The UK government has ordered Apple Inc to build a backdoor to give it access to global user data, in a move that could spark one of the biggest privacy fights in the iPhone maker’s history.

British authorities in an undisclosed order in January asked Apple to circumvent encryption that the company uses to secure user data stored in its cloud services, according to a person familiar with the matter.

The mandate orders Apple to provide access under the UK’s Investigatory Powers Act, a law that granted officials the authority to compel companies to remove encryption under what’s known as a “technical capability notice”. The law also makes it illegal for companies to reveal when the government has made such an order.

Apple declined to comment on the matter. In March 2024, it said “protecting our users’ privacy and the security of their data is at the very heart of everything we do” and said that it’s “deeply concerned the proposed amendments”.

“It’s an unprecedented overreach by the government and, if enacted, the UK could attempt to secretly veto new user protections globally preventing us from ever offering them to customers,” the company said at the time.

“We do not comment on operational matters, including for example confirming or denying the existence of any such notices,” said a spokesperson for the UK’s Home Office.

It appears the situation relates to the 2022 rollout of iCloud Advanced Data Protection, an optional feature that encrypts most data within a user’s iCloud account, including their text messages and device backups. One solution could be Apple disabling the mechanism for British users.

The development, reported earlier Friday by the Washington Post, marks a significant escalation in a yearslong dispute over encryption and access to users’ private data between Western governments and technology companies.

Apple has previously resisted government pressure to weaken or circumvent encryption on the grounds that such a move would undermine privacy and cybersecurity. Authorities argue that they need to access user data to pursue national security and criminal investigations.

Caroline Wilson Palow, legal director at London-based rights group Privacy International, said that the UK was attempting to force Apple’s hand, and had “pulled the trigger” on one of its “most intrusive and potentially damaging” surveillance powers.

“As it has long threatened, the UK has finally moved against Apple in an attempt to undermine end-to-end encryption,” Wilson Palow said. “This overreach sets a hugely damaging precedent and may embolden abusive regimes the world over.”

Leading technology companies including Apple, Alphabet Inc’s Google, and Microsoft Corp have raised concerns that UK authorities could force them to install a “backdoor” to circumvent their encryption.

Apple has defended using encryption in its products, saying that it was “critical to shielding everyday citizens from unlawful surveillance, identity theft, fraud and data breaches, and it serves as an invaluable protection for journalists, human rights activists and diplomats who may be targeted by malicious actors”.

The UK government has frequently criticised social media and messaging platforms for using strong encryption that prevents authorities from reviewing private communications and other content shared online, arguing that it thwarts the investigation of serious crimes, such as terrorism and child sexual exploitation.

In 2020, UK officials, alongside counterparts in the US, Canada, Australia and New Zealand, wrote in a joint letter that encryption was posing “significant challenges to public safety” and called on technology companies to “enable law enforcement access to content in a readable and usable format”.

In the wake of the 2015 San Bernardino shooting, the FBI asked Apple build a backdoor to give the bureau access to data from the attack’s perpetrators. Apple refused, creating a massive privacy scandal in the US. The issue was ultimately resolved when the US government used a third-party to crack the shooter’s device. – Bloomberg