Update (Oct. 3, at 2:00 pm UTC): This article has been updated to add commentary by Slava Demchuk, the CEO of blockchain forensics and cybersecurity firm AMLBot.
The United Kingdom is again pressuring Apple to create a backdoor into its encrypted iCloud backup services, raising alarm among cybersecurity and crypto advocates.
According to the Financial Times, the UK government has ordered Apple to allow access to encrypted iCloud backups of British users. The renewed request differs from previous demands in that it limits access to UK-based accounts, but critics argue that the change still poses serious risks.
Many mobile wallets, including Coinbase Wallet, Uniswap Wallet, Zerion, Crypto.com DeFi Wallet and MetaMask, allow users to store encrypted private key backups in iCloud, potentially exposing users to attack due to the change.
Despite the key backups being encrypted, accessing the files allows for so-called dictionary or brute-force attacks, where the attacker attempts all possible combinations to decrypt the file. Consequently, if an attacker manages to obtain the backup file, the security relies on the strength of the encryption password.
The Electronic Frontier Foundation, a nonprofit dedicated to defending digital rights, said that “this is still an unsettling overreach that makes U.K. users less safe and less free. … As we’ve said time and time again, any backdoor built for the government puts everyone at greater risk of hacking, identity theft, and fraud.”
Slava Demchuk, the CEO of blockchain forensics and cybersecurity firm AMLBot, told Cointelegraph that implementing the UK’s request “could be dangerous for ordinary users. “The number of threats and attackers will increase. It’s simple logic,“ Demchuk said.
Related: Ethereum Foundation introduces ‘Privacy Stewards for Ethereum’ and roadmap
The UK is at it again
The UK Government made similar demands earlier this year, requiring blanket capability to view fully encrypted material, not merely assistance in cracking a specific account. The Electronic Frontier Foundation said that demand utilizes a power known as a Technical Capability Notice (TCN) under the UK’s Investigatory Powers Act.
The TCN in question was first issued in January, forcing Apple to either create a backdoor or block its Advanced Data Protection feature — which turns on end-to-end encryption for iCloud — in the UK. A US intelligence chief claimed that the UK withdrew this request, but Advanced Data Protection remained unavailable for UK users.
Related: Ethereum core dev ‘safe and free’ after being detained in Turkey
Crypto roots in privacy activism
Bitcoin (BTC), and later the broader cryptocurrency industry, both owe their existence to early digital rights advocacy groups. Bitcoin was largely developed by so-called cypherpunks, a pro-cryptography group that famously opposed the US government’s classification of cryptography and prime numbers as munitions to control them.
This tradition continues today with activism carried on by the crypto community. Recently, Ethereum co-founder Vitalik Buterin criticized the European Union’s proposed “Chat Control” legislation, which would require client-side pre-encryption scanning of messages for illegal content.
Buterin highlighted that backdoors built for law enforcement are “inevitably hackable” and undermine everyone’s safety. The Electronics Frontiers Foundation also warned that the UK’s new requests make everyone less safe.
Magazine: Can privacy survive in US crypto policy after Roman Storm’s conviction?