UK Can’t Help Itself: Back To Demanding Apple Break Encryption After “Backing Down” Just Months Ago
from the security-theater dept
Well, that didn’t last long. Remember back in August when we reported that the UK had supposedly “backed down” from its dangerous demand that Apple create encryption backdoors? Remember how the Trump administration (mainly Tulsi Gabbard and JD Vance) went around patting themselves on the back for tough-arming the UK into acquiescence?
At the time, we highlighted that getting the UK to back down was undoubtedly a good thing, but the reporting on it mentioned a “secret deal” which raised a lot of new questions. Apparently, we were right to be concerned. It appears that Gabbard and Vance negotiated a hollow victory that allowed them to get fawning press coverage, while the UK government could still demand encryption backdoors.
It turns out that “backing down” was more like a tactical retreat, because according to a new Financial Times report, British officials are right back at it — this time with an only slightly tweaked but still terrible demand.
The UK government has ordered Apple to allow access to encrypted cloud backups of British users, after a previous attempt to issue a broader demand that included US customers drew a furious backlash from the Trump administration.
The UK Home Office demanded in early September that Apple create a backdoor into users’ cloud storage service, but stipulated that the order applied only to British citizens’ data, according to people briefed on the matter.
A previous technical capability notice (TCN) issued in January sought global access to encrypted user data. That move sparked a diplomatic clash between the UK and US governments and threatened to derail the two nations’ efforts to secure a trade agreement.
In February, Apple withdrew its most secure cloud storage service, iCloud Advanced Data Protection, from the UK.
So let’s recap this insanity: Earlier this year, the UK demanded Apple break encryption globally. Apple shut down its Advanced Data Protection service in the UK rather than comply. There was massive pushback, including from the Trump administration. The UK then supposedly “backed down” in what was described as a “mutually beneficial agreement” between the US and UK. Now, just weeks later, they’re back with basically the same demand, just geographically limited.
Which raises the obvious question: what exactly was that “mutually beneficial” deal? Because it’s starting to look suspiciously like the US told the UK “fine, spy on your own people all you want, just leave ours alone.”
And here we are again. Apple is still unable to offer its most secure cloud storage to UK users, and now the UK government is doubling down on making its own citizens less safe. The company’s response remains appropriately defiant:
“Apple is still unable to offer Advanced Data Protection in the United Kingdom to new users,” Apple said on Wednesday. “We are gravely disappointed that the protections provided by ADP are not available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy.”
It added: “As we have said many times before, we have never built a back door or master key to any of our products or services and we never will.”
As for all that pressure from Trump administration officials like Tulsi Gabbard and JD Vance that supposedly convinced the UK to back down? Well, according to the FT report, that pressure seems to have evaporated:
Members of the US delegation raised the issue of the request to Apple around the time of Trump’s visit, according to two people briefed on the matter. However, two senior British government figures said the US administration was no longer leaning on the UK government to rescind the order.
Translation: The US got what it wanted and is now perfectly happy to let the UK spy on British citizens. So much for standing on principle.
Once again, it appears that the Trump administration is happy to sign short-sighted, limited deals that sell out principles in favor of getting headlines that pump up their own efforts misleadingly.
This whole saga perfectly illustrates the fundamental problem with trying to create “limited” backdoors. You can’t create a vulnerability that only works for the “good guys”—any backdoor becomes a vulnerability for everyone. And you certainly can’t create geographically limited encryption weaknesses:
Caroline Wilson Palow, legal director of the campaign group Privacy International, said the new order might be “just as big a threat to worldwide security and privacy” as the old one.
She said: “If Apple breaks end-to-end encryption for the UK, it breaks it for everyone. The resulting vulnerability can be exploited by hostile states, criminals and other bad actors the world over.”
What’s especially frustrating is how this plays out politically. The Trump administration gets to look like the defender of American privacy rights while throwing British users under the bus. The UK government gets to claim it’s only targeting its own citizens (or, rather, not to say anything at all because it gets to hide behind the Investigatory Powers Act gag orders). And Apple gets stuck in the middle, forced to choose between protecting user security and maintaining access to a major market.
The UK’s Investigatory Powers Act continues to be the gift that keeps on giving to authoritarians worldwide. Every time the UK pushes these boundaries, it provides cover for more repressive regimes to make similar demands. “If the UK can demand backdoors, why can’t we?” becomes the rallying cry for authoritarians around the world.
And let’s not forget the forced secrecy component that makes all of this even more insidious. These Technical Capability Notices come with built-in gag orders, so Apple can’t even warn its users directly of what’s happening and that their data might be compromised. It’s surveillance with a side of deception.
The only reason we know about any of this—including the original order earlier this year—is because of leaks to the press.
The UK government’s approach here is particularly cynical. They’re betting that limiting their demand to UK users will reduce international pressure while still giving them the surveillance capabilities they want. And the Trump admin appears to be ignorantly playing along.
Once more for those in the back: there is no such thing as a “limited” encryption backdoor. Any vulnerability introduced into Apple’s systems creates risks for all users, regardless of nationality. The technical architecture doesn’t respect geographic boundaries, and neither will the criminals and hostile actors who inevitably discover and exploit these weaknesses.
This is exactly what we warned would happen when we wrote about that secretive “agreement” in August. Secret deals around fundamental rights are never good news, and this latest development proves why. The UK got what it wanted — permission to spy on its own citizens without international interference.
The only silver lining is that Apple continues to refuse to comply, but that puts the company in an impossible position. How long can they maintain this stance while being locked out of offering their best security features to UK users?
The UK government is making its own citizens less safe while setting a dangerous precedent for authoritarians worldwide. The fact that they’re doing it with apparent US acquiescence just makes it worse.
Filed Under: backdoors, encryption, jd vance, tulsi gabbard, uk
Companies: apple
Comments on “UK Can’t Help Itself: Back To Demanding Apple Break Encryption After “Backing Down” Just Months Ago”
Apple could reduce encryption (to something that UK services won’t spend decades to decrypt) for account created in UK (like the address is located in UK when creating the account), and dealing separately with theses UK accounts. Other country accounts would stay safe as usual (since there would be no way to change an account to an UK one).
Except of course if every country decide to get the same favor for its own citizens. And I won’t bet US will refuse that for its citizens for very long.
It’s all just a show. Both the US and UK want the backdoor.
typo:
Should be-> it turns out that
I mean, the U.S. not using it’s leverage against other countries’ citizens is probably for the best, right now.
If Apple cares about user privacy, it should withdraw from the UK indefinitely. It’s privileged enough to be able to do so.
This is likely due to the same Home Office idiots who are pushing compulsory ID cards
Said idiots are likely under the impression that using different encryption for UK accounts would solve the problem for Apple. They don’t understand security architecture, and won’t want to learn.
The idea that people might want to have their accounts based in a different country is probably beyond them. Apple doesn’t have a way to ascertain citizenship with certainty, and doesn’t want one.
…
I’ll say it as always.
Idiots like this will never learn or care until it’s their daughter’s nudes on the internet. Until some politician is dead because his schedule and location is leaked and hacked due to terrible privacy laws none of them will care, and even then they will only protect themselves, not the peasants.
Re:
I’m not sure that would even work. There were congresspeople located with data from brokers who were assassinated and it hasn’t driven a massive change towards privacy.
Re:
Politicians will simply exempt themselves. Rules for thee, not for me.
Short-term risk aversion vs Long-term reputational ruin
The only silver lining is that Apple continues to refuse to comply, but that puts the company in an impossible position. How long can they maintain this stance while being locked out of offering their best security features to UK users?
If anyone on the board of Apple has even the tiniest sliver of intelligence and business sense the answer to that is simple: Forever.
As the article rightly notes the day they cave to the UK’s demands for intentionally crippled security is the second every other government on the planet starts hammering on Apple’s door demanding that they get their own ‘limited’ crippled encryption, and any claim the company might have had to a secure product/service goes up in smoke.
It’s not just Apple’s reputation that’s on the line here, it’s in the company’s financial best interests to refuse to comply and hopefully enough of the people running the company are smart enough to understand that and don’t choose the coward’s path because it seems cheaper in the short-term.
Ahh yes, that beautiful moment when parliament came back from the drawing board with what amounted to
“Nerd harder, chaps.”
Did you think it was the job of the American gov to protect UK citizens from their own government? If that’s what you think, might as well go in and recolonize the place. (I’m tempted)
Re:
I think it’s the American gov’t to (1) have basic principles (2) and protect Americans. Enabling backdoors in the UK harms Americans (and American companies) as explained in the rest of the article you apparently didn’t read.
UK government over-reach
The Labour party has always had an authoritarian streak. Labour Home Secretaries of the recent past have displayed some of the most draconian attitudes to law and order that we have ever seen. They do not trust the people who voted them in and go out of their way to try and control everything that a British citizen is allowed to do or say.
Just look at the antics of the police in arresting hundreds of people for displaying a hand-written placard supporting Palestine Action. It may even mean that I am subject to scrutiny for even mentioning the name. That’s how bad things are here with this bunch of control-freaks in charge.
Mind you, the current alternative is Farage and his gang of wannabe Trumps, so things could get worse in the near future.
Oh, yes, we even have a Farage version of DOGE in some of the local authorities they now control after last years elections.
Re:
And the Tories who introduced this bill were any better?
This labour government arrested people for tweeting something they don’t like the online safety act is a disaster making it necessary to sign into any website and show Id that might have adult material like reddit or news sites that might have violent protest video
Digital id is the next step for a 1984 surveillance system in the UK
The American government should be protesting if any foreign state
Asks apple to break encryption which has been there for 20 years
The UK depends on USA trade to a large extent and they are part of NATO
Brits don’t deserve rights and freedoms.