The Home Office and Apple have been waging a legal battle that is jeopardising the privacy and security of thousands of law-abiding British citizens and residents. How long this battle has been going on, which employees are involved, and what specific technology is at issue are all secret thanks to the Investigatory Powers Act (IPA). What we do know, thanks to leaks to journalists, is that the Home Office is determined to undermine end-to-end encryption (E2EE). This should concern everyone who cares about civil liberties, the state of the British economy and the UK’s international reputation.

E2EE ensures that only the sender and intended recipients of messages can access those messages. If you send someone a message on WhatsApp, Signal or other service that enables E2EE, only you and the other person can read the message. If police were to demand that WhatsApp or Signal produce the content of a message, they would be unable to do so. This is a level of privacy and security that many other messaging services do not provide. While many popular email services have envelopes as their app logos, the reality is that, for most people, their emails are similar to postcards, ready for a police force or intelligence agency to read provided they have the required court order or warrant.

E2EE protects people all over the world from criminals, authoritarian governments and abusive family members. It protects dissidents, human-rights campaigners and journalists, as well as their sources. It keeps financial transactions secure and family group-chats private. But for intelligence agencies, ever eager to lay our private lives bare, the existence of private communication is unacceptable. One way for the government to access such information is for the home secretary to use powers outlined in the IPA and to issue a Technical Capability Notice (TCN) to a company that requires the company to take steps to make content available. When it comes to E2EE content, a TCN would require the company providing E2EE to break this encryption, allowing the government to force their way in through a backdoor and into our private data.

Once E2EE is broken, there is no way to effectively limit who can access the previously protected content. It is not possible for Apple to open doors to its customers’ data and ensure that only the police or intelligence agencies will walk through. Criminals and foreign adversaries will exploit any weakness Apple makes to its encryption.

Despite these risks, the Home Office seems intent on mandating that Apple create this backdoor. Apple, which has repeatedly stated it would never undermine its customers’ E2EE, chose to withdraw its Advanced Data Protection provision last month, removing an E2EE option for its iCloud users in the UK. Sadly, reports suggest that despite Apple making this decision, the Home Office reportedly believes that the technology giant has not complied with its order.

It should not come as a surprise that US lawmakers have noticed how one of America’s allies is treating one of its most famous companies. Last month, a Democratic senator and a Republican member of Congress wrote to the director of national intelligence, Tulsi Gabbard, calling the Home Office’s order ‘effectively a foreign cyberattack waged through political means’. Gabbard responded, saying that the Home Office’s order represented a ‘clear and egregious violation of Americans’ privacy and civil liberties, and open up a serious vulnerability for cyber exploitation by adversarial actors’.

Only weeks later, a larger group of American lawmakers wrote to the tribunal considering Apple’s appeal, noting that the Home Office’s actions infringe on the free-speech rights of American companies. The latest letter went on to claim that Peter Mandelson, the UK ambassador to the US, has declined to answer questions about the ongoing controversy asked by Senator Ron Wyden. It is embarrassing for the Home Office to have prompted such a regrettable and unnecessary chapter in the history of the UK and its most powerful ally.

The Home Office’s actions are particularly baffling at a time when the government is seeking to establish the UK as one of the world’s best hubs for innovation and technology. The UK does enjoy a number of enviable comparative advantages when it comes to technology, such as elite academic institutions, one of the world’s most respected financial sectors, and robust rule-of-law protections. Yet the government is squandering these advantages by asking technology companies to undermine their users’ privacy and security.

While police forces and intelligence agencies may be frustrated by E2EE, the government’s response should not be to use secret methods to compromise the privacy and security of potentially millions of people. Rather than infringe on our civil liberties, undermine the UK’s foreign relations and make the UK less attractive to the technology industry, the government should look to investigatory methods and practices that bring serious criminals to justice without making law-abiding people less safe.

All of this is now playing out in the shadowy Investigatory Powers Tribunal, which oversees cases against the intelligence agencies in private. We have been calling for this process to be opened up – and, most critically, for the Home Office to rescind its draconian order to Apple.

For those who want to support free speech and privacy from the threats posed by state and corporate overreach, Big Brother Watch is working to investigate and challenge these practices. Find out more on our website, or become a monthly supporter.

Matthew Feeney is advocacy manager at Big Brother Watch.

Share