UK orders Apple to let it access everyone’s encrypted data

In its limited wisdom, the deeply unpopular UK government has decided to break privacy for the entire world, slamming Apple with a top secret order that demands blanket access to personal data. Apple must create a “back door” to enable surveillance, according to The Washington Post. It’s a deeply dangerous, unaccountable, draconian demand that threatens privacy, free expression, commerce, and will ultimately make no one safe. 

What makes this even more insidious is the secrecy around the application of the law. Not only is Apple unable to either confirm or deny that it has been told to create this back door, but the UK Home Office will not do so either. Making this worse, while Apple can appeal the demand, it can only do so in a secret court and must deliver the demanded access even before that appeal is heard.

In other words, the government is demanding access to everybody’s encrypted iCloud backups, you don’t get told the government is doing it, there’s no right of appeal against it and, one more thing — it applies internationally. This would effectively give UK spies access to every iCloud backup that exists globally.

Apple might suspend some UK services

It is thought that Apple could withdraw some of its services from the UK market as a result, as it warned it might when the law was first articulated in 2023.  At that time, it called the measure a “serious, direct threat” to security and privacy. It also warned that the global nature of the regulation meant the company could not obey, even if it wanted to, because doing so would force the firm to break other rules, such as those surrounding data privacy.

“End-to-end encryption is a critical capability that protects the privacy of journalists, human rights activists, and diplomats. It also helps everyday citizens defend themselves from surveillance, identity theft, fraud, and data breaches,” the company said.

Even if Apple does withdraw some of its services from the UK, that may not be enough. That’s because the law demands global access, which means UK security agencies can, with few safeguards, demand access to data from anyone. The Post mentioned Advanced Data Protection on iCloud as one service Apple might stop offering to the market, but the regulation seems to imply that if you are a US citizen, the UK (for some insane reason) can still demand access to your encrypted iCloud data.

Sheer and utter folly

I can’t articulate strongly enough how insanely foolish this is; even the FBI agrees encryption is a good thing.

As I’ve argued forever, and as state-sponsored surveillance attacks such as those by the NSO Group should prove, there really is no such thing as a secure back door. Once any such opening exists, it will proliferate. Apple will be forced to share these keys with governments on a global basis, including less trustworthy or unstable regimes, or those willing to support privatized surveillance-as-a-service firms. 

That means it is only a matter of time before all your information becomes an open book to rogue governments, state-sponsored attackers, criminals, and anyone else with a desire to profit from your digital data. 

That’s a threat to you, to free speech and democracy, and also a massive attack against the privacy and security essential to maintain digital commerce. Far from making people safer, the UK demand threatens everyone. More to the point, if the deep state is smashing down iCloud’s doors, it will be smashing down digital doorways everywhere. “Breaking encryption for one breaks encryption for all,” warns Privacy International.

Draconian, unprecedented, unaccountable, dangerous

Needless to say, those who understand the importance of privacy, encryption, and the internet, are furious at the UK government’s demand. 

Rebecca Vincent, the interim director of privacy and civil liberties campaign group Big Brother Watch, said: “We are extremely troubled by reports that the UK government has ordered Apple to create a backdoor that would effectively break encryption for millions of users — an unprecedented attack on privacy rights that has no place in any democracy. 

“Big Brother Watch has been ringing alarm bells about the possibility of precisely this scenario since the adoption of the Investigatory Powers Bill in 2016. We all want the government to be able to effectively tackle crime and terrorism, but breaking encryption will not make us safer. Instead, it will erode the fundamental rights and civil liberties of the entire population — and it will not stop with Apple.

“We urge the UK government to immediately rescind this draconian order and cease attempts to employ mass surveillance in lieu of the targeted powers already at their disposal.”

“In doing this, the government [is] attempting to undermine the security of millions of users, which would expose them to higher risks of cybercrime,” said James Baker, platform power program Manager at Open Rights Group. “They are failing in their primary duty to protect British citizens. The government want[s] to be able to access anything and everything, anywhere, any time. Their ambition to undermine basic security is frightening, unaccountable and would make everyone less safe. WhatsApp and other services will be next in their sights.

“They seek to do this in secret, with minimal accountability, and potentially global impacts,” he said. “It is straightforward bullying.”

Index on Censorship warned: “Our message to the UK government: please don’t trade in our privacy under the misguided belief it’ll tackle crime. Encryption is essential to privacy and the right to privacy and free expression go hand-in-hand. They should be protected not eroded.”

“There are plenty of other, better ways to catch those involved in criminal activity than this,” wrote Jemima Steinfeld, CEO of Index on Censorship. “All this will do is make the average person in the UK much less safe online and give a green light to autocratic states to follow-suit.”

This must be opposed 

I’m horrified and appalled at the move. I consider it a shameful threat to all forms of digital civil liberty and warn that it will create far more harm than it will resolve. Ultimately, privacy is a human right, not a feature, and the removal of such rights should at least be a matter of public and democratic debate, which it has not been. As it stands, this UK overreach should be opposed not only by civil rights advocates, but by anyone else who uses — or provides — online services of any kind, and certainly by any nation that does protect privacy among its citizens.

The UK must think again or become a digital pariah on the world stage. 

You can follow me on social media! Join me on BlueSky,  LinkedIn, Mastodon, and MeWe.