UK's Apple iCloud backdoor "jeopardizes the security and privacy of millions," warn experts

More than 100 civil society organizations, tech companies, and cybersecurity experts are calling the UK to rescind its order to Apple to create a backdoor for its end-to-end encrypted cloud storage service.

UK's Apple iCloud backdoor "jeopardizes the security and privacy of millions, undermines the UK tech sector, and sets a dangerous precedent for global cybersecurity," wrote the coalition in an open letter published on February 13, 2025.

This comes as Apple could soon be forced to give away all users' encrypted data to the UK government, which recently presented the big tech giant with a notice issued under the Investigatory Powers Act. The demands are notable as it targets all encrypted content iPhone, iPad, and macOS users globally have stored using Apple's Advanced Data Protection (ADP).

So far, the signatories include some companies using encryption technologies to build their software like Surfshark, one of the best VPN services on the market, encrypted messaging app Element, and secure email Tuta. The letter is set to remain open to more sign-ons from the cybersecurity industry until February 20, before being sent to the Home Secretary.

The consequences of undermining encryption

Encryption is the industry-acknowledged backbone of internet privacy and security. This technology, in fact, scrambles online content into an unreadable form to keep it private between the sender and the receiver at all times.

Law enforcement bodies, however, find encrypted software an obstacle when conducting criminal investigations and are pushing to find a way to pick into this digital lock.

This is why the UK issued a technical capability notice (or TCN) to Apple under the controversial 2016 Investigatory Powers Act, adding to the ongoing pressures in and out of Europe to create backdoors in encrypted software.

If successful, experts explain, the consequences could go way beyond the country's border. "The world’s second-largest provider of mobile devices would be built on top of a systemic security flaw, putting all of its users’ security and privacy at risk, not just in the UK but globally."

Cybersecurity experts have long argued that encryption backdoors cannot work on a technical level, either. Encryption is secure for all, or it isn't for anyone. This is the mantra religiously repeated across the industry to explain how criminals will also exploit these government-required vulnerabilities to their advantage.

Experts are especially worried about the impact that undermining the confidentiality of cloud storage services will have on the most vulnerable users whose online confidentiality can be critical to preventing harassment.

They also fear for the UK's national security as "providing backdoors in one instance can lead to encryption being weakened across the ecosystem of the public sector, as well," they noted.

Not only privacy and security, though. The UK's encryption backdoor demands may foster an exodus of tech companies not willing to undermine their security infrastructure from the country. The likes of Signal and WhatsApp already threatened to leave the UK on similar grounds over the Online Safety Bill row.

"UK companies will also suffer reputational damage, as foreign investors and consumers will consider whether their products are riddled with secret UK government-mandated security vulnerabilities," experts warn.

"To ensure the national and economic security of the United Kingdom, the Home Office must end its technical capability notice forcing Apple to break its end-to-end encryption."

While Apple or the UK Home Office refused to comment on the matter so far, US lawmakers are now urging the Trump administration to push back.

It also remains unclear how the requirements will be technically implemented as well as whether the likes of Google or Meta are – or will become – the next target.