US lawmakers have hit out at the Home Office for “attempting to gag” US companies by preventing them from telling Congress whether they have been subject to secret UK orders requiring them to hand over their users’ data.
In an unprecedented intervention, five lawmakers from both sides of the US political divide, led by senator Ron Wyden, have written to the UK’s Investigatory Powers Tribunal (IPT) accusing the British government of undermining Congressional oversight and restricting the free speech of US companies.
Their letter comes as the IPT is preparing to hear closed-door arguments from Apple, which is challenging a notice requiring it to extend UK law enforcement’s existing access to encrypted data stored by customers on the Apple iCloud service anywhere in the world to users of Apple’s Advanced Data Protection (ADP) who choose to hold encryption keys privately on their own devices.
British media organisations, including the BBC, The Times, Financial Times, Reuters, The Guardian, The Telegraph and Computer Weekly, have also filed legal submissions with the IPT today, arguing that there is an important public interest in hearing arguments over the UK’s demands against Apple in a public court.
Civil society groups, Privacy International and Liberty have also filed legal submissions arguing that there is no reason for Apple’s appeal to be heard in a secret court, given that the order against Apple has been widely leaked and publicised across the world, and can no longer be considered secret. Big Brother watch, Index on Censorship and the Open Rights Group have written an open letter to the tribunal calling for an open court hearing.
In the Congressional letter, five US senators and congressmen complained to the Investigatory Powers Tribunal that the secrecy surrounding the orders – known as Technical Capability Notices (TCNs) – are impairing Congress’s power and duty to conduct oversight on matters of national security.
The letter disclosed that Apple and Google have informed Congress that were they to have received Technical Capability Notices, they would be barred by UK law from disclosing it to US lawmakers. The UK embassy has also failed to respond to US requests about potential demands by the UK to other US companies.
“By attempting to gag US companies and prohibit them from answering questions from Congress, the UK is both violating the free speech rights of US companies and impairing Congress’s power and duty to conduct oversight on matters of national security,” the lawmakers wrote.
“The UK’s attempted gag has already restricted US companies from engaging in speech that is constitutionally protected under US law and necessary for ongoing Congressional oversight,” they added.
The letter has been signed by three democrats; senator Ron Wyden from Oregon, who has campaigned for healthcare and the environment; Alex Padilla from California, who is chairman of the Senate Judiciary Subcommittee on Immigration; and Zoe Loefgren, an advocate for digital rights from California.
By attempting to gag US companies and prohibit them from answering questions from Congress, the UK is both violating the free speech rights of US companies and impairing Congress’s power and duty to conduct oversight on matters of national security Congressional letter to the Investigatory Powers Tribunal
Republicans Andy Bigg from Arizona, chair of the House Judiciary Subcommittee on Crime and Federal Government Surveillance and a vocal trump supporter; and Warren Davidson for Ohio, a member of House Financial Services Committee and a former US soldier, have also signed.
Their unified complaint calls on the IPT to apply principles of open justice to the hearing scheduled for Friday, and for all subsequent proceedings in Apple’s appeal against the Technical Capability Notice.
The lawmakers note that the existence of the TCN has been widely reported and commented on, which makes any argument for closed hearings to keep the existence of the notice secret “unsustainable”.
The existence of the notice has also been confirmed by Apple’s public decision to withdraw its advanced encryption option, known as Advanced Data Protection, for all UK users. Apple would not have done this “unless it felt compelled to do so by a request to insert a backdoor”.
Holding public hearings would allow lawmakers to hear expert evidence from cyber security specialists, civil society representatives and experts on US-UK data flows, enabling the IPT to reach a well-informed decision over the lawfulness of the notice, they said.
Serious concerns over national security
The lawmakers argue that the UK’s demands against Apple raise “serious concerns which directly impact national security” and therefore warrant public debate.
As Computer Weekly previously reported, Tulsi Gabbard, the director of national intelligence, stated in a letter to Congress that the UK’s demands would be “a clear and egregious violation of American’s privacy and civil liberties, and open up a serious vulnerability for cyber exploitation by adversarial actors”.
President Donald Trump confirmed in an interview with The Spectator that he had raised the Apple TCN with prime minister Keir Starmer during his visit to Washington, comparing the UK’s actions to the conduct of China.
Chinese exploited US ‘lawful access’
The lawmakers point out that the security of US technology products against surveillance by foreign governments is an important topic for ongoing Congressional oversight following a spate of hacks against the communications of senior US government officials.
China exploited US lawful interception systems in 2024 to reportedly tap the phone calls of Trump and vice-president JD Vance, and to steal millions of phone records after gaining access to major US carriers in the “Salt Typhoon” attack.
In April 2024, hackers stole phone records of “nearly all” AT&T customers, including records of members of the president’s family, the then vice-president, Kamala Harris, and the wife of the now secretary of state, Marco Rubio, in the “snowflake” incident.
And in 2023, China stole more than 60,000 emails from the department of state and compromised the email accounts of US officials and politicians after hacking into Microsoft-hosted US government email accounts.
“The common link between these incidents is that sensitive government data held by third-party companies was not properly secured and subsequently accessed by hackers … most importantly, the Salt Typhoon incident reportedly involved compromising ‘lawful intercept’ systems of the kind that it appears Apple has been ordered to build,” the letter states.
“Given the significant technical complexity of this issue, as well as the important national security harms that will result from weakening cyber security defences, it is imperative that the UK’s technical demands of Apple – and of any other US companies – be subjected to robust, public analysis and debate by cyber security,” the lawmakers wrote.
Vital for US cyber security experts to comment
“Secret court hearings featuring intelligence agencies and a handful of individuals approved by them do not enable robust challenges on highly technical matters. Moreover, given the potential impact on US national security, it is vital that American cyber security experts be permitted to analyse and comment on the security of what is proposed.”
The Home Office’s shocking order to Apple to break encryption represents a huge attack on privacy rights and is unprecedented in any democracy Rebecca Vincent, Big Brother Watch
The lawmakers invited the tribunal to permit US companies to discuss the technical demands they have received under the UK’s Investigatory Powers Act with Congress. The IPT should “invite robust public debate by independent cyber security experts before deciding the merits of the reported challenge that Apple has brought”, they said.
Separately, civil society groups Big Brother Watch, Index on Censorship and Open Rights Group have written to the president of the Investigatory Powers Tribunal, the Rt Hon Lord Justice Singh, calling for the case to be made public.
They argue that the case implicates the privacy rights of millions of British citizens who use Apple’s technology, and those of its overseas customers.
There is a “significant public interest in knowing when and on what basis the UK government believes that it can compel a private company to undermine the privacy and security of its customers”, according to the letter.
Big Brother Watch interim director Rebecca Vincent said the tribunal hearing must not take place in secret. “The Home Office’s shocking order to Apple to break encryption represents a huge attack on privacy rights and is unprecedented in any democracy,” she said.
Index on Censorship CEO Jemimah Steinfeld said breaking encryption would do away with our rights to privacy, make us far less safe and secure online, and challenge the very notion of the UK as a democracy. “With such high stakes, we demand to know what could possibly justify this. We need answers, not more secrecy,” she said.
Open Rights Group executive director Jim Killock said: “If the UK wants to claim the right to make all of Apple’s users more likely to be hacked and blackmailed, then they should argue for that in an open court.”