The UK government has just hit Apple with another secret demand for encrypted user data. This time the target is British citizens only. According to reports that surfaced this week, the Home Office issued a second Technical Capability Notice (TCN) in early September, demanding Apple create backdoor access to encrypted iCloud backups specifically for UK users. That undercuts earlier claims from US officials that Britain had completely backed down from its encryption-busting efforts.
The latest demand follows the UK's first attempt in January that sought worldwide access to Apple user data, including American citizens. The overreach sparked diplomatic tensions, with US Director of National Intelligence Tulsi Gabbard calling it a "clear and egregious violation of Americans' privacy and civil liberties". Rather than shelving the plan, UK officials seem to have rewritten the playbook to zero in on domestic users.
What makes this demand so problematic?
Apple's Advanced Data Protection feature provides end-to-end encryption for iCloud backups, meaning only the account holder can decrypt their files, not even Apple has access. The protected data covers highly sensitive material, passwords, payment information, health data, and message logs stored in the cloud.
Here is the crux. Build a backdoor for one country and you weaken the system for everyone. As Privacy International's Caroline Wilson Palow put it, "If Apple breaks end-to-end encryption for the UK, it breaks it for everyone. The resulting vulnerability can be exploited by hostile states, criminals, and other bad actors the world over". That is why Apple withdrew ADP from UK users in February rather than punch a hole in the global system.
There is no such thing as a backdoor that only works for the good guys. Any weakness created in encryption can be turned against its users.
Apple's unwavering stance
Apple has kept its line throughout. The company has repeatedly stated that it has "never built a backdoor or master key to any of our products or services and never will". That is not just corporate chest beating, it is backed by a legal challenge filed with the Investigatory Powers Tribunal, supported by privacy groups like Privacy International and Liberty.
The numbers show how messy this gets in practice. Between 2020 and 2023, Apple received over 6,000 legal requests from British authorities under non-IPA laws seeking customer data. In only four cases did Apple provide any content. That is less than 0.06 percent of requests. It contrasts sharply with the US, where Apple shared content data in over 43 percent of cases during the same period, a sign of different legal rules and technical pathways across jurisdictions.
Apple tells media outlets that it is "gravely disappointed" it cannot currently offer Advanced Data Protection in the UK, adding that "strengthening encryption is more urgent than ever given rising cyber threats".
Where do we go from here?
The legal fight is not over. A tribunal hearing is scheduled for January 2026, where Apple's challenge to the original order will be heard. The new order may restart the legal process entirely, a reset just as the clock runs down.
The diplomatic winds have shifted too. While key figures in Donald Trump's administration, including vice-president JD Vance and director of national intelligence Tulsi Gabbard, had pressured the UK to retract the January TCN, two senior British government figures said the US administration was no longer leaning on the UK government to rescind the order. That drop in pressure may have emboldened the narrower, UK-only push.
Privacy campaigners are not reassured. Caroline Wilson Palow, legal director of the campaign group Privacy International, said the new order might be "just as big a threat to worldwide security and privacy" as the old one. The fear is simple, if Apple acquiesces, it could set a precedent for similar demands from other nations, fracturing the global standard of encryption that underpins everything from banking to private chats.
Both Apple and the Home Office are restricted from discussing TCNs by law, which means most details arrive via leaks and court filings. The Home Office has declined to confirm or deny the existence of either order, saying only that "we will always take all actions necessary at the domestic level to keep UK citizens safe".
This fight is bigger than one company and one government, it is a test of the ground rules for digital privacy. The outcome will shape how governments worldwide approach encryption and whether tech firms can keep their security intact while navigating surveillance-heavy regulations. With the January 2026 tribunal on the horizon, the stakes for encrypted communications could not be higher.
Comments
Be the first, drop a comment!