Blog / Apple Bows to Pressure: UK Government Forces End-to-End Encryption Removal for iCloud Service

2025-02-25

In a world where digital communication and cloud services dominate our daily lives, protecting personal data is crucial. Many companies promise secure encryption, but recent events show that this protection is often insufficient or compromised by government mandates.

Apple Complies with UK Government Demand

Apple has announced that it will no longer offer its “Advanced Data Protection” (ADP) service, which provides enhanced end-to-end encryption for iCloud data, in the United Kingdom. This decision follows an order from the UK government under the “Investigatory Powers Act” of 2016, which requires Apple to provide access to encrypted user data.

Rather than implementing a direct backdoor for the government, Apple has chosen to make ADP unavailable to UK users. This means that files stored in iCloud, iMessage chats, and photos will no longer be protected with the highest available encryption standard. Apple has justified this step as a necessary response to legal requirements—highlighting that even major tech corporations cannot escape regulatory pressure.

In an official statement, Apple reiterated that the company has “never created a backdoor or a master key to any of our products or services […].” Similar measures are not planned for the future. Furthermore, Apple emphasized that it is “more urgent than ever” to secure cloud files with end-to-end encryption. The company hopes to reintroduce the feature in the UK in the future.

Existing users in the UK must now disable end-to-end encryption, while new users will no longer be able to enable the feature. Apple itself cannot deactivate the encryption, as doing so would contradict the principles of end-to-end security. However, certain cloud services such as passwords, health data, and payment information will remain end-to-end encrypted.

This development sends a strong signal: Those who want to keep their data truly private should not rely solely on cloud providers’ promises but instead take independent action.

Why You Should Take Data Encryption Into Your Own Hands

The Apple case demonstrates that even well-intentioned security measures can be quickly undermined. The implications of such government demands are far-reaching:

  • Provider Access to Data: Apple may be forced to make further concessions regarding data security in the future.
  • Apple Sets a Precedent: The UK may be a single case for now, but other governments could follow suit with similar demands.
  • Data Breaches and Hacks: Even if a provider does not introduce intentional backdoors, new infrastructure requirements can create unintended vulnerabilities.

To mitigate these risks, users should take responsibility for encrypting their data before uploading it to the cloud.

Practical Steps for Your Own Encryption

  • Encrypt Data Before Uploading: Tools like Cryptomator consistently use end-to-end encryption, securing your files locally before they are uploaded to the cloud. This ensures that you retain control over your data—even if your cloud provider no longer offers end-to-end encryption, as is now the case with iCloud in the UK.
  • Use Trusted Open-Source Software: Open-source programs like Cryptomator allow independent security audits and offer transparency that proprietary software often lacks.
  • Regular Updates and Security Checks: Keep your software up to date and conduct regular backups to prevent security vulnerabilities.

The Political Dimension: Data Privacy Under Siege

The UK government’s demands on Apple are not an isolated case. Governments worldwide are attempting to weaken encrypted communication:

  • The EU and Client-Side Scanning: The European Commission is discussing “client-side scanning” (CSS), where content is analyzed on user devices before being encrypted. This could pave the way for widespread surveillance.
  • The US and the FBI: In the United States, the FBI has long pushed for access to encrypted devices and cloud services. Such “backdoors” could be exploited not only by authorities but also by cybercriminals and authoritarian regimes. Recent reports indicate that the FBI has intensified its warnings about security vulnerabilities in iPhones and Android devices, emphasizing the need for greater control over encryption to combat emerging cyber threats.
  • Australia and the Decryption Law: Australia’s “Telecommunications and Other Legislation Amendment (Assistance and Access) Act” requires companies to provide technical solutions for decryption upon government request. This law could set a global precedent for weakened security standards.

Conclusion: Personal Responsibility is the Best Protection

These recent developments make it clear that users should not blindly trust cloud providers’ security promises. Taking responsibility for your own encryption is the only way to ensure that private data remains truly private.

With the right tools and methods, anyone can effectively protect their data from unauthorized access—and reclaim a piece of digital sovereignty.