Director of National Intelligence Tulsi Gabbard Suggests UK Broke Agreement in Secretly Demanding That Apple Build iCloud Backdoor

Zac Hall, reporting for 9to5Mac:

According to a letter seen by 9to5Mac, the Trump Administration is investigating whether the UK may have broken a bilateral agreement when secretly demanding that Apple build a global backdoor into iCloud.

Trump’s Director of National Intelligence Tulsi Gabbard wrote in a letter responding to Senator Ron Wyden of Oregon and Representative Andy Biggs of Arizona that she was not made aware of the UK’s secret demand by her UK counterparts. However, she suggested, the UK government may have broken a bilateral privacy and surveillance agreement in making the demand.

Gabbard’s letter is available here (and I’m hosting a copy). From her letter:

Thank you for your letter dated 13 February 2025 concerning reported actions by the United Kingdom toward Apple that could undermine Americans’ privacy and civil liberties at risk. I am aware of the press reporting that the UK Home Secretary served Apple with a secret order directing the company to create a “back door” capability in its iCloud encryption to facilitate UK government access to any Apple iCloud users’ uploaded data anywhere in the world. I share your grave concern about the serious implications of the United Kingdom, or any foreign country, requiring Apple or any company to create a “backdoor” that would allow access to Americans personal encrypted data. This would be a clear and egregious violation of Americans’ privacy and civil liberties, and open up a serious vulnerability for cyber exploitation by adversarial actors.

I was not made aware of this reported order, either by the United Kingdom government or Apple, prior to it being reported in the media. I have requested my counterparts at CIA, DIA, DHS, FBI and NSA to provide insights regarding the publicly reported actions, and will subsequently engage with UK government officials. The UK’s Investigatory Powers Act of 2016, also known as the Snoopers’ Charter, which I understand would be at issue, allows the UK to issue a “gag order,” which would prevent Apple or any company from voicing their concerns with myself, or the public. [...]

My lawyers are working to provide a legal opinion on the implications of the reported UK demands against Apple on the bilateral Cloud Act agreement. Upon initial review of the U.S. and U.K. bilateral CLOUD Act Agreement, the United Kingdom may not issue demands for data of U.S. citizens, nationals, or lawful permanent residents (“U.S. persons”), nor is it authorized to demand the data of persons located inside the United States. The same is true for the United States — it may not use the CLOUD Act agreement to demand data of any person located in the United Kingdom.

I’m so pleased by Gabbard’s response here, including making it public, that I’m gladly willing to overlook her “back door”/”backdoor” and “UK”/”U.K.” inconsistencies. (DF style is now to close it up: backdoor.)

Short of the UK backing down and retracting its secret demand for an iCloud backdoor from Apple, this is the best that Apple and privacy advocates could hope for. The gag-order aspect of the UK’s Investigatory Powers Act prevented Apple from even fighting it in court. But a US ruling that would hold it illegal for Apple to comply would put Apple in an impossible situation, where they can’t comply with a UK legal demand without violating the law of the home country. That would actually give Apple the ground to fight this in the UK.

It is not coincidental that UK Prime Minister Keir Starmer is set to visit the White House tomorrow. This is a message in advance that the US considers all aspects of this demand on Apple unacceptable.

Wednesday, 26 February 2025