US lawmakers are calling on the Trump administration to revisit its data-sharing settlement with the UK, following rising disquiet {that a} secret authorized order issued by the UK in opposition to Apple will harm the privateness and safety of US residents.
Politicians on either side of the US political divide say the UK has “gone too far” by ordering Apple to weaken an encryption service utilized by folks around the globe to safe their information, together with messages, pictures and information.
The Home Judiciary Subcommittee on Crime and Authorities Surveillance heard on 5 June that the order would enable the UK to use US-UK legislation enforcement information sharing agreements made underneath the US Cloud Act to acquire information held by Apple on cloud servers within the US.
Lawmakers are calling on the US Division of Justice (DOJ) to invoke a 30-day termination clause in UK-US information sharing agreements to place stress on the UK to withdraw its calls for from Apple. They’re additionally calling for amendments to the act to stop the UK from issuing additional related notices to US tech corporations.
The committee heard that the UK has issued greater than 20,000 calls for for information from US know-how corporations underneath the Cloud Act, largely for reside interception, in comparison with solely 63 US calls for to British suppliers, largely for saved information.
“Sadly, one in every of our closest allies, the UK, is benefiting from its authorities underneath the Cloud Act and is attacking America’s information safety and privateness,” stated committee chair Andy Biggs, republican consultant for Arizona.
Biggs stated the UK’s order in opposition to Apple “threatens the privateness and safety rights, not solely of these residing within the UK, however of Apple customers all around the world”. He added: “This can be a harmful precedent, and if not stopped now, might result in future orders by different international locations.”
The UK Residence Workplace issued a secret order requiring Apple to increase UK legislation enforcement and intelligence businesses’ entry to encrypted information saved in iCloud to Apple’s Superior Knowledge Safety (ADP) service, in a transfer leaked to the Wall Road Journal in February 2025.
The existence of the order, generally known as a technical functionality discover (TCN), was confirmed when Apple withdrew its ADP service for UK customers in February whereas persevering with to offer the service to folks abroad. Apple is now difficult the legality of the order within the UK’s Investigatory Powers Tribunal.
Order would expose US to cyber threats
Jamie Raskin, consultant for Maryland and the highest Democrat on the committee, stated the TCN would expose the US to threats from cyber criminals and overseas states, together with espionage, client fraud and ransomware.
“Backdoors to encrypted know-how aren’t succesful solely of letting good guys in whereas preserving the unhealthy guys out…these design weaknesses will be exploited by overseas governments searching for to compromise our nationwide safety”
Jamie Raskin, Democrat consultant for Maryland
“Backdoors to encrypted know-how aren’t succesful solely of letting good guys in whereas preserving the unhealthy guys out…these design weaknesses will be exploited by overseas governments searching for to compromise our nationwide safety,” he added.
He stated that UK calls for to have entry to encrypted communications can be analogous within the bodily world to the federal government getting access to “all our personal conversations…at a restaurant or strolling in a park as a result of there is likely to be some info they wish to get”.
Encryption is important to nationwide safety
Giving proof to the committee, Susan Landau, professor of cyber safety and coverage at Tufts College, stated defending the personal information of Americans is a important side of defending US nationwide safety.
Giving examples, she stated: “Defending the personal communications of a CEO’s son-in-law, the information of an American who has household working in China, or the draft analysis papers of a graduate pupil in genomics who has not but filed a patent on her work, is defending each the people and the financial and nationwide safety of our nation.”
Journalists, human rights organisations, civil society teams, distant employees, enterprise folks travelling abroad, relations who wish to preserve wills or monetary info, all want end-to finish encryption, she informed the committee.
“The know-how that Apple developed protects our nationwide safety and the safety and privateness of abnormal Individuals. It needs to be extensively used and extensively out there,” added Landau.
Chinese language hackers exploited legislation enforcement entry
Landau stated Chinese language hackers have already exploited entry mechanisms designed for US legislation enforcement to entry US phone networks in a hacking operation dubbed Salt Storm.
Chinese language hackers have been capable of exploit technical measures, put in underneath the Communications Help Regulation Enforcement Act (CALEA), to entry a database of US wiretap targets, permitting China to be taught which Chinese language spies had been found by the US. They have been additionally capable of entry the personal information of President Donald Trump and vice-president Vance.
The US Nationwide Safety Company (NSA) started advocating for larger use of robust encryption within the US in 2000, successful help from former administrators of the NSA, executives on the Division of Homeland Safety and the FBI, the committee heard.
Australia, Canada, New Zealand and the US beneficial in December 2024 that end-to-end encryption be used at any time when doable following the invention of the Salt Storm assaults. The UK was the one 5 Eyes companion to refuse to signal.
Richard Horne, director of GCHQ’s Nationwide Cyber Safety Centre, informed Laptop Weekly, when requested in regards to the Apple case, that there was no battle between privateness and safety.
“We take the view that privateness and safety can each be met. And clearly, we’re not going to touch upon plenty of hypothesis and issues for the Residence Workplace. However we do take the view that you may obtain each goals,” he stated.
UK mandates imposed in ‘closed secret hearings’
Richard Salgado, former director of legislation enforcement and data safety at Google, informed the committee that the UK’s actions threatened US cyber safety and the competitiveness of US know-how suppliers.
Salgado, a marketing consultant on geopolitical cyber safety and surveillance, and lecturer at Harvard and Stanford legislation faculties, stated the risk was magnified when the UK’s mandates are “imposed in closed secret hearings and the outcomes hid”.
“If there’s nonetheless an actual debate about whether or not safety ought to yield to authorities surveillance, it doesn’t belong behind closed doorways abroad. It shouldn’t be settled in secret proceedings run by overseas officers and with outcomes unknown even to the US authorities.”
Danger from different international locations
Caroline Wilson Palow, director and normal counsel at Privateness Worldwide, informed lawmakers that there have been issues that if the UK might order Apple to intentionally weaken its encryption, different orders in opposition to US corporations would observe.
“If the UK authorities succeeds in sustaining this order in opposition to Apple, it’s possible additional such orders focusing on end-to-end encryption could observe. Different American corporations, given their world attain, will likely be targets,” she stated.
Notices is also used to drive tech corporations to undermine safety in different methods – for instance, by sending false safety updates or requiring them to chorus from fixing a vulnerability of their techniques, she stated.
If the UK authorities succeeds in sustaining this order in opposition to Apple, it’s possible additional such orders focusing on end-to-end encryption could observe Caroline Wilson Palow, Privateness Worldwide
The committee heard that Australia, the one different nation with a Cloud Act settlement, had an analogous technical functionality discover regime to the UK. Canada, which is negotiating a Cloud Act settlement with the US, has an nearly an identical provision to the US. The European Union, which can also be negotiating a Cloud Act settlement, has been contemplating measures that will undermine end-to-end encryption.
“Extra international locations, due to this fact, may quickly be focusing on US corporations and undermining the safety and privateness of their customers worldwide whereas additionally benefiting from Cloud Act processes,” stated Wilson Palow.
Landau stated one of the crucial disturbing points of the UK’s TCN regime is that it claims to have the ability to serve notices totally outdoors of the provisions of the Cloud Act.
There’s nothing within the Cloud Act to stop a rustic like Turkey or South Africa, or different international locations with much less respect for human rights, from serving related orders in opposition to US tech corporations.
Golden age of surveillance
Greg Nojeim, senior director of the non-profit Centre for Democracy and Expertise, stated Congress and the US DOJ ought to act to guard the privateness and safety of America’s information in opposition to threats from international locations, together with the UK, that profit from Cloud Act agreements.
“The UK would have Apple withdraw the service worldwide or compromise its protections in order that irrespective of the place you went, even to your workplace subsequent door…should you downloaded your iMessages [to the cloud], you wouldn’t have the ability to shield them with encryption. The scenario is insupportable,” he informed lawmakers.
“Sadly, one in every of our closest allies, the UK, is benefiting from its authorities underneath the Cloud Act and is attacking America’s information safety and privateness”
Andy Biggs, Republican consultant for Arizona
Though legislation enforcement businesses declare intelligence is “going darkish” due to encryption, in actuality, it’s a golden age of surveillance, the committee heard.
“There’s by no means been extra human thought out there to legislation enforcement businesses around the globe within the historical past of mankind than at the moment. They get it from social media, they get it from information brokers, they get it from every kind of sources,” stated Nojeim.
“The TCNs are tremendous extra-territorial. The UK authorities can problem orders to corporations outdoors the UK and organize them to change their gear outdoors the UK, to allow them to wiretap people who find themselves outdoors the UK,” he stated.
As a result of it’s a legal offence for a know-how firm to disclose the existence of a TCN, it’s not doable to know what number of different TCN notices have been issued in opposition to US tech companies, the lawmakers heard.
Calls to amend Cloud Act
The consultants giving proof urged the US authorities to press the UK to drop its motion in opposition to Apple, and to decide to giving ensures to chorus from related motion in opposition to different US corporations, or withdraw cooperation agreements underneath the Cloud Act.
Congress also needs to amend the Cloud Act to require that cooperating international locations respect free speech and safety. There needs to be a requirement for overseas governments, together with the UK, to agree to not impose surveillance or “anti-security” measures on US corporations.
Republican consultant Biggs stated the DOJ ought to instantly problem a 30-day termination discover until the UK agrees transparency over its TCN discover with Apple.
“I agree that this is a vital second to stress the UK, as a result of if we don’t push again now, then the UK could problem many extra of those orders sooner or later, totally in secret, and we gained’t find out about them,” stated Privateness Worldwide’s Wilson Pallow.
Democrat consultant Raskin stated the UK’s requirement for blanket secrecy over the Apple order “fully undermines” the flexibility of Congress and oversight our bodies around the globe, together with civil rights advocates, from having the ability to query whether or not it was an “acceptable violation” of US privateness and safety.
