Updated on February 10, 2025
The Washington Post reported that the United Kingdom Government has secretly ordered Apple to weaken end-to-end encryption for data stored in iCloud, forcing the company to create a backdoor to its fully encrypted data. Once a backdoor is created, it can be exploited by anyone who finds it. If the reporting is accurate, it represents an incredibly dangerous overreach that threatens to put the security of millions of people’s data at risk.
To make matters worse, the UK’s new order apparently doesn’t just apply to residents of the UK, but would apply globally. The UK government is effectively demanding that a U.S. company weaken its technology so it can spy on non-British users – including people in the US – without their government’s knowledge.
End-to-end encryption has emerged as perhaps the most powerful and effective tool we have for protecting personal privacy, safety and security. That’s why in December 2024 the NSA and FBI joined Canda, Australia, and New Zealand’s cyber security centers in recommending web traffic be “end to end encrypted to the maximum extent possible,” in new security best practices. But a government demanding that companies deliberately weaken security features is an enormous step backwards and a colossal recipe for widespread data vulnerabilities. It makes all of our data less secure.
Last year in Newsweek, Trusted Future’s co-chair Jim Kohlenberger warned about this kind of proposal by policymakers in the UK. He warned that it could effectively outlaw the use of end-to-end encryption, and put the personal security of billions of people at risk. While the underlying issues they are trying to address may be important, Kohlenberger writes that there are ways to tackle these important issues without fundamentally undermining one of the most powerful and essential security technologies used to keep your digital data safe.
Meanwhile, this proposal won’t even stop bad actors, because they will still be able to use open-source tools to encrypt their data.
In response to this report, Trusted Future Board Chairs Jim Kohlenberger and Adam Golodner offered the following responses:
“At a time when end-to-end encryption has emerged as perhaps the most powerful and effective tool for protecting personal privacy and security, the UK’s unprecedented move to order a U.S. company to deliberately weaken its encryption is a dangerous step backwards that puts the personal security of everyone at risk – including every single user in the US,” said Kohlenberger, the former Chief of Staff at the Office of Science and Technology Policy. “This flies directly in the face of recent guidance from the NSA and FBI that recommended companies and users leverage strong end-to-end encryption to the maximum extent possible. The UK’s far-reaching decision crosses a fundamental security red line – and must not be made in secret.”
“Undermining fundamental security of data in the cloud globally is exactly the opposite direction governments should be going as enterprises and individuals accelerate the use of cloud-based AI to drive economic growth and national competitiveness,” said Golodner, a cybersecurity expert who served at the Department of Justice. “At a time when the UK government has said it will pivot to enhance tech innovation and growth, undermining trust in the cloud and AI for itself, and exporting that insecurity across the globe, is counterproductive and must be reversed.”
“Reports that the UK government is requiring Apple to provide it blanket capability to view encrypted material, including for US citizens, without the need to identify allegedly illegal actions by specific US individuals, is quite concerning,” said Maureen Ohlhausen who led the Federal Trade Commission (FTC) during the first Trump administration. “In the US, the Constitution provides due process and privacy protections for citizens that help facilitate the exercise of other rights, such as free speech, that are central to our democratic values and should be safeguarded.”
This proposal is shocking to anyone who understands the importance of encryption in today’s society. This is why there has been an outpouring of concern from ideologically diverse voices in the technology policy community. For example:
Neil Chilson of the Abundance Institute “The Trump administration should unequivocally condemn the U.K.’s power grab and take all necessary actions to protect the security and privacy of our citizens.”
Morgan Reed of ACT | The App Association: “The Trump administration needs to quickly push back on the outrageous move by UK gov to break encryption, even on files not held in the UK or by a UK person. There’s nothing good about this move, either for privacy or consumer protection.”
Shane Tews of the American Enterprise Institute: “This move undermines international security and amplifies risks concerning data protection, cross-border communications, and the integrity of digital infrastructures.”
App Security Project: “The UK’s order strikes a blow at the very foundations of user privacy. The country that gave Americans the tradition from which the Fourth Amendment grew should know better than to abandon that tradition. Just as a man’s home is his castle (as the old English saying goes), a user’s devices should be his castles. Law enforcement must be carried out without violating digital privacy rights. Back doors, once opened, remain open for everyone. Moreover, governments have no right to see everything their citizens do at will – neither in the physical nor the digital world.”
Center for New Liberalism: “UK just instituted the most authoritarian surveillance rule by a democracy in a generation,” adding that private data and messages are now not only available to the government but also to “a savvy hacker.”
Electronic Frontier Foundation (EFF): “The UK’s Demands for Apple to Break Encryption Is an Emergency for Us All… Encryption is one of the best ways we have to reclaim our privacy and security in a digital world filled with cyberattacks and security breaches, and there’s no way to weaken it in order to only provide access to the ‘good guys.’ We call on Apple to resist this attempt to undermine the right to private spaces and communications.”
Freedom of the Press: “Is there any country in the world that’s more hostile to improving the internet privacy and security of its citizens than the UK?”
John Verdi of the Future of Privacy Forum: “There is no way to provide backdoors to encrypted data that does not put all users’ info at risk. That includes government officials, companies, and individuals. We’ve learned this lesson repeatedly. Encryption backdoors – no matter how well intended or carefully engineered – are inevitably exploited by criminals and unfriendly nation states.”
Information Technology & Innovation Foundation (ITIF): “Ordering Apple to weaken its end-to-end encryption is a dangerous and unjustified overreach that threatens the security and privacy of individuals and businesses around the world. End-to-end encryption is a cornerstone of digital security, providing individuals and organizations with the means to protect the confidentiality of their data from malicious actors… By ordering Apple to modify its technology so that the company holds the keys to encrypted data rather than the user, the UK is not enhancing security; it is eroding it.”
Robin Wilton of the Internet Society (ISOC): “There still is no safe way for Apple to break end-to-end encryption on its cloud services without weakening the privacy and security of all its users.”
Edward Longe of the James Madison Institute (JMI): “So long privacy, it was nice knowing you…”
NetChoice: “This is incredibly frightening overreach from the UK, threatening global data security. The UK government is not only demanding its own citizens’ encrypted data—which is not good—but it is ordering backdoor access to data from OTHER COUNTRIES, too, INCLUDING Americans’ data.”
Privacy International: “This overreach sets a damaging precedent and may also encourage abusive regimes around the world to take similar actions.”
Shoshana Weissmann of R Street Institute: “The entire world is in a horrible state of cybersecurity – things are hacked constantly. And the UK demands Apple make everyone far less secure.”
Ashken Kazaryan of Stand Together: “We have to pay attention and fight back against the UK’s attempt to break encryption. If they succeed, all of our rights – privacy, free speech will be lost forever and future generations will live in a completely different, much scarier world.”
Rebecca Brocato, former national security official in the Biden and Obama administrations: “Through this action, the British government is intending to make a highly sensitive decision for us all, globally, on encryption. Once you create a backdoor, bad guys will figure out how to take advantage of it. Experts have made that clear. In so many ways, this issue is fundamentally binary. Encryption debates are hard. This decision is a blunt instrument. We shouldn’t let this move settle such a contentious issue. Especially for the United States. Especially in this specific moment for the United States.”
Berin Szóka of TechFreedom: “The UK gov’t has long tried to kill encryption. It’s capitalizing on DC chaos to force Apple—and all other tech cos—to build backdoors into their services without the USG objecting. Everyone—from Trump to Brussels—should speak out. There’s no online free speech without anonymity.”
At a time when the new UK government has announced it wants to change course and be innovation-, tech-, and growth-forward, stepping backward seems especially out of touch. Moving forward, and as a first step, the UK Government should reveal the full details of its proposal so it can withstand debate in the light of day. Such a critical decision that impacts so many people around the globe cannot be made in secret.