US Lawmakers Push Back on UK's Repeated iCloud Backdoor Demands

Most governments, when caught trying to secretly force a tech company into handing over access to hundreds of millions of people's private data, would at least have the decency to be embarrassed about it. But the UK is not in the majority.

The Home Office issued a secret order demanding Apple build a backdoor into iCloud, got caught, faced a diplomatic fallout with the US, publicly "backed down," and then quietly issued another one. Now, US lawmakers are done waiting for the UK to explain itself, and the pressure is mounting fast.

What the UK Actually Did (And Keeps Doing)

In January 2025, the UK Home Office went behind everyone’s back and issued a secret legal order to Apple under the Investigatory Powers Act, known to critics as the "Snooper's Charter." The order, called a Technical Capability Notice (TCN), demanded that Apple build a backdoor giving UK authorities access to encrypted iCloud data for every iCloud user in the world.

Understandably, Apple refused. Rather than comply, the company pulled its Advanced Data Protection feature from the UK entirely, stripping British users of the highest level of iCloud encryption, while also launching a legal challenge at the Investigatory Powers Tribunal. Both Apple and the Home Office are legally barred from even confirming the order exists, which is exactly the kind of secrecy that should make everyone uncomfortable.

Under intense US diplomatic pressure, the UK backed down in August 2025. But "backed down" was generous. By September 2025, the Home Office had quietly issued a new TCN, this time limiting the scope to British citizens' data only. Same demand, smaller packaging, and absolutely unseen shamelessness, especially when coming from a government so set on enforcing online safety laws.

Why US Lawmakers Are Getting Involved Now

On February 25, 2026, House Judiciary Chair Jim Jordan and Foreign Affairs Chair Brian Mast sent a letter to UK Home Secretary Shabana Mahmood demanding a formal briefing no later than March 11. Their argument: any backdoor built for one government is a vulnerability that bad actors and authoritarian regimes can exploit. The same argument Apple has been making all along.

The lawmakers' involvement is not just political posturing. Apple is a US company, and the situation falls under the US-UK CLOUD Act Agreement, which prohibits one country from compelling a company registered in the other to decrypt data without proper legal process. The "UK-only" framing does not erase that tension. Jordan and Mast made it clear that a proper public debate cannot happen while the details stay buried in secret courts.

A "UK-Only" Backdoor Is Still a Backdoor for Everyone

There is some technical reality that the UK government clearly refuses to acknowledge: you cannot engineer a backdoor that only opens for the right people. The Electronic Frontier Foundation has warned that the new TCN sets a dangerous precedent for authoritarian governments to issue comparable orders worldwide. If the UK gets its backdoor, every other government in line will point to it as justification for their own demands.

Privacy International, actively challenging the TCN in court alongside Apple and Liberty, has been equally direct, saying that if this order is not stopped, the UK will almost certainly issue similar demands to other companies. Apple is the test case, and in case of success, WhatsApp, Signal, Telegram, and others will surely follow. Weakening encryption for British citizens weakens it for everyone who relies on the same infrastructure.

The March 11 Deadline Changes Nothing and Everything

The March 11 deadline is not legally binding. The Home Office will likely continue its policy of neither confirming nor denying that any order exists. But political pressure has already moved this situation once before, and that matters.

The tribunal hearing is still scheduled for early 2026, proceeding on "assumed facts" because the government insists on keeping the actual details classified. That hearing will be the most consequential moment in this case so far, regardless of whether the UK agrees to brief US lawmakers.

Either way, the UK government has clearly shown how little respect they have for the rules that are not their own. User privacy and mutual agreements clearly mean nothing to them if they stand in the way of something that they want, which makes them both scary and dangerous.