Encryption

London court holds secret hearing on Apple’s cloud encryption dispute

A London court has reportedly heard Apple’s appeal against a British government order requiring it to provide access to encrypted cloud storage.

The hearing, held at the Investigatory Powers Tribunal on Friday, took place behind closed doors, with no media or civil rights groups allowed to attend.

The case stems from a ‘technical capability notice’ issued to Apple, which allegedly compelled the company to create a backdoor into its encrypted services. In response, Apple removed its Advanced Data Protection feature for new users in Britain.

Neither Apple nor the UK government has confirmed the existence of the order, but reports suggest it has raised concerns among privacy advocates and foreign governments.

Civil rights groups, including Privacy International and Liberty, have condemned the secrecy of the proceedings, calling the order ‘unacceptable and disproportionate.’

Critics argue that allowing governments to bypass encryption undermines privacy and security for users worldwide. The issue has drawn international attention, with United States officials investigating whether Britain’s actions violated the CLOUD Act, which restricts demands for US citizens’ data.

Government officials have remained tight-lipped, with the Home Office refusing to comment and security ministers maintaining a policy of neither confirming nor denying such notices.

While authorities argue that encryption access is essential for tackling serious crimes, opponents warn that weakening security protections could have far-reaching consequences. The case highlights ongoing tensions between governments and tech companies over privacy, security, and law enforcement.

For more information on these topics, visit diplomacy.edu.

HQC announced as safeguard against future quantum attacks

The National Institute of Standards and Technology (NIST) has introduced HQC, a backup encryption algorithm designed to protect sensitive data from potential threats posed by future quantum computers.

As part of its ongoing efforts to strengthen cybersecurity, the agency selected HQC to complement the existing post-quantum cryptography (PQC) standard, ML-KEM, in case quantum advancements compromise current encryption methods.

HQC relies on error-correcting codes, a mathematical approach used in data protection for decades, including in NASA missions.

The algorithm is larger than ML-KEM and requires more computing power, but experts determined it to be a secure and reliable alternative. A draft standard for HQC is expected within a year, with final approval anticipated by 2027.

NIST has been working to prepare for the so-called ‘Q day,’ when quantum computers could break conventional encryption. Three PQC algorithms were finalized in 2024, including ML-KEM and two digital signature standards.

In addition to announcing HQC, NIST is preparing to release a draft standard for the FALCON algorithm, further strengthening protections against future cyber threats.

For more information on these topics, visit diplomacy.edu.

UK Government removes encryption guidance after calls for iCloud backdoor access

The UK government has removed encryption advice from its official web pages, shortly after requesting backdoor access to encrypted data stored on Apple’s iCloud service.

The change was noticed by security expert Alec Muffett, who highlighted in a blog post that the National Cyber Security Centre (NCSC) no longer recommends encryption for high-risk individuals.

Previously, the NCSC had advised the use of encryption tools such as Apple’s Advanced Data Protection (ADP) for secure iCloud backups, which provide end-to-end encryption to ensure only the user has access to their data.

However, the webpage now redirects to a different page with no mention of encryption, instead recommending Apple’s Lockdown Mode—a security feature designed to limit access to certain phone functions.

Muffett pointed out that the original advice is no longer available on government sites, though it can still be accessed via the Wayback Machine.

This development follows reports that the UK government requested Apple to build a backdoor to access encrypted iCloud data.

In response, Apple removed the ADP feature for new users in the UK and stated that existing users would eventually need to disable it. Apple is reportedly challenging the UK’s data access order in the Investigatory Powers Tribunal (IPT).

For more information on these topics, visit diplomacy.edu.

Italy debates Starlink for secure communications

Italy’s ruling League party is urging the government to choose Elon Musk’s Starlink over French-led Eutelsat for secure satellite communications, arguing that Starlink’s technology is more advanced.

Prime Minister Giorgia Meloni’s government is looking for an encrypted communication system for officials operating in high-risk areas, with both Starlink and Eutelsat in talks for the contract.

League leader Matteo Salvini, a strong supporter of former US President Donald Trump, has emphasised the need to prioritise US technology over a French alternative.

Meanwhile, Eutelsat’s CEO confirmed discussions with Italy as the country seeks an interim solution before the EU’s delayed IRIS² satellite system becomes operational.

Meloni’s office has stated that no formal negotiations have taken place and that any decision will be made transparently.

However, opposition parties have raised concerns over Starlink’s involvement, given recent speculation that Musk could cut off Ukraine from its service, potentially affecting national security interests.

Musk responded positively to the League’s endorsement, calling it ‘much appreciated’ on his social media platform X.

For more information on these topics, visit diplomacy.edu.

US investigates UK over alleged backdoor demand for Apple data

United States officials are reviewing whether the UK breached a bilateral agreement by reportedly pressuring Apple to create a ‘backdoor’ for government access to encrypted iCloud backups.

Apple recently withdrew an encrypted storage feature for UK users following reports that it had refused to comply with such demands, which could have affected users worldwide. The Washington Post reported that Apple rejected the UK government’s request.

The US director of national intelligence, Tulsi Gabbard, confirmed in a letter to lawmakers that a legal review is underway to determine if the UK violated the CLOUD Act.

Under the agreement, neither the US nor the United Kingdom can demand data access for citizens or residents of the other country. Initial legal assessments suggest the UK’s reported demands may have overstepped its authority under the agreement.

Apple has long defended its encryption policies, arguing that creating a backdoor for government access would weaken security and leave user data vulnerable to hackers. Cybersecurity experts warn that any such backdoor, once created, would inevitably be exploited.

The tech giant has clashed with regulators over encryption before, notably in 2016 when it resisted US government efforts to unlock a terrorism suspect’s iPhone.

For more information on these topics, visit diplomacy.edu.

Vodafone collaborates with IBM on quantum-safe cryptography

Vodafone UK has teamed up with IBM to explore quantum-safe cryptography as part of a new Proof of Concept (PoC) test for its mobile and broadband services, particularly for users of its ‘Secure Net’ anti-malware service. While quantum computers are still in the early stages of development, they could eventually break current internet encryption methods. In anticipation of this, Vodafone and IBM are testing how to integrate new post-quantum cryptographic standards into Vodafone’s existing Secure Net service, which already protects millions of users from threats like phishing and malware.

IBM’s cryptography experts have co-developed two algorithms now recognised in the US National Institute of Standards and Technology’s first post-quantum cryptography standards. This collaboration, supported by Akamai Technologies, aims to make Vodafone’s services more resilient against future quantum computing risks. Vodafone’s Head of R&D, Luke Ibbetson, stressed the importance of future-proofing digital security to ensure customers can continue enjoying safe internet experiences.

Although the PoC is still in its feasibility phase, Vodafone hopes to implement quantum-safe cryptography across its networks and products soon, ensuring stronger protection for both business and consumer users.

For more information on these topics, visit diplomacy.edu.

UK Home Office’s new vulnerability reporting policy creates legal risks for ethical researchers, experts warn

The UK Home Office has introduced a vulnerability reporting mechanism through the platform HackerOne, allowing cybersecurity researchers to report security issues in its systems. However, concerns have been raised that individuals who submit reports could still face legal risks under the UK’s Computer Misuse Act (CMA), even if they follow the department’s new guidance.

Unlike some private-sector initiatives, the Home Office program does not offer financial rewards for reporting vulnerabilities. The new guidelines prohibit researchers from disrupting systems or accessing and modifying data. However, they also caution that individuals must not ‘break any applicable law or regulations,’ a clause that some industry groups argue could discourage vulnerability disclosure due to the broad provisions of the CMA, which dates back to 1990.

The CyberUp Campaign, a coalition of industry professionals, academics, and cybersecurity experts, warns that the CMA’s definition of unauthorized access does not distinguish between malicious intent and ethical security research. While the Ministry of Defence has previously assured researchers they would not face prosecution, the Home Office provides no such assurances, leaving researchers uncertain about potential legal consequences.

A Home Office spokesperson declined to comment on the concerns.

The CyberUp Campaign acknowledged the growing adoption of vulnerability disclosure policies across the public and private sectors but highlighted the ongoing legal risks researchers face in the UK. The campaign noted that other countries, including Malta, Portugal, and Belgium, have updated their laws to provide legal protections for ethical security research, while the UK has yet to introduce similar reforms.

The Labour Party had previously proposed an amendment to the CMA that would introduce a public interest defense for cybersecurity researchers, but this was not passed. Last year, Labour’s security minister Dan Jarvis praised the contributions of cybersecurity professionals and stated that the government was considering CMA reforms, though no legislative changes have been introduced so far.

For more information on these topics, visit diplomacy.edu.

Sweden considers law requiring encrypted messaging backdoors, Signal threatens to exit

Swedish law enforcement and security agencies are advocating for legislation that would require encrypted messaging services such as Signal and WhatsApp to implement technical measures allowing authorities to access user communications, according to a report by SVT Nyheter.

If introduced, the bill would mandate that these platforms retain messages and provide law enforcement with access to the message history of criminal suspects. Minister of Justice Gunnar Strömmer stated that such measures are necessary for authorities to carry out investigations effectively.

Signal Foundation President Meredith Whittaker told SVT Nyheter that if the proposed legislation requires the company to introduce backdoors, Signal would withdraw from the Swedish market rather than comply. The Swedish Armed Forces have also expressed concerns, warning that implementing such access mechanisms could introduce security risks that might be exploited by unauthorised parties.

The bill could be considered by Sweden’s parliament, the Riksdag, next year if it moves forward in the legislative process.

Similar legislative efforts have been introduced in other countries. In the UK, Apple recently disabled end-to-end encryption for iCloud accounts in response to government demands for access to encrypted data.

For more information on these topics, visit diplomacy.edu.

UK users face reduced cloud security as Apple responds to government pressure

Apple has withdrawn its Advanced Data Protection (ADP) feature for cloud backups in Britain, citing government requirements.

Users attempting to enable the encryption service now receive an error message, while existing users will eventually have to deactivate it. The move weakens iCloud security in the country, allowing authorities access to data that would otherwise be encrypted.

Experts warn that the change compromises user privacy and exposes data to potential cyber threats. Apple has insisted it will not create a backdoor for encrypted services, as doing so would increase security risks.

The UK government has not confirmed whether it issued a Technical Capability Notice, which could mandate such access.

Apple’s decision highlights ongoing tensions between tech companies and governments over encryption policies. Similar legal frameworks exist in countries like Australia, raising concerns that other nations could follow suit.

Security advocates argue that strong encryption is essential for protecting user privacy and safeguarding sensitive information from cybercriminals.

For more information on these topics, visit diplomacy.edu.

Quantum computing could render today’s encryption obsolete

The rise of quantum computing poses a serious threat to modern encryption systems, with experts warning that critical digital infrastructure could become vulnerable once quantum devices reach sufficient power.

Unlike classical computers that process binary bits, quantum computers use qubits, allowing them to perform vast numbers of calculations simultaneously.

This capability could make breaking widely used encryption methods, like RSA, possible in minutes—something that would take today’s computers thousands of years.

Although quantum systems powerful enough to crack encryption may still be years away, there is growing concern that hackers could already be collecting encrypted data to decode it once the technology catches up.

Sensitive information—such as national security data, intellectual property, and personal records—could be at risk. In response, the US National Institute of Standards and Technology has introduced new post-quantum encryption standards and is encouraging organisations to transition swiftly, though the scale of the upgrade needed across global infrastructure remains immense.

Updating web browsers and modern devices may be straightforward, but older systems, critical infrastructure, and the growing number of Internet of Things (IoT) devices pose significant challenges.

Satellites, for instance, vary in how easily they can be upgraded, with remote sensing satellites often requiring full replacements. Cybersecurity experts stress the need for ‘crypto agility’ to make the transition manageable, aiming to avoid a chaotic scramble once quantum threats materialise.

For more information on these topics, visit diplomacy.edu.