
The UK government has made an unprecedented demand for Apple to grant it access to data stored by any customer, anywhere in the world, even if it is encrypted. The request, first reported by The Washington Post, means Apple will either be forced comply, or else withdraw its encrypted services from the UK. Both outcomes are likely to be harmful for ordinary Apple customers.
How is the UK able to make this request?
According to The Washington Post, the request has been made under the UK’s Investigatory Powers Act (IPA). The report says that the UK Home Office has served Apple with a “technical capability notice,” ordering it to expose users’ data under the umbrella of the IPA. Apple can appeal the demand, but hearings and decisions would be held in secret, and neither Apple nor the government would reveal they were taking place.
What is the Investigatory Powers Act?
The controversial law has previously been called a “snooper’s charter”. A New Scientist leader from 2015, the year before the law was passed, described it as aiming to legitimise the surveillance regime revealed by Edward Snowden and called its efforts to crack down on encryption “scientifically illiterate”, as the mathematics behind the technology is impossible to outlaw.
Advertisement
Since the law came into force, successive governments have continued to battle technology firms that provide their users with end-to-end encryption – systems where the company providing the technology doesn’t hold the encryption keys and theoretically cannot access data even if it wanted to or was legally compelled to.
Why is encryption so hard for governments to crack?
Modern encryption algorithms are based on mathematical problems deemed too hard to be cracked in a reasonable time, even by the fastest computers now available. For example, the widely used RSA algorithm relies on the fact that multiplying two prime numbers to generate a large encryption key is easy, but finding those original prime factors when you have only the encryption key is very difficult. This means that the UK government cannot covertly crack into data it wants to see – at least not in a reasonable time frame, or on a wide scale.
So can Apple weaken its encryption?
Technically, yes. Apple could alter its systems to provide a direct backdoor to the UK government. Doing so would involve a great deal of software engineering on Apple’s part, and it would undermine Apple’s claims about its systems’ security.
Has this ever happened before?
There are certainly precedents. An algorithm used in mobile phones in the 1990s was later found to have been deliberately weakened by an unknown actor, making it millions of times easier to crack than publicly believed. And it has long been reported – and shown by Snowden’s leaks – that the US National Security Agency has been involved in creating backdoors in various software and technology.
Should I be worried?
If you use end-to-end encryption services supplied by Apple, then possibly. Since the , it has become clear that privacy is a complex matter, and that many governments have access to data that had previously been considered secure. You could choose to move your data to another company, but given the secret nature of the requests, we have no idea if the UK or other governments already have access to other encrypted services.
What does Apple say?
In short, nothing. New Scientist asked the company to clarify the claims or provide a statement and received no response. In any case, the IPA means that companies are banned from publicly disclosing that they have been compelled to provide access.
There was previously a trend for companies to publish “” on their websites that explicitly said they had not been compelled to release data by governments. The disappearance of these notices could be taken to mean that a warrant or order had been served. But their use is less common now, as they .
What does the UK Home Office say?
A Home Office spokesperson told New Scientist: “We do not comment on operational matters, including for example confirming or denying the existence of any such notices.”
What do cybersecurity experts say?
at Ulster University, UK, says that anyone who understands security knows that if you build in a backdoor to a system, that can end up being compromised by others – whether they be hackers or foreign governments. “Once a backdoor exists, it creates a single point of failure, increasing the risk of data breaches and cyberattacks,” says Curran. “Maintaining secrecy around a backdoor is unrealistic – once it’s discovered it will be widely exploited.”
at the Information Technology and Innovation Foundation in Washington DC, said in a statement: “We and other experts have warned for years that the UK was inching toward this perilous territory. It appears that moment has arrived.” Castro says that the measures will undermine privacy and security.
What will happen next?
Curran says that Apple has a simple choice: comply with the request and weaken their end-to-end encryption, or else withdraw from the UK market altogether. “I can’t see Apple standing for this,” he says. “The UK government need[s] to bin their delirious demand.”