What is Apple’s Advanced Data Protection, and why is its removal in the UK controversial? | Technology News

shofweb

0 17 4 دقائق

What is Apple’s Advanced Data Protection, and why is its removal in the UK controversial? | Technology News

A feature that provides end-to-end encryption for iCloud backups, ensuring that no one but you—not even Apple—can access your data, was disabled last week for consumers in the UK following the company’s dispute with the government. The removal of this key data security feature, Advanced Data Protection (ADP), is controversial, highlighting the ongoing tussle between tech companies and governments over increasing access to user data. Here’s a breakdown of Apple’s Advanced Data Protection (ADP) feature, how it works, and why the company pulled it in the UK.

Apple began rolling out the Advanced Data Protection (ADP) feature as part of iOS 16.2 in early 2023, bringing end-to-end encryption to iCloud for the first time. Before this, iCloud backups never offered end-to-end encryption, which had been a controversial topic among privacy crusaders and experts. iCloud backups of the Messages app, in particular, were a major concern, as Apple could hand over the data to law enforcement agencies when legally compelled. Although conversations in Messages were end-to-end encrypted, backups of those conversations were not. Simply put, if the police wanted access to those backups, they could gain access to texts. In fact, years ago, Reuters reported that Apple had dropped a plan to encrypt backups after the FBI complained about it. However, despite rumours, Apple managed to launch the encryption feature for iCloud backups for users worldwide.

As mentioned earlier, the Advanced Data Protection (ADP) feature for iCloud enables encryption for iCloud data and gives control of the encryption key solely to the data owner. This means the encrypted data cannot be accessed by Apple or any third party. However, Apple could access the data if legally compelled to do so or if a user requested the company’s help in recovering lost data.

Story continues below this ad

Your health data, payment data, contacts, calendars, reminders, notes, iMessage and FaceTime content, iCloud Keychain information, Home app data, and Wi-Fi and cellular interactions are typically stored in iCloud. However, ADP is an opt-in feature, meaning users must choose to enable it—it is not enabled by default.

What is encryption and what does it do?

Encryption is a mathematical process that alters data using an encryption algorithm and a key. The science of encrypting and decrypting information is called cryptography. Encryption has long been used to store sensitive information. If history tells us anything, encryption is not a new concept; for centuries, governments have controlled secret codes and used them in diplomacy and espionage.

By default, Apple’s encryption feature is disabled. (Image credit: Anuj Bhatia/Indian Express)

At a basic level, the purpose of encryption is to protect the confidentiality of digital data stored on computer systems or transmitted over the internet and other computer networks. For example, each time you carry out a transaction at an ATM or buy something online, encryption protects the transmitted data. However, end-to-end encryption is a step up in security—essentially, you are responsible for the key used to encrypt your iCloud data. If you lose this key, recovering your iCloud data will be impossible. These days, end-to-end encryption is commonly used by messaging apps like Signal as well as password managers.

Why is Apple’s ADP being withdrawn from the UK?

Apple’s decision to remove its highest-level data security tool for users in the United Kingdom came after the UK government demanded access to encrypted data earlier this month. This demand was made under the Investigatory Powers Act (IPA), which compels companies to provide information to law enforcement agencies.

Story continues below this ad

To meet such a demand, Apple would have had to create a security “backdoor”—a key that would allow the government to bypass encryption and access files. This would apply to all content stored using what Apple calls “Advanced Data Protection” (ADP). Instead of creating a “backdoor” for the government, Apple decided it would no longer be able to offer the security feature to users in the UK. The company argues that once a backdoor is created, the user data could be easily accessible and targeted by bad actors, weakening its encryption systems and leaving iCloud users worldwide vulnerable to data breaches.

What does the removal of ADP mean for UK users?

For many users, the removal of ADP doesn’t change anything, as the feature was always opt-in, and only those who chose to enable it were using it. However, if you try to turn the feature on in the UK now, it is no longer functional. Although ADP is no longer available in the UK, many iCloud features are still end-to-end encrypted by default, including health data and Apple’s password management system, iCloud Keychain.

Why do governments want access to user data?

The British government’s request for Apple to grant access to its citizens’ encrypted iCloud data may come as a shock to many, but governments and law enforcement agencies worldwide have been demanding greater access to user data, putting companies like Apple at loggerheads with these agencies. Surveillance agencies and law enforcement dislike being unable to access encrypted data. Time and again, governments, police, and security services have argued that end-to-end encryption is being used by criminals such as terrorists and child abusers to hide their activities online, making it more difficult to catch them. Apple, for its part, has made it clear that the lack of encryption would increase attacks on users, and therefore, its priority must be their security.