The government’s position in its privacy and encryption row with Apple is “really strange” and “doesn’t make sense,” an expert has said.
Earlier this year, it was reported that the government had issued a notice under the Investigatory Powers Act 2016, asking Apple for the ability to access data from Apple users.
This was said to include encrypted data protected by the tech giant’s advanced data protection (ADP) tool, an opt-in tool within Apple’s iCloud service which only an account holder can access, and is currently out of the reach of even Apple.
The iPhone-maker subsequently said that it was withdrawing the tool from use in the UK, turning it off as an option for those not already using it, and will introduce a process to move existing users away from it, and brought legal action against the Home Office.
Robin Wilton, senior director for internet trust at the Internet Society, a non-profit organisation which advocates for a safe and accessible internet for all, said he did not understand the government’s approach.
He said he believed it was unlikely the iCloud backups of Apple users would be a likely place for bad actors to keep records of their crimes.
“I don’t really see what they’re expecting to achieve by this,” he told the PA news agency.
“I know that the standard answer is ‘well, we’ll catch the dumb criminals,’ but for anyone sufficiently motivated, this seems like a really simple thing to bypass.
“And how many people are actually inadvertently or otherwise storying evidence of criminal activity in their iCloud backups? To that extent, it doesn’t make a huge amount of sense to me.”
The government’s approach was widely criticised by online privacy campaigners and experts when reports of the request first appeared, and Wilton said the UK’s stance could create trust issues in other areas of technology, including artificial intelligence (AI).
“I think there are some negative aspects to it as well which, in the context of this government, I find really bizarre,” he told PA.
“We’ve heard this government talk a lot about its expectations for AI and machine learning, to kickstart the UK economy.
“And the way I look at that is, I don’t think that any AI worth having is going to run exclusively on your device—it’s either going to make calls to a server or it’s actually just going to be processed on the server and it’ll fire a result back to you.
“So, what’s the status of the stuff that happens on the server? Is that yours or or is that under the custody of the company running the server?
“This government’s approach seems to be that it’s not yours and that it’s fair game.
“So if stuff that runs on other people’s computers at my request or on my behalf is fair game, like iCloud backups, then I don’t see why AI systems would be treated any differently.
“And therefore, why would I trust those systems with anything sensitive or confidential, let alone criminal.”
Last week, the Home Office lost a bid to keep the legal action brought by Apple against the government private.
Last month the Investigatory Powers Tribunal, a specialist tribunal which deals with allegations of unlawful intrusion and some national security matters, sat behind closed doors for an all-day hearing, where the identities of the parties involved were not publicly known.
However, in a public judgment last Monday, judges at the tribunal said the case relates to legal action brought against the Home Office by Apple over the power to make technical capability notices under the Investigatory Powers Act.
Following that ruling the Home Office said it did not comment on legal proceedings or operational issues, but its first priority was to “keep people safe,” and stressed it was not seeking blanket data access.
However, Wilton said that the government’s stance could leave it open to other legal challenges in the future.
“I think this government’s position is really strange,” he said.
“The prime minister must know, as a lawyer, that the EU already considers your mobile device to be part of your so-called private sphere, because it is so intimately linked to your life.
“And I don’t see how you can look at that and think that the fact that I’ve allowed my device to back itself up in an encrypted way to the cloud means that I have a lower expectation of privacy than I do for what’s on the device itself.
“So I think this government is laying itself open for challenges to this based on the Human Rights Act, on the basis that the encrypted data in my iCloud backup should be considered to be part of my personal and private sphere.”
