iCloud security is on the line
Apple is taking the UK government to court over efforts to force the company to weaken iCloud encryption.
The case, filed under the Investigatory Powers Act (IPA), seeks to compel Apple to create a backdoor that would allow law enforcement access to user data, not just in the UK but potentially in other countries too.
The company has filed a legal complaint with the UK’s Investigatory Powers Tribunal, pushing back against a mandate requiring it to create a “back door” for law enforcement to access encrypted iCloud data, according to the Financial Times.
In response to the demand, Apple has instead removed the Advanced Data Protection (ADP) feature for people in the UK.
The move marks the first time Apple has taken legal action against provisions in the 2016 Investigatory Powers Act, also known as the “Snooper’s Charter.” It’s a controversial law that expands the British government’s ability to monitor digital communications.
Apple pulls encryption feature to protect user privacy
At the heart of the dispute is Apple’s Advanced Data Protection (ADP), an optional iCloud feature that provides end-to-end encryption and ensures that only users can access their data. In response to the UK’s order, Apple withdrew ADP from the region rather than compromise security for its other users around the world.
The company reaffirmed its long-standing position against weakening encryption, stating it has never built a back door into its products and never will.
The UK government argues that access to encrypted data is crucial for national security, helping to combat terrorism and child exploitation. However, critics warn that forcing Apple to create a back door would set a dangerous precedent, weakening global cybersecurity and exposing Apple users to hacking threats.
It’s not possible to create a backdoor that only the “good guys” can access. Not even government agencies like the CIA and the NSA can protect themselves from hacks.
Global backlash against UK surveillance demands
Apple’s legal challenge has drawn international attention, including strong criticism from the U.S. government. For example, President Donald Trump compared the UK’s demands to authoritarian surveillance tactics used by China, on February 28.
U.S. Director of National Intelligence Tulsi Gabbard also criticized the order, calling it an “egregious violation” of privacy that could strain data-sharing agreements between the two countries.
Director Gabbard cited the CLOUD Act, which governs cross-border data access. The Clarifying Lawful Overseas Use of Data (CLOUD) Act, enacted in 2018, it allows U.S. law enforcement agencies to access data stored overseas by U.S.-based technology companies when investigating serious crimes.
However, under this act, the UK is prohibited from issuing demands for data belonging to U.S. citizens or residents without following established legal protocols. Gabbard expressed “grave concern” over the UK’s order, stating it could undermine Americans’ privacy and civil liberties, and has initiated a legal review to assess potential violations of the CLOUD Act.
What this means for iPhone users & tech companies
Apple’s fight could shape the future of encryption policies worldwide. If the UK succeeds in forcing Apple to comply, other governments may follow suit, leading to a domino effect of weakened digital security.
On the other hand, if Apple wins, it could reinforce the right to strong encryption for individuals & businesses globally.
Apple’s legal challenge also shows how large tech firms can push back against government demands, while smaller companies with fewer resources may struggle to contest similar orders.
“One former senior security official said the system was “not well tested and probably unworkable”, according to the FT report. “You’re not to get away with issuing an order in secret. If you’re imposing an order on a company the size of Apple, it’s going to leak.”
The UK’s Snooper’s Charter includes a gag order that prevents Apple and others from revealing that they’ve received these surveillance requests. Thankfully, this latest occurrence got leaked, but there aren’t other ways for the public to know how their data is being handled in secret.
