Human Rights Groups Challenge UK Government’s Order for Apple to Create Backdoor into Encrypted User Data

A pair of human rights groups, Liberty and Privacy International, are challenging the UK government’s highly intrusive order requiring Apple to create a backdoor into its encrypted user data, a move first reported by the Financial Times. The groups have filed a legal complaint with the Investigatory Powers Tribunal (IPT), which is set to hear Apple’s appeal on Friday.

The complaint asserts that Apple’s appeal to the order should be heard publicly. Furthermore, the challenge contends that the government’s action infringes upon customers’ rights to free expression and privacy by compelling the company to compromise its product security.

Quotes from Privacy International

"The UK’s use of a secret order to undermine security for people worldwide is unacceptable and disproportionate," Caroline Wilson Palow, legal director at Privacy International, stated to The FT. "People worldwide rely on end-to-end encryption to protect themselves from harassment and oppression. No country should have the power to undermine that protection for everyone."

Media and Advocacy Group Involvement

UK media outlets, including the BBC, Reuters, Financial Times, The Guardian, and others, have also filed complaints with the IPT, arguing for a public hearing. Similarly, advocacy organizations such as Big Brother Watch, Index on Censorship, and the Open Rights Group have echoed this demand.

The UK Order and Its Implications

The UK order mandates Apple to provide the government with unfettered access to private user data encrypted through its Advanced Data Protection (ADP) feature. Introduced in iOS 16.2 in 2022, ADP applies end-to-end encryption to iCloud data such as device backups, Messages content, notes, and photos, making it inaccessible even to Apple itself.

Apple’s Response and the Broader Impact

Apple has removed ADP in the UK in response to the order, prior to issuing its own legal challenge. However, the creation of such a backdoor would not only affect UK users but also expose the private data of anyone with an Apple account worldwide to unnecessary risks, including foreign spying, hackers, and adversarial countries.

The Leak and the Investigatory Powers Act 2016

The existence of the UK order came to light due to a leak last month. The order was issued under the Investigatory Powers Act 2016, which notably expanded the surveillance capabilities of British intelligence agencies and law enforcement, earning it the nickname "Snooper’s Charter". This legislation also prohibits Apple from discussing or publicly acknowledging the order’s existence and prevents the company from using its appeal to delay compliance. Apple has stated, "We have never built a back door or master key to any of our products or services, and we never will."