UK demands Apple to create backdoor into encrypted iCloud backups
What's the story
The UK government has secretly ordered Apple to create a backdoor into users' encrypted iCloud backups.
The move would give British security services access to any user's backup data across the globe, without even informing them about the breach in their encryption.
The Washington Post revealed the directive was issued last month under the powers granted by UK's Investigatory Powers Act of 2016, aka Snoopers's Charter.
Encryption details
Blanket access demand and Apple's encryption
The UK officials have demanded unrestricted access to end-to-end encrypted files uploaded by any user across the world, not just those related to a particular account.
Apple's iCloud backups aren't encrypted by default. However, an Advanced Data Protection option introduced in 2022 uses end-to-end encryption, ensuring even Apple can't access these encrypted files.
Response strategy
Apple's potential response and right to appeal
In response to the UK government's order, Apple is likely to stop offering Advanced Data Protection in the UK.
However, this move wouldn't appease the UK's demand for access to files shared by global users.
The tech giant has the right to challenge this notice on the basis of implementation costs and whether it aligns with security needs, but any appeal can't delay the original order's enforcement.
Legal implications
Technical capability notice and Apple's stance
Reportedly, the UK has served Apple with a technical capability notice. It is illegal to disclose that such a demand has been made by the government.
If Apple complies with the UK's demands, it wouldn't be allowed to inform users that its encrypted service is no longer fully secure.
In March 2024, during a discussion on an amendment to the Investigatory Powers Act, Apple stated its position against such actions.
Encryption debate
UK's stance on encryption and potential global implications
UK security services and lawmakers have always been against end-to-end encryption services, claiming they help criminals escape law enforcement.
If Apple agrees to give the UK government access to encrypted data, other countries such as the US and China may seek the same rights.
This could force the company to choose between compliance or shutting down its encryption service altogether, affecting other tech giants too.