The Home Office has revived a long-running battle over user privacy after formally demanding Apple create a backdoor in its Advanced Data Protection (ADP) encrypted cloud service. First reported by the Washington Post (£) last Friday, the UK government issued a "technical capability notice" under the Investigatory Powers Act (IPA), requiring companies to assist law enforcement with evidence.
The demand, issued last month, "requires blanket capability to view fully encrypted material, not merely assistance in cracking a specific account, and has no known precedent." Furthermore, the request reportedly applies to all Apple users globally.
Apple, which declined to comment, previously expressed concerns about the IPA, warning it could be used to compel companies to insert backdoors into their software. In a prior submission to parliament, Apple stated it would "never build a backdoor" and would instead withdraw features from the UK market.
In a statement responding to the news, Open Rights Group Platform Power Programme Manager James Baker said: "In doing this the government are attempting to undermine the security of millions of users which would expose them to higher risks of cybercrime. They are failing in their primary duty to protect British citizens.
"The government want to be able to access anything and everything, anywhere, any time. Their ambition to undermine basic security is frightening, unaccountable and would make everyone less safe. WhatsApp and other services will be next in their sights."
A separate statement from Privacy International Legal Director Caroline Wilson Palow read: "This is a fight the UK should not have picked. The reported details suggest the UK is seeking the ability to access encrypted information Apple users store on iCloud, no matter their location. This overreach sets a hugely damaging precedent and will embolden abusive regimes the world over."
Manwhile a statement from Big Brother Watch Interim Director Rebecca Vincent said, "We all want the government to be able to effectively tackle crime and terrorism, but breaking encryption will not make us safer. Instead it will erode the fundamental rights and civil liberties of the entire population – and it will not stop with Apple."
On the other side of the Atlantic, in a blog article by the Security and Privacy Activist at the US-based Electronic Frontier Foundation, Thorin Klosowski wrote: "What happens in the UK will still affect users around the world, especially as the UK order specifically stated that Apple would be prohibited from warning its users that its Advanced Data Protection measures no longer work as initially designed."
As reported by TechCrunch, the UK government's move comes only weeks after the US security authorities urged its citizens to use encrypted communications for fear of them being intercepted by adversarial nations.
In a further development, The Washington Post (£) reports on Thursday 13 February that two members of the US Congress have written to National Intelligence Director Tulsi Gabbard asking her to demand the UK retract its order requiring government access to Apple users' encrypted data. Should the Home Office not comply, the US government should limit intelligence-sharing with the UK.
£ - This article requires a subscription.
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 5,750 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.
