Partner content: Around the world, law enforcement agencies and governments are under pressure to keep up with criminals who increasingly use strong end-to-end encryption to hide their activity.
At the same time, lawmakers in multiple jurisdictions (the US, EU, Australia, UK) are pushing new proposals or reforms aimed at mandating “lawful access” or requiring technical assistance from tech companies for investigations. Those wishes are at natural tension with those of privacy advocates, a conflict that plays out both diplomatically and politically.
One such high-profile case involves ongoing efforts by the UK government to gain access to Apple customers’ encrypted iCloud storage. The privacy of most data in the iCloud service is protected by storing end customers’ encryption keys on their devices, where they are explicitly out of the company’s reach. Apple refuses to make engineering changes that would undermine this encryption scheme, and existing legal frameworks stop short of the ability to force them. The fight highlights a fundamental tension in modern law enforcement: agencies want broader access to data and communications, but tech companies are moving toward stronger privacy and security through end-to-end encryption. Recent legislation (such as the US CLOUD Act) is designed to streamline lawful access to data across borders, but it stops short of addressing encryption.
Legal Maneuvering Around Compulsory Decryption
Enacted by the US Congress in 2018, the Clarifying Lawful Overseas Use of Data Act (CLOUD Act) authorizes US law enforcement, pursuant to valid judicial process, to compel US-based service providers to hand data within their possession and control, regardless of whether that data is stored inside or outside the US. The Act also establishes a framework for bilateral executive agreements that permit qualifying foreign governments to make reciprocal, lawful data requests directly to US providers, subject to defined legal and civil-liberty safeguards.
The CLOUD Act is deliberately encryption neutral. A country, such as the UK, can request data directly from US companies, but only if that company has the technical ability to access it. When iCloud data is protected with end-to-end encryption, the information is locked with keys that only the user (and anyone they explicitly share with) possesses. Apple doesn’t hold a “master key,” thus even if it receives a lawful request, it has no technical way to unlock the contents. This makes a CLOUD Act request useless for reaching into encrypted iCloud backups or messages.
Faced with those limitations, authorities in the UK turned to the Investigatory Powers Act (IPA) of 2016 as an alternative legal mechanism. Unlike the CLOUD Act, which compels the production of data already accessible to a provider, the IPA grants the UK government authority to require technology companies to make technical changes to their systems to ensure lawful access to communications and stored data. In early 2025, the UK government exercised this authority by issuing a directive to Apple requiring access to encrypted iCloud data – an action that raised significant concerns about the potential erosion of end-to-end encryption protections, not only for UK users but for Apple customers globally.
Backlash from the US was immediate – threatening to derail trade negotiations between the two countries earlier this year. For its part, Apple maintains that it never has and never will build a backdoor or master key into its products and services. A month later, Apple ceased offering iCloud Advanced Data Protection (ADP) to new accounts in the UK and required existing users to disable it to continue using their iCloud account, emphasizing that those users are unable to access its most secure cloud storage offering despite the continuing rise of data breaches and other threats to privacy. Pivoting in response to those reprisals, in late 2025 the UK reduced the scope of its order to target only British citizens’ data.
Backlash and Long-Term Implications
Amid the ongoing pressure to compromise iCloud data protection, Apple placed a formal complaint with the Investigatory Powers Tribunal, the court that hears complaints about privacy violations by UK public entities. Similar filings by the advocacy organizations Privacy International and Liberty support the Apple complaint. Officials in the Trump administration have pressured the UK government’s position, including Director of National Intelligence Tulsi Gabbard as well as the President himself.
The implications of this legal and technical conflict extend well beyond the UK. Granting UK authorities even limited ability to decrypt iCloud data would require Apple to intentionally weaken its end-to-end encryption scheme. Security experts – including some US officials – argue that any action that undermines data protections in even a single jurisdiction would weaken security worldwide by potentially making exploits available to bad actors including hackers, criminals, and subversive nation-states. What’s more, such a move would establish a precedent for other governments to seek similar access, potentially leading to a proliferation of mandated backdoors and compounding systemic risk – placing the data of billions of users worldwide at risk.
SS8 recognizes the compelling arguments both of law enforcement for greater data access and of the general public for privacy. Safeguarding the intentional, dynamic balance between those two interests is necessary to protect society as a whole. As the mediation entity for lawful interception of network traffic, Xcipio can deliver information using the standard mechanisms specified by the CLOUD Act. Likewise, Intellego XT natively reads in CLOUD Act information, ingesting it alongside the full spectrum of lawful intelligence data. The SS8 lawful intelligence platform’s embrace of both the CLOUD Act and uncompromised encryption demonstrates a powerful vision of empowering law enforcement while maintaining the security of communication worldwide.
About Kevin McTiernan
Kevin McTiernan is a seasoned professional with over 20 years of experience in the security industry. His extensive expertise spans big data, cybersecurity, network security analysis, and regulatory compliance. As Vice President of Government Solutions at SS8, Kevin specializes in the implementation of advanced intelligence solutions for the U.S. Government, law enforcement, and the Five Eyes alliance. He is an accomplished public speaker and an adamant supporter and volunteer for the National Child Protection Task Force. You can learn more about Kevin on his LinkedIn profile.

About SS8 Networks
As a leader in Lawful and Location Intelligence, SS8 is committed to making societies safer. Our mission is to extract, analyze, and visualize critical intelligence, providing real-time insights that help save lives. With 25 years of expertise, SS8 is a trusted partner of the world’s largest government agencies and communication providers, consistently remaining at the forefront of innovation.
Discovery is the latest solution from SS8. Provided as a subscription, it is an investigative force multiplier for local and state police to fuse, filter, and analyze massive volumes of investigative data – in real time.
Intellego® XT monitoring and data analytics portfolio is optimized for Law Enforcement Agencies to capture, analyze, and visualize complex data sets for real-time investigative intelligence.
LocationWise delivers the highest audited network location accuracy worldwide, providing active and passive location intelligence for emergency services, law enforcement, and mobile network operators.
Xcipio® mediation platform meets the demands of lawful intercept in any network type and provides the ability to transcode (convert) between lawful intercept handover versions and standard families.
To learn more, contact us at info@SS8.com.


