US lawmakers respond to the UK’s Apple encryption backdoor request

The UK’s shockingly intrusive order for Apple to create a backdoor into users’ encrypted iCloud data doesn’t only affect Brits; it could be used to access the private data of any Apple account holder in the world, including Americans. Less than a week after security experts sounded the alarm on the report, US Congress is trying to do something about it.

The Washington Post reported on Thursday that, in a rare show of modern Capitol Hill bipartisanship, Sen. Ron Wyden (D-OR) and Rep. Andy Biggs (R-AZ) wrote to the new National Intelligence Director Tulsi Gabbard, asking her to take measures to thwart the UK’s surveillance order — including limiting cooperation and intelligence sharing if the country refuses to comply.

“If Apple is forced to build a backdoor in its products, that backdoor will end up in Americans’ phones, tablets and computers, undermining the security of Americans’ data, as well as of the countless federal, state and local government agencies that entrust sensitive data to Apple products,” Biggs and Wyden reportedly wrote. “The US government must not permit what is effectively a foreign cyberattack waged through political means.”

The pair told Gabbard that if the UK doesn’t retract its order, she should “reevaluate US-UK cybersecurity arrangements and programs as well as US intelligence sharing with the UK.” Wyden sits on the Senate Intelligence Committee, and Biggs is on the House Judiciary Committee and chairs the Subcommittee on Crime and Federal Government Surveillance.

Wyden reportedly began circulating a draft bill that, if passed, could at least make the process harder for UK authorities. The proposed modification to the 2018 CLOUD Act would make information requests to US-based companies by foreign entities more onerous by requiring them to first obtain a judge’s order in their home country. In addition, it would forbid other countries (like, oh, say... the UK) from demanding changes in encryption protocols to the products or services of companies in the US. Request challenges would also be given jurisdiction in US rather than foreign courts.

Apple

The UK order, first reported by The Washington Post, requires Apple to create a backdoor into its Advanced Data Protection, a feature introduced in iOS 16.2 in 2022. Advanced Data Protection applies end-to-end encryption to many types of iCloud data, including device backups, Messages content, notes and photos, making them inaccessible even to Apple. The order demands a blanket ability to access a user’s fully encrypted data whenever and wherever the target is located.

The order was issued under the UK’s Investigatory Powers Act 2016, known (not so affectionately) as the “Snooper's Charter,” which expanded the electronic surveillance powers of British intelligence agencies and law enforcement. It would be a criminal offense for Apple to publicly confirm receiving the order, so the company hasn’t commented on the matter. Security experts warn that implementing this backdoor would needlessly expose anyone with an Apple Account to foreign spying, hackers and adversarial countries.

Apple reportedly received a draft of the order last year when UK officials debated the changes. In a written submission protesting them, the company said the planned order “could be used to force a company like Apple, that would never build a back door into its products, to publicly withdraw critical security features from the UK market.” The company can appeal the notice but can’t use the appeal to delay compliance.

“Most experts in the democratic world agree that what the UK is proposing would weaken digital security for everyone, not just in the UK but worldwide,” Ciaran Martin, former chief executive of the UK’s National Cyber Security Center, told The Washington Post.

This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/us-lawmakers-respond-to-the-uks-apple-encryption-backdoor-request-182423656.html?src=rss https://www.engadget.com/cybersecurity/us-lawmakers-respond-to-the-uks-apple-encryption-backdoor-request-182423656.html?src=rss