UK blindsided US intelligence by asking for Apple backdoor, "a violation of American’s privacy and civil liberties"
The Director of National Intelligence is investigating the request
· TechRadarNews By Ellen Jennings-Trace published 27 February 2025
(Image credit: Shutterstock / Tero Vesalainen)
- The UK Government reportedly requested Apple build an encryption backdoor
- US Director of National Intelligence says she was not aware of the UK's request
- Move could violate a bilateral agreement between the US and UK
The Trump Administration is currently investigating whether the UK Government has broken a bilateral agreement between the UK and US by secretly demanding Apple build a backdoor into its Advanced Data Protection (ADP) encryption.
Apple has not confirmed whether the UK government did make this request, but under the 2016 Investigatory Powers Act, confirming such a request had been made would be illegal. Instead, Apple pulled ADP from products in the UK and reaffirmed its promise to ‘never build a backdoor’.
Crucially, the Investigatory Powers Act has extraterritorial powers, meaning that had Apple built the backdoor, British intelligence agencies and law enforcement could have accessed the encrypted data of Apple customers all over the world, including US users.
Clear and egregious
A letter sent by Director of National Intelligence Tulsi Gabbard, seen by 9to5Mac, calls the requested backdoor a ‘clear and egregious violation of American’s privacy and civil liberties’, with Gabbard sharing “grave concern” about the serious implications of any state backdoor access, affirming that this would “open up a serious vulnerability for cyber exploitation by adversarial actors”.
Although the UK Government has not confirmed nor denied it made the request, the US Government is now currently investigating whether this reported request violates the information sharing agreements between the two countries.
“My lawyers are working to provide a legal opinion on the implications of the reported UK demands against Apple on the bilateral Cloud Act agreement,” Gabbard noted.
“Upon initial review of the U.S. and U.K. bilateral CLOUD Act Agreement, the United Kingdom may not issue demands for data of U.S. citizens, nationals, or lawful permanent residents (“U.S. persons”), nor is it authorized to demand the data of persons located inside the United States.”
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors