US examining whether UK's encryption demand on Apple broke data treaty

U.S. officials are examining whether the UK broke a bilateral agreement by reportedly demanding that Apple build a "backdoor" allowing the British government to access backups of data in the company's encrypted cloud storage systems.

Apple last week withdrew an encrypted storage feature for UK users, after reports that it had refused to create such a backdoor allowing access to messages and photos even for users outside the country. The Washington Post reported that Apple rejected such a demand by the British government.

In a letter dated February 25 to two U.S. lawmakers, Tulsi Gabbard, the U.S. director of national intelligence, said the U.S. is examining whether the UK government had violated the CLOUD Act, which bars it from issuing demands for the data of U.S. citizens and vice versa.

"My lawyers are working to provide a legal opinion on the implications of the reported U.K. demands against Apple on the bilateral CLOUD Act agreement," Gabbard wrote to U.S. Ron Wyden, an Oregon Democrat, and Rep. Andy Biggs, an Arizona Republican.

"Upon initial review of the U.S. and U.K. bilateral CLOUD Act Agreement, the United Kingdom may not issue demands for data of U.S. citizens, nationals, or lawful permanent residents ("U.S. persons"), nor is it authorized to demand the data of persons located inside the United States."

In 2022, Apple introduced end-to-end encryption for iCloud backups of its iPhones, meaning that only the user - rather than Apple - has the keys to unscramble the data.

Cybersecurity experts told Reuters that if Apple had chosen to build a backdoor for a government, that backdoor would eventually be found and exploited by hackers.

Apple has sparred with regulators over encryption as far back as 2016 when the U.S. government tried to compel it to build a tool to unlock a terrorism suspect's iPhone.