Apple is reportedly confronting a major challenge to its privacy stance, after a so called ‘secret order’ from the UK government.
The Washington Post, citing people familiar with the matter, reported that last month UK security officials had ordered Apple create a back door allowing them to retrieve all the content any Apple user worldwide has uploaded to the cloud.
Apple of course for years has widely touted its privacy credentials, despite the fact that tech firms are routinely asked (or ordered) by law enforcement and intelligence services around the world for data on a specific suspect.
Privacy stance
Indeed, in the United States for example, American firms can be compelled on national security grounds to hand over data on their servers when requested by US officials, and are not permitted to disclose the specific number of requests received.
Apple’s privacy stance was in the headlines last month, when the iPhone maker agreed to settle a privacy lawsuit in the United States, that centred around its voice-activated Siri personal assistant.
Apple had agreed to pay $95 million in cash to settle a proposed class action lawsuit claiming that Siri had violated users’ privacy, after it had been unintentionally activated during private conservations.
And Apple famously in 2016 engaged in a prolonged clash with the FBI and US government, after it refused to unlock the iPhone of the San Bernardino terrorist, Syed Rizwan Farook.
Apple CEO Tim Cook at the time commented on the refusal to help the FBI unlock that iPhone, saying the FBI’s request to create a new operating system, was the “software equivalent to cancer”.
Apple also at the time said that this new OS would constitute the creation of a backdoor, and refused point blank to co-operate.
In the end the FBI paid a third-party to hack the iPhone in question.
UK technical capability notice
But now according to the Washington Post article, the UK has ordered Apple to give it unprecedentedly broad access to encrypted user data stored on Apple’s data cloud.
The UK government reportedly issued a “technical capability notice” that requires blanket access rather than just assistance to access a specific account, the paper reported, citing unnamed sources.
A technical capability notice comes under the sweeping UK Investigatory Powers Act of 2016 (otherwise known as the “snoopers’ charter”), which authorises law enforcement to compel assistance from companies when needed to collect evidence, the people said.
In January 2024 Apple had publicly warned that upcoming changes being considered for the Investigatory Powers Act of 2016 could effectively give the UK government the means to “secretly veto” new security protections worldwide.
Apple and many other tech firms had been a vocal critic of the Investigatory Powers Act when it was being debated in 2015, warning it could force companies to install encryption backdoors and weaken user security.
No comment
But now the Washington Post has reported that the UK order is a “blanket capability to view fully encrypted material, not merely assistance in cracking a specific account, and has no known precedent in major democracies.”
“Its application would mark a significant defeat for tech companies in their decades-long battle to avoid being wielded as government tools against their users, the people told the WP, speaking under the condition of anonymity to discuss legally and politically sensitive issues.”
Rather than break the security promises it made to its users everywhere, Apple is reportedly likely to stop offering encrypted storage in the UK, the people said.
Yet that concession would not fulfil the UK demand for backdoor access to the service in other countries, including the United States.
Both Apple and the UK Home Office reportedly declined to comment on the matter.
Appeal, but comply
The Washington Post also reported that Apple can appeal the UK capability notice to a secret technical panel, which would consider arguments about the expense of the requirement, and to a judge who would weigh whether the request was in proportion to the government’s needs.
However the law does not permit Apple to delay complying during an appeal, WP noted.
Apple reportedly is also barred from warning its users that its most advanced encryption no longer provided full security.
