United Kingdom security officials have reportedly made a secret order to Apple requiring the company to create backdoor access so government officials can access all content Apple users uploaded to iCloud, including users outside the UK.
“The British government’s undisclosed order, issued last month, requires blanket capability to view fully encrypted material, not merely assistance in cracking a specific account, and has no known precedent in major democracies,” reports The Washington Post, which broke the story this week.
The office of the Home Secretary served Apple with the secretive order, a technical capability notice. Neither Apple nor the United Kingdom have officially commented on the order (under threat of punishment in Apple’s case).
The directive concerns Apple’s most robust iCloud security measure, Advanced Data Protection. This optional mode, which the user must enable as it is not on by default, promises to keep a user’s data safer against hacks and data breaches.
Most users do not take advantage of this feature, as it is a pretty extreme security measure, going far beyond even two-factor authentication, another security tool that not everyone uses. When Advanced Data Protection is enabled, protected iCloud data is only accessible through encryption keys, which are solely accessible via trusted devices. The end-to-end encrypted data can only be decrypted from a trusted device when the user is signed into the associated Apple account. Nobody else can access this data, including Apple. If account access is lost, the data is locked behind a wall that can only be removed with a device passcode, recovery contact, or recovery key.
Advanced Data Protection is Apple’s most secure option for users to protect their iCloud data. It should come as little surprise, then, that law enforcement agencies, including the FBI in the United States, are not big fans of protective measures that lock data beyond even Apple’s reach. This means that even if Apple were subpoenaed or otherwise directed — or forced — to provide access to user data, they cannot do anything concerning users with Advanced Data Protection enabled. This means that information that may be relevant to an ongoing legal investigation is much more difficult to access.
What makes the reported UK secret order especially concerning many in the United States is that it would not only prevent users from having the protections Apple promised them, but it would also provide a foreign government with the ability to access private American data.
“Trump and American tech companies letting foreign governments secretly spy on Americans would be unconscionable and an unmitigated disaster for Americans’ privacy and our national security,” Senator Ron Wyden (D-Oregon) told The Washington Post. Wyden is on the Senate Intelligence Committee.
Others, including Meredith Whittaker, president of the nonprofit encrypted messaging platform Signal, expressed concern that the UK will become “a tech pariah, rather than a tech leader” if it aims to weaken encryption and privacy technology through Technical Capability Notices.
The secret order may be technically secret, but Apple has known that an order like this could be coming for a while. Last March, the company said, “There is no reason why the U.K. [government] should have the authority to decide for citizens of the world whether they can avail themselves of the proven security benefits that flow from end-to-end encryption.”
The Home Office says it does not comment on matters of technical demands. However, the Home Office is not alone in its concerns about Apple’s Advanced Data Protection. UK officials and the FBI have both expressed concerns that Apple’s most robust encryption provides bad actors, including terrorists, child abusers, and human traffickers, additional protection.
Tech companies routinely counter that providing governments with backdoor access to user data creates exploitable opportunities for criminals and authoritarian governments to violate users’ rights.
If the UK ultimately forces Apple’s hand, users should not be surprised to find other countries follow suit. Other tech companies will also be keeping a close eye on the situation, as many, including Google, offer similarly strong encryption to users. Apple can appeal the order, although an appeal does not allow Apple to delay its compliance during the appeal process.
Image credits: Featured image created using assets licensed via Depositphotos.
Source link
