemed it shocking that the U.K. government was demanding Apple’s help to spy on non-British users without their governments’ knowledge”

Apple can appeal the notice to a secret technical panel and a judge, but it must comply with the order during the appeal process.

In March 2022, Apple had warned Parliament about the potential global ramifications of such demands.

It argued that forcing companies to weaken encryption could violate international privacy laws, including rulings by the European Court of Human Rights.

Global Reactions and Concerns

The U.K.’s move has drawn sharp criticism from privacy advocates and technologists worldwide.

If the UK gains access to encrypted data, other countries like China, which have allowed encrypted storage, might demand the same backdoor access. This could push Apple to shut down the service altogether rather than comply.

Meredith Whittaker, president of encrypted messaging service Signal, described it as “a shocking move” that could position the U.K. as a “tech pariah.”

U.S. Senator Ron Wyden called on American officials to dissuade Britain from enforcing such measures, warning of disastrous consequences for privacy and national security.

Critics argue that backdoors intended for law enforcement can be exploited by criminals and authoritarian regimes.

They also highlight the potential ripple effect: if the U.K. secures access to encrypted data, other countries like China may demand similar concessions from tech companies.

Apple’s Advanced Data Protection feature, introduced in 2022, offers end-to-end encryption for iCloud storage a level of security that even Apple cannot bypass.

While most users do not enable this feature, it provides enhanced protection against hacking and unauthorized access. Apple has resisted similar demands in the past, including objections from the FBI during Donald Trump’s presidency.

Other tech giants like Google and Meta have also implemented strong encryption measures but have so far avoided similar legal confrontations.

Google stated that it has not been able to access Android backups due to default encryption since 2018, while Meta has maintained that it will not weaken its encryption architecture for government requests.

The battle over encryption highlights a growing tension between governments’ desire for surveillance capabilities and individuals’ right to privacy.

Law enforcement agencies argue that encryption hampers their ability to investigate serious crimes like terrorism and child exploitation. However, privacy advocates counter that weakening encryption creates vulnerabilities that jeopardize cybersecurity on a global scale.

As this debate unfolds, Apple’s response to the U.K.’s demands could set a critical precedent for how tech companies navigate government pressure while upholding user privacy.

The outcome may also influence international norms around encryption and digital rights in an increasingly interconnected world.

Find this Story Interesting! Follow us on Google NewsLinkedIn, and X to Get More Instant Updates

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to...

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code...

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager...

Hackers Target macOS Users with Fake Ledger Apps to Deploy Malware

Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to...

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code...

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager...