In a significant reversal, the United Kingdom has withdrawn its demand for Apple to build a global encryption backdoor into iCloud, a mandate that would have compromised the privacy of users worldwide.
The development was disclosed early this morning by Tulsi Gabbard, Director of National Intelligence, who credited high-level coordination between US and UK officials for the decision.
Gabbard, who has held the DNI post since early 2025, stated that she worked “closely with our partners in the UK, alongside @POTUS and @VP,” to secure a rollback of the mandate. The withdrawn order would have required Apple to provide UK authorities with technical capabilities to access the encrypted iCloud backups of any user, regardless of citizenship or location, a move she warned would have “encroached on our civil liberties.”
The original mandate came to light in February 2025, when The Washington Post revealed that Apple had been served a confidential “technical capability notice” (TCN) under the UK's Investigatory Powers Act of 2016. The notice compelled the company to build infrastructure allowing British agencies to decrypt users' iCloud backups globally. While companies subject to TCNs are legally barred from disclosing them, sources at the time indicated that Apple had only two options: implement a backdoor that would jeopardize encryption for all users or withdraw its Advanced Data Protection (ADP) feature from the UK altogether.
Apple chose the latter, disabling ADP for UK users in February. The company expressed “grave disappointment” over the situation and reiterated that it had “never built a backdoor” into its products and never would. The decision preserved encryption globally but left UK users with diminished privacy protections.
Apple subsequently took the matter to court in April, filing a challenge in the Investigatory Powers Tribunal. The case, Apple v. Secretary of State for the Home Department, argued that the TCN was disproportionate and unlawfully extraterritorial, demanding that a US-based firm violate its own security principles for the sake of a foreign government's surveillance regime. Civil liberties groups voiced support, warning of the global precedent such a demand would set if successful.
The UK Home Office never confirmed the order, in line with its policy of not commenting on operational matters. However, the timing of Apple's legal filing and the removal of ADP made the situation difficult to ignore. Critics of the Investigatory Powers Act, often referred to as the “Snoopers' Charter,” highlighted the lack of transparency and judicial oversight in issuing TCNs with global implications.
Tulsi Gabbard's statement signals a successful behind-the-scenes diplomatic effort to de-escalate the transatlantic standoff. Though the exact terms of the rollback have not been publicly disclosed, her announcement confirms that the UK has agreed to drop the demand that sparked months of legal and political tension.
This outcome represents a rare but important privacy victory in an era of expanding government surveillance mandates. Had the order been enforced, it could have opened the door for similar demands from other governments, particularly authoritarian regimes eager to exploit any global precedent set by a major democracy.
For users in the UK, Apple has not yet reinstated ADP, and the company has not commented on whether and when the feature will return, now that the backdoor order has been dropped. Until then, users who require full end-to-end encryption for backups should consider local device storage or third-party services based outside of UK jurisdiction.
Leave a Reply