FBI Warns iPhone, Android Users—We Want ‘Lawful Access’ To All Your Encrypted Data
https://lemmy.world/post/26018171
lemmy.worldFBI Warns iPhone, Android Users—We Want ‘Lawful Access’ To All Your Encrypted Data - Lemmy.WorldFBI Warns iPhone, Android Users—We Want ‘Lawful Access’ To All Your Encrypted
Data By Zak Doffman, Contributor. Zak Doffman writes about security,
surveillance and privacy. Feb 24, 2025 The furor after Apple removed full iCloud
security for U.K. users may feel a long way from American users this weekend.
But it’s not — far from it. What has just shocked the U.K. is exactly what the
FBI told me it also wants in the U.S. “Lawful access” to any encrypted user
data. The bureau’s quiet warning was confirmed just a few weeks ago. The U.K.
news cannot be seen in isolation and follows years of battling between big tech
and governments over warranted, legal access to encrypted messages and content
to fuel investigations into serious crimes such as terrorism and child abuse. As
I reported in 2020, “it is looking ever more likely that proponents of
end-to-end security, the likes of Facebook and Apple, will lose their campaign
to maintain user security as a priority.” It has taken five years, but here we
now are. The last few weeks may have seemed to signal a unique fork in the road
between the U.S. and its primary Five Eyes ally, the U.K. But it isn’t. In
December, the FBI and CISA warned Americans to stop sending texts and use
encrypted platforms instead. And now the U.K. has forced open iCloud to by
threatening to mandate a backdoor. But the devil’s in the detail — and we’re
fast approaching a dangerous pivot. While CISA — America’s cyber defense agency
— appears to advocate for fully secure messaging platforms, such as Signal, the
FBI’s view appears to be different. When December’s encryption warnings hit in
the wake of Salt Typhoon, the bureau told me while it wants to see encrypted
messaging, it wants that encryption to be “responsible.” What that means in
practice, the FBI said, is that while “law enforcement supports strong,
responsibly managed encryption, this encryption should be designed to protect
people’s privacy and also managed so U.S. tech companies can provide readable
content in response to a lawful court order.” That’s what has just happened in
the U.K. Apple’s iCloud remains encrypted, but Apple holds the keys and can
facilitate “readable content in response to a lawful court order.” There are
three primary providers of end-to-end encrypted messaging in the U.S. and U.K.
Apple, Google and Meta. The U.K. has just pushed Apple to compromise iMessage.
And it is more than likely that “secret” discussions are also ongoing with the
other two. It makes no sense to single out Apple, as that would simply push bad
actors to other platforms, which will happen anyway, as is obvious to any
security professional. In doing this, the U.K. has changed the art of the
possible, bringing new optionality to security agencies across the world. And it
has done this against the backdrop of that U.S. push for responsible encryption
and Europe’s push for “chat control.” The U.K has suddenly given America’s
security agencies a precedent to do the same. “The FBI and our partners often
can’t obtain digital evidence, which makes it even harder for us to stop the bad
guys,” warned former director Christopher Wray, in comments the bureau directed
me towards. “The reality is we have an entirely unfettered space that’s
completely beyond fully lawful access — a place where child predators,
terrorists, and spies can conceal their communications and operate with impunity
— and we’ve got to find a way to deal with that problem.” The U.K. has just
found that way. It was first, but unless a public backlash sees Apple’s move
reversed, it will not be last. In December, the FBI’s “responsible encryption”
caveat was lost in the noise of Salt Typhoon, but it shouldn’t be lost now. The
tech world can act shocked and dispirited at the U.K. news, but it has been
coming for years. While the legalities are different in the U.S., the targeted
outcome would be the same. Ironically, because the U.S. and U.K. share
intelligence information, some American lawmakers have petitioned the Trump
administration to threaten the U.K. with sanctions unless it backtracks on the
Apple encryption mandate. But that’s a political view not a security view. It’s
more likely this will go the other way now. As EFF has warned, the U.K. news is
an “emergency warning for us all,” and that’s exactly right. “The public should
not have to choose between safe data and safe communities, we should be able to
have both — and we can have both,” Wray said. “Collecting the stuff — the
evidence — is getting harder, because so much of that evidence now lives in the
digital realm. Terrorists, hackers, child predators, and more are taking
advantage of end-to-end encryption to conceal their communications and illegal
activities from us.” The FBI’s formal position is that it is “a strong advocate
for the wide and consistent use of responsibly managed encryption — encryption
that providers can decrypt and provide to law enforcement when served with a
legal order.” The challenge is that while the bureau says it “does not want
encryption to be weakened or compromised so that it can be defeated by malicious
actors,” it does want “providers who manage encrypted data to be able to decrypt
that data and provide it to law enforcement only in response to U.S. legal
process.” That’s exactly the argument the U.K. has just run. Somewhat cynically,
the media backlash that Apple’s move has triggered is likely to have an impact,
and right now it seems more likely we will see a reversal of some sort of
Apple’s move, rather than more of the same. The UK government is now exposed as
the only western democracy compromising the security for tens of millions of its
citizens. Per The Daily Telegraph, “the [UK] Home Office has increasingly found
itself at odds with Apple, which has made privacy and security major parts of
its marketing. In 2023, the company suggested that it would prefer to shut down
services such as iMessage and FaceTime in Britain than weaken their protections.
It later accused the Government of seeking powers to 'secretly veto’ security
features.” But now this quiet battle is front page news around the world. The UK
either needs to dig in and ignore the negative response to Apple’s forced move,
or enable a compromise in the background that recognizes the interests of the
many. As The Telegraph points out, the U.S. will likely be the deciding factor
in what happens next. “The Trump administration is yet to comment. But [Tim]
Cook, who met the president on Thursday, will be urging him to intervene,” and
perhaps more interestingly, “Elon Musk, a close adviser to Trump, criticised the
UK on Friday, claiming in a post on X that the same thing would have happened in
America if last November’s presidential election had ended differently.” Former
UK cybersecurity chief Ciaran Martin thinks the same. “If there’s no momentum in
the U.S. political elite and US society to take on big tech over encryption,
which there isn’t right now, it seems highly unlikely in the current climate
that they’re going to stand for another country, however friendly, doing it.”
Meanwhile the security industry continues to rally en masse against the change.
“Apple’s decision,” an ExpressVPN spokesperson told me, “is deeply concerning.
By removing end-to-end encryption from iCloud, Apple is stripping away its UK
customers’ privacy protections. This will have serious consequences for Brits —
making their personal data more vulnerable to cyberattacks, data breaches, and
identity theft.” It seems inconceivable the UK will force all encrypted
platforms to remove that security wrap, absent which the current move becomes
pointless. The reality is that the end-to-end encryption ship has sailed. It has
becomne ubiquitous. New measures need to be found that will rely on metadata —
already provided — instead of content. Given the FBI’s stated position, what the
Trump administration does in response to the UK is critical. Conceivably, the
U.S. could use this as an opportunity to revisit its own encryption debate. That
was certainly on the cards under a Trump administration pre Salt Typhoon. But
the furor triggered by Apple now makes that unlikely. However the original
secret/not secret news leaked, it has changed the dynamic completely.
@akalanka@masto.es