Welcome to the CAVEAT Weekly Newsletter, where we break down some of the major developments and happenings occurring worldwide when discussing cybersecurity, privacy, digital surveillance, and technology policy.
At 1,750 words, this briefing is about a 7-minute read.
At a Glance.
- Apple removes end-to-end encryption feature in the UK.
- AISI faces potential cuts from the Trump administration.
Apple Pulls Security Feature in Britain.
The News.
Last Friday, Apple announced that it would discontinue its security feature, Advanced Data Protection (ADP), in the United Kingdom (UK). For context, ADP is one of Apple’s advanced encryption storage features, which allows Apple users to encrypt almost all of their iCloud data, including user messages, photos, and backups. Apple removed this feature after Britain’s government requested that the company give law enforcement backdoor access to customers’ cloud data. Reportedly, the British government issued a secret order earlier this year under the newly amended Investigatory Powers Act (IPA).
Fred Sainz, an Apple spokesman, stated, “[A]s we have said many times before, we have never built a back door or master key to any of our products or services, and we never will.” Apple announced that they hope the British government will drop its request by removing this security feature. Andrew Crocker, the surveillance litigation director at the Electronic Frontier Foundation, commented on this decision emphasizing that “Apple’s decision to disable the feature for UK users could well be the only reasonable response at this point, but it leaves those people at the mercy of bad actors and deprives them of a key privacy-preserving technology.”
US Director of National Intelligence Tulsi Gabbard has ordered a legal review of the UK government's demand for an iCloud backdoor, stating, “This would be a clear and egregious violation of Americans’ privacy and civil liberties, and open up a serious vulnerability for cyber exploitation by adversarial actors....My lawyers are working to provide a legal opinion on the implications of the reported UK demands against Apple on the bilateral Cloud Act agreement. Upon initial review of the U.S. and U.K. bilateral CLOUD Act Agreement, the United Kingdom may not issue demands for data of U.S. citizens, nationals, or lawful permanent residents, nor is it authorized to demand the data of persons located inside the United States. The same is true for the United States – it may not use the CLOUD Act agreement to demand data of any person located in the United Kingdom.”
The Knowledge.
Britain’s IPA was created in 2016 and aimed to establish a framework for how UK public bodies were allowed to obtain communications content and metadata. When it was originally passed, the Home Office stated that this law “enhanced the safeguards applied to the use of investigatory power, requiring warrants for the most intrusive powers to be authorized” and “was intended to ensure that these powers, and their attendant safeguards, were clear and proportionate.” However, the IPA was further amended in 2024. With these changes, the UK government was seeking to modernize the law to account for the growth in both volume and types of data that had emerged.
However, aside from accounting for new data types, these amendments also greatly expanded the scope of power for the Home Office. For example, these changes now allowed the Home Office the following powers:
- The right to force technology companies to inform the UK government of planned improvements in encryption and other enhanced security and privacy measures.
- To order the halt of such changes pending a review, with no time limit, of the legality of the order.
While the Home Office defended these changes stating that they are “intended to provide the Secretary of State…with time to understand the potential impact of the changes and ensure exceptional lawful access,” experts remained concerned. When these changes were being considered, thirty experts wrote an open letter to the Home Secretary, James Cleverly, writing that “these proposals would have disastrous consequences for the security of users of services operating in the UK, by introducing bureaucratic hurdles that slow the development and deployment of security updates.”
This latest incident marks the second notable clash between Apple and major governments regarding access to its devices and systems. In 2016, Apple and the Federal Bureau of Investigation clashed over access to the San Bernardino shooter’s phone for information. In that case, Apple’s messaging remained consistent, and it routinely emphasized that the company would not build a backdoor for government officials to access its devices.
The Impact.
As Apple pulls ADP from the UK, UK citizens who use Apple devices should be aware of these changes and how they will impact Apple's various services and their security. While it is unclear if these changes will remain permanent, it is clear that the UK government and Apple are unlikely to find a solution for some time. UK Apple users should take time to ensure that they have the appropriate security and privacy measures in place as ADP leaves the UK. While ADP does provide numerous security benefits for Apple users, the company does have numerous other security measures in place that will still be enabled in the UK to help ensure that users remain protected.
US AI Safety Institute Faces Cuts.
The News.
On Tuesday, reports emerged that President Trump is considering implementing cuts to the United States’s (US) Artificial Intelligence Safety Institute (AISI). These cuts come as President Trump has been planning on downsizing many federal agencies. These potential cuts could include laying off around 500 employees in AISI amid growing speculation that President Trump could also completely close the Institute. These reports emerged after employees received verbal notices about potential terminations facing the Institute.
These potential cuts have alarmed artificial intelligence (AI) experts, who have cited how they could undermine the Institute’s goals and the US’s overall competitiveness in the AI markets. Additionally, Jason Green-Lowe, the executive director of the Center for AI Policy, expressed some concerns about these potential cuts and their impacts stating that “there needs to be some kind of quality control that goes beyond just the individual company.” Green-Lowe continued emphasizing “we need a proportional increase in the investment in the people who are doing guidelines and standards and guardrails…[but] instead, we’re throwing out some of the best technical talent.”
The Knowledge.
Given the Trump administration’s AI policies, which prioritize deregulation and incentivize innovation, it should not be surprising that the administration is considering cutting support for AISI. For context, AISI was created under the Commerce Department in 2023 after former President Biden issued an Executive Order, which tasked AISI with developing standards and performing risk assessments. However, this order was one of the many orders rescinded by President Trump in his first days of office.
Outside of rescinding this order and implementing potential cuts, the Trump administration has continued to reemphasize its agenda of deregulating the US AI industry. For example, earlier this month Vice President JD Vance spoke at the AI Summit in Paris, where he addressed European leaders, emphasizing the Trump administration's commitment to US AI leadership as well as encouraging European leaders to follow the US’s deregulation agenda. At this summit, Vance stated that “the AI future is not going to be won by hand-wringing about safety.” Aside from this messaging, President Trump also signed Executive Order 14179, which aimed to remove the regulatory barriers by developing an AI action plan and removing policies that were designed to regulate and secure AI across the federal government.
The Impact.
While these cuts have not been formally announced, they would be in line with the other cuts President Trump has been making across the federal government as well as the administration’s deregulation efforts. Despite these cuts aligning with the administration’s policies, experts have raised valid concerns about how cutting back AISI’s staff and resources could negatively impact AI safety standards and the ability to handle risks.
While these cuts and deregulation efforts will not have an immediate impact on the AI landscape, the long-lasting impacts could be significant. As these policies continue to be implemented and evolve, people and businesses that utilize AI systems should take greater care to understand what the risks are associated with AI systems and how these deregulation efforts could increase these risks and slow the development of key AI standards.
Highlighting Key Conversations.
In this week’s Caveat Podcast, our team met with Adam Marré, Arctic Wolf’s CISO, to discuss TikTok’s banning and the increasing regulations for social media companies. Additionally, our team discusses Apple pulling end-to-end encryption in the UK and DOGE getting unauthorized access to personal data.
Like what you read and curious about the conversation? Head over to the Caveat Podcast for the full scoop and additional compelling insights. Our Caveat Podcast is a weekly show where we discuss topics related to surveillance, digital privacy, cybersecurity law, and policy. Got a question you'd like us to answer on our show? You can send your audio file to caveat@thecyberwire.com. Hope to hear from you.
Other noteworthy stories.
EU Announces Fines Against Google.
What: The European Commission announced its intention to fine Google after it alleged that the company had breached European Union (EU) rules.
Why: On Friday, the European Commission announced its intention to fine Google. While the Commission did not release how much this fine would cost the company, this announcement has been expected since the Commission started investigating Google in March 2024 for potential breaches. More specifically, these investigations focused on whether or not Google has favored its services over competitors and if the company had discriminated against third-party services.
While the EU representatives have not commented, Google did state that it is working with the Commission to find a solution.
Arizona Advances Bill Centering on AI’s Involvement in Medical Industry.
What: Arizona lawmakers have advanced a bill banning the use of artificial intelligence (AI) to deny medical claims.
Why: Last Thursday, the Arizona House of Representatives overwhelmingly passed a new bill that would ban companies from using AI to deny medical claims. The bill’s sponsor, State Representative Julie Willoughby, stated that “with the advancement of AI algorithms into just about every part of our lives now, we want to make sure that this doesn’t hinder any health care or have any overburdensome access to care for any patients.” Additionally, Willoughby stated that “what we’re asking for in this is that any claims that are denied have a provider look them over for completeness, to ensure that there isn’t anything that the AI algorithm may not have accounted for.” For context, the bill mirrors a similar bill that was passed in California last year, known as the Physicians Make Decisions Act, which requires providers to review any denial, delay, or change to care based on medical necessity.
The bill passed the state’s House in a 58-0 vote and now heads to the state’s senate for consideration.
Apple Announces $500 Billion Investment In US.
What: Apple announced that it plans to spend more than $500 billion and hire over 20,000 people in the US over the next several years.
Why: On Monday, Apple announced these investments, which will be focused on “[AI], silicon engineering, and skills development for students and workers across the country.” More specifically, these investments will include a new manufacturing facility in Houston that will create servers for Apple’s AI system and data center expansions in North Carolina, Iowa, Oregon, Arizona, and Nevada. The new hires will work in the company’s Research and Development department and assist with silicon engineering and AI development.
Apple’s CEO Tim Cook, stated “[W]e are bullish on the future of American innovation, and we’re proud to build on our long-standing US investments with this $500 billion commitment to our country’s future.”