The U.K.’s office of the Home Secretary has allegedly asked Apple to provide a backdoor into any material any user has uploaded to iCloud worldwide, The Washington Post reported on Feb. 7. Anonymous sources provided The Washington Post the information and expressed concerns about tech companies being leveraged for government surveillance.
Apple has not commented; however, in March, the company provided a statement to Parliament on the occasion of receiving notice of a potential request, saying “There is no reason why the U.K. [government] should have the authority to decide for citizens of the world whether they can avail themselves of the proven security benefits that flow from end-to-end encryption.”
UK government request falls under 2016 law enforcement act
The office of the Home Secretary acted under the U.K. Investigatory Powers Act of 2016, which enables law enforcement to force companies to comply with demands for access if that access is part of a search for evidence. Specifically, the office served Apple with a technical capability notice.
A consultant advising the U.S. government on matters related to encryption called the U.K.’s request “shocking,” according to The Washington Post.
“If implemented, the directive will create a dangerous cybersecurity vulnerability in the nervous system of our global economy,” Meredith Whittaker, president of the encrypted messenger nonprofit organization Signal, told The Washington Post.
SEE: Security professionals in the UK can watch the Cyber Monitoring Centre’s new cyber attack rating system, but its information may be too broad and too late for practical use.
Advanced Data Protection comes under fire again
The possible backdoor means the U.K. government could access information uploaded by personal and business users deploying Apple products, even if Apple itself can’t see that information due to the encryption applied to some of its cloud storage. Specifically, the order would give the U.K. an opening into information covered under Apple’s Advanced Data Protection, an optional security layer introduced in 2022.
If the U.K. does get its backdoor, Apple could shut down the Advanced Data Protection service.
The FBI under President Donald Trump’s first administration protested Advanced Data Protection for similar inaccessibility reasons the U.K. is now seeking to circumvent. On the other hand, tech companies like Apple allege a backdoor would be used by criminals or by authoritarian governments against their citizens.
Advanced Data Protection for iCloud is available to Apple users at no additional cost. It can be set up using a recovery contact or key on top of a standard, updated Apple Account’s two-factor authentication.
“Most” Apple users don’t activate Advanced Data Protection, The Washington Post said.