Unlock the Editor’s Digest for free
Roula Khalaf, Editor of the FT, selects her favourite stories in this weekly newsletter.
The UK government made a broader attempt to force Apple to provide “back-door” access to private customer data than was previously known, a new court document suggests.
The legal filing, seen by the Financial Times, also indicates the Home Office is yet to modify its demand for Apple to grant access to data belonging to customers outside the UK, despite claims by Trump administration officials last week that the British government had “agreed to drop” its effort to tap American citizens’ private information.
The new court document was published on Wednesday by the Investigatory Powers Tribunal (IPT), an independent judicial body that examines complaints against the UK security services.
Apple launched its legal challenge against a Home Office order to create back-door access to the US technology company’s most secure cloud storage systems at the IPT in March.
The UK’s move against Apple in January ignited the most high-profile clash over encryption in almost a decade, and sparked tensions between the Trump administration and Sir Keir Starmer’s government.
The new IPT filing prepared by two judges sets out the “assumed facts” on which the case will be argued at a court hearing scheduled for early next year.
The IPT has agreed to hear Apple’s complaint in open court but the UK government refuses to confirm or deny the existence of the Home Office order.
As a result, the issues to be argued in court are deemed by the IPT to be “assumed facts” to avoid those involved from breaking the Official Secrets Act.
Apple received a technical capability notice (TCN) from the Home Office several months ago, which the company is prevented from discussing publicly under the terms of the Investigatory Powers Act.
The iPhone maker’s first public acknowledgment of the TCN was to withdraw an optional extra layer of encryption that protects its iCloud system, called Advanced Data Protection, from UK customers in February.
However, the new IPT filing states the TCN “is not limited to” data stored under ADP, suggesting the UK government sought bulk interception access to Apple’s standard iCloud service, which is much more widely used by the company’s customers.
The TCN also included “obligations to provide and maintain a capability to disclose categories of data stored within a cloud-based backup service”, the filing states, which suggests the government sought to tap messages or passwords that were backed up in the cloud as well.
“The obligations included in the TCN are not limited to the UK or users of the service in the UK; they apply globally in respect of the relevant data categories of all iCloud users,” the IPT filing adds.
The UK’s Investigatory Powers Act has extraterritorial powers, hypothetically giving British law enforcement the right to access the data of Apple customers anywhere in the world, including in the US.
Critics have called the law a “snooper’s charter”, but the UK has defended it as essential for combating terrorism and child sexual abuse.
Last week, Tulsi Gabbard, Donald Trump’s director of national intelligence, said the UK “has agreed to drop its mandate for Apple to provide a ‘back door’ that would have enabled access to the protected encrypted data of American citizens and encroached on our civil liberties”, after vice-president JD Vance also put pressure on London over the issue.
It is unclear whether the new IPT filing’s reference to the TCN’s global reach simply referred to the original Home Office order when it was issued, or if it might be a signal that the department is yet to take legal steps to rescind or curtail the scope of the notice.
“We’re very concerned this is still going on,” said one person familiar with the case.
The IPT filing also reveals the Home Office began the process of issuing a TCN against Apple before amendments to the Investigatory Powers Act came into force last year.
A UK government spokesperson said it did not comment on “operational matters”, including “confirming or denying the existence” of TCNs.
It said last week that its security arrangements with the US “have long contained safeguards to protect privacy and sovereignty” and already prevent each country from targeting the data of each other’s citizens.
Apple declined to comment.