“Apple has never created a backdoor or master key to any of our products or services. We have also never allowed any government direct access to Apple servers,” reads Apple’s privacy policy. A part of that, they remain steadfast on in the face of these demands. A part of it, they’ll have to allow. The way this will work is, Apple has not created any ‘backdoor’ that the UK government demanded — the blanket access wouldn’t have just meant a lower level of privacy for UK citizens, but pretty much anyone who has an iPhone, iPad or Mac and has a footprint on iCloud. Instead, Apple will be disabling Advanced Data Protection (ADP) feature, released in 2022, in the months to come.

Easier said than done, and they haven’t detailed how. I wouldn’t be surprised if this fails (perhaps Apple too intends to reach that conclusion, but at least it would have tried in the eyes of UK’s regulators), because the ability to turn off that encryption is no longer in Apple’s hands. A hardware-based encryption such as ADP cannot simply be turned off on a whim, and would require a “trusted device” to re-authenticate any change. That’ll need something akin to a door-to-door governmental exercise, if at all (a note - they wouldn’t do it if your phone is snatched, and you point UK’s law enforcement to the Find My location).

Also Read: Tech Tonic | OpenAI suddenly realises using someone else’s work is not cool

Nevertheless. It isn’t exactly a backdoor, and data on a platter, which the UK government wanted. But it is a notch lesser protection for UK citizens.

ADP is an encryption method that ensures that once you’ve encrypted some part of your iCloud data by turning it on, the same can be decrypted only on your trusted devices and data will be accessible only on them. “If you use Advanced Data Protection, you’re responsible for your data recovery. Because Apple won’t have the keys required to recover your data, you’ll need to have a Recovery Contact or Recovery Key set up on your account,” the clear guidance from Apple. For UK users, this will be turned off.

Here’s a clear distinction to be made. Health data, iMessage backups and message on the cloud, as well as payment data, remains encrypted irrespective of ADP, and is default for all users. ADP enabled the end-to-end encryption layer for other data on the cloud, such as photos, documents and notes. In case you’d like to enable ADP, this is what you need to do — Settings > iCloud > Advanced Data Protection > Turn on . At this point, you’ll have the choice of setting up a recovery contact or a recovery key.

Back to the original point. The message the UK authorities are sending to their citizens is clear — there have little privacy to expect, and will as a result be vulnerable to bad actors on the internet, because the authorities would like to access anyone’s data when they wish to. By turning off this layer of encryption for user data (mind you, photos, documents, and notes are user generated data), there is the additional risk of cyber-attacks.

Also Read: Tech Tonic | Apple and OpenAI remind us of varying methods for innovation, work

If the government is locked out of a data dump, so are hackers and cyber criminals. Now the latter demographic also knows, the gates are less lightly chained.

The question here is — will Apple exercise their right to appeal to a secret panel? They’re caught between equally undesirable choices, because the implementation of this order cannot be paused, irrespective of any appeal. The UK authorities will likely bar Apple from telling users that the government can now access their data whenever they wish. And Apple has a strong privacy-focused reputation at stake. One that they have fought over the years to curate and maintain, including standing up to the FBI in the US, in 2016.

This isn’t the first time a government has tried its luck. The US Department of Justice in 2018 finally dropped a lawsuit against Microsoft after the tech giant refused it access to the data servers in Dublin. That case could have set the guidelines for any extent of American jurisdiction over foreign location-based data servers, but it never reached that stage. Instead, the CLOUD Act which defined steps and procedures including legal orders to obtain user data from a different geographical location, had the backing of Microsoft, Apple, Google and Amazon at the time.

Also Read: Tech Tonic | If Apple Intelligence doesn’t annoy anyone, that’ll be a big win

Apple will likely fight this. They’ve in no way acceded to the UK government demands to have unfettered access to encrypted backups for all users, including those who aren’t citizens of the UK. But this would most certainly create a complication in which governments in other countries will draw on this as motivation to file their own demands on these lines. This may just be the spark to start a wildfire. This one may prove very difficult to tame. Enable ADP on your iPhone or Apple devices. Turning it off may not be as easy. As the UK authorities are finding out now.

Apple’s last compiled Transparency Report details the requests they receive from governments. In the period between January and June 2023, India, for instance, demanded identifiers with 126 device-specific requests, 162 financial identifier requests, and 94 account data requests. In the same period, the UK sent Apple’s way 1021 device, 76 financial identifier and 1190 account identifier requests. The US logged 6303 device, 1024 financial identifier, and 9813 account identification requests with Apple. The scale of intent becomes clear.

Apple can still make it difficult for the UK government. Quite how far they push, remains to be seen.

Vishal Mathur is the technology editor for HT. Tech Tonic is a weekly column that looks at the impact of personal technology on the way we live, and vice-versa. The views expressed are personal.