(C) Alec Muffett's DropSafe blog.
Author Name: Alec Muffett
This story was originally published on allecmuffett.com. [1]
License: CC-BY-SA 3.0.[2]


Tech companies brace after UK demands back door access to Apple cloud

2025-02

Technology companies are bracing themselves for more attacks on encryption after the UK government issued an order requiring Apple to create a back door to allow security officials access to content uploaded on the cloud by any Apple phone or computer user world-wide.

The government has used powers under UK surveillance laws to issue a secret order requiring Apple to provide the UK with the ability to access all encrypted material stored by any Apple users on its cloud servers anywhere in the world, the Washington post revealed.



The move will put pressure on Apple to withdraw encrypted cloud storage from users in the UK leaving British consumers without the capability to store files, documents or financial information, in a way that will provide them with strong protection from hacking attacks or accidental breaches by cloud providers.

People in the technology industry told Computer Weekly that the UK has shown antipathy towards encryption and that it would not be surprising if more technology companies were hit with similar demands from UK officials seeking the ability to access users’ encrypted data. WhatsApp and Facebook Messenger are potential targets.

The Home Secretary served Apple with a Technical Capability Notice, in January, ordering it to provide the government with back door access to material stored by Apple users on its encrypted cloud service, the Washington Post revealed.

The notice, issued under the Investigatory Powers Act 2016, makes it a criminal offence for a technology company to reveal the existence of any technical capability notice served against it.

The Investigatory Powers Act, gives powers to the government to issue Technical Capability Notices to remove or modify “electronic protection” applied by tech companies to communications data, under Section 253, part 5(c).

A Home Office spokesperson said: “We do not comment on operational matters, including for example confirming or denying the existence of any such notices.”

Matthew Hodgson, CEO of Element, a secure communications platform used by governments, said that the disclosure that a Technical Capability Notice had been served was unprecedented.

“This is the first time the existence of a Technical Capability Notice under the Investigatory Powers Act appears to have leaked and represents a terrifying escalation in the fight to protect users from blanket surveillance,” he said.

Apple could be forced to remove security in UK In evidence to Parliament in March, addressing the government’s plans to extend the Investigatory Powers Act 2016, Apple warned that powers in the Act were “extremely broad and pose a significant risk to the global vitality of important security technologies”. End-to-end encryption was one of the most important security features available to protect information stored in the cloud, ensuring that only users, rather than cloud storage companies, can access their personal data and communications, the company said. It provides an “essential layer of additional security” because it ensures that malicious actors cannot obtain access to users’ data even if they are able to breach a cloud service provider’s data centre. The technology shields citizens from unlawful surveillance, identity theft, fraud and data breaches and serves as an invaluable protection for journalists, human rights activists and diplomats who may be targeted by malicious actors, the company said. Apple raised concerns that the IPA “purports” to apply outside the boarders of the UK, permitting the UK to claim the right to impose “secret requirements on providers located in other countries and that apply to their users globally”. “These provisions could be used to force a company like Apple, that would never build a back door into its products, to publicly withdraw critical security features from the UK market, depriving UK users of these protections,” it wrote. Technology companies are concerned that providing back door access to encrypted storage would make it impossible to comply with data protection and compliance regulations including GDPR, placing further pressure on them to withdraw services from the UK. The UK’s Five Eye’s allies have taken a broader view of encryption. In an advisory last year, the US Canada, Australian and New Zealand, recommended wide-spread use of encryption, including end-to-end encryption, to mitigate threats from China, which infiltrated US telecoms networks in the ‘Salt Typhoon’ attack.

UK’s battle against encryption The UK, which notably did not add its name to the Salt Typhoon advisory, has fought a long-running battle with technology companies over encryption. Last year, the National Crime Agency singled out Meta for criticism over its plans to introduce end-to-end encryption on its Facebook Messenger and Instagram services. And in 2024, the government failed to ease industry concerns that the “spy clause” in the Online Safety Bill, which aims to crack down on child abuse and other harmful online content, would fundamentally weaken end-to-end encrypted services. Claims by a junior minister to the House of Lords, that “there is no intention by the government to weaken the encryption technology used by platforms,” did little to reassure tech companies.
[END]

[1] URL: https://www.computerweekly.com/news/366618999/Tech-companies-brace-after-UK-demands-back-door-access-to-Apple-cloud-Tech-companies-brace-for-more
[2] URL: https://creativecommons.org/licenses/by-sa/3.0/

DropSafe Blog via Magical.Fish Gopher News Feeds:
gopher://magical.fish/1/feeds/news/alecmuffett/

You are viewing proxied material from magical.fish. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.