UK ‘agrees to drop’ demand over Apple iCloud encryption, US intelligence head claims

The United Kingdom is backing down from a controversial legal demand targeting Apple, U.S. Director of National Intelligence Tulsi Gabbard claimed on Tuesday.

In a post on social media, Gabbard said the U.K. “has agreed to drop its mandate for Apple to provide a ‘back door’ that would have enabled access to the protected encrypted data of American citizens and encroached on our civil liberties.”

In February, it came to light that the British government had ordered Apple to provide it with access to encrypted iCloud accounts. Officials in Westminster have refused to either confirm or deny whether they issued such an order.

Although the legal demand, formally known as a Technical Capability Notice (TCN), has been characterised as a “back door” by its opponents, the British government has historically disputed such a characterisation. It stressed on Tuesday that under existing legal arrangements, British law enforcement is not allowed to target U.S. citizens anywhere in the world or any persons located inside the U.S. itself.

As described, the notice does not create the capability for the authorities to surreptitiously access the content of iCloud accounts — as the phrase “back door” suggests — but would simply force Apple to maintain the ability to respond to legal warrants seeking that content.

Apple had made this impossible for some iCloud accounts when, in 2023, it introduced a feature called Advanced Data Protection which encrypted cloud backups so they were only viewable on the Apple users’ devices

In the wake of the reported legal order, Apple turned off the option for its British users to protect their iCloud accounts with this feature — effectively an act of compliance with the legal notice. Apple did not immediately respond to a request to explain whether it intended to turn ADP back on for British users.

Apple has since attempted to challenge the British government over the demand at the Investigatory Powers Tribunal, the only court in the country that can hear certain national security cases. The company's case is being supported by claims from British civil society groups including Privacy International, which told Recorded Future News it hadn't received any update on its ongoing legal challenge.  

In a statement on Tuesday, a British government spokesperson said: “We have long had joint security and intelligence arrangements with the US to tackle the most serious threats such as terrorism and child sexual abuse, including the role played by fast-moving technology in enabling those threats.

“Those arrangements have long contained safeguards to protect privacy and sovereignty: for example the Data Access Agreement includes critical safeguards to prevent the UK and US from targeting the data of each other's citizens,” they added.

“We will continue to build on those arrangements and we will also continue to maintain a strong security framework to ensure that we can continue to pursue terrorists and serious criminals operating in the UK,” the spokesperson said. “We will always take all actions necessary at the domestic level to keep UK citizens safe.”