Stay informed with free updates
Simply sign up to the Cyber Security myFT Digest — delivered directly to your inbox.
Apple is stepping up its fight with the British government over a demand to create a “back door” in its most secure cloud storage systems, by filing a legal complaint that it hopes will overturn the order.
The iPhone maker has made its appeal to the Investigatory Powers Tribunal, an independent judicial body that examines complaints against the UK security services, according to people familiar with the matter.
The Silicon Valley company’s legal challenge is believed to be the first time that provisions in the 2016 Investigatory Powers Act allowing UK authorities to break encryption have been tested before the court. The Investigatory Powers Tribunal will consider whether the UK’s notice to Apple was lawful and, if not, could order it to be quashed.
The case could be heard as soon as this month, although it is unclear whether there will be any public disclosure of the hearing. The government is likely to argue the case should be restricted on national security grounds.
Apple received a “technical capability notice” under the act in January. The order, which the company is prevented from discussing publicly, targeted an optional extra layer of encryption that protects its iCloud system, Advanced Data Protection.
Apple has been working to fend off the UK’s threat of a technical capability notice since soon after it introduced iCloud ADP in December 2022.
The iPhone maker launched its legal complaint appealing against the order last month at about the same time as it withdrew its most secure online back-up service from the UK, rather than comply with the TCN.
Despite Apple pulling the service, the British government still believes the Big Tech company has failed to comply with its order, which can also be used to access the data of individuals outside the UK.
The UK’s move has brought condemnation from US President Donald Trump and his newly appointed intelligence chief, who are pressuring the British government to back down.
Trump compared the UK’s demand to Chinese surveillance, while Tulsi Gabbard, US director of national intelligence, said tapping Americans’ data would be an “egregious violation” of privacy that risked breaching the two countries’ data agreement.
The British government believes that breaking through the shield of encryption of systems, including messaging and back-ups, is vital to protecting the public from terrorist threats and investigating child sexual abuse.
For years, officials in the UK, US and Europe have been pressing tech companies, including Apple and Meta, which owns Facebook and WhatsApp, to find ways around their encryption systems.
However, many cyber security experts argue wider use of encryption is necessary to protect users from fraud, identity theft and other online attacks, which have dramatically risen in volume over recent years.
A Home Office spokesperson said: “We do not comment on operational matters, including for example confirming or denying the existence of any such notices. But more broadly, the UK has a long-standing position of protecting our citizens from the very worst crimes, such as child sex abuse and terrorism, at the same time as protecting people’s privacy.”
When asked about the case in the House of Commons last month, UK security minister Dan Jarvis said: “The suggestion that privacy and security are at odds is not correct; we can and must have both. The Investigatory Powers Act contains robust safeguards and independent oversight to protect privacy and ensure that data is obtained only on an exceptional basis, and only when it is necessary and proportionate to do so.”
Apple declined to comment on any legal complaint but pointed to its statement last month, when it announced it could “no longer offer” iCloud ADP in the UK: “As we have said many times before, we have never built a back door or master key to any of our products or services and we never will.”
The request for a back door to user data would enable law enforcement and security services — after obtaining a warrant that was approved by a judge — to tap iPhone back-ups and other cloud data that is otherwise inaccessible, even to Apple itself.
Doubts have been cast on the effectiveness of the TCN system within the wider British security community.
One former senior security official said the system was “not well tested and probably unworkable”, adding: “You’re not to get away with issuing an order in secret. If you’re imposing an order on a company the size of Apple, it’s going to leak.”
