Swagata Bhowmick, 17 February 2025.
The UK government has asked Apple to create a backdoor to access customer data stored in their iCloud service. This has sparked concerns about privacy and security.
In January 2025, the UK Home Office sent Apple a legal request under the Investigatory Powers Act 2016 (IPA), which gives the government power to access people’s messages, photos, and other personal data for security reasons. Apple received a technical capacity notice, one of three types of notices under the IPA. The purpose of this notice is to acquire government assistance, requiring Apple to create a way for the government to access user data.
Government Rationale
Apple has a feature called Advanced Data Protection (ADP), which locks user data so that only the user can access it, even Apple cannot see it.
The UK government’s issued notice forces Apple to build a way into this private system. Arguing that this will make it easier to catch criminals, especially terrorists and child abusers because otherwise, the encryption allows their messages to stay private.
Legality Analysis
According to Article 5(1) of the UK General Data Protection Regulation (GDPR), personal data must be processed in a lawful, fair, and transparent manner. This ensures that individuals' rights are protected and that data controllers( the body that determines the purpose of the data, like the government in this situation) handle personal information responsibly.
Article 4(9) states that personal data received must be necessary to carry out inquiries in the general interest. The Information Commissioner’s Office (ICO) clarifies that the government must ensure that the consent is freely given and not from undue pressure.
The Recital 43 of the Act acknowledges the imbalances in obtaining consent freely by a controller. Hence allowing the authorities to explore alternative lawful basis for data processing. However, Article 6 states that the controller may process personal data without consent for the public interest.
Apple’s stance
Apple is a brand built around privacy, advocating it as a “fundamental human right’. People use Apple because they believe their data is safe. If they build this backdoor, not only will they lose consumer trust, but they will also depart from their principles.
In 2024, when the UK wanted to change its laws on the subject of data privacy, Apple said it would rather remove important security features from its products in the UK rather than build a secret way for the government to access people’s private data.
Implications of a Backdoor
If Apple is compelled to create a backdoor for encrypted data in the UK, it could allow UK authorities to access users' private data globally, raising significant security concerns for other governments.
This could jeopardise the agreement of free flow of personal data between the UK and the USA, if the UK is perceived as undermining privacy protections, resulting in an ‘unmitigated disaster’ for American privacy. However, refusal to comply with the government could result in the banning of the company permanently from operating in the UK.
It is important to note that, apart from the UK, no other major democracy has introduced such legislation granting the government such broad access to encrypted user data. This could make the UK a less attractive place for tech companies that prioritise user privacy in the future.
Bibliography:
• Little Law. "The Government Wants to Read Your Texts: Apple’s Fighting Back." Little Law. Available at: https://littlelaw.co.uk/p/the-government-wants-to-read-your-texts-apple-s-fighting-back
• Sirovica, Dmitrije, and Heather McKay. UK GDPR and DPA 2018: Implications for the Public Sector. Browne Jacobson LLP and Practical Law Data Protection, 2018. Available at: https://www.brownejacobson.com
Comments