Summary
- Wyden wants a public report on whether UK surveillance
risks U.S. security. - Focus on UK demands for encrypted backdoors and data
access. - Secret orders block transparency, risking American
privacy. - Calls for urgent transparency and protection of secure
communications.
The senator’s letter comes after it was revealed
in February that the British government had requested what detractors have
dubbed a backdoor to access all of the content that Apple customers have
uploaded to the cloud, even when that stuff has been encrypted from beginning
to end.
Since then, Apple has banned British users from
using Advanced Data Protection, its most secure data storing option, and
contested the demand in a U.K. surveillance court from White House.
It is evident from Wyden’s letter that his worries go beyond the particular
request he made to Apple.
In his letter, Wyden suggested that U.K.
surveillance laws might be used to
“secretly force U.S. companies to store
the data of U.S. users in the U.K., where it could then be seized by the U.K.
government.”
According to the letter, Wyden’s reservations
regarding whether the British government can mandate such U.K.-based storage
for freshly created data belonging to U.S. users under its Investigatory Powers
Act 2016 (IPA) have not been dismissed.
According to Wyden’s letter, the British Embassy
did clarify that U.S.-based tech companies cannot be forced to
“make a
U.K.-based copy of existing data”
stored in the U.S. under the IPA.
According to Wyden, the British Embassy has not
been able to guarantee him that the United Kingdom cannot “demand
companies infect their customers with spyware” in order to
“hack” Americans using provisions of the IPA.
“The cybersecurity of Americans’ communications
and digital lives must be defended against foreign threats,”
the letter says.
“The national security implications are serious, not least because the
communications of U.S. government officials could be subjected to both weakened
encryption and storage in the U.K.”
In his letter, Wyden also pointed out that
Google has not responded to inquiries from his office regarding whether it has
received a demand from British authorities that is comparable to the one that
was made to Apple, which is officially known as a Technical Capability
Notice.
According to Wyden, a so-called backdoor demand
against Google may have serious repercussions because the tech giant by default
protects billions of people’s data by enabling end-to-end encryption for
Android users.
According to the letter, Meta informed Wyden
that it had not been given instructions to “backdoor our encrypted
services, like that reported about Apple.”
A request for comment was not immediately
answered by the British Embassy.
Wyden had already discussed the matter in a
February letter to Gabbard.
She responded on February 25, saying that she
shared his “grave concern about the serious implications of the United Kingdom,
or any foreign country, requiring Apple or any company to create a ‘backdoor’
that would allow access to Americans personal encrypted data.”
What specific national security risks could
arise from UK surveillance laws targeting U.S. data and communications?
The UK Home Office issued secret “Technical
Capability Notices” demanding U.S. tech companies like Apple to create
backdoors into encrypted data stored on their servers. Such backdoors weaken
encryption, creating vulnerabilities that hostile actors could exploit to
access private communications and governmental data.
The IPA may authorize the UK government to
compel companies to “infect their customers with spyware” to gather
intelligence on U.S. citizens, further jeopardizing cybersecurity and privacy.
The UK’s Investigatory Powers Act (IPA) may
require U.S. companies to store data of U.S. users in the UK.
