Apple’s Options

As has been widely reported, the government of the United Kingdom has secretly ordered Apple to build a back door into iCloud to allow ‘blanket capability to view fully encrypted material.’

Assuming the UK doesn’t back down, what are Apple’s options? This is my personal take: if I’ve missed something, I’d love to hear about it.

Option 1: Comply

Most companies would just comply with the order, but Apple is not most companies.

That’s not just because they have marketed themselves as privacy and security conscious, although that presumably factors into their decision. From what I’ve seen from interacting with their engineers and observing how they behave (both in technical standards bodies and in their products), this is a commitment that goes much deeper than just marketing.

More significantly, Apple will be considering the secondary and tertiary consequences of compliance. So far, every democratic country around the world has refrained from making such an order; for example, Australia’s widely debated legislation that mirrors the UK “Snooper’s Charter” has an explicit provision to disallow “systemic weakening” of encryption like we see here.

If the UK successfully forces Apple’s hand, every other government in the world is likely to take notice and consider making similar (or even more extreme) demands. CSAM scanning will just be the start: once access to that much data is available, it’s open season for everything from Lèse-majesté to punishing activists and protesters to policing sexual orientation, abortion, and other socially motivated laws. Even if a particular country doesn’t make the same demand of Apple, arrangements like Five Eyes will allow one agency to peer over another’s shoulders.

As I’ve written before, no one should have that much power.

In the tinderbox that is politics has become in many parts of the world, this is gasoline. I’d pay good money to be a fly on the wall in the meetings taking place with the Foreign Service, because they of all people should understand the potential global impact of a move like this. Of course, in a world where USAID is shut down by Elon Musk and some teenagers, nothing is off the table – and that’s why we should be so concerned about this outcome.

Option 2: Leave

Apple’s second option is to leave the UK. Full stop.

Close the Apple stores, online and retail. Stop providing iCloud, stop selling iPhones and all the other various i-gear. Close the beautiful new UK HQ at Battersea, and lay off (or transfer overseas) around 8,000 employees (reportedly).

This is (obviously) the nuclear option. It puts Apple outside the jurisdiction of the UK,¹ and at the same time orphans every UK Apple user – their phones and computers don’t quite become bricks, but they will definitely have limited utility and lifetime.

Given that along with Apple’s claim to support 550,000 UK jobs, it’s likely to be effective – these consequences would make the government extremely unpopular overnight.

However, this option is also massively expensive: reportedly, total Apple revenue in the UK is something like £1.5bn. Add on top the one-time shutting down costs, and even Apple’s balance sheet will notice.

Perhaps more importantly, this is also a strategically worrisome direction to go in, because it plays into the narrative that Big Tech is more powerful than sovereign nations. Other countries will take notice, and may coordinate to overcome Apple’s reticence. Apple will now have to choose the markets that it operates in based on how it feels about those country’s commitments to human rights on an ongoing basis – hardly a situation that any CEO wants to be in.

Finally, this option simply won’t work if one of those countries is the United States, Apple’s home. I’ll leave it to you, dear reader, to decide how much you trust your predictions of its actions.

Option 3: Open Up

Apple’s third option is to remove itself as a target in a more subtle way than option two.

The UK is presumably interested in Apple providing this functionality because iCloud’s design conveniently makes a massive amount of data convenient to access in one location: Apple’s servers. If that data is instead spread across servers operated by many different parties, it becomes less available.

In effect, this is the decentralize iCloud option. Apple would open up its implementation of iCloud so that third-party and self-hosted providers could be used for the same functions. They would need to create interfaces to allow switching, publish some specifications and maybe some test suites, and make sure that there weren’t any intellectual property impediments to implementation.

There could be some impact on Apple revenue here, but I suspect it’s not huge; many people would continue to buy iCloud for convenience, and for non-storage features that Apple bundles in iCloud+.

This isn’t a perfect option. Orders could still force weakened encryption, but now they’d have to target many different parties (depending on the details of implementation and deployment), and they’d have to get access to the stored data. If you choose a provider in another jurisdiction, that makes doing so more difficult, depending on what legal arrangements are in place between those jurisdictions; if you self-host, they’ll need to get physical access to your disks.

What Will (and Should) Apple Do?

It should be no surprise that I favour option three. While Apple is notoriously a closed company, it’s not completely averse to collaborating and working in the open when doing so is in its interests – and, given its other options, that’s arguably the case here.

Conceivably, Apple might even be forced into taking the “decentralize iCloud” option if regulators like those implementing the Digital Markets Act in the EU decide that doing so is necessary for competition. Apple has been designated as a gatekeeper for the ‘core platform service’ provided by iOS, and while that designation currently doesn’t include file synchronisation services, that might change.

Of course, the UK government may back down. However, the barrier to some other government taking similar steps is now smaller, and Apple would do well to consider its longer term options even if action turns out to be unnecessary right now.