Senator Ron Wyden has written to the US director of National Intelligence, Tulsi Gabbard urging her to provide Congress and the American public with a “frank assessment” of the security risks posed by UK surveillance to the US.
The letter, which follows disclosures that the Home Office has issued a secret notice to Apple to gain access to its users’ encrypted data, raises new concerns that the UK’s Investigatory Powers Act may allow the UK much wider access to data on US citizens than previously reported.
Android phones may have ‘backdoors’
In a letter to Gabbard yesterday, Wyden claims that the Home Office may have issued a secret order against Google to introduce “backdoors” to the encrypted back-up service used by billions of Android phone users worldwide.
The letter also raises questions about Home Office powers in the Investigatory Powers Act (IPA) 2016 to issue orders to secretly force US companies to store data belonging to US citizens in the UK “where it could be then seized by the US government.”
Wyden’s intervention comes as president Trump, who has criticised the Home Office’s order against Apple as something China would be expected to do, met with prime minister Keir Starmer, at Trump’s Turnberry golf course in South Ayrshire.
Wyden and Republican Congressman Andy Biggs first wrote to Gabbard in February 2025, after a leak in The Washington Post revealed that the Home Secretary Yvette Cooper, had issued a order, known as a Technical Capability Notice (TCN) against Apple, requiring it to introduce ‘backdoor’ access to users’ dater stored on its advanced encrypted storage service.
Gabbard told the lawmakers that she shared their “grave concern” about the UK ordering US companies to create ‘backdoors’ that would allow access to encrypted data of US citizens. Such a move would “be a clear and egregious violation of American citizen’s privacy and civil liberties” and would create cyber vulnerabilities that could be exploited by hostile actors, she added.
Wyden states in the letter that companies that receive orders under the UK’s Investigatory Powers Act (IPA) 2016 are legally prohibited from disclosing their existence, making it impossible to confirm which US technology companies have received orders from the UK, “much less the extent to which they may be complying with them”.
Apple’s Advance Data Protection service is disabled by default, making it likely that only a “very small” proportion of Apple’s customers “benefiting from this important cyber security defence” would be impacted by a Home Office order.
However, Wyden raised the prospect that the Home Office has also issued an order requiring Google, to provide ‘backdoor’ access to encrypted back-ups made by billions of Android smart phone users which are protected by end-to-end encryption by default.
“When my office asked Google about backdoor demands from the UK, the company did not answer the question, only stating that if it had received a technical capabilities notice, it would be prohibited from disclosing that fact,” Wyden wrote.
This is in contrast to Meta, which offered Wyden an “unequivocal denial” stating that “we have not received an order to backdoor our encrypted services, like that reported about Apple” when asked the same question on 17 March 2025.
Home office hacking powers could impact US
Wyden has raised further concerns that the threat to US data posed by UK surveillance laws is not limited to demanding that US companies weaken their encryption with back doors.
The British Embassy in Washington has not denied claims that the UK could use the IPA to force US companies to store newly created US customer data in the UK. “Such UK-located data could then be seized by the UK government,” he added.
He has also raised concerns that UK can use the Equipment Interference (hacking) provisions in the IPA to demand that companies “infect their customers with spyware to hack Americans” – a capability which the British Embassy in Washington has again not denied.
“The cyber security of American’s communications and digital lives must be defended against foreign threats,” Wyden told Gabbard. “The national security implications are serious, not least because the communications of US government officials could be subject to both weakened encryption and storage in the UK,” he said.
Commenting on Wyden’s letter, Jim Killock, Executive Director of Open Rights Group, which is campaigning against the Home Office’s moves against encryption, said that the Home Office’s orders impact the security of people worldwide
“Google’s refusals to answer Senator Wyden is extremely worrying for Android users who rely on encryption for their privacy and security,” he added.