Category: Cyber Security | Published: 2025-09-03
How the Row Began
The confrontation began late last year when the UK Home Office issued Apple with a _“technical capability notice”_ under the Investigatory Powers Act. This law (also known as the _“snooper’s charter”_) allows the government to compel technology companies to assist law enforcement in accessing data to investigate serious crimes such as terrorism and child sexual abuse.
The notice required Apple to make encrypted customer data available to authorities on demand. What made it unusual was its global scope, i.e. the order applied not just to British customers but potentially to Apple users anywhere in the world, including in the United States.
The demand clashed directly with Apple’s Advanced Data Protection (ADP) tool, launched in 2022, which provides end-to-end encryption for iCloud backups. Once activated, not even Apple itself can access the contents of a user’s iCloud files, photos, notes or reminders. For law enforcement, this meant some data would be completely beyond reach. For Apple, complying with the UK’s order would have meant deliberately undermining its own encryption.
Apple responded by withdrawing ADP for new customers in the UK, saying it was _“deeply disappointed”_ and would _“never build a backdoor or master key”_ to its products. At the same time, it launched a legal challenge to the government’s order at the Investigatory Powers Tribunal, with a hearing scheduled for early 2026.
Escalation Into a Transatlantic Dispute
What might have remained a UK legal battle soon escalated into an international row. Because the UK’s notice applied worldwide, it raised the possibility of British authorities accessing the data of American citizens.
US leaders reacted strongly. President Donald Trump accused Britain of _“behaving like China”_ and publicly told Prime Minister Keir Starmer: _“You can’t do this.”_ Vice President JD Vance called the demand _“crazy”_, warning that it risked creating a vulnerability in US technology that could be exploited by hostile states. Tulsi Gabbard, the US Director of National Intelligence, was equally blunt, saying the order _“would have encroached on our civil liberties”._
Behind the scenes, senior American officials pressed London to change course. According to the Financial Times, Vice President Vance personally intervened during a recent visit to the UK, negotiating what US officials later described as a _“mutually beneficial understanding”_ that the order would be withdrawn.
The UK Retreats
On 19 August, Gabbard confirmed in a post on X that the UK had _“agreed to drop its mandate for Apple to provide a ‘back door’ that would have enabled access to the protected encrypted data of American citizens”._ She added that she had been working with President Trump and Vice President Vance _“to ensure Americans’ private data remains private and our constitutional rights and civil liberties are protected”._
The Home Office has refused to confirm or deny her claim, citing a long-standing policy not to comment on operational matters. However, multiple British officials told reporters that the issue was _“settled”_ and that London had _“caved”_ to US pressure.
Whether the technical capability notice will be formally withdrawn, amended to target only UK citizens, or left in place but unenforced remains unclear. Legal experts have pointed out that limiting access to UK citizens’ data alone may be technologically unrealistic, since Apple’s cloud systems do not distinguish by nationality.
Why the Government Backed Down
Several factors contributed to the reversal. The most immediate was diplomatic pressure from Washington. With Trump’s administration already imposing tariffs on European goods and pressing allies on defence spending, the UK government may have had little appetite for a damaging rift over encryption policy. Also, some would say that, given Apple’s Tim Cook’s recent public strategic outreach (financially and symbolically) with President Trump, and UK Prime Minister Starmer’s wish not to have tariffs increased following recent negotiations, this may have been one fight the UK government thought it best not to have at this time.
Another factor was the risk to Britain’s global reputation. Legal experts and business groups had warned that forcing Apple to break encryption could deter companies from operating in the UK, damaging the country’s status as a safe destination for data. Charlotte Wilson, head of enterprise at Check Point Software, described the original order as _“hugely damaging”_, saying that once a master key to encrypted data exists _“criminal groups and hostile states will try to exploit it too”._
Civil liberties organisations also appear to have played a role. Liberty and Privacy International had both launched legal action against the government, arguing that creating a back door would be unlawful and reckless. Sam Grant, Liberty’s director of external relations, called the reported U-turn _“hugely welcome”_, warning that such powers would put campaigners, minority groups and politicians at heightened risk of targeting.
What It Means for Apple and Its Users
For Apple, the retreat could be seen as a vindication of its long-standing stance on encryption. The company has repeatedly argued that any deliberate weakness, even one intended for law enforcement, could eventually be exploited by criminals or foreign governments.
It is now likely that Apple will reinstate Advanced Data Protection for new UK customers, although the company has not yet confirmed its plans. If it does, British businesses and individuals will again be able to benefit from the highest level of iCloud encryption, aligning with customers elsewhere in the world.
For UK businesses in particular, the move has real significance. For example, end-to-end encryption is increasingly seen as a baseline requirement for protecting sensitive intellectual property, financial data and client communications. Any perception that the UK was a weak link could have harmed firms’ ability to meet international compliance standards or reassure overseas partners.
Lingering Concerns
Despite the climbdown, some critics argue that the underlying problem remains. The Investigatory Powers Act still contains provisions allowing the government to issue similar notices in future. Jim Killock, executive director of the Open Rights Group, said: _“The UK’s powers to attack encryption are still on the law books, and pose a serious risk to user security and protection against criminal abuse of our data.”_
There are also unanswered questions about whether other technology companies have been served with similar demands. WhatsApp, for example, has said it has not received such a notice, but secrecy provisions mean firms cannot always disclose whether they have been targeted.
Another unresolved issue is whether Britain will seek to revise its order in a way that applies only to UK citizens. Privacy experts caution that such an approach could still create risks, since once a back door exists, it cannot easily be limited to one group of users.
The Wider Picture
The dispute highlights the tension between governments’ desire for access to digital evidence and technology companies’ commitment to protecting user privacy. Governments argue that encryption can provide cover for criminals and terrorists, while companies and privacy advocates insist that undermining encryption would weaken security for everyone.
For the UK government, the episode has also shown the limits of its extraterritorial powers. While the Investigatory Powers Act gives British authorities the ability to issue global data access demands, enforcing them against multinational firms without internatio