Apple is commencing legal action against the government of the United Kingdom regarding requests to undermine its most robust cloud security measures. Apple argues that complying would endanger user privacy and create a risky precedent.
The large company based in Cupertino has brought the matter to the attention of the Investigatory Powers Tribunal, the legal entity in the United Kingdom responsible for addressing complaints related to the exercise of surveillance powers by public institutions. Apple is contesting the lawfulness of the Home Office’s directive under the Investigatory Powers Act of 2016.
No explicit affirmation or denial has been made by the government regarding its directive requiring access to any data uploaded to Apple’s iCloud globally, as this action is considered a criminal offense. Nonetheless, the removal of Advanced Data Protection from the United Kingdom by Apple last month indicates an escalation of the dispute. Users of iPhones, iPads, and Macs in the region can no longer enroll in ADP, and current users must manually deactivate it to maintain access to iCloud.
Position of Apple on Encryption and Data Protection
Upon reaching out to Apple for a response, TechRepublic was directed to a statement issued by Apple last month expressing deep disappointment that Advanced Data Protection can no longer be provided in the United Kingdom.
Data safeguarded under Apple’s Advanced Data Protection offers the highest level of security available from the company, ensuring that information remains concealed even from Apple itself. Users must actively opt-in for Advanced Data Protection in addition to the default security measures provided by Apple.
“We have never created a backdoor or a master key for any of our products or services, and we will never do so,” stated an unnamed Apple spokesperson in an email sent to TechRepublic last month.
The legal challenge by Apple was initially reported by the Financial Times, which mentioned that the tribunal case might be scheduled for the upcoming weeks.
SEE: Apple Removes Thousands of Applications in EU Due to Obligations under the Digital Services Act
Examination by the US, Possible CLOUD Act Breach, and Broad Industry Worries
The request by the government of the United Kingdom for access to encrypted data has attracted attention from the United States. The U.S. is investigating whether the demand by the United Kingdom violates the CLOUD Act, as reported by 9to5Mac. The act prohibits foreign governments from directly accessing encrypted data stored by U.S. companies.
If access is granted, the government of the United Kingdom is likely to use the information protected by Advanced Data Protection to focus on individuals already associated with offenses such as terrorism and exploitation of children, rather than on broader segments of the public, according to the BBC. Nonetheless, technology firms like Apple suggest that a backdoor could be exploited by criminals or authoritarian regimes against their citizens.
In 2016, Apple rejected the U.S. government’s demand to unlock the ‌iPhone‌ of an individual involved in a shooting incident in San Bernardino, California, citing concerns about compromising user privacy and creating a harmful precedent for government access to encrypted devices.
About Author
