Read the UK government refusing to tell us if it has broken Apple’s encryption
I’m so disappointed at the UK government’s cavalier attitude to UK privacy.
It is an attitude that leaves people both ignorant and unsafe as none of us now know if there’s a hugely unsafe backdoor into our digital devices.
This is a continuation of the ongoing battle over end to end encryption in Apple devices, a battle which forced Apple to stop offering Advanced Data Protection in the UK. It’s reasonable to assume other big tech firms faced similar demands but are unable to tell us so.
The problem is, that while we don’t have any idea, you can bet that foreign intelligence services have already figured it out. That is, after all, what they do.
Which means the UK may now have become an open book to surveillance, crime, and online larceny. But the government, while cos-playing at “keeping us safe”, is refusing to let us know how to protect ourselves. It’s a classic combination of authoritarian overreach and infantilisation.
I think it’s wrong.
There was a debate about the UK effort to break Apple encryption in the UK House of Lords recently. As reported in Hansard, Liberal Peer and chair of Big Brother Watch, Paul Strasburger, pressed the government to come clean about its plans to make Apple devices less safe in the UK.
The debate took place just days after Apple’s top secret people met a top secret UK judge in a top secret UK courtroom to discuss the legitimacy of a government demand for backdoor access to encrypted user data. There was no scrutiny, no mandate, and no transparency on this matter.
As per usual, the government responded to the debate by saying these rules were only intended to catch “really bad” criminals, but that’s utter nonsense, as the actual truth is that once you insert a government-mandated backdoor into digital products then every other government will begin looking for the key to use that door.
They will probably find it. They have the resources to do so.
Not only that, but given that not every government on the planet can be seen as benign, it’s only a matter of time until that backdoor, developed allegedly for your security, becomes a national security problem in its own right. Once these weaknesses are found, they will be exploited and they will leak.
It also means every other country on the planet may now feel justified to demand similar access, leaving operating systems and devices so packed with holes that nothing and no one will be safe.
But, hey, don’t expect our current crop of politicians to get their heads around that fact.
They don’t even seem to want to try to understand it – and certainly don’t want to protect it.
“Strong encryption is essential to protect our data and our commerce from attack by organised crime and rogue states,” Strasburger warned. “Any weakness inserted into encryption for the benefit of the authorities is also available to those who would do us harm – yet that is precisely what the government are demanding from Apple.”
Equipped with a tin ear, the government, however, is hiding its decision behind a cloak of operational security, and the continued pretence that the UK is mindful about protecting privacy.
The proposals are being challenged by privacy advocates, civil liberties campaigners, and media companies including Associated Newspapers Ltd, the British Broadcasting Corporation, Computer Weekly, Financial Times Group, Guardian News & Media, News Group Newspapers, Reuters News and Media, Sky News, Telegraph Media Group and Times Media.
We do not know what happened in court on March 14 when Apple made its arguments to a UK judge.
We don’t know what decision has been made.
We will not now know what happened until the utterly predictable security problems manifest themselves.
By then, it will be too late, and digital business and productivity in the UK will be forever broken.
Here’s the debate in full.
Apple: Advanced Data Protection Service
Question
Asked by
Lord Strasburger
To ask His Majesty’s Government what assessment they have made of the impact on the privacy of Apple customers of the company’s decision to withdraw their advanced data protection service in the United Kingdom.
Lord Strasburger (LD)
I beg leave to ask the Question standing in my name on the Order Paper and I draw the House’s attention to the fact that I am chair of Big Brother Watch.
The Minister of State, Home Office (Lord Hanson of Flint) (Lab)
This Government take privacy very seriously. We have a long-standing position of protecting privacy while ensuring that action can be taken against child sexual abusers and terrorists. I cannot comment on operational matters today, including neither confirming nor denying the existence of any notices. This has been the long-standing position of successive UK Governments for reasons of national security.
Lord Strasburger (LD)
Once again, the Home Office has demonstrated its disdain for the privacy and digital security of British citizens and companies. Strong encryption is essential to protect our data and our commerce from attack by organised crime and rogue states. Any weakness inserted into encryption for the benefit of the authorities is also available to those who would do us harm—yet that is precisely what the Government are demanding from Apple. Can the Minister please explain why the Home Office wants to make Apple’s British customers the most at risk in the world of being hacked?
Lord Hanson of Flint (Lab)
I know the noble Lord has long had an interest in these matters, because we served together some nine or 10 years ago on the Investigatory Powers Act. But he has to understand that, today, I cannot comment on operational matters relating to any issue, including neither confirming nor denying the existence of any notices. That is standard government procedure, and I cannot comment upon it. I know that I will, I am afraid, disappoint the noble Lord, but that is the answer I have to give him.
Lord Moylan (Con)
The fact that Apple has withdrawn this level of encryption from the UK is in the public domain, even if the noble Lord does not wish to comment on whether a notice has been issued. Can he comment on the fact that, for whatever reason, Apple has withdrawn that level of encryption from the UK? It is reported in the United States newspapers that it is because of a technical capability notice issued by the United Kingdom Government. Has this come up, in any sense, in discussions His Majesty’s Government have had with the United States Government in relation to both trade arrangements that might exist between us in the immediate future and our ambition to be an AI superpower in the near future?
Lord Hanson of Flint (Lab)
The noble Lord raises issues that I know he has an interest in. Decisions made by Apple are a matter for Apple, and the removal of any features is a matter for Apple. Again, for reasons of national security I cannot confirm or deny any conversations that we have had or any issues that are undertaken.
Lord Harris of Haringey (Lab)
My Lords, I understand that my noble friend cannot comment, obviously, on any notice issued to Apple in this regard, but what he could, I am sure, comment on is the nature of the assessment made by His Majesty’s Government of whether or not such a notice might be issued. Can he confirm that the consideration will include a trade-off between the general weakening of security and the position of confidentiality, against the gains that will be obtained by the security services in any opportunity to de-encrypt materials? In so doing, can he comment on whether or not such an assessment also looks at what other capabilities the security services may have in respect of individuals on whom they wish to obtain information?
Lord Hanson of Flint (Lab)
My noble friend makes interesting points. The Government take privacy very seriously and have a strong reputation internationally for protecting human rights. Access to data can happen only under specific circumstances and with strict safeguards, and it is taken, when it can be taken, against child sexual abusers or terrorists. I come back to the point that I cannot comment on the operational issues relating to points made in this House today, including neither confirming nor denying the existence of any notices, and that is the position that I will have to advise the House of during the course of this Question.
Baroness Fox of Buckley (Non-Afl)
I understand the Government’s concern with their own privacy and secrecy, less so that of family group chats and journalists’ WhatsApp messages. To avoid that, does the Minister acknowledge that it is not possible for Apple to open doors to all its customers’ data and ensure that only the police and intelligence services walk through, when it is obvious that criminals, foreign adversaries and others would exploit that weakness? Also, at a time when the Government are seeking to establish the UK as a leading hub for innovation and technology, does the Minister agree that it would be baffling if the Home Office were to squander that advantage by trying to bully tech companies into undermining their users’ privacy, security, civil liberties and free speech?
Lord Hanson of Flint (Lab)
The Investigatory Powers Act, on which I served during its legislative passage with the noble Lord, Lord Strasburger, contains robust safeguards. It contains independent oversight to protect privacy and ensure that data is obtained only on an exceptional basis and only when necessary and proportionate to do so. That is the only answer I can give the noble Baroness today. I cannot comment on the operational issues or on the case she has mentioned in relation to Apple. I cannot confirm or deny any notices, and I have to stick to that position today for the House and for national security issues.
Lord Davies of Gower (Con)
I acknowledge that the Home Office has already said, as has been endorsed today by the Minister, that it does not comment on operational matters, but it has been widely reported that this decision by Apple was taken in response to a government demand to view users’ encrypted data both in the UK and abroad. Of course it is right that the Government act to keep people safe, but they must do so while respecting people’s privacy. Can the Minister comment on how the Government intend to engage with Apple and other tech companies going forward to make sure that future discussions on security do not result in another unproductive breakdown of relations?
Lord Hanson of Flint (Lab)
The Government take privacy extremely seriously. We have a strong international reputation for privacy, and we continue to work with companies to ensure that privacy is respected, but I cannot comment on the issue the noble Lord has mentioned concerning any ongoing issues or operational matters. I cannot confirm or deny any notices, and I will, I am afraid, have to repeat that again for the House today.
Lord Carlile of Berriew (CB)
On a non-operational matter, can the Minister confirm that all decisions of the kind that have been mentioned will routinely be referred to the Investigatory Powers Tribunal so that it can decide whether government decisions were proportionate or disproportionate?
Lord Hanson of Flint (Lab)
All proceedings will be referred to the Investigatory Powers Tribunal, and the decision whether to hold the discussion in public or private is for the tribunal. Those matters will be examined and any judgments on any issue at any time will be made by the tribunal. I hope that is a non-controversial matter for the noble Lord.
Lord West of Spithead (Lab)
Does my noble friend the Minister agree that while encryption gives great security, if you add a journalist to the distribution list you lose that security?
Lord Hanson of Flint (Lab)
I can only say that to my knowledge, that is a matter for another nation and not this one, and not this Home Office.
Lord Clement-Jones (LD)
My Lords, further on a non-operational matter, are the Government always clear that their actions conform to the judgment of Podchasov v Russia by the European Court of Human Rights last February? It held that weakening end-to-end encryption or creating back doors could not be justified. Therefore, the Government could be in breach of Article 8 of the European Convention on Human Rights, which guarantees the right to privacy. Are the Government happy to be in the same boat as Russia as regards individual rights and encryption?
Lord Hanson of Flint (Lab)
The noble Lord will know that Russia and this UK Government are so far apart that there is no correlation between the two under any circumstances. In fact, we will also once again publicly condemn the illegal invasion of Ukraine by Russia. That is how far apart we are on these matters.
Access to data happens only under specific circumstances and with strict safeguards, so that robust action can be taken against child sex abusers and terrorists. That is the position of the Government. If any data is accessed, it is accessed by the Investigatory Powers Act for the tribunal, and under strict regulation, for the purposes of stopping bad people doing bad things.
My take? The government is following an incredibly simplistic analysis which will deliver more problems than it will solve.
You can follow me on social media! Join me on BlueSky, LinkedIn, and Mastodon.
