Senator warns of new UK surveillance risks to US citizens following Apple ‘back door’ row

Android phones may have ‘backdoors’

In a letter to Gabbard yesterday, Wyden claims that the Home Office may have issued a secret order against Google to introduce “backdoors” to the encrypted back-up service used by billions of Android phone users worldwide. Following publication of Wyden's letter, Google said that it had received no such orders from the UK.

The letter also raises questions about Home Office powers in the Investigatory Powers Act (IPA) 2016 to issue orders to secretly force US companies to store data belonging to US citizens in the UK “where it could be then seized by the US government.”

Wyden’s intervention comes as president Trump, who has criticised the Home Office’s order against Apple as something China would be expected to do, met with prime minister Keir Starmer, at Trump’s Turnberry golf course in South Ayrshire.

Wyden and Republican Congressman Andy Biggs first wrote to Gabbard in February 2025, after a leak in The Washington Post revealed that the Home Secretary Yvette Cooper, had issued a order, known as a Technical Capability Notice (TCN) against Apple, requiring it to introduce 'backdoor' access to users' dater stored on its advanced encrypted storage service.

Gabbard told the lawmakers that she shared their “grave concern” about the UK ordering US companies to create ‘backdoors’ that would allow access to encrypted data of US citizens. Such a move would “be a clear and egregious violation of American citizen’s privacy and civil liberties” and would create cyber vulnerabilities that could be exploited by hostile actors, she added.

Wyden states in the letter that companies that receive orders under the UK's Investigatory Powers Act (IPA) 2016 are legally prohibited from disclosing their existence, making it impossible to confirm which US technology companies have received orders from the UK, “much less the extent to which they may be complying with them”.

Apple’s Advance Data Protection service is  disabled by default, making it likely that only a “very small” proportion of Apple’s customers “benefiting from this important cyber security defence” would be impacted by a Home Office order.

However, Wyden raised the prospect - since denied by Google - that the Home Office has also issued an order requiring Google, to provide ‘backdoor’ access to encrypted back-ups made by billions of Android smart phone users which are protected by end-to-end encryption by default.

 “When my office asked Google about backdoor demands from the UK, the company did not answer the question, only stating that if it had received a technical capabilities notice, it would be prohibited from disclosing that fact,” Wyden wrote.

This is in contrast to Meta, which offered Wyden an “unequivocal denial” stating that “we have not received an order to backdoor our encrypted services, like that reported about Apple” when asked the same question on 17 March 2025.

Home office hacking powers could impact US

Wyden has raised further concerns that the threat to US data posed by UK surveillance laws is not limited to demanding that US companies weaken their encryption with back doors.

The British Embassy in Washington has not denied claims that the UK could use the IPA to force US companies to store newly created US customer data in the UK. “Such UK-located data could then be seized by the UK government,” he added.

He has also raised concerns that UK can use the Equipment Interference (hacking) provisions in the IPA to demand that companies “infect their customers with spyware to hack Americans” – a capability which the British Embassy in Washington has again not denied.                                                                                            

“The cyber security of American’s communications and digital lives must be defended against foreign threats,” Wyden told Gabbard. “The national security implications are serious, not least because the communications of US government officials could be subject to both weakened encryption and storage in the UK,” he said.

Commenting on Wyden’s letter, Jim Killock, Executive Director of Open Rights Group, which is campaigning against the Home Office’s moves against encryption, said that the Home Office’s orders impact the security of people worldwide

“Google's refusals to answer Senator Wyden is extremely worrying for Android users who rely on encryption for their privacy and security,” he added.

Update 21:00

Following publication of this story, Google told The Washington Post, that the British government has never asked it for special access to users’ private messages and data.

A spokesperson told the Washington Post, “We have never built any mechanism or ‘backdoor’ to circumvent end-to-end encryption in our product,” and added, “if we say a product is end-to-end encrypted, it is.”