App Industry Presses US to Block UK Order Seeking Access to Apple's Encrypted Data

The group cited a September report that the U.K. Home Office allegedly served Apple with a second technical capability notice (TPN). The office's earlier attempt to compel Apple to weaken its encrypted advanced data protection feature was withdrawn following significant backlash from tech companies, privacy advocates, U.S. lawmakers and the Trump administration, ACT noted (see Ref:2508190013]).

The latest TPN has a narrower scope that applies only to U.K. users, but "even this limited backdoor poses the same fundamental threat to encryption and U.S. consumers' privacy and security," ACT said.

The order was apparently issued to ease U.S. policymakers' concerns, ACT said. But even with the change, the TCN endangers worldwide encryption, which operates across integrated, borderless systems, so weakening it for users anywhere affects users everywhere.

With the TCN's details still undisclosed, it's unclear whether it applies to users physically in the U.K., British citizens abroad or both, ACT said. It urged U.S. officials to expand investment in encryption R&D to ensure that emerging technologies don't expose systems to new vulnerabilities.

Policymakers should avoid mandating vulnerabilities or lawful access backdoors in encrypted systems, ACT argued. Additionally, the U.S. should "articulate encryption as critical infrastructure for democracy, cybersecurity, and economic competitiveness in international agreements." At a minimum, ACT said, U.S. negotiators should invoke the Clarifying Lawful Overseas Use of Data (Cloud) Act to ensure that any order issued under the TCN can't be expedited under that law's procedures but would have to use the more onerous mutual legal assistance treaty.