US Lawmakers Blast UK’s Demand For Encrypted Apple Data

Two US lawmakers have strongly condemned the UK government’s request to gain access to encrypted data held by Apple users on the company’s cloud accounts, saying the measure would compromise the security of US users and even government bodies in the country.

Ron Wyden a Democrat who serves on the Senate Intelligence Committee, and Andy Biggs, a Republican on the House Judiciary Committee, wrote to national intelligence director Tulsi Gabbard asking her to demand the UK to retract its order.

If it does not do so the US should consider limiting intelligence sharing and cybersecurity cooperation with the UK, the lawmakers said.

Cloud data

The letter follows a report earlier this month by The Washington Post that UK security officials had ordered Apple create a backdoor allowing them to retrieve encrypted content any Apple user worldwide has uploaded to its cloud service.

The lawmakers said Apple should “immediately reverse this dangerous effort”.

“If Apple is forced to build a backdoor in its products, that backdoor will end up in Americans’ phones, tablets, and computers, undermining the security of Americans’ data, as well as of the countless federal, state and local government agencies that entrust sensitive data to Apple products,” Wyden and Biggs wrote.

“The US government must not permit what is effectively a foreign cyberattack waged through political means. If the UK does not immediately reverse this dangerous effort, we urge you to reevaluate US-UK cybersecurity arrangements and programs as well as US intelligence sharing with the UK.”

At issue is a “technical capability notice” the UK government reportedly issued under the UK Investigatory Powers Act of 2016, which authorises law enforcement to compel assistance from companies when needed to collect evidence.

The order applies to all content stored using Apple’s Advanced Data Protection (ADP) feature, which applies end-to-end encryption, meaning that currently Apple itself is unable to provide authorities access to the data if a court order requires it.

‘Secret veto’

ADP is opt-in and is not applied to all Apple users’ cloud data.

Under the order Apple would be required to create the technical means for authorities to access the data, but UK authorities would still require normal legal processes to actually view data from any particular account.

In January 2024 Apple had publicly warned that upcoming changes being considered for the Investigatory Powers Act could effectively give the UK government the means to “secretly veto” new security protections worldwide.

Apple and many other tech firms had been a vocal critic of the Investigatory Powers Act when it was debated in 2015, warning it could force companies to install encryption backdoors and weaken user security.

US authorities have in the past been strongly opposed to end-to-end encryption, with Apple itself involved in several legal cases in which authorities demanded access to locked iPhones.

In most cases the authorities ended their efforts after gaining access to the devices through other means.

More recently, however, support for end-to-end encryption has risen in the wake of a number of serious attacks, including one that exposed thousands of government emails hosted on Microsoft’s cloud infrastructure.