Is the UK really the “safest place in the world to be online”? Probably not, if secret government demands for access to your most private information is something that concerns you. Leaks to the Washington Post revealed that this January, the UK government issued a secret order to Apple as part of the Investigatory Powers Act (aka Snoopers’ Charter) to break end-to-end encryption (E2EE) and allow access to all UK citizens’ Apple iCloud data.
The notorious “backdoor” the UK is attempting to pry open has long been at the centre of debate about online privacy and government overreach, and this demand presents a game-changing threat to the security of internet users around the world—particularly those who may be targeted by increasingly censorial and discriminatory policies. For artists online who have taken for granted their ability to communicate, organise and share privately, this may be a wakeup call; for those in the UK, it should be an alarm.
The battle over breaking E2EE has often pitted the tech sector against politicians and police, as access to such data could provide law enforcement with critical information about illicit activities. But allowing government access to users’ private data comes with significant risks that extend beyond the assumed use, and beyond borders. E2EE, used in apps like WhatsApp and banking systems, encrypts data so only communicating parties can decipher it, blocking even providers from access. This privacy allows for at-risk communities—such as dissidents, activists and artists critiquing power—to connect and work without becoming targets for censorship, even across borders.
A backdoor for the UK would mean breaking this encryption, exposing user data and creating dangerous precedent. “You can’t protect a so-called ‘backdoor’ in encryption just for the ‘good guys’,” Mark Scott, a senior resident fellow at the Atlantic Council’s Democracy + Tech Initiative, tells The Art Newspaper. “Inevitably, such access will be exploited by less democratic forces.” Tech companies have historically held the line against backdoors—previous attempts to force Meta and Signal to expose pre-encrypted messages resulted in threats to leave the UK.
Threat to dissident artists
Relied on by activists, journalists and everyday users globally, E2EE is championed as a critical tool for protecting free expression; the UN highlights it as supporting Article 19 of the Universal Declaration of Human Rights, and the right to “seek, receive and impart information”. Scott says that “encrypted communication is the lifeblood of enabling people’s right to express themselves without governments, of any persuasion, attempting to access that data in the name of national security”.
“National security” is often used to push for invasive, far-reaching policies, and the UK is no exception. The UK Online Safety Act was considered the first extensive online regulation legislation in the world, intended to protect citizens from harm. But human- and digital-rights communities have eyed these measures with caution, particularly when hasty and overly broad proposals threaten freedom of expression and privacy in the name of protecting children or fighting terrorism. Among potential harms, such policies can easily be subjected to partisan purposes regardless of their original intentions.
Carolina Are, a platform governance researcher at the Centre for Digital Citizens at Northumbria University, tells The Art Newspaper: “I’m thinking of activists trying to organise protests at a time when it’s very easy to be punished simply because you organise a rally; I’m thinking of journalists trying to reach their sources, particularly when these sources want to be whistleblowers. Depending on how the government wants to use this, it could be very damaging … now that that’s been done any government that comes after, no matter how repressive they can be, can utilise this.”
According to the Washington Post, the UK’s secret demand to Apple was extensive, giving them “blanket” access to the encrypted iCloud data of any UK citizen regardless of their location. At best, the application of such an order would be unwieldy; at worst, it would effectively break encryption the world over, making those who rely upon the security of their devices, from dissident artists and human rights defenders to artists sharing or storing artwork, vulnerable to malicious actors and threats to freedom of expression.
Holding firm to its commitment to E2EE, Apple ultimately opted instead to remove Advanced Data Protection (ADP) in the UK, allowing government access to data stored in iCloud, including photos, documents and voice memos. It is not yet known whether this concession will meet the UK’s extensive demands, or even whether the UK government may compel other companies or other encrypted information.
While the backdoor the UK government sought may hold for the time being, a threat to freedom of expression and privacy online is undeniably in our own backyard. In the words of Are: “This is a terrifying step.”
- Emma Shapiro is editor-at-large of the Don’t Delete Art project
