The UK government forced the removal of how Apple customers protect their data. Apple recently removed a lesser known, but valuable, feature from iPhones and iPads in the UK, the ability to add enhanced encryption to your data. Let's start by clarifying what this means. Your data is still very much protected and encrypted. The removal of Advanced Data Protection means that Apple holds the keys to your encrypted data and can therefore decrypt that data and view it.
When we're talking about data and encryption it all gets complicated very quickly, so let's break it down.
What is Advanced Data Protection (ADP)?
There's two versions of data security with Apple products, Standard Data Protection (SDP) and Advanced Data Protection (ADP). Everyone gets SDP out of the box, this means core services such as messages, passwords, health and payment information are end-to-end encrypted but other services including photos, notes, files and reminders aren't.
The major difference between SDP and ADP is end-to-end encryption. With SDP your data is encrypted on your iPhone/iPad, over the internet and on Apple's servers, but Apple keeps a copy of the keys and can use those keys to decrypt and view the data.
With ADP your data is end-to-end encrypted, i.e its encrypted everywhere and only your devices have the keys to unlock it, Apple can't unencryupt the data. The danger with end-to-end encryption is that if you lose those keys, there's no way of getting your data back, but if Apple has a cpy of them then you can recover your data. It's a trade off and the reason why ADP isn't enabled by default.
Think of SDP as giving your neighbour a key to your house. They'll probably never use it, but if you lose your key then you can ask your neighbour for their key and get back in. With ADP your neighbour doesn't have a key, therefore if you lose yours then you're locked out for good.
UK Government asks for a backdoor
In 2024, it was leaked that the UK government had asked Apple to add a 'back door' to its services. This was supposed to allow intelligence and law enforcement services access to data to counter threats to the UK. Apple refused and not for the first time. They famously refused to unlock an iPhone from a suspected criminal that the FBI were investigating. Apple have a very strong position on privacy, it's one of their major selling points and something that has caused them a little bit of a headache over the years.
In theory the UK's request to allow access to data, for suspected and known criminals makes sense, however it's never as simple as that. Any door you create in your security is one that can and will be kicked down. If you allow 'good' actors access to it then you can bet the 'bad' ones are also knocking on the door. It's naive to think that you can create an entry point that only trusted people will access and use responsibly.
Apple stoped people in the UK from signing up to ADP at 3pm on 21st Feb and existing ADP users will see their data converted back to SDP in the next few weeks.
We have lost the choice to protect our data. This is a massive shot in the foot for the UK and one that will have far more impact politically than it will on the individual user. In theory Apple can now decrypt mine, and your, data if the UK government requests it. Yes, they will need a legal basis to do this but that's not massively difficult to attain.
Data security is a difficult balance of trying to provide privacy whilst protecting others and the country. It's the naivety of the government that has most frustrated me, that it somehow thinks they could have quietly requested this major change exclusively for the UK without anyone else noticing. Surely they knew this was going to get out at some point? You can't make such a big change as this for one country without someone noticing.
Apple have played this pretty well, they made a song and dance about it. They could have quietly added some kind of back door to iOS and iPadOS and move on but they didn't, they shouted from the roof tops about it. They could have prevented anyone from signing up to ADP and just notify existing users to minimise any push back, but again they didn't. They released a press statement that expressed their regret at having to do this, and without directly mentioning the UK government, positioned the UK as the ones at fault here. They made sure, you know that Apple doesn't want this to happen and that it's a stupid idea.
We're living in a time where data privacy is more important than ever and consumers need protecting to make sure data doesn't get into the wrong hands.
The UK government should rescind the request and get Apple to add ADP back for UK customers. As a customer, I'm annoyed, irritated and frustrated at the short sightedness of it all. If law enforcement need access to peoples information for national security then find another way, don't compromise millions of peoples data for the sake of the few bad actors. As Ryan Holiday says in his book The Obstacle Is the Way, so find a solution that overcomes it without impacting millions of people.