It has been reported that the UK government has dropped its demands to create a backdoor into Apple’s encryption. Below, experts at Converged and Acumen Cyber give their responses.
Andy McKay, CEO of Converged Communication Solutions, said:
“This proposal from the UK government received significant pushback because of its wider implications.
While the intention of the backdoor was to more easily track criminals and terrorists, it also damaged the privacy and security of all Apple users.
Backdoors can’t only be embedded into specific products, or localised for specific governments, such a move would have impacted Apple’s full suite, directly hitting all users while defacing the security of its products.
Furthermore, with an opportunity to gain access to data stored on all Apple devices, criminals would have worked determinedly to find the backdoor. Eventually they would have succeeded. Given that Apple devices are widely used by organisations and in highly sensitive government departments, criminals and nation-state actors could have been offered a goldmine of information.
While Apple no longer offers Advanced Encryption in the UK, which will significantly hurt users in the country, adding a backdoor would have had global consequences, which is a risk Apple and the US government were clearly not willing to take.
It is therefore positive, but not entirely surprising, that the UK has backed down with its demands.”
Nathan Webb, principal consultant, Acumen Cyber, said:
“This was one of the most controversial moves from the UK government that received significant backlash around the world.
This is not the first demand Apple had received to build a backdoor into encryption capabilities and was portrayed as protective measure to gain intelligence on criminals and terrorists.
Apple noted that the encryption technologies used meant even they themselves could not access user data encrypted with the Advanced Data Protection (ADP) feature. Campaigners and other governments said a backdoor in this feature would threaten security and privacy for all Apple users.
The theoretical consequences of Apple building a backdoor would have been global, likely resulting in increased targeting of UK Apple users and services. Instead, Apple refused to implement such a mechanism and removed the ability of enabling ADP for UK customers, meaning data from certain Apple services could no longer be end-to-end encrypted.
Given that nearly 50% of the UK utilise Apple mobile devices, and likely make use of an impacted Apple iCloud service (for example, Photos, Reminders and Notes), providing the UK government access to this data had the potential to result in a data breach on a scale the world has never experienced before.
Given the potential risks, and the UK government’s apparent prioritisation of cyber, it’s surprising such a request was made in the first place.
Fortunately, now that the government has backed down, the feature will hopefully be made re-available, so that UK users can benefit from the advanced protections of end-to-end encryption.”
For more cybersecurity news, click here
