Britain has abandoned its demand that Apple build a “backdoor” into its encryption systems. The change follows months of quiet talks between London and Washington, Reuters reports.
In a statement posted on X, U.S. Director of National Intelligence Tulsi Gabbard, said: “As a result, the UK has agreed to drop its mandate for Apple to provide a ‘backdoor’ that would have enabled access to the protected encrypted data of American citizens and encroached on our civil liberties.”
She added that the U.S. government had been working with Britain “to ensure that Americans’ civil liberties are protected.” The discussions involved President Donald Trump and Vice President JD Vance, alongside British Prime Minister Keir Starmer, who was in Washington on Monday with other European leaders for talks on Russia’s war in Ukraine.
A spokesperson for the British government declined to comment on any deal, but said London continues to balance security and privacy. “We will always take all actions necessary at the domestic level to keep UK citizens safe,” they said.
Apple, long a defender of strong encryption, has not commented. The company has resisted backdoor orders for years, most prominently in 2016 when U.S. officials sought to unlock the iPhone of a suspected extremist. In February, Apple pulled its Advanced Data Protection feature from U.K. devices after regulators ordered it to build access for government use.
Critics of the backdoor mandate warned of the risks. Security experts told Reuters that any deliberate weakness could be discovered and exploited by cybercriminals or hostile states.
Adam McKissock, Principal Security Consultant at Black Duck, said dropping the requirement “is a win for everyone’s security and civil liberties.” He argued that forcing Apple to create a technical capability to read encrypted iCloud data “would have created a permanent weakness that criminals and hostile states could also exploit.”
“If this reversal holds, the next step is clear: allow Apple to restore Advanced Data Protection for U.K. customers and commit—explicitly—that powers under the Investigatory Powers Act will not be used to require systemic weakening of encryption,” McKissock said.
“Lawful access should remain targeted, case-by-case, and under due process. We don’t make the internet safer by making it less secure.”
Casey Ellis, Founder of Bugcrowd, also welcomed the shift. “Deliberately weakening the security posture of everyone to enable the surveillance of a few is a universally bad solution,” he said. Ellis added that once governments establish global precedents around weakening encryption, “there’s a real risk of that triggering a race to the bottom.”
For Satish Swargam, also a Principal Security Consultant at Black Duck, the danger is clear from experience. He pointed to Salt Typhoon, a state-backed hacking group that compromised U.S. telecommunications networks in 2024, including routers at major carriers and systems used for lawful intercepts.
“Attacks such as these show how the backdoor methods could be vulnerable and exploited by hackers,” Swargam said. “Even court-authorized requests to access data via backdoor should be assessed with caution and not taken for granted.”
The debate has drawn scrutiny in Washington. Earlier this year, lawmakers warned Britain’s order might have violated the CLOUD Act, which prevents either country from demanding access to the other’s citizens’ data without due process.
For now, Britain’s reversal signals a pause in the long-running clash between governments seeking access and companies resisting systemic weaknesses. Whether Apple restores advanced protections for its U.K. users will be the next test.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.