American Politicians Warn UK of Risks from iCloud Backdoor

By Netvora Tech News

---

Two American politicians have warned the British government of the consequences of a proposed iCloud backdoor, which authorities in the country want to implement. In early February, The Washington Post reported that the British authorities had given Apple a Capability Notice (TCN), stating that the company must provide access to end-to-end encrypted iCloud backups. The report highlights the fact that iCloud backups made by users are not end-to-end encrypted by default, allowing Apple and authorities to access them. However, users can opt-in to advanced data protection, which would encrypt their backups, making them inaccessible to anyone, including Apple and authorities. This option is currently not enabled by default. The access sought by the British authorities would apply to iCloud users worldwide. Apple would also be prohibited from disclosing the existence of the backdoor. Two weeks after the report, Apple decided to stop offering advanced data protection for new users in the UK. Existing users in the UK will eventually have to disable the security measure. "The creation of a backdoor in end-to-end encrypted systems like the TCN introduces systemic vulnerabilities that can be exploited by malicious actors, including cybercriminals and authoritarian regimes," said Jim Jordan and Brian Mast of the US House of Representatives in a letter to British Home Secretary Yvette Cooper. "These vulnerabilities affect not only British users but also American citizens and others worldwide, given the global nature of Apple's services," they added. The American policymakers are asking the British minister to allow Apple to share the demand with the US Department of Justice. The department can then review whether the demand complies with the agreements made under the Cloud Act, which prohibits governments from demanding that companies decrypt data. The American policymakers want the British government to rescind TCNs that weaken encryption. According to Jordan and Mast, such measures are in conflict with international human rights standards, including a ruling by the European Court of Human Rights, which stated that undermining encryption violates the right to privacy.