UK Apple backdoor may breach US/UK data agreement

US lawmakers have criticised the UK for ordering Apple to create a backdoor for encrypted user data to allow law enforcement access, warning that threat actors and nation-state actors could exploit it.

Jim Jordan, US House Judiciary chair, and Brian Mast, Foreign Affairs chair, warned in a joint letter that the backdoor could create security risks.

“Creating a backdoor into end-to-end encrypted systems, as the [UK backdoor order] does, introduces systemic vulnerabilities that can be exploited by malicious actors, including cyber criminals and authoritarian regimes,” the two wrote to UK Home Secretary Yvette Cooper.

You’re out of free articles for this month

Username or Email

Password Forgot password?

Keep me signed in on this device.

First Name

Last Name

Mobile

Organisation Type

By becoming a member, I agree to receive information and promotional messages from Cyber Daily. I can opt out of these communications at any time. For more information, please visit our Privacy Statement.

Need help signing up? Visit the Help Centre.

“These vulnerabilities would not only affect UK users but also American citizens and others worldwide, given the global nature of Apple’s services.”

Jordan and Mast also requested that the US Department of Justice be made privy to the order so that they can determine whether it breaches a CLOUD Act agreement between the two nations that blocks the two nations from requesting data be decrypted. This would mean that Apple would be committing a criminal offence by following the order.

“We urge the Home Office to reconsider the issuance of TCNs that require the weakening of encryption, as such measures conflict with international human rights standards, including the European Court of Human Rights’ ruling that undermining encryption violates privacy rights,” said Jordan and Mast.

What is the Apple backdoor?

VIEW ALL

In March, following an order by the UK government demanding the right to access data, Apple removed its Advanced Data Protection (ADP) from its secure cloud storage.

While Apple’s standard level of encryption allows access with a warrant, ADP is its most secure privacy measure and prevents even Apple from accessing using the opt-in security feature for encryption.

The UK demanded access to the data of Apple users for cases of national security threats.

Rather than comply with the order, Apple created a “backdoor” tool to allow the UK to access it. The tech giant said it was disappointed in having to remove ADP for the UK and that it maintains it is against compromising user security.

Apple appealed the order in UK courts in a private trial, despite US requests for it to be public; however, the order remained in place.

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

You need to be a member to post comments. Become a member for free today!

newsletter

Be the first to hear the latest developments in the cyber industry.

UK Apple backdoor may breach US/UK data agreement

Daniel Croft

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

STAY CONNECTED