This op-ed was originally published in Forbes.
The Washington Post reported in February that the U.K. government issued a “secret order” that “demanded that Apple create a back door allowing them to retrieve all the content any Apple user worldwide has uploaded to the cloud.”
While the immediate order is centered on Apple’s cloud data, the U.K.’s order for blanket access to encrypted material raises broader questions about its applicability to other companies and its potential to undermine end-to-end encryption, a critical tool businesses and consumers broadly rely upon today to keep their devices, services and data safe.
Whether you are a smartphone user or a company taking advantage of the many benefits of the cloud, I see this as a step backward for the cybersecurity technologies that protect data globally and a recipe for widespread data vulnerabilities.
What is encryption?
Encryption is no longer just a nice add-on security feature. It’s become an essential tool for protecting privacy and security, and it’s infused throughout our digital ecosystem to improve many of the technologies people use every day.
It’s built into browsers so we can trust our credit card numbers are protected with online purchases. It’s built into the systems we use to unlock phones so we can trust our private information will be safe even if the phone is lost or stolen. It’s built into messaging systems so we can trust that only the sender and intended recipient can read it.
And it’s especially important for business users. Most breaches involve data stored in multiple environments or public clouds, according to IBM’s 2024 Cost of a Data Breach Report (registration required). And, a survey of 400 IT and cybersecurity professionals found the top reason for losing sensitive data was a lack of encryption. This shows the use of strong encryption has become a key tool that allows companies to trust their sensitive data can be protected, even in the case of a breach.
Informed policymakers and national security experts around the globe are increasingly recognizing the role encryption plays in building a more secure future. For example, in 2024, the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA) and FBI joined Canada, Australia and New Zealand’s cybersecurity centers to recommend internet traffic be “end-to-end encrypted to the maximum extent possible.” And after Salt Typhoon—considered one of the most devastating cyberattacks in U.S. history—the FBI and CISA encouraged Americans to adopt secure encrypted messaging instead.
What do proponents of encryption backdoors say?
Many proponents of encryption backdoors argue backdoors can enable law enforcement to obtain convictions it otherwise can’t. However, nothing stops criminals from simply using one of the many accessible open-source tools to doubly encrypt their data—making it once again unreadable and inaccessible to law enforcement.
Some backdoor proponents also argue that once they obtain access to global user data, they can be trusted to keep the keys safe and the backdoors secure. However, backdoors introduce vulnerabilities into otherwise secure systems that can be used by hackers to exploit data. It’s impossible to create a backdoor for the “good guys” that doesn’t become a vulnerability that can be potentially exploited by the “bad guys.”
What was the response to the U.K. order?
Members of the U.S. Congress from both parties “strongly condemned” the U.K.’s actions, calling the request “dangerous” and “shortsighted,” per the BBC. Some also called on the U.S. Department of Justice to investigate whether the U.K. violated a U.S.-U.K. agreement “by requiring U.S. companies to take such reckless action as undermining encryption for all users globally.” The U.S. Director of National Intelligence likewise warned that the U.K.’s approach “would be a clear and egregious violation of Americans’ privacy and civil liberties.”
Apple ultimately pulled its advanced data protection from U.K. users.
And as the public learns that the U.K. prime minister’s own e-mail was reportedly hacked by Russian state actors, it further underscores the need to embrace technologies that ensure data is unreadable even when stolen or accessed in the cloud.
In 2021, Ciaran Martin, founder and former CEO of the U.K. government’s National Cyber Security Centre (NCSC), said, “End-to-end encryption must continue and expand, legally unfettered, for the betterment of our digital homeland.” Moreover, guidance issued last fall by the NCSC—the U.K.’s premiere cybersecurity agency—encouraged the public to adopt the very end-to-end encrypted advanced data protection for cloud data that the government now seeks to crack.
What can business leaders do?
Rather than breaking the critical protections being built into the heart of our technological ecosystem, leaders need to foster trust in the very technologies that keep customers’ and clients’ data safe.
First: Following the tsunami of data breaches that have exposed troves of personal data, organizations need to protect the integrity of personal data even if hackers gain access by swiftly adopting the strongest forms of encryption.
Second: We need more technology leaders to stand up for consumers, businesses and trustworthy technologies by committing to not build backdoors, create master keys or break the encryption necessary to keep our data secure.
Third: Business leaders can play an essential role in helping policymakers everywhere become better informed about the vital role encryption now plays in advancing a trustworthy digital ecosystem and the consequences of mandated insecurity. As companies face record numbers of data breaches—each of which can cause financial losses, reputational damage and legal consequences—business leaders are well-positioned to explain how weakening the technologies they use to protect their most sensitive data stored in the cloud is bad for businesses, consumers and their bottom lines.
Lastly and most importantly: Leaders can advocate for the U.K. to withdraw its encryption-breaking order and for other governments to avoid the same. Instead, business and government leaders alike can work constructively to accelerate the adoption of end-to-end encryption and avoid the kind of efforts that can put data at risk. This could put their countries and companies on a better trajectory to become global innovation leaders.
As data protection becomes a vital necessity, pervasive encryption becomes a global imperative. I believe combining our strongest encryption with even smarter policies puts us on the path toward the more trusted technology future we all deserve.
Jim Kohlenberger is co-chair of Trusted Future and an innovation policy leader who has served as a policy advisor to two U.S. Presidents.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives.