iCloud: Abrupt end for extended end-to-end encryption in the UK
British iPhone users can no longer fully encrypt iCloud data. This is Apple's response to the attempt to force a backdoor.
(Image: nikkimeel/Shutterstock.com)
Apple is making good on its threat to the UK: iCloud will no longer allow British customers to activate advanced end-to-end encryption, the company announced on Friday. This means that important data such as iCloud backups, iMessage chats and photos can no longer be fully encrypted there.
Apple is apparently reacting to the fact that a backdoor for iCloud has been demanded in the UK: According to media reports, the government has instructed the company in a secret order to create corresponding access options to such data, which was previously properly protected by end-to-end encryption.
Apple: A clear no to backdoors
"We have repeatedly emphasized in the past that we have never created a backdoor or master key to any of our products or services, and we never will," Apple emphasized in a statement. It is "more urgent than ever" to protect data stored in the cloud with end-to-end encryption. The company hopes to be able to offer the function again in the UK "in the future".
iCloud data such as iPhone backups are encrypted by default, but not secured by end-to-end encryption. This means that Apple can decrypt this data and sometimes even disclose it to law enforcement agencies. As an option, iCloud users can activate "extended data protection"; encryption is then linked to the device code, which is only known to the user – Apple can no longer decrypt the data (and can no longer help with recovery if the device code is forgotten).
Videos by heise
UK users must switch off end-to-end encryption
This "enhanced data protection" can no longer be reactivated in the UK from Friday. British users who have already switched this on will apparently have to switch it off manually in the near future if they want to continue using iCloud. Apple cannot automatically turn off the function for existing users, it is said.
Particularly sensitive data such as passwords and health data synchronized via iCloud will remain protected by end-to-end encryption – also in the UK. For iCloud users in other regions, the option to activate extended data protection will also remain available.
The extended Investigatory Powers Act makes it possible for the UK to send such orders to providers of services with end-to-end encryption. The media reports on the secret order issued to Apple caused a considerable stir –, including internationally, as such a backdoor would also enable global access to encrypted data. Civil rights activists and security researchers warned of an "unprecedented attack", while political resistance also arose in the USA.
(lbe)
