In a surprising move, the U.K. government has quietly removed crucial encryption advice from its official websites. This decision follows a recent mandate demanding Apple to create a backdoor for encrypted data stored on its iCloud service. The National Cyber Security Centre (NCSC) had published a document titled “Cybersecurity tips for barristers, solicitors & legal professionals” in October, which included recommendations for using encryption tools like Apple’s Advanced Data Protection (ADP). However, this document has now vanished from public access.
The original NCSC document advocated for enhanced security measures, specifically endorsing the use of ADP, which allowed users to enable end-to-end encryption for their iCloud backups. This feature significantly increased user privacy and data security. Nonetheless, the U.K. government’s demand for a backdoor to access encrypted data led Apple to retract its ADP feature within the country, raising serious concerns over user privacy.
Disappearing Encryption Advice
Security expert Alec Muffet was among the first to note the absence of the document. He reported that not only was the NCSC’s guidance removed, but the original URL hosting it is no longer accessible. Furthermore, the current NCSC webpage now redirects users to an entirely different page that makes no reference to encryption or ADP, signaling a stark shift in the government’s stance on cybersecurity practices.
The apparent scrubbing of encryption advice comes mere weeks after the government’s controversial demand for access to encrypted data. In response to these developments, Apple has initiated a challenge against the U.K.’s data access order in the Investigatory Powers Tribunal (IPT). The tech giant’s legal actions underscore the tension between national security interests and individual privacy rights.
In light of the recent changes, the NCSC has shifted its recommendations for at-risk individuals. Instead of encryption, they now suggest using Apple’s Lockdown Mode, an “extreme” security tool that limits access to certain device functions and features. While Lockdown Mode enhances security, it does not provide the same level of data protection that encryption offers, raising further questions about user safety.
Despite inquiries from TechCrunch, neither the U.K. Home Office nor the NCSC responded regarding the alterations made to their cybersecurity guidance. The lack of transparency in this matter has sparked criticism from privacy advocates and cybersecurity experts alike.
What The Author Thinks
This action represents a dangerous precedent that undermines user privacy. The retreat from encryption advice and the embrace of potentially weaker security measures signals a concerning shift in the U.K.’s approach to cybersecurity. The government’s apparent prioritization of national security at the expense of individual privacy could set a troubling example for other countries.
Featured image credit: Freepik
Follow us for more breaking news on DMR