What Happened
In early February 2025, The Washington Post reported that the UK Home Office had served Apple with a secret order under the Investigatory Powers Act 2016 (IPA) — colloquially known as the “Snoopers’ Charter.” The order, a Technical Capability Notice, required Apple to provide UK authorities with access to fully encrypted iCloud content protected by Apple’s Advanced Data Protection feature.
Advanced Data Protection (ADP) is Apple’s opt-in end-to-end encryption layer for iCloud. When enabled, it protects 23 categories of data including iCloud Backup, Photos, Notes, Reminders, Safari bookmarks, and more — using encryption keys stored only on the user’s enrolled devices. Even Apple cannot access the data. The UK order demanded that Apple create a mechanism to bypass this architecture.
Apple’s response was unambiguous: rather than comply, Apple withdrew ADP from the United Kingdom entirely. As of February 2025, UK users can no longer enable Advanced Data Protection. Existing ADP users in the UK were required to disable the feature. The result: all 26 million iCloud users in the UK lost the option of end-to-end encrypted backups — not because of a hack, but because of a government order.
“We are gravely disappointed that the protections provided by ADP will not be available to our customers in the UK given the continuing increase in data breaches and other threats to customer privacy.”
— Apple, February 2025
Why This Matters Beyond the UK
The UK’s Investigatory Powers Act does not confine its ambitions to British soil. The IPA contains provisions that, in theory, allow the UK to demand access to communications of non-UK persons — and to prohibit companies from disclosing that such an order exists. The original order demanding iCloud access was a secret. Apple was legally prohibited from confirming or denying its existence.
It was only because The Washington Post obtained and published details of the order that it became public knowledge. Had Apple been less principled — had they complied rather than withdrawing the feature — millions of users might never have known their encryption had been silently removed.
This is the fundamental problem with encryption backdoors: they cannot be made available to one government without creating a vulnerability exploitable by others. A mechanism allowing UK intelligence access to iCloud data is, by definition, a mechanism. Any vulnerability engineered for one actor can be discovered and exploited by hostile actors. Security researchers and cryptographers have made this argument for decades. The UK’s action tested it in practice.
Why 1Cryptor Is Immune to Government Backdoor Orders
1Cryptor cannot comply with a backdoor order because it has nothing to hand over. Your encryption key is derived from your password on your device using Argon2id, and never transmitted to our servers. We do not hold your keys. We cannot create a backdoor for data we cannot decrypt. No government order can compel us to produce something we do not possess.
The UK iCloud case illustrates why zero-knowledge architecture is not a luxury feature — it is a structural requirement for genuine privacy. Apple’s ADP was excellent encryption, but it was encryption held by a company subject to government orders in the countries where it operates. When the government of one of those countries issued an order, the encryption was gone overnight — for every user in that country, silently, without individual notice.
1Cryptor’s architecture makes this class of attack impossible. There are no server-side keys to order handed over. There is no feature to silently disable. Your files are encrypted on your device before they leave it, with keys that exist only on your hardware. That is not a policy — it is a technical constraint that no government order can override.