UK agrees to drop dangerous data encryption backdoor demands, says US

The UK has agreed to drop its mandate that Apple install a backdoor into the encrypted data stored on its devices, though it isn’t clear whether this is an overall change or simply a tweak to protect US citizens. 

The landmark move would be a victory for digital privacy experts that sets a precedent between the ongoing battle between tech companies and government surveillance.

The authoritarian surveillance-loving UK government didn’t reach the decision easily — it had to be convinced. For months, data privacy experts, encryption-based businesses, and privacy activists have been arguing against the government overreach.

As Akiko Hart, Liberty’s Director, said earlier this year: “End-to-end encryption is an essential security tool that protects our personal data, including our bank details, health information, private conversations and images. It’d be an entirely reckless and unprecedented move from the UK Government to open up a backdoor to this data, and one that will have global consequences.”

“The UK’s use of a secret order to undermine security for people worldwide is unacceptable and disproportionate,” Caroline Wilson Palow, legal director at Privacy International said earlier.

The UK wanted to access all the data

The UK wanted to force Apple (and conceivably others) to put a backdoor into their systems that could be used to access encrypted, private data. It issued a so-called technical capability notice making the demand under the country’s Investigatory Powers Act (the so-called “Snooper’s charter”) with an order that Apple open access to people’s encrypted data. This would have also left people outside the UK threatened by the deep surveillance state.

Apple refused, withdrew its Advanced Data Protection services in the UK, and has been challenging the Home Office order in a highly secretive court. No one in the UK is being told the results of these deliberations, on strength of a half-baked misunderstanding of “national security.” However, the US administration saw the decision as an attack on the rights of US citizens and has worked at the highest level to convince UK leaders to withdraw the request.

US Director of National Intelligence Tulsi Gabbard wrote on X: “Over the past few months, I’ve been working closely with our partners in the UK, alongside [President Donald J. Trump] and [Vice President J.D. Vance], to ensure American’s private data remains private and our Constitutional rights and civil liberties are protected. As a result, the UK has agreed to drop its mandate for Apple to provide a ‘back door’ that would have enabled access to the protected encrypted data of American citizens and encroached on our civil liberties.”

The UK had argued that any such access would be protected by the safeguards it has in place, but digital privacy advocates mocked that argument.

Apple really does know better

Apple, because it is a technology company that understands how technology works, had resisted the UK demands since they first appeared.  In a statement earlier this year, Apple said, “As we have said many times before, we have never built a backdoor or master key to any of our products or services and we never will.”

Apple knows that there is no such thing as a safe backdoor into personal data. It recognizes that once such a door is in place, information about how to unlock it will slip, and personal data will become highly insecure. The company understands the extent to which making such a move will threaten business, banking, and commerce and ultimately spell disaster for online trade. 

Finally, because the company is engaged in a constant war with such attempts, Apple knows that any such backdoor would also become a target for hostile governments and organized crime, and that its existence would also give tacit permission to hostile states to demand the same degree of access, leading to a tsunami of digital insecurity to the detriment of — well, to the detriment of everyone. 

It understands that, in the digital space at least and likely also in the physical realm, no one is safe unless everyone is safe. National security is best served by keeping nations secure, rather than issuing half-baked edicts to force insecurity be built in.

A political failure

Sadly, this crystal-clear truth hasn’t been understood by the current UK Home Secretary, Yvette Cooper, who appears to fundamentally misunderstand the gravity of her role as a custodian of digital liberty and free speech. 

This is why Apple resisted the demand, withdrew the Advanced Data Protection feature from the UK, and mounted an expensive legal challenge. 

Now, with intervention from the Trump Administration, it seems the UK land grab on digital civil liberty has been quashed — though, given the secretive nature of the application of these rules, it is impossible to be certain of the extent of this change. It’s possible that similar rules, perhaps in a format adjusted to protect US citizens, have been put in place and people are not being told. If that is the case, then it’s only a matter of time before any backdoors are forced open, with all the negative impacts for online and commercial security predicted above. 

I’d be more certain that resistance to Cooper’s Snoopers has prevailed if Apple were confident enough to offer Advanced Data Protection to UK customers again, but no announcement to that effect has been made. Meanwhile Cooper’s snoopers allegedly want to ban use of VPNs in the UK, yet another ludicrous decision that threatens digital security and trade.

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.