Apple takes UK government to court over 'backdoor' order
- Reference: 1741185514
- News link: https://www.theregister.co.uk/2025/03/05/apple_reportedly_ipt_complaint/
- Source link:
The appeal will be the first of its kind lodged with the IPT, an independent judicial body that [1]oversees legal complaints against potential unlawful actions by a public authority or UK intelligence services, according to the Financial Times, which broke the [2]news .
The revelation follows a battle between the iGadgetmaker and the UK's Home Office, which has long set its sights on Apple's encrypted data, arguing it needs a backdoor in order for law enforcement to investigate persons of interest.
UK's Investigatory Powers Bill to become law despite tech world opposition [3]READ MORE
Things came to a head in January when the Home Office issued Apple with a technical capability notice (TCN) under the [4]Investigatory Powers Act 2016, aka the Snooper's Charter, nearly a year after talk of such an order began.
Despite being "technical" by name, it's understood that the notice didn't include any technical instructions for Apple, just an order to allow a so-called backdoor into its iCloud network which could be used to gather data that's otherwise typically out of reach of criminal investigators.
[5]
The Home Office refused to either confirm or deny the existence of the notice when [6]we asked about it , and under the Investigatory Powers Act 2016 Apple is prevented from revealing details about the notice.
[7]
[8]
Apple responded by [9]disabling its Advanced Data Protection (ADP) feature for UK users in early February, effectively removing end-to-end encryption (E2EE) for data backed up to iCloud to appease the government without fully complying with the TCN.
Still, it means the UK can feasibly sniff around iCloud accounts, provided they get a court-mandated warrant to do so. It will also be done without alerting users, assuming someone involved in the process doesn't leak it at any stage.
[10]
"We are gravely disappointed that the protections provided by ADP will not be available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy," Apple told The Register at the time.
"As we have said many times before, we have never built a backdoor or master key to any of our products or services and we never will," it added.
The Home Office has also previously voiced its ambition to break E2EE for all popular communications platforms in the UK, such as messaging app WhatsApp, although the case with Apple is believed to be its first foray into handing out TCNs to this end.
[11]
The UK's entire approach to pressing ahead with the Investigatory Powers Act and its so-called war on encryption has come under intense scrutiny in recent years.
Its main arguments in favor of breaking encryption are largely based on the prevention of terror attacks and child sexual exploitation.
Security minister Dan Jarvis further justified the powers in Parliament [12]last week , [13]saying requests to access user data under the Act could only be made on an "exceptional basis, and only when it is necessary and proportionate to do so."
Jarvis's comments came after being questioned by other MPs about the TCN, and seemingly aim to dissuade the public from thinking the government can simply access user data on a whim.
The security minister didn't offer much in the way of additional insights, whipping out the good old national security defense as a way to avoid further questioning.
[14]Governments can't seem to stop asking for secret backdoors
[15]Signal will withdraw from Sweden if encryption-busting laws take effect
[16]Encryption backdoor debate 'done and dusted,' former White House tech advisor says
[17]End-to-end encryption may be the bane of cops, but they can't close that Pandora's Box
[18]UK's Investigatory Powers Bill to become law despite tech world opposition
Many who argue against the government's ambitions, such as Big Brother Watch, [19]say the action taken against Apple is "outrageous" and "draconian" and will eventually force encrypted messaging technology underground, meaning only criminals would have access to it.
US President Donald Trump also recently compared the UK's treatment of Apple to the extensive state surveillance methods deployed by China – the two countries' foremost intelligence adversary.
US director of national intelligence Tulsi Gabbard has ordered a legal review into the TCN issued to Apple out of concern that it could be used to gather data on US citizens. Doing so would violate the terms of the [20]Cloud Act Agreement , she argued.
The Register contacted Apple for comment. ®
Get our [21]Tech Resources
[1] https://investigatorypowerstribunal.org.uk/
[2] https://www.ft.com/content/3d8fe709-f17a-44a6-97ae-f1bbe6d0dccd
[3] https://www.theregister.com/2024/04/26/investigatory_powers_bill/
[4] https://www.theregister.com/2024/04/26/investigatory_powers_bill/
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z8iDMtPrkc4cCAWWXczeDwAAAY0&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[6] https://www.theregister.com/2025/02/07/home_office_apple_backdoor_order/
[7] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z8iDMtPrkc4cCAWWXczeDwAAAY0&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[8] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z8iDMtPrkc4cCAWWXczeDwAAAY0&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[9] https://www.theregister.com/2025/02/07/home_office_apple_backdoor_order/
[10] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z8iDMtPrkc4cCAWWXczeDwAAAY0&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[11] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z8iDMtPrkc4cCAWWXczeDwAAAY0&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[12] https://www.theyworkforyou.com/pbc/2023-24/Investigatory+Powers+(Amendment)+Bill/
[13] https://hansard.parliament.uk/commons/2025-02-24/debates/9E7881D8-1693-48BA-9407-A180094039B6/HostileStateThreats
[14] https://www.theregister.com/2025/03/03/opinion_e2ee/
[15] https://www.theregister.com/2025/02/26/signal_will_withdraw_from_sweden/
[16] https://www.theregister.com/2025/01/04/encryption_backdoor_debate/
[17] https://www.theregister.com/2024/05/05/e2ee_police/
[18] https://www.theregister.com/2024/04/26/investigatory_powers_bill/
[19] https://www.theregister.com/2025/02/24/apple_adp_replacements_e2ee/
[20] https://www.theregister.com/2022/10/03/us_uk_data_access_agreement/
[21] https://whitepapers.theregister.com/
Re: Put up or shut up
"If the HO or any other organisation thinks that a secure back door is feasible ...."
I don't think they care whether or not it's secure.
Re: Put up or shut up
But you can guarantee that when some MPs' data gets exposed due to a back door which the government insisted on, there will be howls of outrage from them!
This is the problem with having MPs who are mostly technically illiterate - they are determined not to understand that there is no such thing as a secure back door. If it exists it will, sooner or later, be compromised by criminals / foreign governments / spooks.
Re: Put up or shut up
> If the HO or any other organisation thinks that a secure back door is feasible all it has to do is produce a proof of concept example that passes expert external scrutiny. Until then it's time to stop demanding others do what they can't.
The "backdoor" being asked for is not into the encryption algorithm, it's a backdoor into Apple's systems.
Apple's standard iCloud, iMessage etc capabilities *already* provide a means for law enforcement to see the content because Apple maintains the encryption keys on behalf of the users. So it's a simple matter for UK law enforcement to get a court order demanding access and then Apple will happily comply and provided decrypted content.
The implication therefore is that the TCN goes further and I suspect it asks for remote access to Apples' systems by UK law enforcement so they can log in and browse users' data without a court order and without Apple necessarily knowing who they're snooping on.
So I would very much like to see the content of this TCN, whether technically inept or not.
Re: Put up or shut up
Not with ADP it doesn't...
Communists...
...they do love their surveillance states.
Re: Communists...
and yet our country is opposing Russia at the moment, what's yours doing?
Re: Communists...
All Home Secretaries of all political persuasions seem to demand this within a couple of weeks of taking office.
One can only think that the police/security services "persuade" them that this will solve/prevent crimes.
Or that it would prevent the leakage of any info they might have on said Home Secretary...
Here's hoping the unthinkable
... That the courts will agree that this is supreme overreach.
However since it is the job of the courts to enforce the law... I suspect we might have a less bright outlook.
Re: Here's hoping the unthinkable
It's entirely possible that the courts will agree this was unlawful---if the order is as vague as reported---but the government will likely rewrite the order to comply with the law and achieve the same net effect. If I had to bet, that's where I'd put my money. (Although it might take a couple of rounds of litigation.)
"... to dissuade the public from thinking the government can simply access user data on a whim"
Note: " to dissuade the public from thinking ... ", not " to prevent access ... on a whim ". Yet again, the public should feel (not be certain as of right) that its rights are respected. And of course everything depends on the definition of "necessity", which is inevitably defined by those desiring access, quite apart from any illicit access by rogue staff (for which there is plenty of historical evidence in other spheres).And all of this under such a cloak of secrecy that the "user" can never find out whether their data has been accessed (except possibly via the consequences).
Government, and particularly law, can only be justified if it's transparent and above board.
Hmm
Hopefully the government loses. Vance called out the direction of the Europe and previous US administration. Lets hope we can undo the damage
Interesting spin
"As we have said many times before, we have never built a backdoor or master key to any of our products or services and we never will,"
Given their response was to just unlock the front door and leave it open, that's both true and yet ignores the result they created.
They could have just ignore the order and dared the government to enforce it, which would have been a much more effective block.
As opposed to the current capitulation which lets them publicly play at resisting while cheaply overdelivering the result the order ultimately wanted.
Re: Interesting spin
It'd be more interesting if Apple pulled support from all the shiny devices the consul-o-droids in Westminster wave around.
"Sorry, support for your device is suspended pending legal proceedings".
Initiated by your bosses.
Re: Interesting spin
Well, to be fair to them... it lets them publicly talk about the issue without breaking the law.
Yes, the law is appalling. Yes, it would be great if Apple would ignore it. But, I guess their UK employees are happy that they won't be dragged into a court.
British citizen talking here
I'm not a fanboy of Apple for various reasons - Android all the way. I have issues with them.
BUT... Big but... I sincerely hope Apple manage to tell my government to take a long hike off a short bridge.
How the fcuking hell do the worthless, motherless, barsteward, politicians in this country think they can dictate to a global network?
If I was Apple I'd cut off all
support to to the UK to teach them a lesson.
Wonder how many consulto-droids are running around Westminster with shiny Apple devices
Wonder how many would like the government to monitor the... interesting... websites they visit.
.
Surely a logical backdoor already exists
Apple has total control over IOS and IOS updates, and how/when they are distributed, including the E2E implementation.
Apple knows the device user's ID.
If it chooses to do so, Apple is free to create a tailored IOS update to be delivered to a designated user.
E2E depends on keys accessible to the software running on the iThing, it must be possible to leak the keys and/or create a covert side channel affecting only the designated user, without affecting E2E for any other user.
Only way to avoid that would be to never update the iThing, which leaves it open to all future vulnerabilities exploited by NSO et al.
Pain in the neck of course.
Put up or shut up
"it's understood that the notice didn't include any technical instructions for Apple"
If the HO or any other organisation thinks that a secure back door is feasible all it has to do is produce a proof of concept example that passes expert external scrutiny. Until then it's time to stop demanding others do what they can't.