Europe

Britain demands Apple backdoor to user data

Published

on

The Washington Post reports that British security authorities have requested Apple to create a backdoor allowing access to all content uploaded to the cloud by Apple users globally. This secret order, issued last month, demands general access to fully encrypted material, not just assistance with specific accounts, and has no known precedent in the G7.

At stake is cloud storage accessible only to the user, not Apple. Apple introduced Advanced Data Protection in 2022, a service it considered offering years earlier but delayed due to FBI objections during the Trump administration. The FBI criticized Apple for hindering the arrest of “murderers, drug dealers, and other violent criminal elements.”

This security option, available to Apple users in the US and other countries, provides enhanced protection against hacking and blocks a common law enforcement method for accessing photos, messages, and other data. While most iPhone and Mac users don’t enable it, iCloud storage and backups are frequent targets of US search warrants, often served on Apple without the user’s knowledge.

Anonymous sources, citing legal and political sensitivities, told The Washington Post that complying would be a significant setback for technology companies “in their decades-long struggle to avoid being used as a tool of the government against their users.” Apple might cease offering encrypted storage in the UK rather than compromise its security promise to global users. However, this wouldn’t satisfy the UK’s demand for backdoor access in other countries, including the US.

The UK Home Office issued a technical capability notice under the Investigatory Powers Act 2016, demanding access. This law, dubbed the “Snoopers’ Charter” by critics, criminalizes disclosure of such government requests. Apple can appeal to a secret technical panel to argue about the cost and to a judge regarding proportionality, but the law doesn’t allow delaying compliance during the appeal.

“There is no reason why the UK [government] should have the authority to decide whether the citizens of the world can enjoy the proven security benefits of end-to-end encryption,” Apple told Parliament in March, anticipating this potential requirement.

Senior US national security officials have been monitoring the situation since Britain first indicated it might request access and Apple announced its refusal. An advisor to the US on encryption issues, speaking anonymously, said Apple would be prohibited from warning users that its advanced encryption no longer provides full security. They called the UK’s request to spy on non-British users without their government’s knowledge “shocking.” A former White House security advisor confirmed the British order.

The UK and FBI argue that encryption aids “terrorists and child abusers.” Technology companies counter that it protects privacy in personal communications and that backdoors for law enforcement are exploitable by criminals and “can be abused by authoritarian regimes.”

Most electronic communications have some level of encryption. Intermediaries like email providers and internet access companies can often provide plaintext to law enforcement. However, end-to-end encryption, where no intermediary has decryption keys, is increasingly common, as with Signal, Meta’s WhatsApp and Messenger, and Apple’s iMessages and FaceTime. Such content typically loses end-to-end protection during cloud backups, but not with Apple’s Advanced Data Protection.

MOST READ

Exit mobile version