Security officials in the UK are reported to have secretly demanded of Apple that it create a backdoor that would allow authorities access to users’ encrypted iCloud data, according to a report published in The Washington Post.
If the company is forced to execute the order, British security services may have access to the backups of any user worldwide. Further, if Apple concedes the UK’s demand, it will not be legally allowed to alert users that their encryption was compromised.
Apple is likely to appeal, leading to the possibility of a privacy standoff like the one between the iPhone maker and the FBI in the San Bernardino shooter case in 2015-16.
Legally, the notice Apple received was served by the Home Office under the Investigatory Powers Act (IPA). It cannot be made public. The Home Office told BBC: “We do not comment on operational matters, including, for example, confirming or denying the existence of any such notices.”
The Washington Post reported that the secret order was based on rights given under the IPA of 2016, also known as the Snoopers’ Charter.
While only certain iCloud data is end-to-end encrypted by default, users have the option to activate advanced data protection for better security.
Meant to be enabled manually, the option uses end-to-end encryption so that even Apple cannot access the encrypted files. The option ensures that user data is protected by encryption, including iCloud backup, photos and notes.
In a submission to Parliament last year, Apple flagged its concerns about the IPA. It said the Act provided the government with the authority “to issue secret orders to attempt to force providers to break encryption by inserting backdoors into their software products”. Apple sees privacy as one of its “core values” and as a “fundamental human right”.
UK lawmakers have been pushing back against end-to-end encryption services for some time, arguing the technology makes it easier for terrorists and child abusers to hide from law enforcement.
US agencies, including the FBI, had earlier expressed similar fears but have in recent months recommended encryption as a way to counter hackers linked to China.
In December, the FBI, National Security Agency and the Cybersecurity and Infrastructure Security Agency joined cyber security centres in Canada, Australia and New Zealand in recommending Web traffic be “end-to-end encrypted to the maximum extent possible”.
An increasing number of tech companies are offering services such as Signal’s messages, Meta’s WhatsApp and Messenger texts, and Apple’s iMessages and FaceTime calls that are end-to-end encrypted.
Apple can appeal the notice to a secret technical panel, which would weigh whether the request was in proportion to the government’s needs.
The law, however, may not permit Apple to delay complying during an appeal.