Big Ben’s clocktower – Image Credit: Amar Saleem/Pexels
A bipartisan group of U.S. lawmakers are coming to Apple’s defense over the UK government’s attempts to get backdoor access to users’ iCloud data, demanding that the UK remove the cloak of secrecy surrounding the order.
Apple is in a battle with the government of the United Kingdom over iCloud privacy, with a secret hearing by the Investigatory Powers Tribunal on Friday set to consider an appeal. However, the closed-door hearing at the High Court isn’t being made public at all, something U.S. lawmakers are unhappy about.
A bipartisan letter from the U.S. Congress to the President of the Investigatory Powers Tribunal published on Thursday demands that the IPT “remove the cloak of secrecy related to notices given to American technology companies by the United Kingdom.
According to the letter, the secrecy infringes on free speech and privacy, undermines governmental oversight in both countries, harms national security, and “undermines the special relationship between the United States and the United Kingdom.”
Too big for cloak and dagger
Following the February order by the U.K. demanding backdoor access to iCloud user data, which would grant access to any iCloud content belonging to any user across the globe, Apple has fought against the plan. It said it wouldn’t offer Advanced Data Protection to U.K. users, and filed its legal complaint with the IPT in early March.
Despite being widely reported on and discussed around the world, the IPT hearing is to be held in secret on Friday. The widespread reporting makes “any argument for a closed hearing on this very existence unsustainable,” the letter states.
Apple’s public notice of the ADP removal in the U.K. is also seen as an indicator of the hearing’s existence, despite attempts at keeping the order secret. “Apple presumably would not do this unless it felt compelled to do so by a request to insert a backdoor,” the document adds.
“It is in the public interest for there to be open hearings about the extent to which important communications services have been deliberately compromised to make them less secure.”
Multiple issues
The letter goes on to say that the demand for the backdoor raises serious concerns for national security and warrants public debate. Director of National Intelligence shared in a letter to Congress that the U.K.’s demand would be a “clear and egregious violation of Americans’ privacy and civil liberties, and open up a serious vulnerability for cyber exploitation by adversarial actors.”
The nature of the secrecy also would be a free speech problem in the United States, as it would impair U.S. companies from answering questions about it posed by Congress. This harms Congress’s “power and duty to conduct oversight on matters of national security.”
Indeed, the letter claims the attempted gag order has “already restricted U.S. companies from engaging in speech that is constitutionally protected under U.S. law and necessary for ongoing Congressional oversight.”
Apple has already informed Congress that, had it received a technical capabilities notice, it would be barred by U.K. law from telling Congress about the notice. Google has also warned Congress that it would be in a similar position if it had the same notice.
Security, please
The security of data is then stressed by the letter, referring to breaches and hacks of companies holding sensitive U.S. government data. This included instances in 2024 when China reportedly hacked U.S. telecoms companies to tap high-level phone calls and to steal millions of phone records, and a hack of government email accounts hosted by Microsoft in the summer of 2023.
A common link between the incidents is the storage of sensitive government data held by third-party companies, which wasn’t adequately secured. In one instance, this involved the compromise of “lawful intercept” systems, similar to the one the U.K. wants Apple to introduce.
“Such systems create grave vulnerabilities which can be exploited by hostile foreign government hackers,” it continues.
Since there’s considerable technical complexity and the potential for weakened national security and cybersecurity defenses, “it is imperative that the U.K.’s technical demands of Apple – and of any other U.S. companies – be subjected to robust, public analysis and debate by cybersecurity experts,” the letter urges.
Secret court hearings with intelligence agencies “do not enable robust challenges on highly technical matters.” With the potential impact on U.S. security, the letter claims it is “vital that American cybersecurity experts be permitted to analyze and comment on the security of what is proposed.”
The letter is signed by Senator Ron Wyden (D-OR), Senator Alex Padilla (D-CA), Rep. Andy Biggs (R-AZ), Rep. Warren Davidson (R-OH), and Rep. Zoe Lofgren (D-CA).
A louder outcry
The letter from Congress is the latest demand to make the process transparent, instead of being held in secret.
On Wednesday, Caroline Wilson Palow, legal director at Privacy International insisted that the public had the right to know whether or not the security of a service used by billions of people is being undermined.
Apple itself hasn’t officially comment on the hearing, due to being restricted by laws. Even in its notice for turning off ADP in the UK, it doesn’t mention the order directly, but does repeat its claim that it has made for years that it hasn’t built a backdoor for its encryption, and never will.
