Summary
- Wyden wants a public report on whether UK surveillance risks U.S. security.
- Focus on UK demands for encrypted backdoors and data access.
- Secret orders block transparency, risking American privacy.
- Calls for urgent transparency and protection of secure communications.
The senator's letter comes after it was revealed in February that the British government had requested what detractors have dubbed a backdoor to access all of the content that Apple customers have uploaded to the cloud, even when that stuff has been encrypted from beginning to end.
Since then, Apple has banned British users from using Advanced Data Protection, its most secure data storing option, and contested the demand in a U.K. surveillance court from White House.
It is evident from Wyden's letter that his worries go beyond the particular request he made to Apple.
In his letter, Wyden suggested that U.K. surveillance laws might be used to
"secretly force U.S. companies to store the data of U.S. users in the U.K., where it could then be seized by the U.K. government."
According to the letter, Wyden's reservations regarding whether the British government can mandate such U.K.-based storage for freshly created data belonging to U.S. users under its Investigatory Powers Act 2016 (IPA) have not been dismissed.
According to Wyden's letter, the British Embassy did clarify that U.S.-based tech companies cannot be forced to
"make a U.K.-based copy of existing data"
stored in the U.S. under the IPA.
According to Wyden, the British Embassy has not been able to guarantee him that the United Kingdom cannot "demand companies infect their customers with spyware" in order to "hack" Americans using provisions of the IPA.
“The cybersecurity of Americans’ communications and digital lives must be defended against foreign threats,”
the letter says.
“The national security implications are serious, not least because the communications of U.S. government officials could be subjected to both weakened encryption and storage in the U.K.”
In his letter, Wyden also pointed out that Google has not responded to inquiries from his office regarding whether it has received a demand from British authorities that is comparable to the one that was made to Apple, which is officially known as a Technical Capability Notice.
According to Wyden, a so-called backdoor demand against Google may have serious repercussions because the tech giant by default protects billions of people's data by enabling end-to-end encryption for Android users.
According to the letter, Meta informed Wyden that it had not been given instructions to "backdoor our encrypted services, like that reported about Apple."
A request for comment was not immediately answered by the British Embassy.
Wyden had already discussed the matter in a February letter to Gabbard.
She responded on February 25, saying that she shared his “grave concern about the serious implications of the United Kingdom, or any foreign country, requiring Apple or any company to create a ‘backdoor’ that would allow access to Americans personal encrypted data.”
What specific national security risks could arise from UK surveillance laws targeting U.S. data and communications?
The UK Home Office issued secret "Technical Capability Notices" demanding U.S. tech companies like Apple to create backdoors into encrypted data stored on their servers. Such backdoors weaken encryption, creating vulnerabilities that hostile actors could exploit to access private communications and governmental data.
The IPA may authorize the UK government to compel companies to "infect their customers with spyware" to gather intelligence on U.S. citizens, further jeopardizing cybersecurity and privacy.
The UK's Investigatory Powers Act (IPA) may require U.S. companies to store data of U.S. users in the UK.