UK Demands Apple Provide Backdoor to iCloud Users Encrypted Data
Credit: Unsplash+
Toggle Dark Mode
Government security officials in the United Kingdom have demanded that Apple provide backdoor access to all content stored in iCloud by Apple users worldwide, according to an article by The Washington Post.
The British government issued a secret order last month, requiring unfettered access to all fully encrypted material stored by any iCloud user in any country, the Post reports. Such a request is unprecedented coming from a “free” country’s government. While many countries have made demands for Apple to provide a backdoor to encrypted data, those demands have been limited to users inside a particular country, not to all user data from around the globe.
The British order requires Apple to give blanket access to all encrypted materials, not merely a specific account. If Apple complied, it would be a significant defeat and establish a precedent to allow governments everywhere to use companies like Apple and Google as weapons against their citizens.
Apple has long promised its users that it will never provide backdoor access to their data and even publicizes that the iPhone maker itself has no way to access user data if it is end-to-end encrypted. This could lead Apple to stop offering encrypted iCloud storage in the UK. However, even if Apple stops offering encrypted iCloud storage to UK-based users, the demand also includes requiring access to users’ encrypted data in other countries, including the United States.
The UK Home Secretary’s office served Apple with a technical capability notice, which ordered it to provide access to customer data under the sweeping UK Investigatory Powers Act of 2016. That act requires companies to provide access to data when law enforcement needs to collect evidence.
Critics refer to the act as the “Snoopers’ Charter, as it makes it a criminal offense to reveal that the government has made such a demand.
An Apple spokesperson declined to comment.
Apple can appeal the notice to a “secret technical panel” (a lot of secrets in the UK, yes?) Arguments would be considered about such issues as the expense of such a request, and a judge could weigh the request against the government’s needs. Unfortunately, Apple would not be allowed to delay compliance with the order while it is being appealed.
In March, Apple told Parliament, “There is no reason why the UK [government] should have the authority to decide for citizens of the world whether they can avail themselves of the proven security benefits that flow from end-to-end encryption.”
On Thursday, the Home Office declined to discuss any technical demands. “We do not comment on operational matters, including, for example, confirming or denying the existence of any such notices,” a spokesman said.
While senior Biden administration officials had been tracking this issue between the UK and Apple, it’s unknown whether they raised any objections to UK officials. President Trump’s administration and intelligence officials declined to comment to the Post.
A consultant advising the United States on encryption matters told the Post that Apple would be barred from informing its users that their encrypted content would no longer be fully protected from access by the government. The consultant said it was “shocking” that the UK government was demanding Apple to help it spy on users who reside outside of the UK, without informing those users’ governments.
Apple’s cloud storage is end-to-end encrypted, meaning only the iCloud user, not Apple, can access their encrypted data. Apple started rolling out its “Advanced Data Protection” end-to-end encryption option in 2022. The service is a security option for Apple users in the United States and elsewhere.
Sen. Ron Wyden (Oregon), a Democrat on the Senate Intelligence Committee, said it was important for the United States to convince Britain that “letting foreign governments secretly spy on Americans would be unconscionable and an unmitigated disaster for Americans’ privacy and our national security.”
Meredith Whittaker, president of the nonprofit encrypted messenger Signal, said: “Using Technical Capability Notices to weaken encryption around the globe is a shocking move that will position the UK as a tech pariah rather than a tech leader. If implemented, the directive will create a dangerous cybersecurity vulnerability in the nervous system of our global economy.”
Law enforcement authorities around the globe have long complained about Apple’s security features, saying encryption allows terrorists and child abusers to get away with their nefarious actions (IMHO, we should immediately be suspicious any time a government claims a new regulation is to protect us from terrorists or if it’s “for the children.”)
Tech companies, including Apple and Google, have pushed back, saying users have a right to expect privacy in their personal communications. They have argued that the same backdoors used by law enforcement can be exploited by criminals or abused by authoritarian governments (Like the UK?)
Apple has long promised privacy to its users in its ads. Apple proved it would not turn over encrypted data to law enforcement in 2016 when it refused to cooperate with the FBI when ordered to unlock the iPhone of a dead San Bernardino terrorist.
Google has encrypted its Android phone backups by default since 2018, meaning the UK government could also target them. However, Google spokesman Ed Fernandez declined to say whether any government had sought backdoor access to user data but implied that none had been implemented. “Google can’t access Android end-to-end encrypted backup data, even with a legal order,” he said.
Facebook parent company Meta also offers encrypted backups for WhatsApp. While a Meta spokesperson declined to say whether it, too, had received government access requests, they pointed to a transparency statement on its website that says that no back doors or weakened architecture would be implemented in the app.
If the UK is successful in requiring Apple to provide backdoor access to encrypted data, totalitarian governments like China would likely demand equal access to user data.
