Search

Descriptions should be written as one or more proper sentences, starting with a capital letter and ending with a full stop, exclamation mark, or question mark.

News

Professor Raj Rajarajan, Director of the Institute for Cyber Security at City St George's provides expert comment on the issue to TechRound

Published

On 22nd February, Apple announced that it withdrew Advanced Data Protection from its UK users.

This announcement came after the UK government demanded that Apple give its security services access to user data, in order to help them crack down on crime. They argued that these data protection laws, whilst beneficial for most people, were stopping police forces from being able to catch criminals.

The problem is that opening up these systems to governments also makes them vulnerable to hackers and data breaches – potentially putting people’s personal information at risk.

What is Advanced Data Protection?

Advanced Data Protection provides a layer of protection over iCloud data, which includes things like images and iMessage.

This protection, in the form of encryption, means governments (and even Apple) are unable to read the data in the Cloud.

Advanced Data Protection currently protects all elements stored in the Cloud, including photos, voice memos, wallet passes and more. For those of us in the UK, this means the data is now potentially accessible by law enforcement, although they do need a warrant to access it.

For many, this has raised questions about how secure Apple data now is. And in a world where cybercriminals are a serious threat, could this affect Apple’s reputation as a secure place to store information?

Commenting on the news, Apple said:

“We are gravely disappointed that the protections provided by ADP will not be available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy. Enhancing the security of cloud storage with end-to-end encryption is more urgent than ever before.

“Apple remains committed to offering our users the highest level of security for their personal data and are hopeful that we will be able to do so in the future in the UK. As we have said many times before, we have never built a backdoor or master key to any of our products or services and we never will.”

Professor Raj Rajarajan, Professor of Security Engineering & Director Institute for Cyber Security, City St George’s, University of London joined other experts in sharing comment with Techround on the issue:

Access to encrypted mobile data has become a challenge due to the Online Safety Act 2023 in the UK and requirements by the law enforcement agencies. When data is encrypted at rest, and in transit, it’s difficult for  law enforcement agencies to get access to it for terrorism or criminal investigation. This makes their jobs very difficult as they then need to monitor network traffic patterns to identify potential terrorism or criminal related activities.

The recent act to remove encryption by Apple is not welcome news for consumers, as they are now vulnerable to cyber threats, online fraud and other forms of online harms given that their data is now accessible and can be misused or sold on the dark web by cyber criminals.

However, in the topology of the future internet, neither the mobile operator or the device should have control over the consumer’s data. It is the user who should be able to share their data with the relevant usage policies attached so that it is safe and secure and used for the specific purpose it has been approved for in the first place by the data owner.

User-centric data sharing models, with the right levels of privacy and access control built into them, will help to achieve the level of privacy the user would like to apply to their personal data, empowering them to have total control over their data.

Prof Rajarajan's comments originally appeared in the full Techround article titled 'Experts Comment: What Does Apple’s New Data Protection Laws Mean For UK Consumers?'

Related subject

Related schools, departments and centres