The UK’s plan for electronic eavesdropping poses cybersecurity risks
About a year ago, the world learned of extensive intrusions into U.S. telecommunications networks, ultimately attributed to China. That was only the beginning of an investigation that led to the discovery that the Chinese government had penetrated the networks of at least 80 nations around the globe. Not only did China access phones used by the Trump and Harris presidential campaigns in 2024; it also indiscriminately collected information on U.S. citizens. One former senior FBI official estimated that China had collected data on virtually every American.
In response, the Australian, Canadian, New Zealand, and United States governments issued communications guidance that recommended, among other measures, using end-to-end encryption, a method that secures communications so that only the message’s sender and receiver can view the unencrypted contents. One nation notably abstained from issuing this guidance: the United Kingdom.
Indeed, the UK appears to be more preoccupied with criminal actors than the People’s Republic of China and other sophisticated, adversarial nation-states. Or so it would seem given the most recent salvo by the UK government regarding the use of Apple’s Advanced Data Protection (ADP) for iCloud, a technology that secures data in the cloud so that no one but the user—not Apple, and not law enforcement—has unencrypted access to it. As one of us wrote last year, the Washington Post reported that operating under the Investigatory Powers Act Technical Capability Notice (TCN), “UK security officials demanded that Apple provide access to encrypted iCloud material regardless of the data’s location.”
Read more at Lawfare