Apple has confirmed that it can no longer offer its Advanced Data Protection (ADP) in the United Kingdom.

After news emerged at the start of February about an order from UK government which requires “blanket capability to view fully encrypted material.,” Apple has said that ADP will continue to be offered elsewhere globally, but it said “new users and current UK users will eventually need to disable this security feature.”

Decrypted
In a statement sent to SC UK, an Apple spokesperson said: “ADP protects iCloud data with end-to-end encryption, which means the data can only be decrypted by the user who owns it, and only on their trusted devices. We are gravely disappointed that the protections provided by ADP will not be available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy.”

The spokesperson said that enhancing the security of cloud storage with end-to-end encryption is more urgent than ever before, and Apple remains committed to offering its users the highest level of security for their personal data, and it is hopeful that it will be able to do so in the future in the United Kingdom.

“As we have said many times before, we have never built a backdoor or master key to any of our products or services and we never will.”

Additional Guidance

Apple said that it will provide additional guidance for those users currently using ADP, and it is unable to automatically disable ADP for users. Also any UK-based users who have not already enabled ADP now no longer have the option to, as 

Users in the UK who have not already enabled Advanced Data Protection will no longer have the option to do so. 

According to the Washington Post, the office of the Home Secretary served Apple with a technical capability notice, ordering it to provide access under the sweeping Investigatory Powers Act of 2016, which authorises law enforcement to compel assistance from companies when needed to collect evidence.

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.