Two key members of U.S. congressional oversight committees are urging new national intelligence director Tulsi Gabbard to demand the United Kingdom rescind its demand for Apple to create a backdoor into the encrypted iCloud storage used by its users around the world, according to a report by The Washington Post.
The order is said to have been issued last month, and requires that Apple provide backdoor access that allows UK security officials to access encrypted user data worldwide. Such a demand from a democratic country is a first.
The spying order was included in a “technical capability notice,” document sent to Apple by the Home Secretary. The document orders the Cupertino company to provide access under the sweeping UK Investigatory Powers Act (IPA) of 2016, labeled the “Snooper’s Charter” by critics, as it authorizes law enforcement to compel assistance from companies when needed to collect evidence.
Now, U.S. senator Ron Wyden (D-OR) and representative Andy Biggs (R-AZ) have written to Gabbard, warning of the risks the order poses to American citizens’ privacy and security. The bipartisan letter told Gabbard that if the U.K. government doesn’t back down on its demands, the U.S. should consider pulling out of intelligence sharing and cybersecurity cooperation that has existed between the two allies.
“If Apple is forced to build a backdoor in its products, that backdoor will end up in Americans’ phones, tablets, and computers,” the lawmakers wrote, as they are concerned about protecting the security of sensitive data stored on Apple devices used by government agencies.
The legislator also pointed out how encryption backdoors provided for law enforcement could be exploited by bad actors.
“The US government must not permit what is effectively a foreign cyberattack waged through political means,” the lawmakers wrote. “If the UK does not immediately reverse this dangerous effort, we urge you to reevaluate US-UK cybersecurity arrangements and programs as well as US intelligence sharing with the UK.”
If Apple were forced to comply it would likely instead cease offering encrypted cloud storage to UK users, in order to avoid breaking security and privacy related promises the company has long made to its users. However, the UK government would still demand backdoor access to the service in other countries, including the United States.
