Two US lawmakers have strongly condemned what they describe as the UK’s “dangerous” and “shortsighted” request to access encrypted data stored by Apple users worldwide in its cloud service.
Senator Ron Wyden and Congressman Andy Biggs have written to the national intelligence director, Tulsi Gabbard, warning that the demand poses a serious threat to the privacy and security of US citizens.
In their letter, they urge Ms Gabbard to issue an ultimatum to the UK: “Back down from this dangerous attack on US cybersecurity, or face serious consequences.”
The UK government has yet to comment on the matter.
“While the UK has been a trusted ally, the US government must not permit what is effectively a foreign cyberattack waged through political means,” the US politicians wrote. They further suggest that if the UK does not rescind its request, Ms Gabbard should “reevaluate US-UK cybersecurity arrangements and programs, as well as US intelligence sharing”.
The request for data
The UK’s demand for Apple’s encrypted data emerged last week and applies to all content stored using what Apple calls “Advanced Data Protection” (ADP). This service uses end-to-end encryption, meaning that only the account holder can access the data stored—Apple itself cannot see it. It is an opt-in service, and not all users choose to activate it.
The request was first reported by the Washington Post, citing sources familiar with the matter. The UK Home Office, in response to inquiries, stated: “We do not comment on operational matters, including, for example, confirming or denying the existence of any such notices.”
Apple has declined to comment but maintains on its website that it considers privacy a “fundamental human right.”
Legal framework and concerns
The order has reportedly been served under the UK’s Investigatory Powers Act, which compels firms to provide information to law enforcement agencies. However, under this law, such requests cannot be made public.
Senator Wyden and Congressman Biggs argue that agreeing to the UK’s request would “undermine Americans’ privacy rights and expose them to espionage by China, Russia, and other adversaries.” They point out that Apple does not design different encryption systems for different countries, meaning that any backdoor created for the UK would also affect users in the US and beyond.
“If Apple is forced to build a backdoor in its products, that backdoor will end up in Americans’ phones, tablets, and computers, undermining the security of Americans’ data, as well as that of the countless federal, state, and local government agencies that entrust sensitive data to Apple products,” the lawmakers warned.
Privacy campaigners have also raised concerns, with Privacy International calling the UK’s move an “unprecedented attack” on the private data of individuals. Cybersecurity experts fear that creating an encryption backdoor for law enforcement could be exploited by hackers or authoritarian regimes.
Precedents and apple’s stance
The US government has previously requested Apple to break its encryption in criminal investigations. In 2016, Apple resisted a court order to create software that would allow US officials to access the iPhone of a gunman involved in a mass shooting. The case was resolved when the FBI managed to access the device without Apple’s assistance.
A similar case occurred in 2020 when Apple refused to unlock the iPhones of a man responsible for a mass shooting at a US air base. The FBI later claimed it had been able to “gain access” to the phones without Apple’s cooperation.
Despite these cases, it is understood that the UK government’s request does not necessarily mean law enforcement wants to comb through everybody’s data. Instead, it would likely be used in specific cases where national security risks are identified. Authorities would still have to follow a legal process, demonstrate a valid reason, and obtain permission for a specific account before accessing encrypted data—similar to existing practices for unencrypted data.
More Read
Potential fallout
Apple has previously stated that it would pull encryption services like ADP from the UK market rather than comply with government demands, reiterating to Parliament that it would “never build a back door” in its products.
WhatsApp, owned by Meta, has also indicated that it would rather be blocked in the UK than compromise its end-to-end encryption security.
However, even withdrawing these services from the UK market may not be enough to avoid compliance. The Investigatory Powers Act applies worldwide to any technology firm with a UK presence, meaning that companies could still be legally compelled to comply with government orders regardless of where they are based.
As tensions rise, it remains to be seen how the US government will respond to the UK’s request and whether the UK will alter its stance in the face of mounting opposition.
