Apple’s battle with the UK government over encrypted data access has sparked a debate over privacy, security and regulatory oversight, to put it mildly.
The Big Tech’s legal challenge against the UK government’s request for access to its customers’ most securely encrypted data is scheduled to be reviewed in a closed High Court hearing on 14 March, according to the BBC.
But how did we get to this point?
The UK government last month demanded the tech giant withdraw Advanced Data Protection (ADP), removing end-to-end encryption and exposing iCloud-stored data, such as documents, backups and photos.
Explaining the significance of this decision to Payment Expert, Armin Berghaus, Co-Founder and CTSO of IDnow, a digital identity verification platform, says: “Previously, ADP ensured that only the user could access their data, even preventing Apple from decrypting it. Now, UK authorities can request access to iCloud data, and Apple is legally barred from informing users.”
As Berghaus points out, even Apple itself couldn’t access this encrypted data before the government’s request. The company has emphasised that its approach ensures no one – legitimate or malicious – can breach the system. By granting access, Apple argues this security model is weakened, creating potential vulnerabilities that bad actors could exploit.
However, Jessica Hyde, Founder and Owner of Hexordia, a cybersecurity and technology consulting firm, believes that Apple’s withdrawal likely won’t significantly lower the overall baseline security for the majority of consumer documents.
“The more immediate and tangible security risks for the average user often revolve around data loss, device theft, or phishing attacks. In these scenarios, Apple’s existing security measures continue to provide significant protection,” she explains.
Another major concern for consumers is the control the government now holds over their identity data. However, Ofer Friedman, Chief Business Development Officer at AU10TIX, an identity verification company, tells Payment Expert that Prime Minister Keir Starmer’s request is “hardly surprising”.
Friedman highlights that governments hold a monopoly on issuing “identity data” in a globally acknowledged and binding form. He notes that Apple’s decision to wall off that data has been an exception to the rule set by the government.
“Enabling government access to that data, presumably for ‘legitimate purposes’, is thus full-circle logic. Governments are reclaiming their authority on identity over commercial players,” Friedman states.
A shot in the government’s foot?
Offering a perspective from Apple’s side, Berghaus points out that it isn’t only the security threat that Apple is concerned about, but how this will set a precedent going forward when it comes to access to data.
He explains: “A government’s demand to access encryption data via backdoors can potentially stifle innovations for stronger security features to appear on the market more quickly. If companies fear they will be forced to compromise their innovations later, this can impact the mutual understanding of data sharing through a legal system.”
Since last year’s election, Starmer has made reviving the UK economy his primary focus. To achieve this, he has implemented a range of initiatives, with payments and fintech identified as crucial sectors for economic growth, as well as his lenient stance of opting on the side of innovation over regulation when it comes to AI.
One of the UK Prime Minister’s key policy positions is attracting investment to the UK by advocating for less regulation. He has been outspoken about the barriers created by bureaucracy, calling out “the regulators, the blockers and bureaucrats” as part of an “alliance of naysayers” that he believes is preventing the country from attracting domestic and foreign investment, which has declined within the fintech sector over recent years.
Earlier this week, Starmer took his first concrete step towards reducing regulatory hurdles by announcing the merger of the Payment Systems Regulator (PSR) with the Financial Conduct Authority (FCA).
This move is part of his broader approach, which also includes the UK charting its own course on AI regulation – a subject that was heavily discussed at last month’s MWC event, which Payment Expert attended.
Nevertheless, Friedman believes that if the government uses the removal of this data protection to fight crime, “it’s for the common good”, but does concede that the “move does translate to the government knowing potentially more about you than it could before”.
However, with the upcoming launch of the GOV.UK Wallet this summer – which will include a digital driver’s licence – consumer concerns about data privacy may remain. These concerns were part of the reason the initiative was scrapped in the past.
To address these issues, Berghaus suggests this could be an opportunity to revise and update existing regulations.
“While Apple’s decision raises concerns, a well-regulated approach that protects user data while addressing legitimate security concerns should always be the driver for innovation and a way forward rather than hinder it,” he adds.
“The ongoing debate presents an opportunity for multiple providers to lead the way – setting higher standards for privacy, compliance, and trust in an increasingly complex regulatory landscape.”
An opinion shared by Hyde, who concludes: “The ongoing dialogue between tech companies and government agencies is critical for finding solutions that balance these competing interests.
“It’s possible that alternative solutions, such as enhanced legal frameworks or refined technical approaches, will emerge to address the concerns.”
