Tulsi Gabbard, the new U.S. director of national intelligence (DNI), said a demand from the UK government that Apple build a backdoor to access the contents of encrypted iCloud files worldwide constitutes “a clear and egregious violation of Americans’ privacy.”
She then indicated that the UK would not be allowed to spy on Americans in this way.
DNI ‘grave concern’ about UK government’s iCloud backdoor demand
The news broke several weeks ago that the UK wants a “backdoor” into iCloud. This would allow law enforcement to secretly access the information that iPhone and Mac users store on Apple servers, despite the files all being encrypted on accounts that have Advanced Data Protection enabled.
Sen. Ron Wyden (D-Oregon) and Rep. Andy Biggs (R-Arizona) expressed their reservations to Gabbard about the plan. She told them, according to the Washington Post:
“I share your grave concern about the serious implications of the United Kingdom, or any foreign country, requiring Apple or any company to create a `backdoor’ that would allow access to Americans’ personal encrypted data. This would be a clear and egregious violation of Americans’ privacy and civil liberties, and open up a serious vulnerability for cyber exploitation by adversarial actors.”
The DNI then indicated that she won’t let Apple give the UK unfettered access to encrypted iCloud data.
“I look forward to ensuring the UK government has taken necessary actions to protect the privacy of American citizens, consistent with the CLOUD Act and other applicable laws,” said Gabbard.
Apple agrees
Apple cannot comment on this controversy because the U.K. Investigatory Powers Act of 2016 forbids companies that have been ordered to surrender user information to investigators from talking about it.
In general, it’s Apple’s policy to follow the legal orders of governments in which it does business. And the company did reduce iCloud encryption in the UK last week, a step that shows it’s partially complying with the law.
That said, Apple and other companies long ago made it clear that they agree with Gabbard that any deliberately inserted weakness in encryption will inevitably be exploited by hackers.
The CLOUD Act that the DNI mentioned gives U.S. law enforcement the right to subpoena user data held in cloud storage by companies, even when that data is held overseas. It requires a warrant. That makes it quite different from the UK’s Investigatory Powers Act, which gives a wide range of agencies warrantless access to user data held anywhere in the world.
