The UK government appears to have quietly removed encryption advice from government webpages, just weeks after demanding backdoor access to encrypted data stored on Apple's cloud storage service iCloud. The change was discovered by security expert Alec Muffet, who wrote in a blog post on Wednesday that the UK's National Cyber Security Center (NCSC) no longer recommends that high-risk individuals use encryption to protect their sensitive information.
The NCSC published a document in October titled "Cyber Security Tips for Barristers, Solicitors & Legal Professionals" recommending the use of encryption tools such as Apple's Advanced Data Protection (ADP).
ADP allows users to turn on end-to-end encryption for their iCloud backups, effectively making it impossible for anyone, including Apple and government authorities, to view the data stored on iCloud.
The URL hosting the NCSC file now redirects to a different page, which makes no mention of encryption or ADP. Instead, it recommends that at-risk individuals use Apple's Lockdown Mode, an "extreme" security tool that limits access to certain functions and features.
According to Muffet, the original files are still accessible through The Wayback Machine, but have been "completely removed from the internet" and no encryption advice can be found on the UK government website.
The encryption advisory was removed weeks after the British government secretly ordered Apple to build a backdoor that would allow authorities to access users' encrypted iCloud data. The order was first reported by The Washington Post and has since been followed by Apple withdrawing its ADP feature in the UK, where it will no longer be available to new users and its existing users will eventually need to disable it.
The Financial Times reported this week that Apple is challenging the UK's data access order at the Investigatory Powers Tribunal (IPT).