The UK government continues to seek access to Apple’s iCloud services, according to a new report, with its request to access people’s data seemingly even broader than originally thought.
According to a legal filing seen by the Financial Times, the UK Home Office wanted backdoor access to standard iCloud services in addition to those secured with the highest level of encryption.
Just last week, President Donald Trump’s Director of National Intelligence Tulsi Gabbard said that the UK and US had reached a deal, which had resulted in the UK dropping its request to Apple. The filing seen by the Financial Times suggests that is not in fact the case and that the request very much still stands.
Representatives for Apple and the Home Office didn’t respond to requests for comment.
The US government has taken particular interest in the UK’s request, which was initially reported back in January, as it wouldn’t simply provide access to data belonging to British citizens, but to all iCloud users globally.
Neither the Home Office nor Apple had commented publicly on the reports that the government department had made the request of the tech company. But in February, Apple pulled its Advanced Data Protection security tool for iCloud users in the UK, saying that it was “gravely disappointed” over having to make the move. In March, the company launched a legal challenge in objection to the government’s request.
In the legal filing seen by the Financial Times, the Home Office’s request didn’t just apply to data protected by ADP, but to all iCloud data, including “categories of data stored within a cloud-based backup service.” This could include stored passwords and messages.
The UK government’s request is enabled by the Investigatory Powers Act — often referred to by critics as the “snooper’s charter” — which is designed to help law enforcement investigate serious crimes such terrorism and child sexual abuse. But by compelling Apple to create a pathway to circumvent its own security measures opens up the company’s entire system to exploitation by bad actors.
“Once you open a backdoor, you don’t really have tight control of who walks through it,” said Oli Buckley, professor of cybersecurity at the University of Loughborough. “The request from the Home Office doesn’t seem to be just asking Apple to leave a spare key out for them. Instead, they are effectively asking them to ensure every house on the street uses the same key.”
This might make it convenient for investigators, he added, but it puts everyone at risk in the process.
