US Intelligence Chief Opposes UK Order for Apple Encryption Backdoor

U.S. Director of National Intelligence Tulsi Gabbard has condemned a British order requiring Apple to break its encrypted storage worldwide as an "egregious" violation of American rights that could breach the CLOUD Act facilitating cross-border investigations. In a letter [PDF] to Senator Ron Wyden and Representative Andy Biggs, Gabbard revealed she has directed a legal review of the secret order, which she learned about through media reports.

"This would be a clear and egregious violation of Americans' privacy and civil liberties, and open up a serious vulnerability for cyber exploitation by adversarial actors," Gabbard wrote. The UK Home Office, under the Investigatory Powers Act, prohibited Apple from disclosing the order to Congress or U.S. regulators. The directive would have forced Apple to compromise its Advanced Data Protection encryption, enabling officials to access individual data. Apple refused compliance, instead withdrawing the secure storage option from UK customers while maintaining it elsewhere globally. Despite Apple's pullback, the UK demand for backdoor creation remains. Gabbard pledged to ensure UK actions protect American privacy rights "consistent with the CLOUD Act and other applicable laws."

Translation

[fahrbot-bot]

The U.S. already has a backdoor and they want to be the only one.

Re:

[GoTeam]

Why is it unreasonable to ask for proof? A definitive statement was made without proof. That makes it a baseless claim. Had the word "probably" been used, that would be acceptable. I believe the US probably does have a backdoor into the system, but I have no proof. That's why I used the word probably...

Re:

[nightflameauto]

Why is it unreasonable to ask for proof? A definitive statement was made without proof. That makes it a baseless claim. Had the word "probably" been used, that would be acceptable. I believe the US probably does have a backdoor into the system, but I have no proof. That's why I used the word probably...

I have my doubts for the simple fact that the US policing agencies throw massive public shit fits anytime they have the opportunity saying that Apple needs to give them access to their data for something they don't want to do any actual policework to figure out. Granted, I haven't heard one of these in a while, so I'll grant you there's a slim possibility they got that backdoor at some point over the last few years, but it wouldn't strike me as very high on the probability scale.

Re:

[GoTeam]

I have my doubts for the simple fact that the US policing agencies throw massive public shit fits anytime they have the opportunity saying that Apple needs to give them access to their data for something they don't want to do any actual policework to figure out. Granted, I haven't heard one of these in a while, so I'll grant you there's a slim possibility they got that backdoor at some point over the last few years, but it wouldn't strike me as very high on the probability scale.

I honestly hope you are correct. General distrust of the government always makes me think they do the whole "damn you Apple!" bit just to throw us off.

Re:

[Teckla]

I have my doubts for the simple fact that the US policing agencies throw massive public shit fits anytime they have the opportunity saying that Apple needs to give them access to their data for something they don't want to do any actual policework to figure out.

In the past, haven't intelligence agencies done exactly that to make the public think their data was secure from government eavesdropping, even though they weren't actually secure from government eavesdropping?

Re:

[nightflameauto]

I have my doubts for the simple fact that the US policing agencies throw massive public shit fits anytime they have the opportunity saying that Apple needs to give them access to their data for something they don't want to do any actual policework to figure out.

In the past, haven't intelligence agencies done exactly that to make the public think their data was secure from government eavesdropping, even though they weren't actually secure from government eavesdropping?

I'm not sure that's ever been proven to be true, but it certainly tickles the conspiracy theorist part of my brain with, "I could see that," energy.

Re:

[SvnLyrBrto]

If I had to venture a guess; it would be that the NSA does have a backdoor to *something* in the iPhone, be it a chip or algorithm or whatever. I would also venture that Apple did not willingly or knowingly put it there. Secretively backdooring things like that is their whole modus operandi, after all. And why involve outsiders who might develop a conscience when you can infiltrate your goons into the chip fab and add your malware in secrecy?

And to take it all the way, I would also guess that the reason

Re:

[Applehu Akbar]

Why is it unreasonable to ask for proof? A definitive statement was made without proof. That makes it a baseless claim

A claim is always valid, or at least 'not disproven' if it's against the US. It's the national equivalent of #BelieveAllWomen.

Re:

[fahrbot-bot]

Why is it unreasonable to ask for proof? A definitive statement was made without proof. That makes it a baseless claim.

Apparently, about 1/2 the people in the U.S. are just fine with baseless claims. Mine was a joke -- probably :-) -- many other peoples' aren't ... Maybe if I make about 100 more, I'll get offered a job, or Cabinet position, in the current Administration. :-)

Re:

[ewibble]

Only a half that seems quite low I was thinking it would be close to 100% as long as it supports your opinion. https://www.britannica.com/sci... [britannica.com]. Or did you just make up that 50% number?

Also the smarter you are the more likely you are to rationalize away ideas that don't conform to your beliefs https://lithub.com/why-smarter... [lithub.com]

For example people that 50% of population are fine with baseless claims just because they didn't vote against the person you really dislike, even though some of those people may have

Re:

[fahrbot-bot]

Apparently, about 1/2 the people in the U.S. are just fine with baseless claims.

Only a half that seems quite low I was thinking it would be close to 100% as long as it supports your opinion. https://www.britannica.com/sci [britannica.com]... [britannica.com]. Or did you just make up that 50% number?

Trump got about 49.8% of the popular vote in 2024 -- beating Harris by (only) about 1.5% btw. If you're following the news, it's readily apparent that Trump, and (President) Musk, are, and have been, kings of baseless claims. Sadly, wish *that* was a joke.

Re:Translation

[TechyImmigrant]

Prove it.

Look back to past back door behaviour (Dual EC DRBG for instance) - they attack the RNGs through standards first.

For the 140-2 era, look at the CRNGT
For the 140-3 era (I.E. Today) look the frankly odd and highly suspect SP800-90A DFs. The guy at NIST in pure political speech said "there were too many cooks making that broth" meaning the NSA were all over it.
For entropy extraction, look how the 90B non IID tests over-estimate the entropy when there is very low entropy from the source. Cross correlate that with the very low entropy claimed in Apples ESV submissions for the RNG in all their current products.
Watch as the government stood back and made no attempts to address the brain dead approach to entropy extraction and entropy estimation in the Linux kernel, following the well known principle of not trying to stop the enemy when they are making a mistake.

The back doors are there to be seen if you care to look. They go for the RNGs first, because if they can bork the RNG, the rest of the cryptosystem fails.

Re:

[thinelvis]

It's so cute how they pretend they don't know what's on all our phones already.

Re:

[gweihir]

Indeed. The US has zero moral standing in this debate.

Re:Translation

[93 Escort Wagon]

While I agree the US has been highly hypocritical in these sorts of discussions (through multiple administrations), I do appreciate Gabbard's position on this.

I'd also love it if someone in the same room followed up with "Well said, Ms. Gabbard. By the way, that statement is equally true with regard to the following multiple US activities..."

Re:

[Targon]

A broken clock is correct twice a day, or once outside of the USA. Tulsi is yet another of those, "If Trump likes someone, that person is incompetent" people.

Re:

[gweihir]

A broken clock is correct twice a day, or once outside of the USA. Tulsi is yet another of those, "If Trump likes someone, that person is incompetent" people.

To be fair, Trump also likes and even admires some complete assholes. For example, Putin is one of those. But "incompetent"? Putin? No. Come to think of it, Hitler and his helpers were also not "incompetent" either and Elon seems to like and admire them.

Re:

[gweihir]

Ah, yes. Moderators in denial of reality. Nice! Cretins like that are bound to make all the historically well documented and analyzed mistakes again. And again.

But you know what, assholes? When you try to claim this time "How could we have known?", it is not going to work. Because your guilt is blatantly obvious.

Re:

[SvnLyrBrto]

In Gabbard's case, it's more like "If Trump likes someone, that person is hateful and happy to stigmatize and attack his declared list of undesirables."

Gabbard established and built her political career on a foundation of hatred and discrimination against LGBT people and... aside from a fake "apology" during her run for president like Bloomberg spewed out for stop-and-frisk... she was unrelenting and unwavering about it right up to when she dropped the "NIO" from "DINO." And seeing as LGBT people are #2, a

Re:Translation

[DesScorp]

While I agree the US has been highly hypocritical in these sorts of discussions (through multiple administrations), I do appreciate Gabbard's position on this.

I'd also love it if someone in the same room followed up with "Well said, Ms. Gabbard. By the way, that statement is equally true with regard to the following multiple US activities..."

Gabbard has been a consistent critic on US spooks' domestic spying in the US, at least for spying on US citizens. When various Senators of both parties demanded that she brand Edward Snowden a traitor, she refused to do so. She was even a critic on Section 702 until, if you believe political gossip, she was basically told by Senators that she wouldn't be confirmed unless she endorsed it. Regardless of 702, she still maintains that the rest of FISA is overly broad and intrusive.

In her own words [cnn.com]:

“Section 702, unlike other FISA authorities, is crucial for gathering foreign intelligence on non-U.S. persons abroad. This unique capability cannot be replicated and must be safeguarded to protect our nation while ensuring the civil liberties of Americans,” Gabbard said in the statement to CNN.

“My prior concerns about FISA were based on insufficient protections for civil liberties, particularly regarding the FBI’s misuse of warrantless search powers on American citizens. Significant FISA reforms have been enacted since my time in Congress to address these issues. If confirmed as DNI, I will uphold Americans’ Fourth Amendment rights while maintaining vital national security tools like Section 702 to ensure the safety and freedom of the American people,” she added.

The national security state opposed her precisely because she wants to limit what they can do domestically.

Re:

[alvinrod]

While there isn't anything that can be done for our past transgressions, we can stop from repeating them going forward. One would assume that the current administration would be open to arguments that the government should not have these capabilities. One loses a lot of sympathy claiming to be the victim of government overreach and violations if upon gaining control of the government you leave that apparatus in place.

Gabbard herself seems like someone who would be willing to dismantle our domestic state

Re:

[fafalone]

This administration wouldn't shut up about how the government was unfairly weaponized for daring to even feign seriously pursuing Trump's numerous blatant and serious crimes and the very first thing they did was *actually* weaponize everything for political purposes.
Rank hypocrisy and an absurd amount of projection are defining characteristics of conservatives, so while their cult may believe them if they say they're enhancing civil liberties, they've already shit all over so many there's not even a snowb

Re:

[MachineShedFred]

Since when has that stopped the US on anything?

See: voting with Russia at the UN, against all of our allies.

Re:

[toxonix]

But Tulsi Gabtard doesn't even know that. She's just pissed that a foreigners are meddling in "american" businesses.

Re:

[jobslave]

Tulsi is just being a parrot and saying what she's been told to say.

Hahaha ⦠hypocrisy

[DodgyGeezer]

As if the US has never tried jurisdictional overreach, secret attempts to access data or force Apple to break their encryption.

Not Jurisdictional Overreach

[Roger W Moore]

As if the US has never tried jurisdictional overreach

What the UK is requiring is not jurisdictional overreach. It is requiring that Apple be able to decrypt its storage for people that are in the UK either visiting or living there and so subject to UK law. The fact that Apple says that it can only comply by giving them access to anyone in the world's encrypted storage is Apple's choice - largely based on what's cheap and expedient for them - not of overreach on the UK government's part. If the rights of US citizens, at least those not under UK jurisdistion,

Re:

[cmseagle]

The fact that Apple says that it can only comply by giving them access to anyone in the world's encrypted storage is Apple's choice - largely based on what's cheap and expedient for them - not of overreach on the UK government's part. If the rights of US citizens, at least those not under UK jurisdistion, are affected by this then they should look to Apple, not the UK government.

How would you propose you allow a backdoor for anyone who falls under UK jurisdiction, and no one else?

The "Advanced Data Protection" feature for iCloud backups allows a user to be solely in control of the keys to decrypt their backups. What does Apple do when an American with the feature enabled lands at Heathrow and immediately gets picked up by the police who now demand access?

Re:

[Roger W Moore]

How would you propose you allow a backdoor for anyone who falls under UK jurisdiction, and no one else?

Make two separate services. One with a backdoor accessible from the UK (and possibly everywhere else too) and one not accessible from the UK. Then give anyone on the secure service who tries to access it from the UK the option to move their data over to the insecure system if they want to access it while they are there.

Yes, that would be expensive to set up and operate and results in less security for people using the service in the UK but it would make it compliant with UK law. If you want a cheaper al

Re:

[cmseagle]

Then give anyone on the secure service who tries to access it from the UK the option to move their data over to the insecure system if they want to access it while they are there.

So when an iCloud user arrives in the UK, declines to decrypt their data, and then commits some act of terrorism, how does Apple comply with the government's request to provide access to the backups of someone who's indisputably under UK jurisdiction? They simply cannot.

Re:

[Roger W Moore]

how does Apple comply with the government's request to provide access to the backups of someone who's indisputably under UK jurisdiction?

It states that the user had no access to their data in the UK because it is stored entirely under $COUNTRY's rules of service and to access the data they will need to consult with $COUNTRY's government to access the data. It's the same thing that would happen if they had written their plans down on paper and left them back in their home country. Streaming companies do this all the time: when you cross a border the content you have access to can change in order to comply with whatever the local rules and li

Re:

[cmseagle]

The relevant law doesn't require a user to have agreed to UK-specific TOS, like you might see for a streaming service. Or at least that's the take of the BBC [bbc.com]:

And withdrawing the product from the UK might not be enough to ensure compliance - the Investigatory Powers Act applies worldwide to any tech firm with a UK market, even if they are not based there.

So, Apple can't have a business presence in the UK if it allows any of its global users to have full control of the encryption of their data. I call that "jurisdictional overreach", though we may disagree on the definition there.

Yeah right...

[robinsonne]

Her goal is to make sure that information-sharing stops between US & UK stops. As if American rights matter...

HYPOCRITES.

[Computershack]

May I remind Americans about Section 702 of FISA that doesn't even require a warrant?

Re:

[drinkypoo]

Sure, but this is just posturing theatrical bullshit given that the US and UK are both in five eyes and Apple is part of PRISM.

Fuck off you asked for this too

[thegarbz]

There's even a wikipedia entry about it. https://en.wikipedia.org/wiki/... [wikipedia.org]

The Five (Brown) Eyes.

[geekmux]

The Five Eyes Intelligence collective comprises of Australia, Canada, New Zealand, the United Kingdom, and the United States. It’s been in existence for over eighty years. How often has Five Eyes, been is all the backdoor they need? They need more power than that now?

Bad enough the Five Eyez Boyz loopholed around their own principles to spy on each other via outsourced private agencies that laundered that (Unconstitutional) dirty work very efficiently. Guessing they want access to automate and abu

Ha ha ha

[MeNeXT]

"This would be a clear and egregious violation of Americans' privacy and civil liberties,

Have you looked at what is going on in America? Privacy and civil liberties are just words with no meaning. The only way you can have privacy is if you abandon all technology and not own anything. LPR keeps tabs of your car. Bluetooth and WiFi keep track of your tech. Facial recognition and DNA databases. Everything is for sale and there is nothing you can legally do about it. Now we also have AI.

Please stop pretending.

The moral of this story

[nehumanuscrede]

is simple.

Do not put any of your data into the Apple Cloud.

Actually, it's easier than that.

Keep all your data local and / or off of devices you don't fully trust.
( Especially a smartphone )

Does it matter?

[presearch]

The US doesn't have laws anymore.
We just bend to the whims of the loudest psychopath at the moment.

Re:

[divide overflow]

The US doesn't have laws anymore.
We just bend to the whims of the loudest psychopath at the moment.

The US doesn't have laws anymore.
We just bend to the whims of the wealthiest psychopath at the moment.

Fixed that for you.

Dear Britain

[haunebu]

Dear United Kingdom,

The Constitution of the United States, Bill of Rights, and its Fourth Amendment - in particular - addressed this: FUCK OFF.

Lest we have to kick your asses in another Revolutionary War.

Signed,
America

Re:

[DancesWithWolves]

You do realize that your so-called "Constitution" doesn't apply in the UK, right?

Re:

[mjwx]

You do realize that your so-called "Constitution" doesn't apply in the UK, right?

The US constitution barely applies in the US.