Maybe some light at the end of the dark new tunnel for iPhone users, as the Trump administration warns of a “serious vulnerability for cyber exploitation by adversarial actors” if Apple succumbs to pressure to further downgrade its security.
We’re talking the misjudged U.K. secret/not secret mandate for Apple to backdoor its own encryption, providing security agencies access to what was fully encrypted data under the country’s controversial “Snooper’s Charter” legislation. U.K. users are already at risk following Apple’s downgrade — it’s critical it stops there and is reversed.
A week ago, I reported on the letter from Senator Ron Wyden and Congressman Andy Biggs to Tulsi Gabbard, America’s newly installed DNI. This urged the intel chief to prevent a U.K. move to “undermine Americans’ privacy rights and expose them to espionage by China, Russia and other adversaries.”
What’s actually happened is that Apple has refused to comply with the U.K. mandate, confirming that it has never and will never build a backdoor. Instead it has withdrawn its fully encrypted iCloud offering from the U.K. As such, Americans remain unaffected while users in the U.K. are put at risk as their security is weakened.
Gabbard says in her reply that she had no prior insight into the U.K. move ahead of the press coverage, but that she shares their “grave concerns about the serious implications of the United Kingdom, or any foreign country, requiring Apple or any company to create a ‘backdoor’ that would allow access to Americans personal encrypted data.”
Gabbard has “requested my counterparts at CIA, DIA, DHS, FBI and NSA to provide insights regarding the publicly reported actions, and will subsequently engage with UK government officials.” Ironically, the U.K. mandate for accessible encryption is exactly what the FBI says it wants in the U.S. to aid investigations. But that’s clearly not the same as such access being available to non-American agencies.
It seems likely U.S. intervention will kill or at least stall the backdoor mandate, but that won’t help the millions of Brits now denied access to fully secured cloud backups. That should be restored. The threat landscape is too risky for such a downgrade. Even the U.K.’s own spy agency has advised iPhone users to enable Advanced Data Protection — albeit that’s no longer available to them.
What happens next is critical, especially as Sweden is now reportedly threatening its own forced breach of end-to-end encryption. We do not want to see the encryption debate blow up again with lawmakers questioning its importance. We had hoped that debate was closed. What’s happened in the last two weeks is alarming.
