Newly released court documents show the UK government issued a confidential technical capability notice demanding access to data from Apple’s iCloud service and that the order may have been designed to operate on a global scale, not just for people in the UK.
Court papers detail the scale of Home Office demand
The filings were made public today by the Investigatory Powers Tribunal (IPT) as it heard a legal challenge filed by Apple, which revealed that the UK Home Office demanded that the Cupertino tech giant provide backdoor access to data stored on its iPhone by its users, says Forbes.
And in the technical capability notice, as reported by the Financial Times, the obligations were not confined only for Advanced Data Protection — Apple’s option for extending end to end encryption — but also applied to a whole scale of normal iCloud categories used for backups, photos and passwords.
Most significantly, as the filings state, the TCN’s obligations “extend beyond the UK to service users in the UK” That suggests the notice was designed to apply to the relevant data classes of all iCloud users globally.
Effect on iCloud encryption and Apple services
Apple told UK customers it had paused its Advanced Data Protection feature after receiving the government directive, a change that stripped an additional layer of end-to-end encryption for some iCloud data in the UK.
Regular iCloud is already encrypted in transit and at rest, but grants Apple ability to unlock certain categories of content in response to a lawful request from law enforcement. The technical notice, as described in the IPT filings, requested the ability to do much more than what would normally be required to comply with legal demands, privacy advocates said.
Legal challenge continued under cloak of secrecy
Apple has appealed against the Home Office notice and the IPT has said it will hear the appeal in open court – while ordering that in parts of the process should continue to take place on the basis of “assumed facts” as a way of preventing contravention of the Official Secrets Act.
The UK government has declined to confirm or deny the existence of that order, because of national security grounds, under which Apple and outside observers are restricted in what they can publicly reveal of the technical specifics and scope of the demand.
Security experts and civil liberties groups sound the alarm
Cryptography experts and digital rights groups such as the Open Rights Group have warned that a requirement to make a “backdoor” or special access capability deprives users of security and could be exploited by hackers or foreign states.
It has been Apple’s stance since at least a high-profile, feud-inducing fight with American authorities more than a half-dozen years ago, over access to devices, that building in systemic access for the police would weaken encryption, increasing the risk to citizens and businesses.
International implications and diplomatic sensitivity
The filings have reignited questions about how countries manage lawful access to data kept on servers of multinational technology companies based in the United States, such as Apple, and how any demands are balanced against overseas privacy laws and extraterritorial reach.
U.S. authorities once publicly indicated that the U.K. was backing away from the onerous encryption demands, but the latest tribunal filings indicate that the Home Office has not officially withdrawn the global elements of the notice, according to two people familiar with the filings.
As the IPT progresses, legal teams, civil liberties and digital rights organisations and international partners will be watching for a ruling that could establish precedent on the boundaries of state access to encrypted cloud services and obligations of global tech companies.
