When It Comes to Encryption, Back Doors Are Never Simple: Why UK Apple Users Won’t Have Encrypted Backups Anymore

Millions of Apple customers in the United Kingdom are losing access to an important end-to-end encryption tool protecting their personal data, after the company refused a reported UK government demand to build a back door into its system that would have allowed law enforcement to read personal data stored in the cloud. 

Advanced Data Protection, the service in question, allowed users to automatically store encrypted backups of files from their devices that not even Apple itself could access. And while there may be legitimate reasons for law enforcement to seek access to particular files, Apple correctly concluded that carving a new pathway through this wall of encryption would introduce a significant new vulnerability to Apple’s online storage system, one that would affect every user on the planet. 

Just as a new door into a home gives intruders an additional path inside, so too does a digital back door provide a new way for law enforcement, hackers, and unfriendly governments to access materials that are supposed to be protected. So, just like with a real door, digital engineers add a lock and key to keep things secure.

But anyone holding that key, whether a legitimate government actor, a repressive regime or a criminal hacker, can access users’ data for their own purposes. While Apple or another tech company would build protections into the system’s design, no company can guarantee that the keys would always remain safe from hackers or from government overreach. A key allowing access to so much data is a tremendously attractive target for bad actors, and if even a single hacker succeeds in accessing the key, all bets are off. Because of those risks, end-to-end encrypted backups rely on the principle that only the user has access to the keys.

Simply creating an additional access point would also introduce extra complexity to the cloud storage system, which in itself naturally creates opportunities for errors to creep in that hackers could exploit. Apple has noted that in practice, systems with backdoors are unlikely to provide the privacy and security guarantees users expect and demand and that risks of cloud data breaches are significant and impactful. While there may be a law enforcement interest in accessing certain backed up files, undermining encryption for everyone’s backed up files itself will risk widespread criminal activity, from unlawful surveillance to accessing people’s most intimate photos.

As an esteemed group of researchers noted about previous attempts to require back-door access to online systems, “The complexity of today’s Internet environment, with millions of apps and globally connected services, means that new law enforcement requirements are likely to introduce unanticipated, hard to detect security flaws.” Experts are clear that keys under doormats make us all less secure and will be widely abused.

And those are just the technical concerns.  Governments demanding access to those keys have different conceptions of the level of privacy their citizens should be allowed, and a back door built for a lawful purpose in one country could turn into a tool of repression in another. Likewise, regimes change, and if less-benevolent leaders take over, a surveillance system built for the “right” reasons could fall into the wrong hands.

While past proposed systems have differed in their technological details – and the apparent order to Apple in this case remains secret – one trend has been consistent. Whatever technologies are involved, from hidden access points to stored (“escrowed”) access codes that allow decryption, to “ghost users” added in to online conversations, systems for exceptional access inevitably get abused.

A case-in-point is the Athens Affair, in which the Greek government discovered that an unknown hacker had gained access to Vodafone’s “lawful intercept” system to spy on phone calls of both journalists and Greek politicians – including the nation’s then-president. And yet again more recently, the Salt Typhoon hackers gained unprecedented surveillance over telecommunications systems in the US and other countries, including Internet and cellular telephone metadata and even audio recordings of conversations from presidential candidates, through access to the lawful access systems put in place to comply with statutory requirements.

Apple’s decision to cut off encrypted cloud storage in the UK is a dramatic move, but it’s also both principled and pragmatic. Complying with the UK government’s reported order would undermine the security of every Advanced Data Protection user around the world. When it comes to encryption, threats to security anywhere are threats to security everywhere.