Lawmaker looks to strengthen security of U.S. communications following UK’s Apple backdoor order

A Democrat senator is looking to propose legislation to better safeguard U.S. citizens’ digital communications, following revelations that the United Kingdom directed Apple to give its domestic law enforcement community the ability to circumvent the encryption of the consumer electronics giant’s iCloud backup service.

Sen. Ron Wyden, D-Ore., released a discussion draft of his measure on Friday, which seeks to reform the Clarifying Lawful Overseas Use of Data — or CLOUD — Act. 

The 2018 law was designed to adapt to the advent of cloud computing technologies, after the FBI said it had issues with legal access requests for information stored in U.S. communications firms’ overseas servers. The CLOUD Act, as is, directs relevant American companies to adhere to warrants for data, even if that data is stored on foreign soil. The law also authorizes the creation of bilateral data-sharing agreements between the U.S. and allies. 

The release of the draft bill comes after The Washington Post reported on Feb. 7 that the UK issued a secret order to Apple requesting that the tech giant provide its law enforcement and intelligence personnel with the “blanket capability” to access customers’ encrypted files worldwide, meaning Apple customers residing in the U.S. would be cast into that dragnet.

Wyden, in a statement, argued that the CLOUD Act “failed to require foreign countries to adopt the same due process requirements long guaranteed under U.S. law, enabling foreign governments to demand that U.S. technology companies weaken the security of products used by Americans and putting global trust in U.S. firms at risk.”

“Foreign governments shouldn’t get a cheat code to undermine the security of American technology,” Wyden said in a statement. “My bill would fix the loopholes in the CLOUD Act, and modernize the law so American allies can request the information they need to investigate serious crimes without sacrificing the security of Americans’ communications services.”

Wyden’s proposed changes to the CLOUD Act would give Congress more control over international data-sharing agreements, allow U.S. companies to challenge foreign demands for data and create a five-year window where agreements must be reauthorized or face shutdown.

A one-page summary of the bill provided by Wyden’s office said the measure, in part, would prevent foreign nations from using the data request law to pressure U.S. tech firms to “adopt specific designs for products, reduce the security of a product, or deliver malware to a customer.”

The draft bill would also enable American tech firms to challenge Cloud Act requests in U.S. federal court, as well as require judicial approval for CLOUD Act orders for users’ data. Currently, countries can directly petition tech firms to provide them with the requested information. 

Wyden’s proposal comes after the senator and Rep. Andy Biggs, R-Ariz., sent a letter on Thursday to newly installed Director of National Intelligence Tulsi Gabbard that asked her to reevaluate U.S. cybersecurity and intelligence-sharing relations with the UK following the revelations about its order to Apple.

“If Apple is forced to build a backdoor in its products, that backdoor will end up in Americans’ phones, tablets, and computers, undermining the security of Americans’ data, as well as of the countless federal, state and local government agencies that entrust sensitive data to Apple products,” the lawmakers wrote in their letter to Gabbard.