UK ends push to force Apple to create iCloud backdoor for US citizens’ data after US opposition
Introduction
For months, the UK government attempted to compel Apple to create a technical “backdoor” that would have granted British authorities access to encrypted iCloud data – including files belonging to US citizens. The UK issued a secret legal notice in January 2025 under the Investigatory Powers Act (IPA), requiring Apple to modify its encryption so law enforcement could access protected user data, even for non-UK residents.
Apple responded by disabling its Advanced Data Protection (ADP) feature for UK customers, a specialized tool for encrypting data in such a way that even Apple couldn’t access it. However, following intense diplomatic pressure from the United States, including direct involvement from President Donald Trump and Vice President JD Vance, the UK has now withdrawn its demand.
The US Director of National Intelligence, Tulsi Gabbard, has confirmed the UK’s retreat, stating the decision protects Americans’ civil liberties and upholds the longstanding principle that neither country should force tech companies to undermine each other’s citizens’ privacy.
Key takeaways
- The UK government secretly ordered Apple to create a backdoor for encrypted iCloud data, affecting users globally, including US citizens.
- Apple resisted, disabling its strongest encryption feature (ADP) for UK users rather than comply.
- The US government intervened, leading to the UK dropping its demand after high-level diplomatic talks.
- This reversal highlights ongoing tensions between national security demands and global digital privacy rights.
What did the UK Government demand from Apple?
Why did the UK demand a backdoor?
The UK’s Home Office issued a Technical Capability Notice (TCN) in January 2025 under the IPA. This legal instrument allowed the government to require companies to alter their systems for law enforcement or intelligence purposes.
The notice specifically targeted Apple’s end-to-end encrypted iCloud backups, seeking a way for authorities to access data – even if the user was not a UK resident. The order was kept secret until Apple’s public appeal and subsequent media coverage brought it to light.
How did Apple respond?
Apple strongly opposed the UK’s demand. The company emphasized that it has “never built a backdoor or master key to any of our products or services, and we never will.”
Rather than comply, Apple withdrew its ADP feature from the UK in February 2025, meaning British users lost access to its highest level of cloud encryption. Apple also began legal proceedings to challenge the order’s legality, arguing that creating such a vulnerability would endanger user privacy worldwide.
US Government steps in
Why did the US object?
The US government viewed the UK’s demand as a direct threat to the privacy and civil liberties of American citizens. Under the CLOUD Act, the US and UK have agreed not to force tech companies to hand over each other’s citizens’ data without proper legal process and oversight.
US officials, including Director of National Intelligence Tulsi Gabbard, warned that complying with the UK’s order would set a dangerous precedent that would encroach on US citizens’ civil liberties.
Diplomatic pressure and resolution
High-level talks between the US and UK, involving President Trump, Vice President Vance, and Prime Minister Keir Starmer, culminated in the UK agreeing to withdraw its backdoor demand. Gabbard publicly announced the UK’s reversal on social media, crediting months of negotiations for protecting Americans’ encrypted data from foreign government access.
The UK government has not officially commented on the outcome, but sources indicate the diplomatic pressure left London with little choice but to back down.
What does this mean for user privacy?
Implications for encryption and privacy
The episode underscores the fragile balance between national security and individual privacy in the digital age. Privacy advocates and security experts warn that any backdoor, even if created for lawful purposes, could be exploited by malicious actors.
The UK’s retreat is a victory for privacy rights, but the legal framework allowing such demands remains in place, leaving the door open for future conflicts.
What happens next for UK Apple users?
It is unclear whether Apple will restore ADP for UK customers now that the backdoor demand has been dropped. The company’s legal challenge may still proceed, and privacy campaigners continue to call for reforms to UK surveillance laws to prevent similar demands in the future.
For now, the immediate threat to global encryption standards has been averted, but the debate over government access to private data is far from over.
Conclusion
The UK’s attempt to force Apple to create a backdoor into iCloud data, potentially affecting millions of users worldwide, has ended in retreat after sustained US diplomatic pressure. This case highlights the complex interplay between national security, international law, and the right to privacy in an interconnected world.
While the immediate crisis has passed, the underlying legal and ethical issues remain unresolved.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
Panda Free Antivitus
FREE TECHNICAL SUPPORT
