The UK Wants All Your iCloud Data, and It’s Not Backing Down
Getty Images / Unsplash+
Toggle Dark Mode
Sadly, reports that the UK was backing down on its iCloud snooping plans may have been premature, as a new report suggests that the UK Home Office hasn’t yet changed its tack, and may in fact be pursuing the matter even more aggressively than we’d feared.
A legal filing seen by the Financial Times reveals that, despite assurances last week by the US Director of National Intelligence (DNI), the Home Office hasn’t backed off, and may have no intention of doing so.
However, there’s also a good chance this is just a matter of things moving at the speed of government. The wheels of bureaucracy turn slowly, and it wasn’t just DNI Tulsi Gabbard’s word that we had to go on. The Financial Times also reported earlier this month, citing its own sources within the UK government, that while the order had yet to be formally withdrawn, the UK had agreed to rescind it.
Three British officials said the clash with the Trump administration was now resolved, after government representatives met senior US figures including [US Vice President JD] Vance in recent weeks.
Financial Times
The report noted that the comments from the three individuals described the issue as “settled,” the UK as having “caved” to US pressure, and a promise that “we can’t and we won’t” make Apple break its encryption.
Nevertheless, a court document published on Wednesday by the Investigatory Powers Tribunal (IPT) suggests that authorities have yet to put the brakes on the proceedings.
Hopefully, this is just a bureaucratic technicality, as the documents also reveal the insidious nature of the UK government’s plan.
Earlier this year, the UK government ordered Apple to provide it with full access to encrypted material stored by any iCloud user worldwide — not just those in the UK. To make matters worse, the order was supposed to be top secret, with criminal penalties for anyone revealing it to the public. Thankfully, someone anonymously tipped off The Washington Post, bringing the whole thing into the light of day.
It’s no surprise that Apple was actively fighting the order, but the UK’s rules required that the entire matter be handled by a secret tribunal. The UK Home Office naturally had no comment on the Post report, and the journalistic report has no effect on Apple’s gag order.
Apple’s only public response to the situation was to turn off its Advanced Data Protection for users in the UK. However, the most it could say by way of explanation was that it was due to “the continuing rise of data breaches and other threats to customer privacy.”
Of course, anyone paying attention to what’s going on can easily conclude that the biggest “threat to customer privacy” in the UK is the UK government itself.
At the time, the general belief was that the UK Home Office had ordered Apple to specifically provide a back door into the end-to-end encryption offered by its Advanced Data Protection feature. Turning the feature off rendered that aspect of things moot; users would no longer enjoy the higher security provided by Apple’s full end-to-end encryption, but Apple would avoid being forced to create a back door into its encryption, and users wouldn’t have a false sense of security.
However, the latest filings reveal it wasn’t just Apple’s end-to-end encryption that the UK spymasters were after — at least not solely that provided by the Advanced Data Protection program.
According to documents seen by the Financial Times, the UK Home Office is demanding access to every piece of data stored in iCloud, by every user, in any country around the world.
Even without Advanced Data Protection enabled, a significant amount of data stored in iCloud has been fully end-to-end encrypted for years. This includes passwords and other keychain data, payment information, Messages in iCloud, Health data, Journal data, Home data, pins, saved locations, and search history in Apple Maps, history, tab groups, and iCloud tabs in Safari, personalization and settings in Siri, the learned vocabulary for things like autocorrect and other keyboard functions, and even Memoji and unpublished invitations in Apple Invites.
The UK wants access to EVERYTHING stored in iCloud — passwords, health data, payment information, and, of course, messages and personal journals — and it wants it for everyone on the planet, not just UK citizens or those residing in the country.
The Home Office claims this level of access is absolutely crucial for combating terrorism and child sexual abuse. Security experts and privacy advocates strongly disagree, as do US lawmakers, who have particularly taken umbrage with the UK government spying on their citizens, calling it “effectively a foreign cyberattack waged through political means.”
The one sliver of good news is that, should the case still proceed, the IPT has agreed to hear the case in open court, rather than in secret. However, the UK government still refuses to confirm or deny the existence of the Home Office order, known as a Technical Capability Notice (TCN) — a secret order under the UK’s Investigatory Powers Act that compels a company to create or maintain the technical means for government access..
A UK government spokesperson said it did not comment on “operational matters”, including “confirming or denying the existence” of TCNs.
Financial Times
Apple is still barred from discussing it publicly under the terms of the Investigatory Powers Act, so it naturally declined to comment on the matter.
The Financial Times has been unable to determine whether this week’s filing is simply a reference to the original Home Office order issued several months ago. However, it does reveal that the Home Office has been preparing this case against Apple since before the Investigatory Powers Act was amended to give it the authority to do so, having initiated the process to issue the TCN so that it would be ready to proceed as soon as the amendments took effect. One person familiar with the case told the Times, “We’re very concerned this is still going on.” So are we.
