- Tulsi Gabbard was urged to challenge the UK’s order for Apple data access.
- UK’s request could compromise American data security, risking espionage threats, the letter said.
- Apple reportedly faces penalties for disclosing UK’s “secret order,” raising privacy concerns.
Tulsi Gabbard was sworn in as the Director of National Intelligence on Wednesday, and she’s already received a warning from congressmen about the safety of Americans’ data.
A letter from Ron Wyden, a Democrat on the Senate Intelligence Committee, and Andy Biggs, a Republican on the House Judiciary committee, urged Gabbard to demand the UK government retract an order that would grant them access to the cloud content of any Apple user in the world.
The Washington Post was the first to report on the order, which it said was issued in January, and which would allow the British government to view encrypted material. Wyden and Biggs asked Gabbard to push back on the “secret order.”
If Apple were to build a backdoor for the UK, the congressmen said, it would undermine Americans’ right to privacy, “expose them to espionage by China, Russia, and other adversaries,” and threaten government agencies that use Apple products. The tech giant is reportedly not allowed to acknowledge the order.
“The company faces criminal penalties that prevent it from even confirming to the US Congress the accuracy of these press reports,” the letter said.
Wyden and Biggs told Gabbard to give the UK an ultimatum: “Back down from this dangerous attack on US cybersecurity, or face serious consequences.”
They also asked her office to answer three questions about the Trump administration’s awareness of the order and its understanding of the 2018 CLOUD Act, which allows the US to enter bilateral agreements with foreign allies to request data information from companies without going through diplomatic channels.
Business Insider reached out to the British Home Office and the White House for comment. The White House did not immediately respond.
The Home Office provided a statement to BI on Thursday: “We do not comment on operational matters, including for example confirming or denying the existence of any such notices.”
Apple CEO Tim Cook has been a big proponent of data encryption on iOS devices. The tech giant pushed back against the US government’s request for a backdoor into iPhone users’ personal information.
After a 2015 terrorist attack in San Bernardino, Apple was asked by the FBI to provide access to the shooter’s data. Cook said that Apple complied with the request, but he stood firmly against building a backdoor to the iPhone.
Cook said it would be “too dangerous to create” such a thing, considering it could fall into the hands of hackers.
“Compromising the security of our personal information can ultimately put our personal safety at risk. That is why encryption has become so important to all of us,” Cook wrote in 2016.
Read the full letter sent to Gabbard:
Dear Director Gabbard:
We write to urge you to act decisively to protect the security of Americans’ communications from dangerous, shortsighted efforts by the United Kingdom (UK) that will undermine Americans’ privacy rights and expose them to espionage by China, Russia and other adversaries.
According to recent press reports, the UK’s Home Secretary served Apple with a secret order last month, directing the company to weaken the security of its iCloud backup service to facilitate government spying. This directive reportedly requires the company to weaken the encryption of its iCloud backup service, giving the UK government the “blanket capability” to access customers’ encrypted files. This order was reportedly issued under the UK’s Investigatory Powers Act 2016, commonly known as the “Snoopers’ Charter,” which does not require a judge’s approval. Apple is reportedly gagged from acknowledging that it received such an order, and the company faces criminal penalties that prevent it from even confirming to the US Congress the accuracy of these press reports.
These reported actions seriously threaten the privacy and security of both the American people and the US government. Apple does not make different versions of its encryption software for each market; Apple customers in the UK use the same software as Americans. If Apple is forced to build a backdoor in its products, that backdoor will end up in Americans’ phones, tablets, and computers, undermining the security of Americans’ data, as well as of the countless federal, state and local government agencies that entrust sensitive data to Apple products.
The Salt Typhoon hack of US telephone carriers’ wiretapping systems last year — in which President Trump and Vice President Vance’s calls were tapped by China — provides a perfect example of the dangers of surveillance backdoors. They will inevitably be compromised by sophisticated foreign adversaries and exploited in ways harmful to US national security. As the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI confirmed last November, People’s Republic of China (PRC)-affiliated actors were involved in “copying of certain information that was subject to US law enforcement requests pursuant to court orders.”
The risk does not just come from wiretapping systems — when sensitive data is stored by third parties, without end-to-end encryption, it is vulnerable to theft when those service providers are hacked. That is exactly what has happened in 2023, when PRC-affiliated hackers broke into Microsoft’s systems storing federal agencies’ emails. As the Department of Homeland Security’s Cyber Safety Review Board documented, the foreign spies “struck the espionage equivalent of gold,” enabling them to access “the official email accounts of many of the most senior US government officials managing our country’s relationship with the People’s Republic of China” and “downloaded approximately 60,000 emails from State Department alone.”
After years of senior US government officials — from both Republican and Democratic Administrations — pushing for weaker encryption and surveillance backdoors, it seems that the US government has finally come around to a position we have long argued: strong end-to-end encryption protects national security. Indeed, in the wake of the Salt Typhoon hack, CISA released public guidance which recommended that high-value targets, including Members of Congress, solely use end-to-end encrypted communications tools, like Signal.
While the UK has been a trusted ally, the US government must not permit what is effectively a foreign cyberattack waged through political means. If the UK does not immediately reverse this dangerous effort, we urge you to reevaluate US-UK cybersecurity arrangements and programs as well as US intelligence sharing with the UK. As the UK Parliament’s intelligence oversight committee described in a December, 2023 public report, the UK benefits greatly from a “mutual presumption towards unrestricted sharing of [Signals Intelligence]” between the US and UK and that “[t]he weight of advantage in the partnership with the [National Security Agency] is overwhelmingly in [the UK’s] favour.” The bilateral US-UK relationship must be built on trust. If the UK is secretly undermining one of the foundations of US cybersecurity, that trust has been profoundly breached.
You stated at your confirmation hearing that “backdoors lead down a dangerous path that can undermine Americans’ Fourth Amendment rights and civil liberties.” And you wrote in response to a written question that “[m]andating mechanisms to bypass encryption or privacy technologies undermines user security, privacy, and trust and poses significant risks of exploitation by malicious actors.” We urge you to put those words into action by giving the UK an ultimatum: back down from this dangerous attack on US cybersecurity, or face serious consequences. To inform ongoing Congressional oversight, please also provide us with unclassified answers to the following questions by
March 3, 2025:
1. Was the Trump Administration made aware of this reported order, either by the UK or Apple, prior to the press reports and, if so, when and by whom?
2. What is the Trump Administration’s understanding of UK law and the bilateral CLOUD Act agreement with regard to an exception to gag orders for notice to the US government?
3. What is the Trump Administration’s understanding of its obligation to inform Congress and the American public about foreign government demands for US companies to weaken the security of their products, pursuant to the CLOUD Act?
Sincerely,
Ron Wydon
Andy Biggs
