British government forces access to Apple's encrypted cloud data

The Investigatory Powers Act (IPA), which has been criticized by security experts, civil libertarians and Apple itself, could break the security of the iCloud. A secret directive made possible by the Security and Espionage Act requires the iPhone company to hand over encrypted content from backups and other data of all users worldwide at the request of the authorities in the UK, writes the Washington Post in an exclusive report on Friday. This puts Apple's promise of data protection to its customers at risk.

Backdoor requested for the iCloud

The order to Apple is said to have been issued last month and has not been made public. It demands the "general ability to view fully encrypted material, not just assistance in cracking certain accounts", according to the Washington Post, citing informed sources. This is unprecedented in democratic countries. Should this actually be applied, users would no longer have any protection and Apple (as well as many other tech companies that defend encryption) would have suffered a serious defeat in terms of user rights.

IPA, also known to critics as the "Snoopers' Charter", has been in force since 2016, but has recently been tightened up. Apple had already warned a year ago of an "unprecedented overstepping of boundaries" by the London government, then still under the Conservative Tories. However, the now ruling Labor Party (Labour) continued to pursue this course. Apple said at the time that the UK could use the new IPA to try to secretly veto new protections – such as improved encryption –, which would then have a global impact "to prevent us from ever being able to offer them to our customers". This is exactly what seems to have happened now –, even turning against existing encryption.

Strong encryption affected

Apple did not initially comment on the report. According to the Washington Post, the instruction came in the form of a so-called Technical Capability Note, which stated that Apple must provide access under the IPA. The iPhone company can only object to this before a secret panel, which only deals with details – such as costs. A judge must then decide whether the order meets the government's requirements. However, Apple is not allowed to suspend the order during this type of appeal process.

Apple had already announced that it would defend itself against such attempts to break iCloud encryption. There was no comment from the Trump administration. Informed circles stated that it was "shocking" that the British were also demanding data from foreigners without informing their governments. Apple is also not allowed to inform customers that the encryption has been broken.

This involves data that Apple itself does not have access to due to strong encryption. In addition to content that is encrypted anyway, the Advanced Data Protection feature, which users must explicitly activate and which encrypts significantly more information in the iCloud, is particularly affected.

iCloud content is often requested from Apple by police authorities – if it is not protected, it can be freely used for proceedings. It is also conceivable that authorities could obtain information from other (otherwise strongly encrypted) services whose keys are available in the backup by forcing Apple to decrypt the iCloud. Apple believes that such moves would violate rulings by the European Court of Human Rights. It is considered possible that the company will completely turn off strong encryption in the UK before the authorities allow access.

Empfohlener redaktioneller Inhalt

Mit Ihrer Zustimmung wird hier ein externer Preisvergleich (heise Preisvergleich) geladen.

Preisvergleiche immer laden Preisvergleich jetzt laden

Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen (heise Preisvergleich) übermittelt werden. Mehr dazu in unserer Datenschutzerklärung.

(bsc)