Summary
- The UK is ordering Apple to open up end-to-end encrypted iCloud backups worldwide.
- That could dismantle the end-to-end option in every country.
- It’s absolutely essential to keep that encryption to protect dissenters from unethical governments.
I always knew that Apple would continue to fight with governments over encryption, but I never expected this latest salvo.
The Washington Post reports that Apple is being ordered to open up access to all end-to-end encrypted data worldwide under the UK’s Investigatory Powers Act. Apple can appeal the decision based on its cost and relevance to security requirements, but in the interim, it has no choice but to comply. As a result, Apple’s Advanced Data Protection option could be removed in countries like the US and Canada, not just the UK.
None of this might sound like a big deal to the casual observer. In truth, though, it’s an amplified version of the battle Apple fought against the FBI several years ago, now with dire consequences if the UK’s intelligence apparatus gets its way. I’m not being sensational — there’s a real safety risk here related to the UK government accessing data on its citizens’ Apple devices.
Related
I won’t buy a phone for AI, and you shouldn’t either
AI just isn’t reliable or powerful enough yet to base a phone around it.
The legacy of San Bernardino
A fight with no ultimate conclusion
Creative Commons / ajay_suresh
In December 2015, a married couple — Syed Rizwan Farook and Tashfeen Malik — committed a terrorist attack in California’s San Bernardino County, killing 14 people and seriously injuring another 22. The attackers managed to destroy their personal phones before they were shot, but Farook had a work-issued iPhone 5c that the FBI quickly took an interest in.
The problem was that it was passcode-locked, and set to wipe itself after 10 failed attempts automatically. That made a brute-force unlock very risky, so the FBI’s leadership took an unusual step, ordering that Apple devise a software workaround, also known as a backdoor. Apple refused, arguing that it would compromise the security not just of its own products but the US tech industry in general. If Apple could be ordered to create a backdoor into iPhones, there would be no reason the same couldn’t be demanded for other devices like laptops, routers, and servers.
If Apple could be ordered to create a backdoor into iPhones, there would be no reason the same couldn’t be demanded for other devices.
San Bernardino became a very public battle and seemed to be headed toward a critical hearing in March 2016. A day before the hearing, though, the government said it had found a third party that could potentially unlock the phone. That happened later the same month, allowing the FBI to drop its request and avoid setting a legal precedent.
The Los Angeles Times later reported that nothing useful was found on the iPhone.
Related
The lowdown on Apple’s Activation lock: 4 things you need to know
It’s usually a vital safety feature, but it can also be a hurdle.
The very real issues at stake
It’s beyond constitutional rights
With San Bernardino, the primary concern of the FBI’s critics was that undermining iPhone security would enable government surveillance while increasing vulnerability to criminals and foreign spy agencies. The US government could promise to keep the details of the backdoor secret, but Apple’s software would be inherently more exposed, making it only a matter of time before hackers discovered and exploited the same flaw. Apple might then issue a patch, but there would only be so much it could do without blocking the US government once again.
There were always hints of international implications for the San Bernardino case, but they’re unavoidable with the new UK ruling. The advantage of end-to-end encryption is that it’s so secure that even the companies that offer it can’t break in. If they can’t, governments can’t, and in the case of iCloud backups with Advanced Data Protection, there’s a lot of sensitive data governments might want, including everything from photos and messages to the contents of some third-party apps. Standard encryption can still be relatively secure against criminals, but without end-to-end technology, there’s still the potential of Apple being forced to comply with search and surveillance orders against its servers.
An iCloud backup may be all that’s needed to put a dissenter in prison.
Advanced Data Protection gives political dissenters an added layer of defense when a government is less than ethical or completely unapologetic about crushing its enemies. That’s how it becomes a matter of life and death — an iCloud backup may be all that’s needed to put a dissenter in prison. Even if the original person isn’t punished, their interactions with others could be used to eliminate any signs of political resistance.
There are legitimate arguments against end-to-end encryption in that it can be used by terrorists, sex traffickers, and other criminals to hide their activity, but the threat to freedom and democracy offsets that. We know for a fact that governments sometimes abuse their technical capabilities.
Related
Find My Device: a lifesaver or a digital leash?
It’s probably worth keeping, but there are scenarios where opting out might be wise.
Is there any hope in the UK fight?
A faint light at the end of the tunnel
Apple / Pocket-lint
I can’t claim to know for sure, and I shouldn’t. While I know a decent amount about politics and security, as a tech journalist, I’m still very much on the outside. I’m unfamiliar with UK laws, too, which could play a deciding factor in this situation.
That said, I do know that many in the UK are unhappy with the Investigatory Powers Act, which is sometimes nicknamed the Snoopers’ Charter. On top of that, the FBI and NSA flipped the script in December 2024, joining security organizations in Australia, Canada, and New Zealand in recommending end-to-end encryption for web traffic. The reasoning? China is known to engage in electronic espionage around the world. If the UK’s main security partners are onboard with end-to-end encryption in one area, it may be forced to reevaluate its position.
Apple might also have a case on its own merits. It does indeed seem disproportionate to make the company dismantle Advanced Data Protection for every user worldwide, including people who aren’t normally subject to UK rules. But governments aren’t always rational in how they respond, which is part of the reason we need end-to-end encryption in the first place.
Related
Worried about an unwanted AirTag tracking you? Here’s how to block it
Apple’s AirTag is great for finding your missing items, but the Bluetooth tracker can also be used by nefarious individuals.
