All data stored in Apple’s iCloud by users will have the option to be encrypted from end to end

Apple’s new privacy feature, “advanced data protection for iCloud,” is causing tension with the UK government as it allows users to apply end-to-end encryption to all of their data stored in the cloud, including device backups, message histories, and photos. This feature, which is already available for users in the US signed up to the company’s beta program and will be shipped worldwide in early 2023, could potentially limit the ability of law enforcement agencies to access user data.

End-to-end encryption is a type of security that ensures that only the intended recipient can decrypt the files, not even the service provider itself, even if they are asked or compelled to do so by law enforcement. Apple’s iMessage service has been end-to-end encrypted since 2014, which has caused some issues for police and spy agencies around the world. Until now, they have had the option of requesting unencrypted user backups from Apple, but this option may also disappear with the introduction of the new privacy feature.

Apple set to be on Collision Course with Online Safety Bill

This puts Apple on a collision course with the UK government and its forthcoming online safety bill, which requires companies to limit the spread of child sexual abuse material and content promoting terrorism in messaging apps. The bill gives Ofcom, the UK’s communications regulator, the power to issue technical notices forcing changes to products if they do not comply with the requirements.

While the UK government has stated that “we support strong encryption, but it cannot come at the expense of protecting the public,” civil liberties groups have welcomed Apple’s decision to introduce end-to-end encryption.

Open Rights Group says the Home Office should Support Encrypted Tech

Jim Killock, the director of the Open Rights Group, said, “The Home Office should stop asking companies to place their customers at risk and support encrypted technologies, rather than trying to undermine them.”

Alongside the move to encrypt backups, Apple has also quietly dropped another proposal: to scan shared photos on devices for known instances of child sexual abuse material. Child safety groups have called on Apple to reverse this decision, arguing that the introduction of encryption for backups makes “on-device scanning” more valuable.

Dan Sexton, the CTO of the Internet Watch Foundation, which coordinates the removal of child sexual abuse imagery from the web, said, “Apple had devised a world-leading, privacy preserving, non-intrusive way of detecting criminal content where scanning would only take place when the software is confident child sexual abuse imagery is there.” He added that “the introduction of end-to-end encryption is an opportunity for them to revisit this solution. If companies are looking to introduce further encryption to their services, they need to make sure children have at least equivalent protection.”

Apple Focused on “Communication Safety”

Instead of on-device scanning, Apple has stated that it will focus on a different child protection feature called “communication safety,” which intervenes when a child attempts to send or receive explicit messages. Apple said in a statement, “We have…decided to not move forward with our previously proposed CSAM detection tool for iCloud Photos.” The company added that “children can be protected without companies combing through personal data, and we will continue working with governments, child advocates, and other companies to help protect young people, preserve their right to privacy, and make the internet a safer place for children and for us all.”

The tension between Apple and the UK government over the new iCloud privacy feature highlights the ongoing debate over the balance between privacy and public safety. While Apple and civil liberties groups argue that the introduction of end-to-end encryption is necessary to protect the privacy of users, the UK government argues that this cannot come at the expense of protecting the public from serious crimes such as child sexual abuse and terrorism.

Tension Growing over The Online Safety Bill

The online safety bill, which is set to be introduced in the UK, aims to address this issue by requiring companies to take action to limit the spread of harmful content in messaging apps. At the same time, however, the bill gives Ofcom the power to issue technical notices to force companies to make changes to their products if they do not comply with the requirements.

It remains to be seen how this tension will play out, and whether a compromise can be reached between Apple and the UK government. In the meantime, the debate over the balance between privacy and public safety is likely to continue, with both sides making strong arguments for their positions.