US lawmakers ask UK court for transparency into Apple backdoor order

A coalition of bipartisan lawmakers in the House and Senate asked a powerful United Kingdom tribunal for full transparency about a legal demand issued to Apple that would mandate UK law enforcement operatives be granted worldwide, unfettered access to users’ protected iCloud data.

The Washington Post reported last month that the UK issued a secret order to Apple requesting that the tech giant provide its law enforcement and intelligence personnel with the “blanket capability” to access customers’ encrypted files worldwide, meaning Apple customers residing in the U.S. would be cast into that dragnet. It’s not clear what motivated the UK to issue such an order.

Apple is now expected to begin challenging the move at the U.K.’s Investigatory Powers Tribunal in a secret session on Friday, the BBC reported this week. 

In a Thursday missive — undersigned by Sens. Ron Wyden, D-Ore., and Alex Padilla, D-Calif., as well as Reps. Andy Biggs, R-Ariz., Warren Davidson, R-Ohio, and Zoe Lofgren, D-Calif. — the lawmakers argued that the UK’s technical demands from Apple must be “subjected to robust, public analysis and debate by cybersecurity experts.”

“Secret court hearings featuring intelligence agencies and a handful of individuals approved by them do not enable robust challenges on highly technical matters,” they wrote. 

Notably, they add that Apple “has informed Congress that had it received a technical capabilities notice, it would be barred by U.K. law from telling Congress whether or not it received such a notice from the U.K., as the press has reported.”

The IPT and the UK Home Office, which manages the nation’s governance over security issues, did not return a request for comment. Nextgov/FCW has also asked Apple for a comment.

Under the UK’s 2016 Investigatory Powers Act — known colloquially as the Snooper’s Charter — Apple received the order to provide the backdoor into cloud backup data without any judicial review. High-ranking Biden administration officials had been monitoring the dispute since the UK initially hinted at requiring the backdoor access, a move that Apple opposed, the Post previously reported.

Director of National Intelligence Tulsi Gabbard said last month that she asked her attorneys to craft a legal opinion regarding the UK demand sent to the consumer electronics giant. “This would be a clear and egregious violation of Americans’ privacy and civil liberties, and open up a serious vulnerability for cyber exploitation by adversarial actors,” she said at the time.

Apple’s Advanced Data Protection feature, released in 2022, lets users robustly lock their iCloud data, blocking even the company itself from accessing it. The capability is available in several countries and throws a wrench into law enforcement efforts to easily obtain that data via standard court-issued warrants. 

In adherence to the directive, that ADP service is no longer available in the United Kingdom, the company said last month. Apple must still yield to the order’s requirements, even while in the midst of legally challenging the directive.

“As we have said many times before, we have never built a backdoor or master key to any of our products or services and we never will,” the company said.

The overseas order escalates the global privacy vs. security debate. Critics argue that the government-mandated backdoor would not only weaken security for U.S. citizens, but could also set a dangerous precedent for law enforcement and intelligence agencies worldwide.

“The Government’s demand that Apple provide access to encrypted user data is an assault on citizens’ private lives, a threat to online trust, and a blow to the UK’s economy,” said Robin Wilton, a senior director at the Internet Society. “Today it’s Apple, but tomorrow the same secret demand could be made of other companies, and we might never know. If global firms see the UK as a market where they must weaken security, they may leave rather than forfeit the trust of their customer.”