UK orders Apple to implement secret global backdoor for end-to-end encryption
Sobering story from the Washington Post‘s Joseph Menn (paywalled, unfortunately—here’s a BBC article that confirms it) that the United Kingdom’s government has mandated Apple provide a backdoor for access to end-to-end encrypted data in every country, combined with a gag order preventing the company from disclosing this fact to its users:
One of the people briefed on the situation, a consultant advising the United States on encryption matters, said Apple would be barred from warning its users that its most advanced encryption no longer provided full security. The person deemed it shocking that the U.K. government was demanding Apple’s help to spy on non-British users without their governments’ knowledge. A former White House security adviser confirmed the existence of the British order.
While law enforcement has long been able to access encrypted data for which Apple holds the keys, this move would reportedly apply to end-to-end data in which the user holds the keys, such as Apple’s Advanced Data Protection. This law would target end-to-end encrypted data from Google and Meta as well.
This is red alert, five-alarm-fire kind of stuff. Providing a backdoor would be worrying enough for reasons that should be obvious to anybody who knows the barest inkling about technology—to wit, that there exists no mechanism to keep such a tool out of the hands of malicious actors—but the fact that it would apply beyond the UK borders to other countries is a staggering breach of sovereignty. And, moreover, as Menn points out, such a move would no doubt embolden other powers to ask for access to the same capabilities—such as China.1
Furthermore, requiring that Apple not disclose this is a massive violation of individual rights, letting people go on about their lives under the assumption that their data is safe and secure when in fact it is anything but. It’s hard for me to envision how this doesn’t open Apple up to massive liability in the eventuality—inevitable, to my mind—that this backdoor is compromised by those looking to steal data.
As far as we know, this has not yet been enacted, but the Post report says that while Apple can appeal, it cannot delay in its compliance during that appeal. Ironically, the biggest impediment might come in the form of the European Union, as Apple apparently argued that the implementation would undermine the European right to privacy.
Given how secretive all this is, the most troubling part is that we might not know how it shakes out until it’s too late.
- Also, given the current administration of the United States, it is difficult to imagine it would be far behind in supporting the creation of such a backdoor. ↩