The UK government has renewed its confrontation with Apple over access to customer data by demanding a backdoor into the tech company’s cloud storage service – targeting British users only.
The Home Office had previously sought access to data on Apple’s advanced data protection (ADP) service uploaded by any user around the world, triggering a clash with the White House.
The Financial Times reported on Wednesday that the government has returned with a new access order, called a technical capability notice (TCN), seeking access to the encrypted cloud backups of British citizens.
A Home Office spokesperson said the department did not comment on operational matters, including “confirming or denying the existence of any such notices”. The spokesperson added: “We will always take all actions necessary at the domestic level to keep UK citizens safe.”
Apple withdrew ADP for new users in the UK in February and said existing users would need to disable the security feature at a later date. Messaging services such as iMessage and FaceTime remain end-to-end encrypted by default.
Tulsi Gabbard, the US director of national intelligence, said in August the UK had backed down on demanding access to US customer data. Donald Trump had described the access demand as “something that you hear about with China”.
Apple did not comment on the FT report directly, but said it was “gravely disappointed” that it could not offer ADP – an optional extra layer of security – to UK customers and reiterated that it would “never” build a backdoor into its products.
“Apple remains committed to offering our users the highest level of security for their personal data and are hopeful that we will be able to do so in the future in the United Kingdom. As we have said many times before, we have never built a backdoor or master key to any of our products or services and we never will,” said the company.
Apple had appealed against the first TCN via the investigatory powers tribunal, which investigates whether the domestic intelligence services have acted unlawfully. The Home Office had sought to keep details of the case under wraps but after a judgment in April some information was released for the first time, confirming Apple’s appeal.
However, details of the TCN were not revealed and under the Investigatory Powers Act recipients of such a notice are not allowed to reveal its existence. The FT has reported that the original TCN was “not limited to” data stored under ADP, indicating the UK government wanted access to the basic and more widely used iCloud service.
The ADP service uses end-to-end encryption, a form of security that means only the account holder can decrypt files such as documents and photos – and no one else can, including Apple.
Privacy International, a charity that launched a legal challenge against the first TCN, said the new order “may be just as big a threat to worldwide security and privacy as the old one”. It said if Apple is forced to break end-to-end encryption in the UK it will in effect break it for everyone by creating a vulnerability in its systems.
“The resulting vulnerability can be exploited by hostile states, criminals and other bad actors the world over,” the charity said.
