What Apple's encryption feature being axed means for YOU

by · Mail Online

Apple has confirmed it is withdrawing a key data protection feature following the government's demands to access the data but what does that mean for you?

Advanced Data Protection (ADP) protects data stored on the iCloud with end-to-end encryption, which means the data can only be seen by the user who owns it, and only on their trusted devices.

Until now, this has meant that no one else can access your data - not even Apple and this data remains secure even in the case of a data breach in the cloud.

However, Apple has now removed ADP as a feature for new users in the UK, in response to a request from the Government.

Earlier this month, the Government demanded access to encrypted data stored by Apple users in its cloud service.

The demand was served by the Home Office under the Investigatory Powers Act (IPA), which compels firms to provide information to law enforcement agencies.

At the time, Apple declined to comment, but pointed out on its website that it views privacy as a 'fundamental human right'.

If you use an iPhone, here's what the change means for you and your private data.

Apple has now removed ADP as a feature for new users in the UK, in response to a request earlier this month from the Government
Advanced Data Protection (ADP) protects data stored in iCloud with end-to-end encryption, which means the data can only be seen by the user who owns it

What is Advanced Data Protection? 

Advanced Data Protection (ADP) is Apple's highest level of cloud data security, and is designed to protect your data using end-to-end encryption.

For years, Apple has promoted the privacy settings it provides its users as standard, as well as offering users an additional, opt-in, Advanced Data Protection tool to fully encrypt a wider range of their data in its iCloud service. 

It means that only account holders can view items such as photos or documents they have stored online through a process known as end-to-end encryption.

Until now, no one else can access your data - not even Apple, and this data remains secure even in the case of a data breach in the cloud.

What does this mean for iPhone users? 

Thankfully, for most iPhone users not much will change as ADP was used only by those who opted to use it. 

The removal will not affect the 14 iCloud data categories that are end-to-end encrypted by default.

This includes data that can be saved to the cloud, and are encrypted globally and in the UK.

The removal will not affect the 14 iCloud data categories that are end-to-end encrypted by default

This includes data like iCloud Keychain and Health, as well as communication services like iMessage and FaceTime.

However, nine iCloud categories will now only be protected by Standard Data Protection, with no option for end-to-end encryption.

These nine categories are iCloud Backup, iCloud Drive, Photos, Notes, Reminders, Safari Bookmarks, Siri Shortcuts, Voice Memos, Wallet Passes, and Freeform.

Jake Moore, Global Cybersecurity Advisor at ESET, said that the change raises 'enormous concerns regarding user privacy and data security.'

'Apple's decision raises enormous concerns regarding user privacy and data security whilst marking a huge step backwards in the protection of privacy online,' he warned.

'Creating a backdoor for ethical reasons means it will inevitably only be a matter of time before threat actors also find a way in'.

Why does the government want to remove ADP? 

The Government made the request under the Investigatory Powers Act 2016, which applies to any company with a UK market to force the tech giant to break its own encryption systems and allow security services easier access such data.

Security services have argued for some time that end-to-end encryption has been used by criminals to hamper their efforts to catch them

At the time, Apple declined to comment, but pointed out on its website that it views privacy as a 'fundamental human right'. 

However, rather than comply and create a backdoor for the government Apple opted to withdraw ADP from the UK instead. 

Security services have argued for some time that end-to-end encryption has been used by criminals to hamper their efforts to catch them.

The encryption makes it easier for users to hide their online activities which the government has argued is being used by terrorists and child abusers.

Rani Govender, Policy Manager for Child Safety Online at the NSPCC, said: 'We know that end-to-end encryption allows offenders to groom and manipulate children and build communities where they can share vile child sexual abuse material without detection.

'As Apple change their approach to encryption on their services, they must take this opportunity to ensure that they are considering other measures they can put in place to better protect children.

'All tech companies should be finding ways to tackle online risks to children whilst upholding privacy of their users, and Ofcom and Government should hold them accountable for doing so.'

What has Apple said?

In a statement, Apple said: 'Apple can no longer offer Advanced Data Protection (ADP) in the United Kingdom to new users and current UK users will eventually need to disable this security feature.

Apple CEO, Tim Cook

'ADP protects iCloud data with end-to-end encryption, which means the data can only be decrypted by the user who owns it, and only on their trusted devices.

'We are gravely disappointed that the protections provided by ADP will not be available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy.

'Enhancing the security of cloud storage with end-to-end encryption is more urgent than ever before. Apple remains committed to offering our users the highest level of security for their personal data and are hopeful that we will be able to do so in the future in the United Kingdom.

 'As we have said many times before, we have never built a backdoor or master key to any of our products or services and we never will.'