U.K. Sought Broad Access to Apple Customers’ Data ft.com

Tim Bradshaw and Anna Gross, Financial Times:

The new [Investigatory Powers Tribunal] filing prepared by two judges sets out the “assumed facts” on which the case will be argued at a court hearing scheduled for early next year.

[…]

However, the new IPT filing states the [technical capability notice] “is not limited to” data stored under ADP, suggesting the UK government sought bulk interception access to Apple’s standard iCloud service, which is much more widely used by the company’s customers.

It is routine for law enforcement to request access to individual iCloud accounts, and Apple says it complies to the best of its ability with legal requests. But “bulk interception access” would go well beyond these kinds of targeted requests and reverting to the kind of global surveillance apparatus made public in 2013. The more cynical reader might imagine such a system still exists regardless of operating systems and web browsers defaulting to secure connections in the intervening years. I have not seen evidence of this. I think the Times’ reporting supports the notion that intelligence services can no longer monitor these kinds of communications in bulk as they once did.

The filing also apparently throws cold water on Tulsi Gabbard’s claim that the U.K. is rescinding its demands for an Advanced Data Protection backdoor. Again, the secrecy around this prevents us from gaining specificity or clarity. It even requires the judges to rely on “assumed facts” which, as Bradshaw and Gross write, are “not the same as asserting that [they are] factually the case”, because they cannot confirm the existence of the technical capability notice. Insert your personal favourite dystopian literary reference here.