Apple will not be required to provide an encryption backdoor in the UK, easing concerns about weakened privacy and security safeguards. The announcement was made by US Director of National Intelligence Tulsi Gabbard on social media late Monday evening. Â
Gabbard said Americans' private data will be protected after an agreement was finally reached with the UK following prolonged behind-the-scenes maneuvering.Â
"Over the past few months, I've been working closely with our partners in the UK, alongside @POTUS and @VP, to ensure Americans' private data remains private and our Constitutional rights and civil liberties are protected," Gabbard posted on X. "As a result, the UK has agreed to drop its mandate for Apple to provide a 'back door' that would have enabled access to the protected encrypted data of American citizens and encroached on our civil liberties."
A representative for Apple did not immediately respond to a request for comment. The company has regularly resisted government requests that it create a backdoor for law enforcement.
What was the UK asking for?
Originally, the UK demanded that Apple provide a way for the government to access data from iCloud accounts of both British citizens and citizens of other countries to assist in criminal investigations.
In response, Apple pulled an iCloud feature, Advanced Data Protection, in the UK in February. At the time, Apple said it was "gravely disappointed" by the actions of the UK's Home Office, the country's interior ministry responsible for public safety, cybersecurity and immigration. It's unclear if the announcement will pave the way for Apple to bring back Advanced Data Protection in the region.
More recent reports suggested the UK was backtracking on its original demands and was looking for a way out.Â
CNET reached out for more details about the agreement. A representative for the Department of National Intelligence responded with a link to Gabbard's X post and a February letter by Gabbard sent to Sen. Ron Wyden, a Democrat, and Rep. Andy Biggs, a Republican, which said her office would examine the issue.
Is this a win for users' privacy?
Privacy advocates had been deeply critical of the UK's now-scuttled request as a case of government overreach and a potential foothold for mass surveillance. Apple and cybersecurity experts have also noted that breaking encryption for law enforcement would likewise create an opening for bad actors.
"The reality is that a backdoor designed for 'good actors' cannot be kept exclusive," said Adam Boynton, a senior security strategy manager at the software company Jamf. "Once a deliberate weakness exists, it becomes a target for criminals and hostile states, putting millions of everyday users at risk."
Backdoors can also erode public trust in platforms such as Apple's that people use daily, Boynton said.Â
Another security expert chalked up the UK's backtracking as a small skirmish won even as a larger war continues.Â
"The legislation requiring the backdoor to encryption remains, and until this is removed there is a danger that other companies or Apple may be asked at another time to provide a backdoor," said Tony Anscombe, a UK-based chief security evangelist at the cybersecurity company ESET. A lack of transparency by the government, he said, "raises the question of how many other companies have been provided a notice and complied or are in dispute."