hanohiki - stock.adobe.com

News

Government using national security as ‘smokescreen’ in Apple encryption row

Senior conservative MP David Davis says the Home Office should disclose how many secret orders it has issued against telecoms and internet companies to Parliament

Bill Goodwin
By
Published: 11 Jun 2025 12:55

The government is using national security as a “smokescreen” to refuse to disclose how many technical capability notices (TCNs) it has issued to telecoms and internet companies to secretly gain access to users’ encrypted communications and data, and make other modifications to their networks, it was claimed last night.

Senior Conservative MP David Davis told Computer Weekly there was “no credible case” for the government to refuse to tell Parliament how many notices it issues each year to telecoms and internet companies.

“The government is being dishonest in its use of ‘national security’ as a smokescreen to avoid telling the public how often it has ordered tech companies to hand over data or undermine encryption,” he said.

Davis is pressing the government to disclose how many TCN orders it issues each year after attempts by the Home Office to issue a notice against Apple attracted criticism from leading cryptographers, civil society groups and US politicians, when the existence of the notice was leaked to the Wall Street Journal.

Rather than comply with the order, Apple withdrew its Advanced Data Protection (ADP) service from the UK in February, and is now challenging the order in the Investigatory Powers Tribunal. Civil society group Privacy International has issued a separate legal challenge.

In response to written questions from Davis (here and here), Labour’s minister of state for security, Dan Jarvis, claimed he could not disclose how many TCNs the Home Office issues each year to phone and internet companies, citing national security.

Jarvis said it has been a “long-standing position that the government does not confirm or deny compliance of operators given a notice”.

The government is being dishonest in its use of ‘national security’ as a smokescreen to avoid telling the public how often it has ordered tech companies to hand over data or undermine encryption
David Davis, Conservative MP

“We also do not publish the number of technical capability notices issued or release identities of those subject to a technical capability notice. To do so may identify operational capabilities or harm the commercial interests of companies,” he added.

TCNs issued to major telcos

The Home Office is required to seek approval from a technical advisory board, made up of representatives from the telecommunications industry and the intelligence services, before issuing TCNs. It is unclear whether the advisory board has ever objected to a TCN.

The Home Office is understood to have issued TCNs to every major UK telecommunications company and internet service provider. TCNs must be renewed every two years or are deemed to have lapsed, according to the code of practice (13.33).

Before the Investigatory Powers Act 2016, the government issued similar notices under Section 94 of the Telecommunications Act 1984.

A court ruling last year raised questions over the blanket use of secret government orders to weaken the encryption of technology company users.

The European Court of Human Rights found Russia had acted unlawfully when it ordered messaging service Telegram to assist in the decryption of users’ encrypted communications by providing data relating to the encryption key.

Podchasov versus Russia

In the case of Podchasov v. Russia, judges found: “Weakening encryption by creating backdoors would apparently make it technically possible to perform routine, general and indiscriminate surveillance of personal electronic communications.”

They added: “Backdoors may also be exploited by criminal networks and would seriously compromise the security of all users’ electronic communications.”

Bernard Keenan, a lecturer in law at UCL and a specialist in surveillance law, said the case meant that any systemic undermining of an encrypted internet system was, by default, “disproportionate”, and if the UK intended to undermine end-to-end encryption, it should say so publicly.

“It seems to raise a really important point, which is to say that if you’re going to systemically weaken and create risks, that has to be foreseeable [under the law]. And that means you should at least say whether you are issuing these [TCNs],” he added.

Government response questioned

Pat Walshe, a data protection and privacy professional, said the government’s claim that disclosing the number of orders issued would damage national security was open to challenge.

“I think David Davis is correct to ask the questions and it’s neglectful of the government not to answer them. I would suggest respectfully to the government that disclosure of the numbers themselves would not compromise national security,” he said.

You cannot create a backdoor for the state without opening the same door to hostile states and cyber criminals. Once a vulnerability exists, it will be exploited
David Davis, Conservative MP

“If they are saying it is, then I would respectfully ask the government to publish the impact assessment that proves the restriction on disclosure is necessary and proportionate to safeguard national security,” he added.

Davis told Computer Weekly that encryption safeguards everyone, including journalists, whistleblowers, businesses and the public.

“You cannot create a backdoor for the state without opening the same door to hostile states and cyber criminals. Once a vulnerability exists, it will be exploited,” he said.

Davis said the order issued against Apple is unlikely to be the first and only notice served, “yet we have no idea how many such notices have been issued, nor how often companies have resisted or complied”.

He added: “There is no credible national security case for withholding this information. The government’s refusal to publish even the number of these notices is not about security – it is about avoiding scrutiny.”

Need for warrants

Computer Weekly previously reported that, if the Home Office succeeds in securing the TCN against Apple, it would have to take many further legal and technical steps to obtain the cryptography keys to read messages and data from users of Apple’s Advanced Data Protection service.

This could include obtaining targeted warrants to monitor individual users of Apple, bulk warrants to target large numbers of users, or thematic warrants to target different classes of people using Apple’s services.

The Home Office would also have to serve “equipment interference warrants” to enable necessary “updates” and tampered apps to be sent to targeted Apple devices, according to forensic computer expert Duncan Campbell.

Davis said the government should focus on better-targeted intelligence and proper judicial oversight, rather than weakening the security of cloud services.

“Instead of strong-arming tech firms into weakening public protections, the government should focus on better-targeted intelligence, robust legal frameworks and proper judicial oversight. We do not defend British values by dismantling them,” he said.

It is widely believed that the Home Office has issued a similar TCN against Google, which develops the Android phone operating system.

Timeline of the UK government’s order for a backdoor into Apple’s encrypted iCloud service

5 June: US politicians are calling for Congress to rewrite the US Cloud Act to prevent the UK issuing orders to require US tech companies to introduce ‘backdoors’ in end-to-end encrypted messaging and storage.

15 April: The Investigatory Powers Tribunal is a semi-secret judicial body that has made significant legal rulings on privacy, surveillance and the use of investigatory powers. What does it do and why is it important? 

7 April: Investigatory Powers Tribunal rejects Home Office arguments that identifying the ‘bare details’ of legal action by Apple would damage national security, leaving open possibility of future open court hearings.

02 April: Apple appeals to the Investigatory Powers Tribunal over an order by home secretary Yvette Cooper to give the UK access to customers’ data protected by Advanced Data Protection encryption. What happens next? 

7 February: Tech companies brace after UK demands backdoor access to Apple cloud – The UK has served a notice on Apple demanding backdoor access to encrypted data stored by users anywhere in the world on Apple’s cloud service.

10 February: Apple: British techies to advise on ‘devastating’ UK global crypto power grab – A hitherto unknown British organisation, which even the government may have forgotten about, is about to be drawn into a global technical and financial battle, facing threats from Apple to pull out of the UK.

13 February: UK accused of political ‘foreign cyber attack’ on US after serving secret snooping order on Apple – US administration asked to kick UK out of 65-year-old UK-US Five Eyes intelligence sharing agreement after secret order to access encrypted data of Apple users.

14 February: Top cryptography experts join calls for UK to drop plans to snoop on Apple’s encrypted data – Some of the world’s leading computer science experts have signed an open letter calling for home secretary Yvette Cooper to drop a controversial secret order to require Apple to provide access to users’ encrypted data.

21 February: Apple withdraws encrypted iCloud storage from UK after government demands ‘backdoor’ access – After the Home Office issued a secret order for Apple to open up a backdoor in its encrypted storage, the tech company has instead chosen to withdraw the service from the UK.

26 February: US intelligence chief Tulsi Gabbard probes UK demand for Apple’s encrypted data A secret order issued by the UK against Apple would be a ‘clear and egregious violation’ if it provides back door access to Americans’ encrypted data, says US director of national intelligence.

5 March: Apple IPT appeal against backdoor encryption order is test case for bigger targets – The Home Office decision to target Apple with an order requiring access to users’ encrypted data is widely seen as a ‘stalking horse’ for attacks against encrypted messaging services WhatsApp, Telegram and Signal.

11 March: Secret London tribunal to hear appeal in Apple vs government battle over encryption – A secret tribunal is due to meet at the High Court in London to hear tech giant Apple appeal against a Home Office order to compromise the encryption of data stored by its customers on the iCloud service worldwide.

13 March: US Congress demands UK lifts gag on Apple encryption order – Apple and Google have told US lawmakers that they cannot tell Congress whether they have received technical capability notices from the UK.

14 March: The Investigatory Powers Tribunal holds a day-long secret hearing into an appeal brought by Apple against a government notice requiring it to provide law enforcement access to data encrypted by its Advanced Data Protection service on the iCloud, despite calls for the hearing to be opened to the public.

24 March: Gus Hosein, executive director of Privacy International – Why I am challenging Yvette Cooper’s ‘secret backdoor’ order against Apple’s encryption.

31 March: Apple devices are at ‘most risk’ in UK following government ‘backdoor’ order, Lord Strasburger tells the House of Lords as a Home Office minister declines to give answers.

Read more on Privacy and data protection