Apple has withdrawn one of its encryption services from UK customers
slandstock / Alamy
A former cyber security chief has called the UK government “naive” for demanding that Apple add a backdoor to its software – allowing the UK’s intelligence agencies to snoop on customers’ data – and expecting the request to remain secret.
Ciaran Martin was head of cyber security at the UK’s Government Communications Headquarters (GCHQ) and served as the first chief executive of the National Cyber Security Centre (NCSC) before joining the University of Oxford in 2020. He spoke to New Scientist about reports that the UK government has made an unprecedented demand for Apple to grant it access to data stored by any customer, anywhere in the world, even if it is encrypted.
Such orders, made under the Investigatory Powers Act 2016, are intended to be made in secret, but Martin says it is no surprise that details seem to have leaked. “I just think the idea that this type of order against a company like Apple would work in secret was probably naive,” he says.
Neither the Home Office nor Apple has confirmed the existence of the request, as doing so would be illegal, and neither responded to a request for comment. But in February, Apple announced that it would no longer offer its Advanced Data Protection service, which is designed to securely encrypt cloud data, to new users in the UK. “As we have said many times before, we have never built a backdoor or master key to any of our products or services and we never will,” said Apple at the time. The firm is also reportedly challenging the UK order in a legal case that is likely to be heard in secret.
Martin says it isn’t unusual for governments and industry to clash over security issues, but that “most major problems, however intractable, are susceptible to some form of compromise”. He says that several times during his intelligence agency career, he requested technology firms remove features that were being used by malicious actors to harm national security or in criminal enterprise. He declined to give specifics but said these were often small, specialist tech providers.
“They would have a new app or something, and it would become a favourite of criminals because of a particular feature, and you just say ‘look, no, you can’t do this’,” says Martin. “They’re little bits of technology that are a bit niche, and they’re used widely – they’re misused more than they’re used – and you just say ‘like, come on’, right?”
At the end of the day, he says, governments must accept that uncrackable encryption is here to stay. “That ship has sailed,” says Martin. “I think, ultimately, governments are gonna have to come to terms with this. And I suspect in the long term that trying to compel the global titans of the [US] West Coast is not going to work.”
Topics:
