The Washington Post reported that the United Kingdom is demanding that Apple create an encryption backdoor to give the government access to end-to-end encrypted data in iCloud. Encryption is one of the best ways we have to reclaim our privacy and security in a digital world filled with cyberattacks and security breaches, and there’s no way to weaken it in order to only provide access to the “good guys.” We call on Apple to resist this attempt to undermine the right to private spaces and communications.
As reported, the British government’s undisclosed order was issued last month, and requires the capability to view all encrypted material in iCloud. The core target is Apple’s Advanced Data Protection, which is an optional feature that turns on end-to-end encryption for backups and other data stored in iCloud, making it so that even Apple cannot access that information. For a long time, iCloud backups were a loophole for law enforcement to gain access to data otherwise not available to them on iPhones with device encryption enabled. That loophole still exists for anyone who doesn’t opt in to using Advanced Data Protection. If Apple does comply, users should consider disabling iCloud backups entirely. Perhaps most concerning, the U.K. is apparently seeking a backdoor into users’ data regardless of where they are or what citizenship they have.
There is no technological compromise between strong encryption that protects the data and a mechanism to allow the government special access to this data. Any “backdoor” built for the government puts everyone at greater risk of hacking, identity theft, and fraud. There is no world where, once built, these backdoors would only be used by open and democratic governments. These systems can be, and quickly will be, used by more repressive governments around the world to read protesters’ and dissenters’ communications. We’ve seen and opposed these sorts of measures for years. Now is no different.
Perhaps most concerning, the U.K. is apparently seeking a backdoor into users’ data regardless of where they are or what citizenship they have.
Of course, Apple is not the only company who uses end-to-end encryption. Some of Google’s backup options employ similar protections, as do many chat apps, cloud backup services, and more. If the U.K. government secures access to the encrypted data of Apple users through a backdoor, every other secure file-sharing, communication, and backup tool is at risk.
Meanwhile, in the U.S., just last year we had a top U.S. cybersecurity chief declare that “encryption is your friend,” taking a welcome break from the messaging we’ve seen over the years at EFF. Even the FBI, which has frequently pushed for easier access to data by law enforcement, issued the same recommendation.
There is no legal mechanism for the U.S. government to force this same sort of rule on Apple, and we’d hope to see Apple continue to resist it as they have in the past. But what happens in the U.K. will still affect users around the world, especially as the U.K. order specifically stated that Apple would be prohibited from warning its users that its Advanced Data Protection measures no longer work as initially designed.
Weakening encryption violates fundamental human rights and annihilates our right to private spaces. Apple has to continue fighting against this ruling to keep backdoors off users’ devices.
