- Two US lawmakers are warning against the security risks of the UK encryption backdoor order to Apple
- Such a backdoor to encryption, they said, could be exploited by cybercriminals and authoritarian regimes
- Apple killed its iCloud’s end-to-end encryption feature in the UK in February and is now challenging the order in Court
Two US lawmakers have slammed the UK encryption backdoor order to Apple, arguing that this could lead to potential cybersecurity risks for all users worldwide.
As reported by Reuters on May 7, 2025, US House Judiciary Chair Jim Jordan and Foreign Affairs Chair Brian Mast wrote a joint letter to Britain’s Home Secretary Yvette Cooper to warn how such a backdoor would create “systemic vulnerabilities” that cybercriminals and authoritarian regimes would be able to exploit.
Apple killed its iCloud’s end-to-end encryption feature in the UK in February after being hit by a Technical Capability Notice (TCN) under the 2016 Investigatory Powers Act to allow law enforcement to assess users’ data – no matter if these are encrypted. The Big Tech company is now challenging this request in Court.
“Systemic vulnerabilities” for everyone
“Creating a backdoor into end-to-end encrypted systems, as the TCN does, introduces systemic vulnerabilities that can be exploited by malicious actors, including cybercriminals and authoritarian regimes,” reads Jordan and Mast’s letter, as reported by Reuters.
“These vulnerabilities would not only affect UK users but also American citizens and others worldwide, given the global nature of Apple’s services,” Jordan and Mast added.
Recent events like the Salt Typhoon attack on all the major US telecoms have shown the crucial role reliable encryption and encrypted tools (like the best VPN services and messaging apps) play for the privacy and safety of everyone’s data. Even FBI and CISA experts have been calling citizens to switch to encrypted services in the aftermath of this unprecedented cyberattack.
Jordan and Mast also urge the UK Home Secretary to disclose the full content of the order to the US Department of Justice so that lawmakers can check if it complies with current laws. As per the US/UK agreement made under the CLOUD ACT in 2023, law enforcement cannot require companies to decrypt data.
“We urge the Home Office to reconsider the issuance of TCNs that require the weakening of encryption, as such measures conflict with international human rights standards, including the European Court of Human Rights’ ruling that undermining encryption violates privacy rights,” conclude the US lawmakers.
Apple decided to kill its Advanced Data Protection (ADP) feature in the UK to avoid building a backdoor into its system.
The ADP is an optional feature that provides an extra layer of protection on all iCloud-stored data by using end-to-end encryption technology. This means not even Apple can access these files.
Apple’s decision to remove Advanced Data Protection comes after experts warned that an iCloud backdoor “jeopardizes the security and privacy of millions.”
Apple has nevertheless ensured that all the iCloud data categories encrypted by default remain protected. These include users’ health data, passwords, iCloud messages, and Apple Pay transactions, as well as iMessage and FaceTime data. You can see all the others on Apple’s support page.
The Big Tech firm has now sued the UK government, and the legal battle is currently ongoing behind closed doors.
