Intelligence agencies must explain what they do, says UK’s former cyber spy chief

MUNICH, Germany — Amid a growing scandal over the British government’s reported attempt to force Apple to provide the country’s authorities with access to encrypted iCloud accounts, a former intelligence chief has called for more transparency from spy agencies.

Speaking at the Munich Cyber Security Conference on Thursday, Sir Jeremy Fleming — who headed the cyber and signals intelligence agency GCHQ from 2017 to 2023 — said he felt “really strongly” the agency’s “license to operate” had to be based on public understanding and trust.

Fleming’s comments came in the wake of The Washington Post reporting that senior politicians on the Senate Intelligence Committee were calling for the U.S. to limit intelligence sharing with the United Kingdom if the British legal notice was not retracted.

The Washington Post described the notice — which has not been made public — as creating a “back door allowing [British authorities] to retrieve all the content any Apple user worldwide has uploaded to the cloud,” although the British government has historically disputed the “back door” description. 

British legislation instead describes the legal power as one that would require Apple to maintain the capability to provide iCloud content in response to a legal warrant, as Apple could do before introducing end-to-end encryption for iCloud in December 2022. 

The U.K. stresses that such a lawful access mechanism is distinct from the kinds of covert unauthorized access traditionally described as “back doors” in which an attacker would secretly hack into Apple’s systems without the company’s knowledge.

Privacy groups have collectively disputed the British government’s description. Speaking on Thursday, Fleming said it was “incumbent on intelligence agencies” to “explain, not exactly how they do stuff, but what they do,” adding there was “a difference between what is allowed in law and what the intelligence agencies can do, with how they are operating, taking into account the latest generation of technologies or the context.”

Apple has not responded to requests for comment regarding the legal order. The British government continues to decline to respond to reportage about the notice, stating: “We do not comment on operational matters, including for example confirming or denying the existence of any such notices.”

Fleming said it was “often very hard for politicians, for oversight agencies, for the general public, to understand how things are being applied,” adding that he thought it was a conversation that politicians struggled with.

“There is little political capital to be had in a debate about how much agencies, or law enforcement, should intrude on privacy — and yet if you don’t have that conversation then the agencies are left feeling like they haven’t got the license to operate,” said Fleming, who spoke alongside former Swedish Prime Minister Carl Bildt and Dag Baehr, vice president of Germany’s Federal Intelligence Service. The panel was moderated by Recorded Future CEO Christopher Ahlberg — The Record is an editorially independent unit of the company.

“In the UK, that debate last happened following the Snowden disclosures… About every decade in my career we have another conversation about the license to operate, another debate about the balance between privacy and security. I have to say, the pace of that really has to increase,” stressed the former GCHQ director.

“It’s not good enough to have a debate every decade about this sort of stuff, because the way in which the agencies operate is changing. So I firmly believe that this conversation ought to be one that we have in much more depth, much more frequently.”

READ MORE: Munich Cyber Security Conference 2025 Live Updates