UK Home Office silent on alleged Apple backdoor order

The UK’s Home Office refuses to either confirm or deny reports that it recently ordered Apple to create a backdoor allowing the government to access any user’s cloud data.

Such a mechanism would enable the government to independently access and read encrypted data, both within the UK and potentially for users worldwide.

The Home Office told The Register: “We do not comment on operational matters, including for example confirming or denying the existence of any such notices.”

Apple did not immediately reply to our request for input and the UK’s NCSC deferred the matter to the Home Office. 

Sources speaking to the Washington Post, which first reported the story, said the order cited the Investigatory Powers Act 2016, often referred to as the Snooper’s Charter.

The law was expanded in April last year with the passing of the Investigatory Powers Bill, which further increased the UK’s digital surveillance capability with a range of new powers.

These include allowing intelligence agencies and law enforcement to gather Brits’ internet connection records, revealing the services they connected to and when. The bill also made provisions for authorities to gather data en masse from sources with little to no expectation of privacy. Such examples include footage from CCTV cameras and images posted to social media.

The IPA also outlaws the disclosure of the government making a request using the law’s powers.

Insiders spoke on condition of anonymity, adding that Apple would likely cease offering encrypted backups in the UK, but that alone wouldn’t satisfy the secret order issued in January, according to reports.

Rumors of such an order began circulating in March 2024, prior to the Investigatory Powers Bill passing in the House of Lords. But the UK’s ambition to find ways of defeating encryption technologies, especially in communication platforms, has predated for many years. The prevailing arguments the UK government has made to support its desired encryption backdoor relate to child safety and anti-terror.

The Online Safety Act became law in 2023 and retained a controversial encryption-breaking clause, although it could only be invoked where technically feasible. With end-to-end encryption still a feature of most popular messaging platforms, that feasibility does not yet exist.

The legislation faced substantial backlash. Big tech and privacy advocates again condemned the UK’s approach to encryption, with Signal threatening to pull out of the country, refusing to compromise the security of its platform for the region.

Under the IPA, Apple can appeal the order, arguing against it in terms of how much it would cost to implement. This would be made to a secret technical committee and a judge would ultimately decide whether the order was proportionate to the government’s needs. However, Apple wouldn’t have legal grounds to delay the delivery of the government’s cloud-spying capability while the appeal is considered.

Should Apple be compelled to implement that capability, legal experts suggested the consequences could see major digital service providers pull out of the UK.

“Ultimately, regulators in countries will decide whether Apple or any company offering these services in the UK can continue to do so, and if so, on what terms, said Jonathan Compton, partner at DMH Stallard, to The Register.

“It will then be for the service provider and those in the position of Apple to decide whether they can continue to offer services, or adapt their services, or withdraw their services from UK consumers. The same is true for US and EU jurisdictions.

“There is a constant tension between those who hold information, such as Apple, and those who want to get at it, such as investigatory arms of the state.” ®

READ MORE HERE