Report from the Washington Post
In Brief – The UK Government has reportedly issued secret orders to Apple demanding that the company provide a backdoor for security authorities to access users’ encrypted iCloud data. The unprecedented demand, made in January, was filed under the UK Investigatory Powers Act (IAP). The government is demanding the ability to access all end-to-end encrypted files in its cloud uploaded by any user worldwide. Even revealing that the UK Government made the demand is a criminal offense under the law. Apple expanded the use of highly secure end-to-end encryption within the iPhone ecosystem globally in 2022 by allowing users to choose to encrypt iCloud data which had previously not been encrypted. Last year, the company made a submission to the UK Parliament that flagged concerns about the IPA threatening encryption and user privacy.
Context – Encryption is another example of the UK’s digital policy schizophrenia in aiming to be a European haven of tech investment and innovation while pressing digital regulatory and legislative initiatives that run completely contrary to that goal. The Online Safety Bill was nearly derailed in 2023 by concerns that it could outlaw end-to-end encryption in the UK, leading top messaging services to threaten to abandon the market. Although the standoff was defused by a minister stating that no change on encryption was forthcoming, the matter was reopened by proposed changes to the IPA in 2024. The UK’s latest move may in part reflect a perceived shift in Washington, as the tech giants, including Apple, were repeatedly criticized during the First Trump Administration for encryption practices officials said protected criminals. Apple reportedly delayed iCloud encryption during President Trump’s first term due to US law enforcement opposition. However, the new Trump Administration has a much larger digital wing. Finally, the new UK demand is reportedly global in scope, and privacy defenders in the EU have successfully pushed back on encryption threats in the “Chat Control” legislation, and the European Court of Human Rights has ruled that giving governments a general encryption back door is a human rights violation.