An obscure British government committee is to be asked this month to advise Home Secretary Yvette Cooper whether to go ahead with government demands that Apple provide British agents with a secret backdoor to break into the companies iCloud Advanced Data Protection system, enabling British spies to secretly copy and read users private data. The government committee, called the Technical Advisory Board (TAB), is charged with reviewing secret legal orders given to internet communications companies to arrange surveillance of their users, and to copy their emails and files, or to monitor their calls and videos. Enquiries by Computer Weekly this week revealed, astonishingly, that the Home Office had failed to renew the contracts for TAB members.According to a leak to the Washington Post, previously reported here, the Home Office issued a Technical Capability Notice to Apple in January, ordering them to remove electronic protection to allow access to data that is otherwise unavailable due to encryption. The company has 28 days to ask the Home Secretary to review the order. After getting a review request, Cooper is legally obliged to ask the advisory board to consider the financial consequences for Apple if they comply. Requiring them to destroy the integrity and security of their safest worldwide data storage system would be devasting for the UKs reputation as a centre for secure digital innovation, according to EU and security consultant Professor Ian Brown. It would also be breathtakingly naive and dangerous, after the recent revelations of China using similar back doors in the US telecoms system to run rampant through Americans calls and phone data.The UKs Technical Advisory Board is legally supposed to represent the interests of persons on whom obligations may be imposed. But Apple is not and has never been represented on the TAB. Nor are Google or Meta or any other US and European companies offering similar capabilities to Apple, and who could be threatened with similar secret orders.Apple would never build a backdoor, the company said in a 2024 statement. If faced with legal force, the company warned, they would publicly withdraw critical security features from the UK market, depriving UK users of these protections. This Apple statement was published in opposition to multiple changes to Britains 2016 Investigatory Power Act (IPA) then being considered in the UK Parliament. Industry regulation specialists expect that, if the Home Office persist, Apple would have to withdraw from the UK. The consequence for the UK governments growth policies could be immense.Throwing down its challenge last year, Apple told Parliament that the laws Britain wanted would effectively empower the Home Office to become the global regulator for every technology company around the world with a single affiliate (whether located in the United Kingdom or not) that provides telecommunications services in the United Kingdom. There is no reason why the UK should have the authority to decide for citizens of the world whether they can avail themselves of the proven security benefits that flow from end-to-end encryption. Querying whether the British government had any actual power to control U.S. companies, the memo noted that the IPA purports to apply extraterritorially, permitting the Home Office to assert that it may impose secret requirements on providers located in other countries and that apply to their users globally (emphasis added). Apples conduct to date has flouted the UKs claims to have legal rights to impose secrecy overseas. According to the government website the Technical Advisory Board has an independent chair, and two other independent named members, six industry representatives and an unknown number of civil servants and intelligence agency employees from organisations such as GCHQ and the National Crime Agency.The independent chair of the board is Jonathan W Hoyle, a former civil servant and deputy director of the GCHQ signals intelligence agency. At the same time as taking up repeated contracts as the chair of TAB since 2015, Mr Hoyle moved from GCHQ to become European vice-president of Lockheed Martin, the major supplier of signals intelligence and surveillance equipment to the British and American governments. A second independent member of TAB, Mr Alan Burnett has been Product Manager for the same period at Roke Manor Research Ltd, another major British supplier of signals intelligence and surveillance equipment to GCHQ. In 2011, Mr Burnett and Roke manor boasted of being the first to build Aquila - the most advanced lawful intercept and cyber probe working at 100 GHz and enabling GCHQ and other intelligence agencies to inspect 100 per cent of content 100 per cent of the time.Six industry representatives are also listed, none of whom appear to have training or experience that would assist them to advise the Home Secretary on financial consequences. Four represent British communications providers (Sky, Vodafone, VirginMediaO2 and the GSM Association).Enquiries by Computer Weekly have revealed that the Home Office has not been paying close attention to supporting or managing the Board membership. According to a 2022 government press release, the contract for the chair expired in August and the contracts for all but two listed TAB members expired last month. Asked if the contracts had recently been renewed by the Home Secretary, a press officer initially claimed that TAB was a non-departmental government committee. She then referred our enquiry to a Home Office email address for the Board, listed on the government website. The Home office position then changed after two members of TAB told Computer Weekly that they were not aware that their contracts had expired. TAB member Neil Brown of Decoded Legal called the Home Office and was told that his contract was to be renewed for a further term. I am grateful to you for pointing that out, he added. Mr Brown further said that he was not able to comment on whether TAB had seen the draft Technical Capability Notice to Apple, nor if the Home Office had yet officially asked TAB to conduct a review.Any British backdoor imposed on Apple users would have to subvert and defeat Apples complex security systems. These were upgraded in December 2022, the companys security manual explains. When the user turns on Advanced Data Protection, their trusted device initiates the removal of service keys from Apple data centres This deletion is immediate, permanent and irrevocable. After the keys are deleted, Apple can no longer access any of the data protected by the users service keys .User data is then protected with the new key, which is controlled solely by the users trusted devices, and [is] never available to Apple.To work, the UK Technical Capability Notice will have to explain how Apple could create a way for Britain to steal targeted users keys from selected Apple devices on demand. The methods normally used attack so-called end points (individual or many devices) rather than weaken the encryption system itself, as is sometimes supposed.If US lawmakers now require that Apple reveal the specific demands the UK wants to make of the corporation, it will be possible for US technical experts to see if any realistic or possible method is explained. Or they may confirm that the Home Office has been promoting magical and impossible thinking, as most cybersecurity experts have warned repeatedly for over 30 years. There is no realistic way to leave a door open for good guys and democracies that have rigorous checks and balances but not for cybercriminals or authoritarian states, according to Cameron Perry of the Brookings Institution. No amount of magical thinking can undo the contradiction between promoting strong encryption as a defense against the barrage of identity theft, espionage, and other cybercrimes while opening up new vulnerabilities, Perry added. Backdoors undermine not only security, but also the competitive position of US companies.Were their wishes to be granted, the Home Office would have to go through many further stages of getting specific legal and technical approval to obtain crypto keys, either against individuals (targeted warrants) or against large numbers of Apple users (*bulk warrants) or against specific groups or classes (thematic warrants). They would have to serve equipment interference warrants, to enable necessary updates and tampered apps to be sent to targeted Apple devices located in the UK. Such updates and apps would be official malware. This would mean that to follow Home Office wishes, regarded by academic and industry experts as fantasy, Apple would also have to disable their own security and malware protections on target devices, while also preventing users from noticing that their shields were down.The Home Office is not permitted to go ahead until both the TAB has reported back, and a Judicial Commissioner has re-approved the Notice.Even if some TAB members now warn the Home Secretary not to proceed, they may be ignored. The governments only possible next step then will be a court case in London against Apple - which would be impossible to keep secret, as Apple has made clear. If a case is brought, a Judge could impose a fine, or be asked to apply an injunction with, perhaps, a large and growing penalty for non-compliance. But Apple could and likely would appeal repeatedly in British Courts including the Investigatory Powers Tribunal, and to the European Court of Human Rights. As the possible legal actions in British law are against corporate persons (Apple Inc and any named subsidiaries) no-one could be arrested unless the British government attempted and kept secret a further series of nightmare proceedings against decision takers in the United States, bring them to trial, if need be by extradition. If the British government asks alternatively for large financial penalties, they might be found in breach of trade agreements by international bodies. The Home Office were warned in 2015 by Apple and others that the purported extraterritorial application of the Act was unenforceable. Were they to seek to deport and jail Apple CEO Tim Cook for disobedience to a secret British order, they would face further and very public derision. The Technical Advisory Board will be aware of, and should have to consider the recent revelation that Chinese government hackers, known as Salt Typhoon were able to get into and exploit US law enforcement access backdoors into telephone and communications providers to spy on US citizens and agencies.In the last resort, Apple have said they would withdraw the security of ADP from UK users. If still faced with absurdly large financial penalties, they could withdraw entirely rather than pay or face seizure.Apple Inc and the Home Office have to date both declined to comment officially or attributably on the Notice.The Home Office appears to be faced with a fiasco of their own making. According to Eric Kind, an expert in surveillance technology and privacy rights, who was hired by the Investigatory Powers Commissioners Office to help set up the new law in 2016, the way this stops is the way it always has beforehand - which is that government decide to drop it for fear of too much spilling into the public during the court battle.