Lawmakers ask DNI to reassess UK cyber, intel ties over Apple backdoor mandate

A bipartisan, bicameral pair of lawmakers urged newly confirmed Director of National Intelligence Tulsi Gabbard to reevaluate U.S. cybersecurity and intelligence-sharing relations with the United Kingdom in response to a report revealing that the UK secretly ordered Apple to build a backdoor into encrypted iCloud backups.

The Feb. 7 report from the Washington Post says that the order issued last month demands UK law enforcement and intelligence operatives be granted worldwide, unfettered access to users’ protected cloud data. Apple customers residing in the United States would be cast into that dragnet.

Sen. Ron Wyden, D-Ore., and Rep. Andy Biggs, R-Ariz., asked Gabbard in the Thursday missive if the Trump administration was made aware of the order by stakeholders and whether the White House has understanding of the CLOUD Act, which lets U.S. law enforcement get data stored by American tech companies, even if that data is on servers outside the U.S., by using warrants or subpoenas.

“If Apple is forced to build a backdoor in its products, that backdoor will end up in Americans’ phones, tablets, and computers, undermining the security of Americans’ data, as well as of the countless federal, state and local government agencies that entrust sensitive data to Apple products,” they wrote in their letter to Gabbard.

Nextgov/FCW has reached out to but did not receive comment from the Office of the Director of National Intelligence, as well as the British Embassy in Washington, D.C. and the UK Home Office, which manages the nation’s governance over security issues.

Under the UK’s 2016 Investigatory Powers Act — known colloquially as the Snooper’s Charter — Apple received the order to provide cloud data without any judicial review. High-ranking Biden administration officials had been monitoring the dispute since the UK initially hinted at requiring access, a move that Apple opposed, the Post reported.

The consumer electronics giant’s Advanced Data Protection feature, released in 2022, lets users lock their iCloud data, blocking even Apple from accessing it. The capability is available in several countries and throws a wrench into law enforcement efforts to easily obtain that data via standard warrants.

The overseas order escalates the global privacy vs. security debate. The UK has been a longtime U.S. ally, and both nations have benefited greatly from decades of intelligence-sharing agreements that involve counterterrorism operations, cyber threat intelligence, signals intelligence collaboration and law enforcement cooperation on transnational crime and espionage.

Gabbard has historically been a longtime privacy hawk who, in the past, publicly called for the dismantling of a key U.S. surveillance authority that allows intelligence operatives to target foreigners abroad without a warrant for use in foreign intelligence missions. 

The ordinance, Section 702 of the Foreign Intelligence Surveillance Act, is controversial because law enforcement analysts are permitted to collect and query both sides of a conversation, even when one side involves a U.S. person speaking to a foreign target. Privacy advocates argue that the statue, as it currently stands, creates an end-run around the Fourth Amendment, which bars unreasonable searches and seizures.

Gabbard has since reversed her position on 702, deeming it vital to national security. But notably, in her confirmation hearing, she said she supports a warrant requirement for the intelligence community to query data on U.S. persons — a provision largely backed by civil liberties groups.

In her confirmation hearing to be DNI, Gabbard also said backdoors “lead down a dangerous path that can undermine Americans’ Fourth Amendment rights and civil liberties.” And in written responses to the Senate Intelligence Committee, she said mandating encryption bypass mechanisms “undermines user security, privacy and trust and poses significant risks of exploitation by malicious actors.”