The Home Office’s attempt to use the Investigatory Powers Act 2016, dubbed the ‘Snoopers’ Charter’, to force a backdoor into Apple’s Advanced Data Protection encryption of cloud backups is again in the news. A secret hearing before the Investigatory Powers Tribunal began on Friday, while additional members of the US Congress, from both parties, have added themselves to the growing numbers of notable figures opposed to the Labour Government’s reckless attack on everyone’s privacy. Led by Yvette Cooper, now known also by the moniker ‘Yvette Snooper’, the Home Office continues to remain blind to the way in which creating a backdoor into encrypted data as a way to let the in ‘good guys’ serves only to create a weakness which hostile countries and cybercriminals can exploit. This comes only months after the discovery of Chinese malware which was making use of CALEA backdoors, which the US Government had placed in American telecom networks, provided a striking illustration of the dangers backdoors pose to national security. Not only does the Home Office’s demand threaten the privacy of all Apple users worldwide, it also jeopardises the UK’s relationship with the US where J.D. Vance has warned against backdooring encryption, Tulsi Gabbard has called it a “clear and egregious violation” and President Trump has described the demand as “something you hear about in China”.

In an effort to distract attention from the dangers of backdoors, the UK Government also removed National Cyber Security Centre webpages advising lawyers to use end-to-end encryption to protect themselves against cyberattacks. It has done this even as the FBI, despite a history of pushing for the undermining of cryptography rights, has been newly urging widespread use of end-to-end encryption in the wake of China’s exploitation of CALEA backdoors. Apple is currently blocking the use of Advanced Data Protection in the UK and some in the software industry have described its actions as opening a frontdoor rather than a backdoor. This is only partially the case. While Advanced Data Protection may be blocked, the data already uploaded to Apple’s end-to-end encrypted version of its cloud service remain safe as Apple does not have any way to decrypt them without user involvement.

The Snoopers’ Charter was a Conservative Party creation, with Labour abstaining during the first vote on it. Keir Starmer in 2016 warned against some aspects of it, though seems willing enough to use it now. Labour mostly supported the bill’s later passage with a small number of MPs across many parties opposing it, including the SNP and the Liberal Democrats – a party perhaps best stereotyped as people with the decency to oppose authoritarianism when it arrives under the banner of national security, but who are often unable to see through its disguise when it cloaks itself under cuddlier excuses like ‘safety’ or ‘solutions‘ to climate change. Conservatives who supported the Snoopers’ Charter while their party was in power might now, watching their dearly held special relationship with the US being threatened, realise why it is dangerous for any government to grant itself extreme powers. However much a politician preparing to vote for new powers may trust his own side only to use them for ‘good’, he would be wiser to concentrate on what his most enthusiastic opponents could do with such capabilities at a future time.

Today, the opposition to cryptographic backdoors crosses both ideological and party lines. Even within the frustrating split forming within Reform we see figures on both sides making the case against this governmental over-reach. Zia Yusuf wrote a good Telegraph article, while Rupert Lowe has written: “I want my data to be private, especially from the state.” Those who take a stand against mass surveillance today must not forget this if they ever end up forming a government. Campaign groups including Big Brother Watch, Liberty, Index on Censorship, the Open Rights Group and Privacy International are speaking out against the Home Office’s demand, asking for the hearing to be made public and preparing court cases to challenge the legality of the request.

As is typical of governments seeking ever greater intrusion in to people’s lives, the things being demanded from Apple are not actually needed. Mass surveillance tactics do not catch criminals, who largely know how to evade them. We do not need automated monitoring of all our bank accounts to discover benefit fraud, especially as this would only reduce combined error and fraud losses by just 1.5%. We do not need driving licence photographs to be uploaded into a facial recognition databases, a plan begun under the Conservative Government and now resurrected by Labour. The 10% of criminals who commit the majority of serious crimes are repeat offenders whose images the police already have. And as the worst criminals tend to be known to law enforcement they can be dealt with using powers which have existed for as long as the concept of policing has existed. If all else fails, it’s technically possible to access the device of a specific suspect via an evil-maid attack. There are definite ethical concerns with such tampering, but not on the scale of the damage wrought by indiscriminate backdooring. However, in their quest for ever greater powers, governments around the world routinely overlook workable and targeted solutions in favour of surveilling everyone, at all times, supposedly to catch the worst criminals, but all too often simply as a new way to penalise the most petty of infractions.

The tribunal is being held in secret and we have not heard so much as a pip from Apple about it, nor is the Home Office discussing the statements being made at the tribunal. Neither has even officially confirmed that the tribunal, which began on Friday, is about Apple. What Apple might say in response is also unknown, but too often opposition to government overreach entirely confines itself to arguing within bounds permitted by the very legislation it seeks to oppose, losing sight of much more important questions of basic morality, practical feasibility and the dangers of slippery slopes. Under the letter of the Snoopers’ Charter Apple is banned from even confirming the news about the backdoor demand, and it is thought that the Home Office may not have been appeased by Apple’s move to withdraw Advanced Data Protection without backdooring it. To reiterate, withdrawing the service means that while Britons’ rights to encrypt their data are being curtailed, secrets already within it are not being compromised. But if Apple is to be ‘hung for a lamb’ it has few reasons not to simply re-enable Advanced Data Protection for UK users. Apple could paint any such act of resistance as an opportunity for a de facto vote by the consuming public. It could even offer a returns and refunds for any users who prefer the Government’s stance. It is not hard to imagine who would win in a popularity poll between Apple and a Government which doesn’t seem to have sufficient confidence in its arguments to make them in an open court.

As I have discussed before, Apple is a popular brand, whereas the Government of Two-Tier Keir, Rachel Thieves, Ed Milliwatt and Yvette Snooper has a strongly net-negative approval rating. And Britain, despite the best efforts of those who inflicted cruel lockdowns and who seek to infest our cities with facial recognition cameras, is not yet China. Most importantly in this context though is that Britain is not China in terms of manufacturing capacity. Apple all too regularly bends the knee to Xi Jinping’s monstrous and expansionist regime and has limited AirDrop due to its popularity among protesters. It has removed VPNs, a Hong Kong protest app and the emoji character for the Taiwanese flag. It does so because, entirely of its own making, Apple has grown dependent on Chinese factories: 95% of its products are made there. And whilst many of Apple’s major suppliers, such as Foxconn, are headquartered in Taiwan, the factories they operate are mostly in China, such as at Longhua and Zhengzhou. There is an important lesson to be learned here on the dangers of depending on Chinese manufacturing, and I can’t be the only one concerned to find that a particular electronic or mechanical component I need to order is made nowhere else.

Apple, by contrast, does not depend on manufacturing facilities within the UK. While our nation can be proud to still have some world-class small businesses making highly specialised products, we are not at the heart of the supply chain for mass manufactured electronic consumer goods. The UK Government’s leverage over Apple is therefore very limited. Furthermore, attempting to ban the import of Apple goods would surely generate a thriving black market, making Apple products even more trendy, and pricey, for those buyers who have yet to see the light of Linux.

As one of the big five tech companies, Apple has not been unwilling to expend effort to shield itself from taxes and other government policies which affect its bottom-line. It would perhaps not be a good look for Apple if it failed to stand up for the privacy of its British customers with equal vigour. Smaller companies, such as Open Whisper Systems, the makers of Signal, and Proton, the company behind ProtonMail, make a point of continuing to provide services to customers in countries where they are forced out, taking a ‘different approach‘ to the one Apple has pursued thus far. It would hardly look good for a company with the might of Apple not to show similar levels of courage. Apple should remember that the Labour Government is temporary and, judging by the wave of post-lockdown resentment which has swept individualist politicians to power around the world, a future UK Government would be likely to look favourably on resistance to mass surveillance demands. What is not so temporary is Apple’s reputation: unlike other big tech companies, its primary business is still the sale of a product to the user. Prospective purchasers of Apple products will not readily forget how Apple reacts to this situation.

Make no mistake, if you have secrets of real value, Apple’s encryption product is probably not the one for you. That is not to say it is insecure – it is highly recommended by many reputable sources. But it is nonetheless a piece of software under the control of a corporation which can disable it if it chooses to do so when under pressure. Because it is end-to-end encrypted it cannot disclose user’s encryption keys when pressurised – it never had a copy of those keys – but it can turn the service off. Open source encryption software does not have this vulnerability to corporate and governmental whims; the code can stand for itself. Whereas a highly integrated app with a centralised dependency can be backdoored or threatened into shutting itself down, with open source code there is no organisation upon which a would-be-snooper can apply leverage. If an adversary, be it a government or anyone else, manages to force the closure of the main repository of the code, perhaps by threatening a website such as GitHub where it might be hosted, then copies of the code downloaded earlier can still be shared via other platforms. Contrast this with proprietary software for which it is possible for the corporation which distributes the software via centralised means to restrict, geographically or on other criteria, its availability. If an adversary manages to threaten the main maintainer of a piece of open source software to a sufficient extent that it buckles to a backdooring demand, others can spot the backdoor and create ‘forked‘ software versions without the unwelcome changes. With proprietary software, on the other hand, nobody outside the company that makes it ever checks the source code against backdooring, plus many such programs push automatic updates which the user cannot prevent.

Setting aside backdoors and security considerations for a moment, consider the following. With open-source software you can easily stick with, or roll back to, an older version whenever you encounter an interface which has worsened after an update, an unwelcome new feature added to a product or the removal of a feature you liked. That is not to say it is necessarily wise to run out-of-date versions of software. Outdated versions of internet-facing software such as browsers and system utilities within a computer’s operating system often have vulnerabilities which can be exploited remotely by installers of malware. But it remains possible. For a lot of entirely locally run software, such as photo and video editors, music recording programs, CAD (Computer Aided Design) tools, programming IDEs (Integrated Development Environments) and office suites, it is nice to have the choice of sticking with what you know alongside options for the latest version. Proprietary apps are typically designed nowadays to limit your thinking to within the narrow range of options they show you, much as Sir Humphrey ensures his Minister only ever gets to pick between the options which Humphrey’s civil servants have drafted. For open source options not everything can always be changed readily, but the software developers usually make adjustable everything they think people would be likely to wish to adjust.

If you need encryption for backing up highly sensitive data, 7zip’s AES 256 implementation has stood the test of time. It can be downloaded for Windows and Mac, with most Linux distributions including built-in graphical interface software compatible with encrypting and decrypting this format. GNU Privacy Guard is another particularly well regarded program, although it can be cumbersome for beginners to use. For Apple devices in particular there are cryptographic tools being recommended which appear to replicate much of the Advanced Data Protection functionality. Unbackdoored cryptographic algorithms are already in the public domain and there is nothing the state can do to stop criminals using them, and nothing it can do to stop anyone else either.

What remains to be seen is whether Apple will turn around, say no, and make a laughing stock of the UK Government, or whether the UK Government will, by ruining our relationship with an America which is now casting off the shackles of the surveillance-obsessed Deep State, make a laughing stock of itself.

Dr R P completed a robotics PhD during the global over-reaction to Covid. He spends his time with one eye on an oscilloscope, one hand on a soldering iron and one ear waiting for the latest bad news. He hopes soon to return to writing articles about things other than cryptographic backdoors.