US lawmakers denounce UK's secretive attack against Apple encryption
A bipartisan group of U.S. lawmakers are coming to Apple's defense over the UK government's attempts to get backdoor access to users' iCloud data, demanding that the UK remove the cloak of secrecy surrounding the order.
Big Ben's clocktower - Image Credit: Amar Saleem/Pexels
Apple is in a battle with the government of the United Kingdom over iCloud privacy, with a secret hearing by the Investigatory Powers Tribunal on Friday set to consider an appeal. However, the closed-door hearing at the High Court isn't being made public at all, something U.S. lawmakers are unhappy about.
A bipartisan letter from the U.S. Congress to the President of the Investigatory Powers Tribunal published on Thursday demands that the IPT "remove the cloak of secrecy related to notices given to American technology companies by the United Kingdom.
According to the letter, the secrecy infringes on free speech and privacy, undermines governmental oversight in both countries, harms national security, and "undermines the special relationship between the United States and the United Kingdom."
Too big for cloak and dagger
Following the February order by the U.K. demanding backdoor access to iCloud user data, which would grant access to any iCloud content belonging to any user across the globe, Apple has fought against the plan. It said it wouldn't offer Advanced Data Protection to U.K. users, and filed its legal complaint with the IPT in early March.
Despite being widely reported on and discussed around the world, the IPT hearing is to be held in secret on Friday. The widespread reporting makes "any argument for a closed hearing on this very existence unsustainable," the letter states.
Apple's public notice of the ADP removal in the U.K. is also seen as an indicator of the hearing's existence, despite attempts at keeping the order secret. "Apple presumably would not do this unless it felt compelled to do so by a request to insert a backdoor," the document adds.
"It is in the public interest for there to be open hearings about the extent to which important communications services have been deliberately compromised to make them less secure."
Multiple issues
The letter goes on to say that the demand for the backdoor raises serious concerns for national security and warrants public debate. Director of National Intelligence shared in a letter to Congress that the U.K.'s demand would be a "clear and egregious violation of Americans' privacy and civil liberties, and open up a serious vulnerability for cyber exploitation by adversarial actors."
The nature of the secrecy also would be a free speech problem in the United States, as it would impair U.S. companies from answering questions about it posed by Congress. This harms Congress's "power and duty to conduct oversight on matters of national security."
Indeed, the letter claims the attempted gag order has "already restricted U.S. companies from engaging in speech that is constitutionally protected under U.S. law and necessary for ongoing Congressional oversight."
Apple has already informed Congress that, had it received a technical capabilities notice, it would be barred by U.K. law from telling Congress about the notice. Google has also warned Congress that it would be in a similar position if it had the same notice.
Security, please
The security of data is then stressed by the letter, referring to breaches and hacks of companies holding sensitive U.S. government data. This included instances in 2024 when China reportedly hacked U.S. telecoms companies to tap high-level phone calls and to steal millions of phone records, and a hack of government email accounts hosted by Microsoft in the summer of 2023.
A common link between the incidents is the storage of sensitive government data held by third-party companies, which wasn't adequately secured. In one instance, this involved the compromise of "lawful intercept" systems, similar to the one the U.K. wants Apple to introduce.
"Such systems create grave vulnerabilities which can be exploited by hostile foreign government hackers," it continues.
Since there's considerable technical complexity and the potential for weakened national security and cybersecurity defenses, "it is imperative that the U.K.'s technical demands of Apple - and of any other U.S. companies - be subjected to robust, public analysis and debate by cybersecurity experts," the letter urges.
Secret court hearings with intelligence agencies "do not enable robust challenges on highly technical matters." With the potential impact on U.S. security, the letter claims it is "vital that American cybersecurity experts be permitted to analyze and comment on the security of what is proposed."
The letter is signed by Senator Ron Wyden (D-OR), Senator Alex Padilla (D-CA), Rep. Andy Biggs (R-AZ), Rep. Warren Davidson (R-OH), and Rep. Zoe Lofgren (D-CA).
A louder outcry
The letter from Congress is the latest demand to make the process transparent, instead of being held in secret.
On Wednesday, Caroline Wilson Palow, legal director at Privacy International insisted that the public had the right to know whether or not the security of a service used by billions of people is being undermined.
Apple itself hasn't officially comment on the hearing, due to being restricted by laws. Even in its notice for turning off ADP in the UK, it doesn't mention the order directly, but does repeat its claim that it has made for years that it hasn't built a backdoor for its encryption, and never will.
Read on AppleInsider
Comments
It’s shocking to think the UK thought it could just steamroll over everyone’s rights everywhere and grant itself an exclusive license to see anyone in the world’s data on a whim. As a reminder, this demand to bypass all legal protections for all the citizens of the world was made in secret from a secret organization that required that any compliance with these insane demands could not ever be reported to the user, other governments — nobody except itself.
Frankly the UN should be looking at severe sanctions against the UK, and the US in particular should be regarding it as a hostile action. Everyone involved in this overreach should be fired.
Of course, the government should have access to anything and everyone with 'just cause' and 'due process' - they're elected or appointed or some other reasonably transparent/ hyper-private process -- yes, they're incompetent and slow and lazy, etc -- but so are the majority of apple customers and the world, in general. The very idea that we are allowing a private company to even have an opinion on security as if they have any public obligation or oversight is ludicrous. Private companies care about nothing except money and the visions of its corporate overlords. The penalties that companies and directors face when they abuse trust and undertake massive frauds is nothing - a few years in a cuddly summer camp. Private companies shouldn't have visions or morals or public opinions or be involved in any public matters -- make stuff and sell it - that's it.
Any U.S. based company instructed by any foreign country to decrypt data of Americans or required to disable decryption of American citizens’ devices (such as computers, phones, or tablets) must immediately cease all operations - including but not limited to sales, support, and services - in said country until such order is rescinded by said country.
The intent not being to hurt the company being asked (Apple, in this case), but to preempt such attempts with a harsh, effective punishment to the offending country.
If UK spooks those who believe in cloud security, then US won’t see them. It’s like one fisher’s been treading patiently but another one comes hitting all deadpans.