Apple pulls data protection tool after UK government security row

Original Article ↗ Hacker News Discussion ↗

What Changed with Apple’s Advanced Data Protection (ADP)

  • ADP makes most iCloud data end‑to‑end encrypted so Apple cannot access it; without ADP Apple holds the keys and can comply with data warrants.
  • The UK used a “technical capability notice” under the Investigatory Powers Act to demand a mechanism to access encrypted iCloud data globally, not just for UK users.
  • Apple has stopped enabling ADP for UK-region accounts and says existing UK users will be forced to turn it off during a future grace period or lose iCloud account access. It claims it cannot disable ADP unilaterally.

Did Apple Cave or Take the Least-Bad Option?

  • One camp: Apple should have pulled iCloud or even exited the UK to force political backlash and set a stronger precedent. Disabling ADP is framed as capitulation and brand betrayal.
  • Another camp: any backdoor would have weakened security worldwide; limiting the damage to the UK market is seen as the only realistic, shareholder-compatible move.
  • Several note Apple has previously resisted US law-enforcement demands, but argue there’s a difference between fighting a single court order and defying a statute in a sovereign country.

UK Law, Surveillance, and Civil Liberties

  • Commenters highlight the Regulation of Investigatory Powers Act (compelled key disclosure), Investigatory Powers Act, border search powers, and arrests over online speech as part of a long UK surveillance trajectory.
  • Many fear the extraterritorial aspect: UK orders could potentially reach non‑UK users’ data.
  • Some argue this prioritizes law-enforcement convenience over systemic security, and will primarily harm ordinary users while serious criminals switch to independent tools.

Precedent, Other Jurisdictions, and “Five Eyes”

  • Worry that other governments (US, EU states, Australia, etc.) will see this as a template: “either give us a backdoor or lose the feature.”
  • Others counter that this move publicly demonstrates that such demands cause loss of capability, not “special lawful access,” which might politically backfire on governments.
  • Thread notes parallel pushes: US CLOUD Act, Australian “assistance and access” laws, EU “Chat Control” and “Going Dark” initiatives, and China’s long-standing requirements.

User Responses and Technical Workarounds

  • Advice for UK users:
    • Turn off iCloud backups and photos, or do only local encrypted backups via iTunes/Finder.
    • Consider NAS + Time Machine, self-hosted Nextcloud, or third‑party E2EE tools (e.g., file or photo vaults, encrypted containers).
  • Multiple people stress there is no full replacement for iCloud’s deep integration (app data, settings, seamless device restore) due to platform lock‑in.
  • General caution that E2EE from a vendor you don’t fully control is always contingent: OS updates can, in principle, exfiltrate keys.

Broader Themes: Authoritarian Drift and Politics

  • Strong sense that this is part of a wider erosion of civil liberties in the UK and across Western democracies; encryption debates are seen as a front in that conflict.
  • Some argue it’s naïve to expect corporations to “fight for citizens” rather than for markets; the real remedy is political organizing, lobbying MPs, and voting.
  • Others discuss emigration as a response and debate which countries meaningfully offer better privacy, with significant disagreement and cynicism about all major blocs.