Apple Ordered by UK to Create Global iCloud Encryption Backdoor

The British government has secretly demanded that Apple give it blanket access to all encrypted user content uploaded to the cloud, reports The Washington Post.

The undisclosed order is said to have been issued last month, and requires that Apple creates a back door that allows UK security officials unencumbered access to encrypted user data worldwide – an unprecedented demand not before seen in any other democratic country.

The spying order came by way of a 'technical capability notice,' a document sent to Apple by the Home Secretary, ordering it to provide access under the sweeping UK Investigatory Powers Act (IPA) of 2016. Critics have labeled the legislation the 'Snooper's Charter,' as it authorizes law enforcement to compel assistance from companies when needed to collect evidence.

An Apple spokesperson declined to comment on the revelation, though the law actually makes it a criminal offense to reveal that the government even made such a demand. Likewise, the Home Office told the publication that its policy was not to discuss any technical demands. 'We do not comment on operational matters, including for example confirming or denying the existence of any such notices,' a spokesman said.

One of the people briefed on the situation, a consultant advising the United States on encryption matters, said Apple would be barred from warning its users that its most advanced encryption no longer provided full security. The person deemed it shocking that the UK government was demanding Apple's help to spy on non-British users without their governments' knowledge. A former White House security adviser confirmed the existence of the British order.Apple May Drop UK iCloud Services Over Secret Encryption Access Order

Apple is likely to stop offering encrypted storage in the UK, rather than break the security promises it made to its users, people familiar with the matter told the publication. However, that would not affect the UK order for backdoor access to the service in other countries, including the United States. Apple has previously said it would consider pulling services such as FaceTime and iMessage from the UK rather than compromise future security.

The order would compromise Apple's Advanced Data Protection, which the company launched in 2022. The feature gives users the option to end-to-end encrypt many additional iCloud data categories, including Photos, Notes, Voice Memos, Messages backups, device backups, and more, making their data inaccessible to anyone else – including Apple.

Google has enforced default encryption for Android phone backups since 2018. When asked by The Post whether any government had requested a backdoor, Google spokesman Ed Fernandez did not provide a direct answer but suggested none exist: 'Google cannot access Android end-to-end encrypted backup data, even with a legal order,' he stated.

How to Enable End-to-End Encryption for iCloud Backups

The IPA was updated in 2023 to allow the Home Office to outlaw certain encrypted services using a technical capability notice. Apple at the time called the then proposed amendments 'an unprecedented overreach by the government,' saying that if the update was enacted, 'the UK could attempt to secretly veto new user protections globally preventing us from ever offering them to customers.'

Apple CEO Tim Cook has consistently insisted that providing back-door access past its encryption for authorities would open the door for 'bad guys' to gain access to its users' data. Cyber security experts agree that it would only be a matter of time before bad actors discover such a point of entry. Apple's stance was enhanced in 2016 when it successfully fought a US order to unlock the iPhone of a shooter in San Bernardino, California.

US law enforcement's longstanding objections to encryption have recently taken a backseat to concerns over large-scale cyber intrusions attributed to Chinese state-backed hackers. The attackers infiltrated major telecommunications providers, granting them unfettered access to private phone calls. During a December press conference alongside FBI officials, a Department of Homeland Security representative cautioned Americans against assuming traditional phone networks offer privacy, instead advising them to use encrypted communication whenever feasible.

That same month, the FBI, National Security Agency, and Cybersecurity and Infrastructure Security Agency issued a joint advisory detailing numerous countermeasures against the Chinese cyber campaign. Among their recommendations: 'Ensure that traffic is end-to-end encrypted to the maximum extent possible.'

In a statement, privacy campaigner Big Brother Watch said: 'This misguided attempt at tackling crime and terrorism will not make the UK safer, but it will erode the fundamental rights and civil liberties of the entire population.'Tags: Apple Privacy, Apple Security, Encryption, United KingdomThis article, "Apple Ordered by UK to Create Global iCloud Encryption Backdoor" first appeared on MacRumors.comDiscuss this article in our forums