Google has just admitted that the UK government hasn’t requested access to end-to-end encrypted user data.
Meanwhile, Apple has been hit by a Technical Capability Notice (TCN) under the 2016 Investigatory Powers Act (IPA), forcing it to shutter its iCloud Advanced Data Protection feature in the UK as a result.
The backlash that followed the UK’s request for access to end-to-end encrypted data from Apple echoed throughout the rest of the world. It now turns out that the request may have been more targeted than it first seemed, with Google seemingly immune to it for now.
“We haven’t received a technical capabilities notice”
In February this year, the UK authorities requested that Apple break its end-to-end encryption policies in the Advanced Data Protection (ADP) feature. ADP isn’t on by default, but when enabled, it adds an extra layer of security. Not even Apple itself can access the data that’s been encrypted in this way; it’s completely private.
Unsurprisingly, the order was not met with a warm reception. Mounting scrutiny of the UK’s Investigatory Powers Act (IPA) led US senators to investigate whether other companies have also received similar requests.
According to TechCrunch, Google refused to answer questions about any involvement from the UK government when prompted by US Senator Roy Wyden. Companies that are subject to government surveillance orders are unable to disclose them under UK law.
However, Wyden disclosed that at least one technology giant confirmed that it hasn’t received such a notice. That turned out to be Meta, which told Wyden’s office back in March that it hadn’t been served an order to backdoor its encryption services.
Although Google remained silent, it appears to have broken that vow of silence in a statement to TechCrunch. Karl Ryan, Google spokesperson, said: “We haven’t received a technical capabilities notice.”
That’s as good a confirmation as we’re going to get in this situation. If Google had received such a notice, it would imply that the UK government was surveying whether a backdoor could be added to its end-to-end encryption or not.
Ryan also told TechCrunch: “We have never built any mechanism or ‘backdoor’ to circumvent end-to-end encryption in our products. If we say a product is end-to-end encrypted, it is.”
The UK government might still back down
When asked to build a backdoor in its ADP service, Apple instead chose to turn off the feature for users in the UK, leaving them without access to additional data protection.
Although using one of the best VPN services can help boost Brits’ online privacy, it’s certainly not going to replace iCloud’s end-to-end encryption protection that users in other countries are able to benefit from.
The order was widely criticized worldwide, with US lawmakers warning against “systemic vulnerabilities.” Meanwhile, Apple decided to challenge the request in Court.
More recently, two senior British officials disclosed that the UK government might have to give up on pursuing encryption backdoors due to pushback from the US government. “They don’t want us messing with their tech companies,” they said.
No matter where this case ultimately leads, the fact that Apple was involved, but Google walked away unscathed, is an interesting development. Google’s hands-off status may offer reassurance that the UK’s encryption demands aren’t as sweeping as they first appeared — at least not yet.