Encryption Is Under Siege

• The UK government has ordered Apple to create a backdoor for accessing encrypted iCloud data
• The EU's Chat Control proposal and the EARN IT Act in the US aim to scan encrypted chats for illegal content
• The backdoor debate in cybersecurity centers on balancing alleged law enforcement needs with the risks of weakening encryption and potential misuse by malicious actors

The UK government has secretly ordered Apple to create a backdoor for accessing encrypted data stored in iCloud, demanding blanket access to user content worldwide. Issued under the Investigatory Powers Act, the order aims to allow UK security officials to view fully encrypted material, not just specific accounts.

Apple employs robust encryption and data protection measures to safeguard user data across its devices and services and is considering discontinuing its encrypted storage service in the UK to uphold global user security, as complying with the order could compromise all Apple users.

The Investigatory Powers Act of 2016 grants UK authorities extensive surveillance powers, including the interception of communications, equipment interference, and the acquisition and retention of communications data and bulk personal datasets. It establishes the Investigatory Powers Commissioner and other oversight bodies to ensure compliance with privacy protections. The Act also imposes duties on privacy and contains provisions for offenses and penalties related to unlawful interception and obtaining of communications data.

The move by the UK government to defeat encryption on people’s devices and communications broadly, and not targeted, is incredibly similar to the EU's Chat Control proposal. Chat Control aims to scan encrypted chats for illegal content, particularly Child Sexual Abuse Material (CSAM). Initially, the plan required all messaging platforms to perform indiscriminate scanning, but due to privacy concerns and public outcry, a new draft has been revised to make scanning optional.

Critics argue that even optional scanning weakens encryption and risks user privacy, while supporters believe it's necessary to combat illegal activities. The debate on the proposal continues as EU lawmakers seek a solution to enact it. 

In the US, the EARN IT Act of 2023 presents another major challenge to encryption. While framed as a measure to combat child sexual exploitation, the bill effectively pressures online platforms to weaken encryption by holding them liable for user content unless they comply with government-determined best practices. According to the Electronic Frontier Foundation, this could lead to platforms scanning private messages, undermining end-to-end encryption, and violating constitutional protections against warrantless searches. 

The ACLU has also criticized EARN IT, warning that it threatens free speech and disproportionately impacts marginalized communities. By stripping liability protections, the Act creates a chilling effect on privacy, forcing companies to either compromise user security or risk legal repercussions. Much like the UK's Investigatory Powers Act and the EU’s Chat Control proposal, the EARN IT Act signals a broader effort to erode encryption under the guise of security.

The backdoor debate in cybersecurity revolves around whether encryption backdoors should be implemented to aid law enforcement. Proponents argue that backdoors could provide valuable intelligence for investigating crimes and preventing terrorist attacks, while opponents contend they would weaken overall security and create opportunities for malicious actors to exploit.

The core issue is balancing privacy and security, with concerns about the potential misuse of backdoors by both criminals and government agencies. Last year, the UK’s National Crime Agency identified end-to-end encryption as a threat to national security – but the attack on private communications is not limited to Europe.

Privacy experts globally remain worried about the risks to user privacy and security that would come about due to these proposals. Recent actions by the US, UK, and EU governments and the ongoing cybersecurity debate highlight a concerning trend towards defeating encryption to gain access to private data.

The UK's requirement for Apple to create a backdoor under the Investigatory Powers Act, combined with the EU's Chat Control and the US EARN IT Act targeting encrypted chats underscore a broader effort to circumvent privacy protections. 

The creation of backdoors threatens the integrity of encryption, essential for protecting user rights. Privacy must be defended against overreach, ensuring that strong encryption remains a cornerstone of data protection. A failure to uphold these principles would lead to mass surveillance and the further erosion of liberty.

Independent journalism does not finance itself. If you enjoyed this article, please consider donating to our Geyser Fund.