Joseph Menn, reporting exclusively for The Washington Post:

Security officials in the United Kingdom have demanded that Apple create a back door allowing them to retrieve all the content any Apple user worldwide has uploaded to the cloud, people familiar with the matter told The Washington Post.

The British government’s undisclosed order, issued last month, requires blanket capability to view fully encrypted material, not merely assistance in cracking a specific account, and has no known precedent in major democracies. Its application would mark a significant defeat for tech companies in their decades-long battle to avoid being wielded as government tools against their users, the people said, speaking under the condition of anonymity to discuss legally and politically sensitive issues.

Rather than break the security promises it made to its users everywhere, Apple is likely to stop offering encrypted storage in the U.K., the people said. Yet that concession would not fulfill the U.K. demand for backdoor access to the service in other countries, including the United States.

The office of the Home Secretary has served Apple with a document called a technical capability notice, ordering it to provide access under the sweeping U.K. Investigatory Powers Act of 2016, which authorizes law enforcement to compel assistance from companies when needed to collect evidence, the people said.

It’s already possible for governments around the world — including the United States, via the Federal Bureau of Investigation — to subpoena Apple and receive access to an entire user’s Apple account, including their photos, text messages, and iPhone backups, as long as the account doesn’t have Advanced Data Protection enabled. Advanced Data Protection, introduced in December 2022 after years of setbacks due to government pressure, effectively hands the user the encryption key to their Apple account; in the case of traditional Apple accounts, Apple stores a second copy of the encryption key on its servers. It’s a hassle to enable Advanced Data Protection, mainly because it requires storing safely a 35-character recovery key, which can be used to decrypt the data in the event a user loses access to all of their Apple devices, which usually store the keys. Most users don’t turn it on because if they lose that recovery key, Apple can no longer let them into their account.

Still, though, privacy-minded users like myself choose to enable Advanced Data Protection for added security. I’ll never be anywhere without my iPhone, and I’ve used the same passcode on it for years, so it’s burned into my muscle memory. If I were to lose my iPhone and my house with all of my Apple products in it burned down on the same day, I’d probably have bigger problems than being locked out of my Apple account. What’s more likely is that some hacker gets access to my Apple account credentials or designs a social engineering ploy to cajole Apple Support to reset my password — Advanced Data Protection shields against both plausible scenarios. And, perhaps most importantly, the government can’t subpoena Apple for any of my data. It’s not like I have anything to hide, but I don’t want the government to ever gain access to my private information. With President Trump’s FBI, subpoenas into political antagonists are about to become much more common, and I’m protected against that threat with Advanced Data Protection.

The British government isn’t happy with its citizens living a private life away from the government’s eyes, though — or, perhaps even worse, any citizen in any country having any semblance of privacy. Since when do British laws apply outside Great Britain (and Northern Ireland)? I’m confident Apple won’t back down to the British, just like it stood up against the FBI’s incursion after the San Bernardino terrorist attack, but I’m unsure how it’ll deal with the demand to subpoena every account worldwide. What right does Britain have to enforce its law on another country’s soil? That’s like a U.S. police officer going to England and arresting a kid for drinking at 19. If the British are fighting an international criminal scheme, that’s great — work with the countries the suspects are in and obtain a warrant through their federal law enforcement. If the foreign nation can’t get access to a user’s data because it’s encrypted, so be it, but just because one country wants access to its citizens’ data doesn’t mean encryption should be banned from the planet.

Apple won’t give Britain a back door into Advanced Data Protection — that’s impossible without tossing a secret encryption key to the government right before locking a user’s account down. But even if nothing happens — as I suspect it’ll go down — this is a dangerous precedent for a Western democracy. If Britain gets even a sliver of what it wants, it opens up the floodgates for the regulation-thirsty European Union and fascist, Elon Musk-led, lawless U.S. kleptocracy. The Trump administration openly and gleefully defies court orders with a direct constitutional precedent — who is to say it wouldn’t immediately demand Apple unlock millions of Apple accounts owned by Democrats because the British also got their way in?

Apple isn’t even allowed to discuss this dictatorship-esque coercion by the British government, and if it wasn’t for leakers within either Apple or the Home Office, the public would never know about the incursion. That’s genuinely frightening. At a time when people’s lives are in danger due to a rogue Western political administration wreaking havoc on a country that used to paint itself as the arbiter of democracy, Britain is sending a message across the pond that being China-like is acceptable. This puts the data of millions of Europeans and Americans at risk. It tests the limits of government so unnervingly and despicably. Encryption is a fundamental human right, and when Western democracies eliminate people’s right to free expression, citizens should fight back with force. (And enable Advanced Data Protection, regardless of where you live.)