Forced to use the iCloud backdoor: Is Apple leaving the UK?

After it was announced last week that the British government wants to force access to encrypted iCloud content of all users worldwide for its security authorities, there is speculation about possible reactions from Apple. The secret order under the Investigatory Powers Act (IPA), also known as the "Snoopers' Charter", calls on Apple to build a backdoor into the iCloud. This would then also allow data to flow out that is end-to-end encrypted using the optional Advanced Data Protection (ADP) function, meaning that it cannot currently be viewed by Apple. Apple itself has not yet commented on the report published by the Washington Post.

iCloud unencrypted for Brits or completely turned off?

The IPA is set up in such a way that companies have the opportunity to lodge an appeal against such an order. However, this is only intended to clarify technical or economic issues, for example if snooping becomes too expensive for a company. In addition, an appeal, which must be decided by a judge, may not lead to the implementation of the order being suspended. Apple is therefore caught between a rock and a hard place. The company had already publicly warned against IPA a year ago and stated that it would also jeopardize security in other parts of the world. This was an "unprecedented overstepping of boundaries" by the British government. In addition to snooping interfaces, IPA is also intended to force companies to weaken new encryption methods or install backdoors – and, of course, to do so in secret.

Apple has a total of three options. The company could completely deactivate the ADP function for the UK. This would mean that, as is already the case, the authorities would always have access to the content in the iCloud, which without ADP is protected with a key that Apple has – Accordingly, iCloud backups are regularly requested and evaluated by police authorities. These backups also contain other content of interest to police officers and rascals, such as keys for FaceTime and iMessage as well as photos encrypted with Apple's key plus the content of iCloud Drive. Only once ADP has been activated can Apple (and a requesting authority) no longer view this data. Read here how to use ADP.

Example China "made in UK"

The second option would be for Apple to switch off iCloud in the UK completely. This would also remove the need to install backdoors that put users in other regions at risk. However, this would mean Apple foregoing an important market and offending users. Finally, there is also a third option: a separate iCloud for the UK. This is unprecedented in Western countries, but is practiced in communist-ruled China, where local servers are used that are operated in cooperation with government-affiliated companies.

At least in theory, authorities could then access these at will, although it has not yet been revealed how exactly and how often this happens in the People's Republic. This would be a loss of face for the liberal-minded United Kingdom, but there are apparently enough hardliners in the government –, which is now led by the Social Democratic Labor Party –, who are willing to take this risk.

Empfohlener redaktioneller Inhalt

Mit Ihrer Zustimmung wird hier ein externer Preisvergleich (heise Preisvergleich) geladen.

Preisvergleiche immer laden Preisvergleich jetzt laden

Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen (heise Preisvergleich) übermittelt werden. Mehr dazu in unserer Datenschutzerklärung.

(bsc)