hanohiki - stock.adobe.com

Why I am challenging Yvette Cooper’s ‘secret backdoor’ order against Apple’s encryption

I took steps to lock down all personal data after I was named as an opponent of Russia. Now I am again worried about my family's safety after the home secretary issued a secret order against Apple

Security is hard. It’s even harder now that, apparently, the UK government has secretly ordered Apple to reduce the security of its services. That’s why my colleagues and I had to take the government to court.

It’s an honest struggle to secure your organisation’s data. At Privacy International, like every organisation, we’re always struggling with decisions about where our data is stored, how it is secured, and how to ensure backups.

When our data is stored on servers elsewhere, like most organisations, we fret and take necessary additional measures. We take the natural position that the data should be secured. We use encryption to do so.

When I look at my phone, however, I worry. On there, amidst all my personal information, and my family’s, I also have my work data. On all our personal devices there are work emails, chats, contracts, reports, travel details, events, contacts ... it’s nearly impossible to segment the two worlds. And yet that data also gets backed up. In my case, and for millions of people in the UK and billions across the world, our data ends up on Apple’s servers.

Named by Russia

For me, this became an urgent matter in August 2024. Since the Russian invasion of Ukraine, the Russian government began listing individuals on the Ministry of Foreign Affairs website, “stop-lists” of people. I was listed, amongst many others, as being part of “London’s hostile agenda” against Russia.

Many UK parliamentarians (including ministers), and people working for academia, think tanks and the private sector, have been similarly listed.

Sitting at home in August, seeing that listing, my heart sank. While I’m unlikely to visit Russia, and so the direct impact of that listing is limited, my name is nonetheless there to be seen by all, defined as an opponent of Russia.

My next response was to start hardening my home network and all my family’s devices. I turned on every security functionality I could, raising every bar there was.

Risks to family

Now those protections are being taken away from me, by the UK home secretary. On 5 February, the Washington Post revealed that Apple had received an order from the UK government to undermine the security of the very service I had turned on to directly control the encryption of my data on Apple’s servers. While Apple has said nothing publicly about this order, it soon thereafter announced that it would remove that service from the UK. As a result of that decision, I will, at some point, lose that ability to control my security.

I am again feeling exposed, targeted and confused. I am worried about my family’s safety. And this time, it’s apparently because of the UK home secretary’s choices.

Unless the UK government changes the course it seems to be on, my family and I will lose that layer of security on the private minutiae of our lives: the recipes we’ve saved to try at family mealtime, photos from my child’s school plays, videos from Christmasses past. Alongside are records of my work at Privacy International with lawyers, journalists and rights defenders across the world.

We stepped up and filed our case because everyone – including my family – has a right to privacy and security.

Oppressive governments

We believe that the UK’s apparent attempt to undermine encryption could have global consequences, opening up a backdoor to millions of people’s personal data that could be accessed by hackers and oppressive governments.

No government should have the power to suspend security, or to halt security innovation, affecting all users – whether in their country or affecting users worldwide. Yet that power exists in the Investigatory Powers Act, and it’s now purportedly been used, in secret.
This undermines the security of us all.

This is why we took our case to the Investigatory Powers Tribunal. For now, the UK’s secret order seems to have affected millions of people in the UK. Unless we all push back, it will affect billions of people across the world. The home secretary musn’t get to secretly decide the security fates of us all.


Gus Hosein is the executive director of Privacy International.

Timeline of UK government’s order for a backdoor into Apple’s encrypted iCloud service

7 February: Tech companies brace after UK demands backdoor access to Apple cloud – The UK has served a notice on Apple demanding backdoor access to encrypted data stored by users anywhere in the world on Apple’s cloud service.

10 February: Apple: British techies to advise on ‘devastating’ UK global crypto power grab – A hitherto unknown British organisation, which even the government may have forgotten about, is about to be drawn into a global technical and financial battle, facing threats from Apple to pull out of the UK.

13 February: UK accused of political ‘foreign cyber attack’ on US after serving secret snooping order on Apple – US administration asked to kick UK out of 65-year-old UK-US Five Eyes intelligence sharing agreement after secret order to access encrypted data of Apple users.

14 February: Top cryptography experts join calls for UK to drop plans to snoop on Apple’s encrypted data – Some of the world’s leading computer science experts have signed an open letter calling for home secretary Yvette Cooper to drop a controversial secret order to require Apple to provide access to users’ encrypted data.

21 February: Apple withdraws encrypted iCloud storage from UK after government demands ‘backdoor’ access – After the Home Office issued a secret order for Apple to open up a backdoor in its encrypted storage, the tech company has instead chosen to withdraw the service from the UK.

26 February: US intelligence chief Tulsi Gabbard probes UK demand for Apple’s encrypted data A secret order issued by the UK against Apple would be a ‘clear and egregious violation’ if it provides back door access to Americans’ encrypted data, says US director of national intelligence.

5 March: Apple IPT appeal against backdoor encryption order is test case for bigger targets – The Home Office decision to target Apple with an order requiring access to users’ encrypted data is widely seen as a ‘stalking horse’ for attacks against encrypted messaging services WhatsApp, Telegram and Signal.

11 March: Secret London tribunal to hear appeal in Apple vs government battle over encryption – A secret tribunal is due to meet at the High Court in London to hear tech giant Apple appeal against a Home Office order to compromise the encryption of data stored by its customers on the iCloud service worldwide.

13 March: US Congress demands UK lifts gag on Apple encryption order – Apple and Google have told US lawmakers that they cannot tell Congress whether they have received technical capability notices from the UK.

14 March: The Investigatory Powers Tribunal holds a day-long secret hearing into an appeal brought by Apple against a government notice requiring it to provide law enforcement access to data encrypted by its Advanced Data Protection service on the iCloud, despite calls for the hearing to be opened to the public.

Read more on IT risk management