It’s been a few weeks since the saga involving Apple, iCloud and the UK government kicked off. For those uninitiated, the UK government wants Apple to break the end to end encryption of its iCloud service. And in this past few days there have been some really curious developments.
A tl;dr of the situation so far 📋
- iCloud is Apple’s service for backing up data, syncing across devices, and protecting privacy. iCloud offers end-to-end encryption for some data and standard encryption for others, with an optional Advanced Data Protection feature for all data.
- Some iCloud data is encrypted by default, but Apple retains access keys, potentially allowing government access. Advanced Data Protection offers enhanced security by encrypting all data categories with user-held keys, but requires manual activation. The key is only accessible to the user, meaning not even Apple can access it.
- The UK government requested Apple to create a backdoor and remove end to end encryption citing national security concerns. Apple refused to do so due to privacy and security concerns. In response, Apple is withdrawing its Advanced Data Protection tool in the UK, meaning UK citizens won’t have end-to-end encryption for iCloud backups and photos.
- The UK government’s Investigatory Powers Act, specifically the “technical capability notice,” compels tech companies to comply with government requests, including breaking encryption.
- Apple had to either comply with the government’s request to weaken encryption or face legal consequences. Instead they withdrew advanced data protection altogether and appealed to the investigatory powers tribunal.
- What makes this situation so complicated is that legally, Apple was not allowed to reveal the existence of the “technical capability notice” else their executives would face criminal sanctions. Worse still their appeal would have to be held in secret without public scrutiny.
What’s happened since? 🤔
Apple’s appeal went ahead, but it was held in an anonymous hearing. The parties involved weren’t named on the court’s schedule, but investigative journalists managed to find out who they were. At the first stage of the appeal, a judge ruled that this legal dispute couldn’t be held in secret.
The government’s request faced a lot of criticism from privacy campaigners and even some US politicians. There are public petitions online, railing against the UK government for overstepping its boundaries. And the government’s position has been widely criticised around the world.
Thankfully, the tribunal rejected the government’s request. They pointed out the extensive media coverage and the importance of open justice. They said that having a hearing entirely in secret would be “extraordinary” and that revealing the details of the case wouldn’t harm the public interest or national security. The UK’s Home Office said it wouldn’t comment on legal proceedings or individual notices, saying that its priority is to keep people safe.
The Investigatory Powers Act gives the government an absurd amount of power. They claim that the intention of the act is root out terrorists, child abusers, and serious criminals. The government also says these powers are protected by strong safeguards like judicial authorisations and oversight to protect privacy. In this specific case, they’re making the argument that they aren’t asking for blanket access to data. And that any requests to view individual accounts protected by advanced data protection need a court-approved warrant. That’s just not true. We need to call this what it is: executive fiat.
Civil and digital rights organisations in the UK, along with many major news organisations, supported the case and made legal representations for a public hearing. Jim Killock, the executive director of Open Rights Group, called it a significant ruling with implications for privacy and security worldwide.
The Open Rights Group, Big Brother Watch, and Index on Censorship joined forces to protest the secret hearing. Rebecca Vincent, the interim director of Big Brother Watch, pointed out that the judgment weakens the secrecy surrounding the Investigatory Powers Tribunal’s Apple case. She stressed that the Home Office’s order to crack encryption is a serious threat to the privacy rights of millions of British Apple users and should be made public.
Apple hasn’t commented on these latest developments in the case. Likely because they can’t. But in a previous statement, they reiterated a long standing commitment to offering users the highest level of security for their personal data and hoped to be able to resolve the issue with the government. They also stated they’ve never built a backdoor or master key to any of their products or services and will never do so.
This story is still developing. But for now at least, there is some hope. And it illustrates the vital importance of a free and open press in holding governments to account. Privacy is a fundamental human right and critical to democracy. Let’s hope that the government’s intrepid request is sent packing and buried in the dirt where it belongs.
Comments