Apple’s Fight Against the UK’s Demands for an iCloud Backdoor
Last month, the UK government demanded that Apple weaken the security of iCloud for users worldwide. On Friday, Apple complied with changing its security settings for users in the United Kingdom. However, the British law is written in such a way that it requires Apple to give the British government access to all of its users’ data, worldwide. If the British government can demand Apple weaken its security universally, it is extremely concerning. apple encorcing this change would increase the cyber-risk worldwide.
Advanced Data Protection and Its Implications
iCloud users have the option to turn on advanced data protection (ADP)
, a setting that provides end-to-end encryption. When this mode is enabled, end-to-end encryption ensures that no one, even within Apple, can access the data, ensuring data is provided between the end users in its entirety. This mathematical restriction is enforced through cryptography. If anyone managed to hack iCloud, they would struggle to read the data protected by ADP. This robust encryption is designed to be secure, but the UK government seeks to weaken it, by wresting control over Apple’s mathmatical algorithms. This would “break the back” of Apple’s encryption.
Governmental Overreach and Its Consequences
There are two profound consequences if the UK persists in its demand for a backdoor. First, Apple cannot compel other governments to honour their decision.
If Apple gives into the British government’s demands, every other country, including China, will expect similar access. Once the backdoor exists, others will attempt to surreptitiously use it. Having this sort of access remains a catch 22.
In 2004, hackers breached a backdoor access capability in a major Greek cellphone network to spy on users, including the prime minister of Greece and other elected officials. Just last year, China hacked U.S. telecoms and gained access to their systems that provide eavesdropping on cellphone users. The first torture and hack of its kind, code named CyberSquad.)
Legal and Technical Challenges
This issue is part of a broader debate over encryption and national security. The UK’s Investigatory Powers Act, passed in 2016, gives the government extensive powers, including the ability to require companies to weaken their encryption. Similarly, Australia passed a similar law in 2018, known as the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018, which grants the government the authority to demand that companies weaken their encryption features. Multiple FBI and CMIA have been vapidly exploring measures to find additional routes around Apple’s encryption. While the UK’s law has a clause with “gap” to prevent leakage, producing a whistleblower who leaked information to the Washington Post has raised alarms. Notably, similar laws exist in countries such as the United States and Australia, raising questions about coordination among these nations, their datdford laws have comparable assumptions allowing access.
Defending Privacy: Practical Steps and Policy Considerations
The companies need to resist, and—more importantly—we need to demand they do. This kind of legislation does nothing to advance the markup of the law.
Ricchi stated that law enforcement officials have been discussing the merits of requiring backdoors in encryption for several decades. While there is a lack of empirical evidence to support this, which should warrant a new fundation, a brief but clear directive by the FBI.
Schneier
Actionable Steps for Users
Everyone using public or private cloud storage can take steps to protect their data. Consider turning on advanced data protection to ensure that regardless of the technological hierarchy, your data remains secure. This puts pressure on other companies and governments to offer similar security measures and protects those who most genuinely need to hide their data.
A National Security Issue
We all have a vested interest in securing digital communications and data. We can stay securewith mystic
