The UK government issued a technical capability notice (TCN) under the Investigatory Powers Act of 2016, ordering Apple to create a backdoor to access encrypted iCloud backups. This unprecedented move, made in January, threatens the privacy of UK citizens and users globally, potentially setting a dangerous precedent for other governments, including Kenya's, to demand access to encrypted data through legislation.
The implications extend far beyond the UK's borders, as this backdoor would compromise the security of all users worldwide. Strong encryption is fundamental to keeping information and communication confidential, and there's no middle ground – creating government access inherently breaks end-to-end encryption. If Apple creates this backdoor, it becomes vulnerable to exploitation by various actors.
Andrew Crocker, surveillance litigation director at the Electronic Frontier Foundation, explains: "Simply put, the message the UK government is sending is that its own citizens cannot expect its government to respect their privacy and that it is willing to put their security at risk from all manner of bad actors like hackers and thieves because it cannot tolerate the ability to have a private conversation online."
There is some hope, however. Apple has resisted the order, stating to Parliament in March: "There is no reason why the UK [government] should have the authority to decide for citizens of the world whether they can avail themselves of the proven security benefits that flow from end-to-end encryption."
According to sources cited by the Washington Post, Apple might choose to discontinue encrypted storage services for UK-based users rather than comply. However, this wouldn't address the UK government's broader demand for access to encrypted backups of users worldwide.
The Global Encryption Coalition has recently drafted a joint letter opposing the UK Government's use of the Investigatory Powers Act to undermine end-to-end encryption. Those interested in supporting this initiative can sign the letter before the February 20th deadline.
Stay safe.
Sources:
