The British government has ordered Apple to break its end-to-end encryption. They've done this through a secret legal order that Apple isn't even permitted to acknowledge exists. This Technical Capability Notice (TCN) demands Apple create a backdoor into iCloud storage - not just for British users, but for everyone who uses an iPhone anywhere in the world.

If you've ever backed up your phone, sent a private message, or stored sensitive documents in the cloud, this ought to worry you. When end-to-end encryption is broken, your data becomes vulnerable not just to government surveillance but to anyone clever or persistent enough to exploit the weakness.

How End-to-End Encryption Works

When you send a message through a service like WhatsApp, end-to-end encryption protects your data by scrambling it into unreadable code. Only you and your intended recipient have the key to unscramble it - WhatsApp can't read your messages.

Apple offers similar protection for iCloud, but only if you enable Advanced Data Protection. With this optional feature switched on, your backups are end-to-end encrypted in a way that even Apple can't access.

It works rather like sending a letter in an unbreakable safe rather than on a postcard. You could intercept the safe, but without the key, you'll never see what's inside. The mathematics behind modern end-to-end encryption are so robust that even the world's fastest computers would need millions of years to guess the key. Practically speaking, it's unbreakable.1

You can be tricked into giving away the key, say, if you fall for a WhatsApp scam but you are the only point of failure. Your information is as secure as your caution.

Most online services don't offer this protection. When you use YouTube or Instagram, the companies hold spare keys to your data. This makes them prime targets for hackers and intelligence agencies - break into their systems, and you can access millions of users' information.

Large multinational tech firms spend huge amounts of money keeping themselves secure, but they can and do get breached on occasion, and you only need to be unlucky once. End-to-end encryption removes this vulnerability. Even if someone breaches the service, all they'll find is incomprehensible gibberish.

Consider what's on your phone: banking details? Private conversations? Photographs of your family? Medical information? Work documents? With Apple's Advanced Data Protection, all of this stays end-to-end encrypted when backed up to iCloud. No one can access it without your key - not Apple, not governments, not criminals.

The British government wants to change that by demanding that tech companies break end-to-end encryption and allow the the security services to snoop on people all over the world.

Breaking the Unbreakable

The UK government claims this is about fighting crime and terrorism. Ken McCallum, MI5's director, argues that tracking online activity is "utterly crucial" for national security. But his argument misses a fundamental truth: you cannot create a secure way to break end-to-end encryption. Breaking it for one purpose means breaking it entirely.

A backdoor in encryption is rather like a hole in a submarine - it renders the whole thing pointless. Criminals will try to steal the master key. Foreign intelligence services will attempt to compromise it. Other governments will demand their own access. Apple's engineers could be coerced or bribed into revealing its secrets.

The technical community has spent decades explaining this. Bruce Schneier, one of the world's foremost experts on cryptography, wrote of the FBI's demands to water down encryption in 2016:

"...as a technologist I can tell you that there is no way to give the FBI that capability without weakening the encryption against all adversaries as well. This is critical to understand. I can't build an access technology that only works with proper legal authorization, or only for people with a particular citizenship or the proper morality. The technology just doesn't work that way."

Even former intelligence chiefs understand the danger. Robert Hannigan, who led GCHQ from 2014-2017, told the Today programme:

"Encryption is overwhelmingly a good thing. It keeps us all safe and secure. Throughout the Cold War and up until 15 years ago it was something only governments could do at scale."

"You can't un-invent end-to-end encryption... you can't legislate it away."

The government insists this is about balancing privacy with security. But the Home Office's latest move sacrifices both and gains neither. Effectively banning large tech firms from offering end-to-end encrypted services doesn't get rid of the technology. Bad people will keep using it; they'll just use bespoke solutions designed for criminals and hosted abroad rather than WhatsApp or iCloud. Meanwhile, the rest of us have our privacy encroached upon and our security compromised.

What's worse is that we only know this TCN notice was issued because of reporting by the Washington Post. Since last year, British law makes it a crime for companies to reveal the government has asked them to erode the privacy and security of their customers.

I should also say at this point; I’d like to stop more crime. “Pedophile”, “terrorist”, and “organised criminal” are among the worst hobbies a human can take up as far as I’m concerned. But law enforcement already has powerful tools at its disposal. Traditional investigative techniques still work.

Metadata analysis can reveal who's talking to whom, and when. Device hacking can target specific suspects. Court-ordered surveillance remains effective. Financial intelligence helps track criminal networks. The challenge isn't a lack of capabilities - it's about using existing powers effectively and deploying resources where they matter most.

When our government is mentioned in the same conversation as dictatorships, the comparison has usually been made by a stupid person. I like to think I am not a stupid person - though I'll let you be the judge - but these types of intrusive and opaque laws on data collection are more often associated with Putin's Russia and Xi's China than Western democracies. Our government may have noble intentions, but its ends are the cursed combination of evil and impractical.

What Happens Next

Apple now faces an impossible choice. They've built their brand on user privacy and complying with the order would decimate their reputation. They could refuse to comply, as they did with the FBI in 2016. But this could leave the firm with a massive fine or worse.

Apple might decide to withdraw their end-to-end encrypted features from the market entirely - they've hinted at this before. But this would leave British users more vulnerable whilst setting a dangerous precedent of governments dictating security features.

If the Home Office succeeds, Apple will not be the last company they come after. Given the secretive nature of the action, they may not have been the first. Google and Meta may well be next, if they haven't been contacted already. The latter previously said it would remove WhatsApp from the British market rather than undermine its encryption.

The ramifications are hideous. Less secure communications and storage just as the government tries to kickstart an AI revolution which relies on liberal data sharing. It also has the potential to create friction with allies, after all the TCN is global in scope, demanding British security services have access to the data of Europeans and Americans.

For all our sakes, we'd best hope that the government is shamed into reversing course. As it stands, Labour is carrying out an act of vandalism against liberal democracy. It is easy to erode rights, much harder to get them back once they're lost.

Thank you for reading Otters and Insights, if you’ve enjoyed this piece then please consider subscribing, it’s free and you have nothing to lose except a tiny portion of your life. You can find me on BlueSky @jackrowlett.bsky.social