Forcing the iCloud backdoor: US investigates if the UK is breaking treaties
Apple is switching off its end-to-end encryption for the iCloud after the UK demanded a backdoor. The US government doesn't like this at all.
In the UK, the iCloud will be less secure in future.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
In the conflict between Apple and the British government over the installation of a backdoor in iCloud that would affect users all over the world, the Trump administration in Washington has now also intervened. Tulsi Gabbard, Director of National Intelligence (DNI) and thus the watchdog over the US intelligence services, is currently having her lawyers examine whether London's actions could be in breach of existing agreements between the US and the UK. According to an initial review, the British request, which was made as part of the controversial Investigatory Powers Act (IPA), may be in breach of the Cloud Act Agreement. This states that the UK may not request data from US citizens or legal residents (“U.S. persons”).
Lonely Brits without encryption
At the beginning of February, Apple received a secret instruction under the IPA to provide encrypted data in the iCloud to British authorities – and not just that of British citizens. To do this, the company would have to equip its Advanced Data Protection (ADP) with a backdoor. The enhanced data protection, which Apple users can optionally activate, ensures that Apple itself cannot access this information. This would only be possible with a kind of “self-hack”, i.e. a backdoor. Apple categorically rejects this – as well as the IPA itself – and reacted with an unusually harsh measure: the UK is now the only country in which ADP can no longer be reactivated; existing activations will be deactivated. ADP is even active in China, as Apple confirmed when asked by Mac & i.
Videos by heise
Gabbard's statement that she is currently having the case analyzed was in response to a request from Democratic US Senator Ron Wyden, who made the request together with his colleague from Arizona, US Representative Andy Biggs. US politicians and NGOs had previously criticized London's actions. The letter to Gabbard stated that the British were planning a “foreign cyberattack carried out by political means”. The politicians called for cybersecurity agreements with the UK to be put to the test.
Access to material from abroad
“Following an initial review of the bilateral Cloud Act agreement between the US and the UK, the UK is not permitted to request data from US citizens, nationals or permanent residents – nor is it authorized to request data from individuals located in the US,” Gabbard's exact response read. What consequences this will have remains to be seen.
Apple itself initially remained silent about the incident – probably also because it is not officially allowed to comment according to the IPA. In the end, the company decided to disconnect ADP in the country altogether. “We are deeply disappointed that ADP's protection will no longer be available to our customers in the UK, especially against the backdrop of ever-increasing data breaches and other threats to user privacy. It is more urgent than ever to increase the protection of cloud storage through end-to-end encryption,” the company wrote in the German version of its statement.
Empfohlener redaktioneller Inhalt
Mit Ihrer Zustimmung wird hier ein externer Preisvergleich (heise Preisvergleich) geladen.
Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen (heise Preisvergleich) übermittelt werden. Mehr dazu in unserer Datenschutzerklärung.
(bsc)
