Britain has reportedly ordered Apple to create a back door to encrypted data. This could force a company that has long promoted itself as a privacy leader in the tech space to allow broad access to user data from across the globe, leaving iPhone, iPad and Mac users wondering what that means for them.

It's not uncommon for governments to ask tech companies for specific user data to assist criminal cases. But an undisclosed order issued last month goes a step further by requiring the tech giant to give the British government blanket access to view encrypted materials uploaded to the cloud, the Washington Post said Friday, citing unnamed sources.

This includes data that typically only users can unlock ‒ including messages, photos and notes ‒ from the U.S. and other countries. It's a sweeping demand with no known precedent among major democracies.

Apple and other tech companies have long argued with governments over user privacy protections. It’s not yet clear what sort of access the U.K. government has to user data or how other countries will respond.  

The real worry is that if the U.K. is allowed to spy on Apple customers, U.S. adversaries may also be granted similar access, according to Matthew Green, a member of the Johns Hopkins University Information Security Institute and expert on applied cryptography and cryptographic engineering.  

Need a break? Play the USA TODAY Daily Crossword Puzzle.

“Potentially, that makes things very hard for Apple, and it makes things very hard for everybody in U.S., (where) we no longer can trust our phones,” Green said. 

Is American data at risk? 

Apple has long presented itself as an advocate for user privacy. The company in 2016 successfully fought against the U.S. government's request for help cracking into a shooter's encrypted iPhone.  

The Post said Apple can appeal the British order, but the company would need to comply during the appeal. Unnamed sources told the newspaper that Apple will likely stop offering encrypted storage in the U.K.

“It's hard to know what the specific impact might be,” John Villasenor, co-faculty director of the University of California, Los Angeles’ Institute for Technology, Law and Policy, told USA TODAY. “But more broadly, this underscores for everyone in the U.S. ‒ not just iPhone users ‒ that the convenience of cloud storage comes at a potentially very significant cost in loss of control over who might get access to that data.” 

Experts told USA TODAY that so far, there aren’t indications that the U.K. has been able to tap into the encrypted data. Andrew Crocker, surveillance litigation director at the Electronic Frontier Foundation, a digital rights group, called on Apple to resist the order. 

Apple did not respond to a request for comment.

What happens next? 

Britain’s order is a “slippery slope” that could lead to other countries demanding the same sort of access to U.S. encrypted storage services, according to Villasenor.  

“It’s a very concerning assertion of extraterritorial power,” he said in an emailed statement. “What other countries might also demand that access?” 

One concern is China, which is among the biggest countries to do business with Apple.

“There’s a lot of complicated interactions between China and the United States in terms of spying and hacking,” Green said. 

He pointed to the recent Salt Typhoon as an example, a Chinese hacking and spying campaign that infiltrated U.S. telecoms companies. The hack put data from government officials, soldiers and certain civilian employees at risk, according to Green. 

“I used to say, ‘Oh, the average American is not the target.’ But the truth is, there are a lot of people who actually are the target,” Green said.  

Government agencies have argued greater access to user data grants law enforcement the ability to better protect the public. David Shapiro, a professor at John Jay College of Criminal Justice and former FBI special agent and assistant legal adviser, said there's an argument for privacy protections to be limited when data is stored on an outside server.  

“It’s hard to come up with a reason why (government agencies) shouldn’t have access to such things,” he said. “The data are not yours. That artifact is on somebody else’s property, a server.” 

But backdoor access could put more users at risk of hacking, identity theft and fraud, according to Crocker.  

"There’s just no magic solution that only allows this to be accessed by ‘good guys,” he said. “If you build this for one purpose, for one country, no matter what country that is, all governments around the world are going to demand it. And that includes countries we don’t trust.” 

Green said it’s unlikely the U.S. government will be able to ask for the same sweeping demands seen in Britain. The Post said the British government's order was made possible by the U.K. Investigatory Powers Act of 2016.

"There is no law in the United States equivalent to the law the U.K. is relying on,” Crocker said. “I don’t think there is any legal mechanism for American law enforcement or intelligence agencies to demand that Apple build a back door for Americans’ encrypted backups.” 

Meet the surprise new Apple app:Everything to know about 'Apple Invites'

Should I enable Advanced Data Protection on my iPhone? 

The British government's order is meant to bypass Apple’s Advanced Data Protection, an opt-in service introduced in 2022 that puts end-to-end encryption on data stored in the cloud and blocks even Apple from unlocking such data.  

Despite news of the British government’s order, Green said it’s an extra layer of protection worth turning on.

“I’m a fan of it,” he said. “You might have a problem if you forget your password, you might not be able to get your data back, so that could be a limitation. But I think it’s a good thing. Especially if you have anything really valuable on your phone that you don’t want anyone ever to get.”