Home Office issues new ‘back door’ order over Apple encryption

The government has re-ignited a row with Apple by issuing a new order to require the technology company to provide warranted access to encrypted data stored by British users on Apple’s iCloud service.

The Home Office has previously sought access data and messages stored by Apple users from any country, including the US, in a move that sparked a diplomatic row with the Trump administration.

The Financial Times reported that the Home Office issued a new order in September that Apple provide the UK with access to encrypted cloud backups but only for British citizens.

The move follows an announcement by the US director of National Intelligence, Tulsi Gabbard on social media site X on 19 August that the UK had agreed to drop demands for a “backdoor” that would allow access to the data of US citizens.

The Home Office issued a technical capability notice (TCN) against Apple in January requiring the company to provide the technical capability for the UK to access encrypted data on Apple’s iCloud back-up service world-wide.

Apple withdrew its Advance Data Protection service, which allowed users to encrypt their backed-up data using encryption keys that would be inaccessible to Apple, in February.

“As we have said many times before, we have never built a backdoor or master key to any of our products or services and we never will,” the company said in a statement.

“We are gravely disappointed that the protections provided by ADP will not be available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy,” it added.

Apple has filed a legal challenge against the Home Office to the Investigatory Powers Tribunal, along with the Privacy International and Liberty, in a case that is due to be heard in January.

It is not clear  whether or how Apple will be able to distinguish between users who are British citizens, US citizens based in the UK, or British citizens in the US, raising questions over how Apple will be able to comply with the latest Home Office order.

Caroline Wilson Palow, legal director at Privacy International said that the new order issued by the government could still impact the security and privacy of users of Apple devices.

“While this seems like progress - and it is in the sense that the UK is clearly reacting to the global concern and US Government pressure generated by its original directive to Apple - the new order may be just as big a threat to worldwide security and privacy as the old one," she said.

"In the name of protecting the UK people, the UK Government is instead undermining a crucial security protection, which seems ill-advised in a world where security risks are mounting every day," she added.

The Home Office issues TCN’s under the Investigatory Powers Act 2016 to require technology companies to introduce technical capabilities to conduct surveillance.

The TCN issued against Apple was approved by the Investigatory Powers Commissioner, Brian Leveson.

Law enforcement and intelligence agencies are required to obtain warrants, signed by a judicial commissioner, to access data from Apple