is a policy reporter. Her past work has focused on immigration politics, border surveillance technologies, and the rise of the New Right.
Update February 21st: Apple has removed its Advanced Data Protection feature in the UK, calling itself “gravely disappointed” with the move.
The encryption wars have reached a fever pitch, and the most contentious battle is not happening in the United States, where much of the action has been in the past — like the government’s efforts to restrict exports of encryption software until the 1990s and the FBI’s standoff with Apple in 2016. It’s in the United Kingdom, where the government has reportedly ordered Apple to give officials blanket access to iCloud users’ encrypted backups. And the order allegedly didn’t just apply to UK users — it demanded backdoor access for users worldwide.
The secret order, first reported by The Washington Post, was issued in January under the auspices of the UK’s Investigatory Powers Act of 2016. Apple’s compliance or refusal will have ramifications far beyond the UK, potentially making users less safe and signaling to other governments that they, too, can seek backdoor access — a way of bypassing encryption — to users’ information via legislation.
“Simply put, the message the UK government is sending is that its own citizens cannot expect its government to respect their privacy, and that it is willing to put their security at risk from all manner of bad actors like hackers and thieves because it cannot tolerate the ability to have a private conversation online,” Andrew Crocker, surveillance litigation director at the Electronic Frontier Foundation, told The Verge.
Apple can appeal the ruling to a secret panel, but per the Post’s reporting, it can’t delay complying with the order during an appeal. And the UK’s Home Office would prohibit Apple from telling users that the government can now access their encrypted backups. This obviously creates a huge problem for Apple, which has built its reputation on safeguarding user privacy.
“Apple should be transparent with its users about how it’s responding to this threat to their privacy and security,” Greg Nojeim, the director of the Center for Democracy and Technology’s Security and Surveillance Project, told The Verge. “It remains to be seen whether this move to weaken global cybersecurity around the world will hold, or whether the UK will back off.”
Apple did not respond to The Verge’s request for comment.
For now, bystanders are left guessing. “If Apple does not appeal — if we don’t see or hear about an appeal — does that mean they have complied?” Joe Jones, the director of research and insights at the International Association of Privacy Professionals, told The Verge. “If they complied, that creates a precedent not just for the UK, but for many other law enforcement authorities around the world.”
It’s Apple’s policy to respond to law enforcement requests for data. Until 2022, iMessage might have been end-to-end encrypted, but iCloud backups were not, so a warrant would typically result in the police getting access to your phone. But that year, Apple implemented end-to-end encryption for iCloud backups under a feature it called “Advanced Data Protection.” Though users have to opt in to Advanced Data Protection, this feature rendered Apple’s compliance with governments much less useful for law enforcement than before.
... continue reading