FBI Warning—Major Problem With Apple’s iPhone Encryption

FBI warns on encryption.

NurPhoto via Getty Images

The encryption on your iPhone is under threat — don’t believe headlines that suggest otherwise. What happens over the next 12-months will define the future of personal data security on smartphones, and once that security bubble bursts, it’s game over.

Apple’s encryption is headline news courtesy of the U.K.’s secret/not secret Technical Capability Notice that demanded access to end-to-end encrypted backups in iCloud. And that demand reportedly applied whether or not users are based in the U.K.

ForbesYour PayPal Account Is Under Attack If You See This MessageBy Zak Doffman

Because data is end-to-end encrypted, Apple can’t access it even if ordered by a court. Warrant-proof encryption “is a major public safety problem,” law enforcement warns, creating “lawless digital spaces where bad actors are sexually exploiting children, conducting human trafficking, sharing terrorist propaganda, and distributing drugs like deadly fentanyl while evading law enforcement detection.”

That statement doesn’t come from U.K. law enforcement — it comes from the FBI, which warns of “real-world impacts to American families” and that “lawful access to digital evidence and threat information is rapidly eroding — fast approaching a tipping point — because digital service providers and device manufacturers are increasingly deploying and aggressively marketing warrant-proof encryption features.”

Apple’s fully encrypted iCloud data storage is called Advanced Data Protection, which the iPhone-maker advertises as offering “our highest level of cloud data security and protects the majority of your iCloud data using end-to-end encryption.” That means “no one else can access your end-to-end encrypted data, not even Apple.”

That’s what the bureau means by “deploying and aggressively marketing warrant-proof encryption.” The FBI says it is “a strong advocate for the wide and consistent use of responsibly managed encryption — encryption that providers can decrypt and provide to law enforcement when served with a legal order.”

The bureau says Apple and other tech companies “are in the best position to design and implement solutions for each of their products that maximize security and privacy while ensuring lawful access.” That’s precisely what the U.K. has demanded of Apple.

When Tulsi Gabbard posted on X that “I’ve been working closely with our partners in the UK, alongside @POTUS and @VP, to ensure Americans’ private data remains private,” it doesn’t mean U.K. citizens won’t still be affected by the TCN.

It’s also notable that in December, when the FBI warned U.S. citizens to use encrypted messaging in the wake of Salt Typhoon, the bureau clarified that warning, telling me it means “responsibly managed encryption,” which means lawful access.

The risk is that if one government successfully manages to break the encryption bubble, be that the U.K. or Australia or France or even the whole European Union, it will be too easy for security agencies elsewhere — including in the U.S. to demand the same.

The FBI says “U.S. tech companies will be at a disadvantage globally if they don’t take this opportunity to lead the development of lawful access standards both here and abroad. American technology products and services were popular and broadly adopted worldwide long before warrant-proof encryption became widespread.”

This debate is binary. Either devices and personal cloud backups can be protected from any form of third-party access — be that tech companies or law enforcement — or they can’t. It’s the same with the argument around device-side screening of secure messages, which is why any form of edge content filtering could be dangerously expanded.

Yes, the U.K. may be restricted from accessing U.S. data, but the argument is much bigger than just that one aspect. The U.K move is the beginning, not the end.

ForbesMicrosoft Confirms $61 Windows Update Fee Starts In 5 WeeksBy Zak Doffman

The FBI says it wants U.S. tech “to lead the world in developing effective technical solutions that provide security, promote privacy, and provide for lawful access. Many other countries essential to the global market, including the United Kingdom, Australia, India, and Brazil, have or are seeking similar frameworks to address lawful access.”

The current U.S. administration is not pushing to break encryption, but the FBI’s position is unchanged. If the U.K. and others are successful in forcing Apple and others to change their red lines, the politics will quickly change.