UK security officials have ordered Apple to give it unprecedentedly broad access to encrypted user data stored on Apple’s data cloud.
The Washington Post, citing people familiar with the matter, reported that last month UK security officials had ordered Apple to create a back door allowing them to retrieve all the content any Apple user worldwide has uploaded to the cloud.
The UK government reportedly issued a “technical capability notice” that requires blanket access rather than just assistance to access a specific account, the paper reported, citing unnamed sources.
A technical capability notice comes under the sweeping UK Investigatory Powers Act of 2016 (otherwise known as the “snoopers’ charter”), which authorises law enforcement to compel assistance from companies when needed to collect evidence, the people said.
In January 2024 Apple had publicly warned that upcoming changes being considered for the Investigatory Powers Act of 2016 could effectively give the UK government the means to “secretly veto” new security protections worldwide.
Apple and many other tech firms had been a vocal critic of the Investigatory Powers Act when it was being debated in 2015, warning it could force companies to install encryption backdoors and weaken user security.
However, the UK order is a “blanket capability to view fully encrypted material, not merely assistance in cracking a specific account, and has no known precedent in major democracies.”
Rather than break the security promises it made to its users everywhere, Apple is likely to stop offering encrypted storage in the UK.
Yet that concession would not fulfil the UK demand for backdoor access to the service in other countries, including the United States.
Apple can appeal the UK capability notice to a secret technical panel, which would consider arguments about the expense of the requirement, and to a judge who would weigh whether the request was in proportion to the government’s needs.
However the law does not permit Apple to delay complying during an appeal.
Apple reportedly is also barred from warning its users that its most advanced encryption no longer provided full security.
