We learned earlier this year that the British government had secretly ordered Apple to create a backdoor into encrypted data for all iCloud users worldwide. Specifically, it wanted a way to see personal data protected by Apple’s introduction of Advanced Data Protection (ADP), which extended end-to-end encryption to almost all iCloud data, meaning not even the iPhone maker could access it.
Apple has been fighting the secret order in secret court hearings, but it now appears that the US government is using technology agreement negotiations to force Britain to back down …
The secret demand for an iCloud backdoor
As we noted at the time, the British government’s demand that Apple allow it access to all iCloud accounts globally was as technically clueless as it was outrageous.
First, much of the data is protected by end-to-end encryption (E2EE). This means that Apple does not hold a copy of the key, and would be unable to decrypt it.
Second, even for the data Apple could supply, there are already legal mechanisms in place for law enforcement agencies to request it. They simply need to go to a judge to apply for a court order. The judge will weigh the interests of justice against those of privacy and make an individual determination based on the specific circumstances in that case. Where a judge agrees to issue a court order, Apple complies with these to the extent that it is able to do so.
Third, the government tried to avoid public scrutiny of its demand by using legislation which did not permit Apple to reveal that it had received the demand, and the court case to argue about it would also be held in secret.
Apple’s clever response
Apple came up with a clever response. While it could not directly reveal the British government’s demand, it instead announced that it could no longer offer ADP in the UK.
“Apple can no longer offer Advanced Data Protection (ADP) in the United Kingdom to new users and current UK users will eventually need to disable this security feature. ADP protects iCloud data with end-to-end encryption, which means the data can only be decrypted by the user who owns it, and only on their trusted devices. We are gravely disappointed that the protections provided by ADP will not be available to our customers in the UK […] As we have said many times before, we have never built a backdoor or master key to any of our products or services and we never will.”
This message was crystal clear. Essentially “we cannot tell you that the British government ordered us to build a backdoor into ADP, nor that we refused.”
The British government reportedly set to back down
The government had been insistent that it would not back down on its demand, but the Financial Times reports that the US government has found a way to pressure it into doing so – by threatening UK-US technology agreements.
“This is something that the vice-president is very annoyed about and which needs to be resolved,” said an official in the UK’s technology department. “The Home Office is basically going to have to back down.” Two officials said the UK decision to force Apple to break its end-to-end encryption — which has been raised multiple times by top officials in Donald Trump’s administration — could impede technology agreements with the US […] The officials both said the Home Office […] would probably have to retreat in the face of pressure from senior leaders in Washington
Apple and both governments declined the FT’s requests for comment.
Highlighted accessories
Photo by Dima Pechurin on Unsplash