The UK has just established itself as THE surveillance state—beat out China and Russia—by ordering Apple to give it access to the encrypted data of ALL iPhone users worldwide.

According to The Washington Post, the UK government issued Apple a legally binding order to provide access to all iPhone cloud backups, including those protected by the company’s Advanced Data Protection, a feature that uses end-to-end encryption (E2EE).

The UK is not asking Apple to hack specific accounts or aid law enforcement in specific investigations. Instead, the British government is asking Apple to create a backdoor or bypass so that it can decrypt and access the encrypted content of any iPhone user who relies on iCloud backup, regardless of whether they are a British citizen or a citizen of another country.

To be clear, this puts the UK squarely in a league of its own, going far beyond what China or Russia require. To make matters worse, the UK’s order makes it illegal for anyone within Apple to even disclose its existence—since absolutely, without a doubt, undeniably, absolute secrecy has always been the hallmark of perfectly legal legislation. The Post’s sources obviously believed the issue was a grave enough threat to be willing to risk the legal ramifications should they ever be identified.

Apple itself, within the bounds of what it legally could, tried to warn the world the UK was preparing to issue this order.

“There is no reason why the UK [government] should have the authority to decide for citizens of the world whether they can avail themselves of the proven security benefits that flow from end-to-end encryption,” Apple told Parliament in March of last year.

At least one of the Post’s sources was a consultant tasked with advising the U.S. on encryption matters. The source confirmed that Apple would be legally prohibited from informing users their encryption had been bypassed and rendered useless. What’s more, the source expressed shock that the UK was essentially trying to force Apple to aid it in its efforts to spy on all users worldwide, regardless of citizenship.

The Encryption Issue

Encryption has been a long-standing point of contention between law enforcement and tech companies. Law enforcement and government officials often point to encryption as some kind of boogeyman that makes it impossible to conduct investigations into terrorism, child trafficking, and all other manners of horrible activities. To be clear, every reasonable effort should be made to combat such things.

Unfortunately, creating backdoors or otherwise undermining encryption is not a reasonable solution. As countless mathematicians, cryptographers, computer scientists, privacy advocates, computer experts, and even government officials have made clear, there is absolutely no way to weaken encryption for the good guys without also making it easier for the bad guys to exploit.

The U.S. recently learned this lesson the hard way, thanks to what Senator Mark R. Warner dubbed the “worst telecom hack in our nation’s history — by far.” China-backed Salt Typhoon hackers gained access to multiple U.S. telecom companies, giving them the ability to monitor phone calls and text messages at will.

In the wake of the attack, even the FBI and CISA have encouraged all users to rely on E2EE messaging platforms.

“Our suggestion, what we have told folks internally, is not new here: Encryption is your friend, whether it’s on text messaging or if you have the capacity to use encrypted voice communication,” said Jeff Greene, an executive assistant director for cybersecurity at CISA. “Even if the adversary is able to intercept the data, if it is encrypted, it will make it impossible.”

What Happens Next

Apple has the right to appeal the UK’s decision, but the company must comply with the order while waiting on the outcome of an appeal. Like the entire process, Apple’s appeal will be in secret, as will the outcome.

In the meantime, if Apple moves forward and complies with the UK’s order, it would represent a major weakening of privacy and security for all iPhone users worldwide. It’s unclear if Apple could legally comply, given that the company is bound by the privacy laws and regulations of other jurisdictions. The EU’s privacy laws, in particular, may prohibit Apple from complying with the UK’s order, at least in the context of EU citizens.

In all likelihood, Apple will stop offering encrypted services within the UK if it is unable to successfully appeal the decision, an outcome that will leave all UK iPhone users in a far worse position, and compromise their ability to protect their private data at a time when bad actors are exploiting such data more than ever.

Unfortunately, it will likely take a Salt Typhoon-like attack on the UK before its government officials finally realize that strong encryption is the cornerstone of safe technology.