Last year, we published a report on global encryption policy, making the joke that it’s like the movie Groundhog Day: the same conversations, debates, and bad ideas just keep coming up. Well, it’s February, and we have another one. This year, it’s a doozy: it’s not just the ideas in play — it’s much closer to actually impacting the data security of a broad swath of people around the world.
On Friday, the Washington Post reported that the UK government had secretly ordered Apple to create a backdoor enabling them to access all encrypted iCloud data worldwide. The unprecedented demand, issued under the UK's Investigatory Powers Act (2016), requires Apple to provide blanket access rather than just assistance in specific cases.
Apple cannot comment on the order, but there is speculation that they could stop offering strong encryption in the UK, which would not satisfy the order, or even withdraw from the market entirely rather than compromise the security of the 2.35 billion iOS and 100 million MacOS devices around the world.
Our report from a year ago, Reframing the Conversation: A Deep Dive into the Encryption Debate, discusses exactly why this would put security, privacy, communications, free speech, and financial transactions in danger. Not to mention the gigabytes of cat videos stored on iCloud! Granting such access would set a dangerous precedent, undermining security globally and opening the door for authoritarian regimes to demand similar access. If Apple has to comply, other countries will be quick to demand equal access, forcing the company to choose between global compliance or withdrawing encrypted storage and services entirely.
While we acknowledge law enforcement’s concerns that encryption can hinder criminal investigations, we also know that it also protects everyone from criminals. Just last December, traditional proponents of encryption backdoors seem to have changed their mind, highlighting massive hacks by suspected Chinese government agents, who breached the biggest communications companies and listened in on calls at will. In a joint December press briefing on the case with FBI leaders, a Department of Homeland Security official urged Americans not to rely on standard phone service for privacy and to use encrypted services when possible. Law enforcement from Canada, New Zealand, Australia, and others agreed. The UK is the odd man out among their closest allies.
We call on stakeholders - Apple, the UK government, privacy and security advocates - to oppose this order, and to all for smarter solutions for law enforcement challenges. There are practical, incremental approaches that can help law enforcement catch online criminals. I hope that by next Groundhogs Day, the UK and global discussion has chosen another path and protected my (and your) online data and communications.
Read Next
Digi Americas Alliance, Duke University and Recorded Future Release “LATAM Financial Sector Threat Landscape 2025” Report
The Digi Americas Alliance released the report, “LATAM Financial Sector Threat Landscape 2025: Evaluating Actor Targeting and Defense Strategies for Latin American Financial Sector Institutions.”
Decrypt the Grid
Challenge yourself with this puzzle designed to test and expand your knowledge of cybersecurity concepts, trends, and terminology.
DNS Security in Focus: RSA Conference 2025
The Center hosted a roundtable to exam how protective DNS, DNSSEC, and encrypted transports can be scaled across government and industry, aligning with different cybersecurity frameworks.