The tension between the rights of individuals to a private life and increasing demands from states to gain access to people’s private data increased in 2025.
During the year, Computer Weekly was the first to break several stories about the Home Office’s attempts to order Apple to give the British government access to encrypted data stored on Apple’s iCloud Advanced Data Protection (ADP) service.
Computer Weekly joined with other news publications and broadcasters to file legal submissions to successfully argue that the hearings should be held in open court after learning that the Investigatory Powers Tribunal (IPT) had cryptically listed a hearing into the case.
The UK’s intervention sparked an international row between US politicians, who were outraged that the UK’s technical capability notice (TCN) would give the UK government access to the private data of US citizens, ultimately forcing the UK to narrow its demands. Further legal hearings are likely to be brought next year by civil society groups without Apple.
An attempt by the European Union (EU) to require tech companies that provide encrypted chat and messaging services to install technology that scans messages before they are encrypted caused a backlash from technology and security experts, who warned that it would weaken security. Further attempts by the EU to reintroduce a version of Chat Control are expected in 2026.
We also reported on Europol’s attempts to develop artificial intelligence (AI) systems to analyse huge quantities of data covertly seized during international police operations against cryptophone networks EncroChat and Sky ECC. Our report highlighted Europol’s uneasy relationship with the European data protection supervisor and raised concerns about the lack of transparency by the policy agency.
Computer Weekly also interviewed GCHQ historian Dave Abrutat and Dame Muffy Calder, head of the surveillance regulator (IPCO)’s Technical Advisory Panel (TAP), shedding light on previously unreported aspects of intelligence gathering and oversight, both current and historic.
It is described by critics as a data grab and surveillance creep strategy. Europol calls it Strategic Objective 1: to become the EU’s “criminal information hub” through a strategy of mass data acquisitions.
Since 2021, the Hague-based EU law enforcement agency has embarked on an increasingly ambitious, yet largely secretive, mission to develop automated models that will affect how policing is carried out across Europe.
Based on internal documents obtained from Europol and analysed by data protection and AI experts, this investigation raises serious questions about the implications of the agency’s AI programme for people’s privacy. It also raises questions about the impact of integrating automated technologies into everyday policing across Europe without adequate oversight.
In November, London court heard that The Security Service, MI5, made “multiple” unlawful applications for phone data in an attempt to identify the confidential sources of a former BBC journalist.
The Investigatory Powers Tribunal heard that MI5 unlawfully sought the phone records of reporter Vincent Kearney on “at least” four occasions between 2006 and 2009 when he worked for the BBC in Northern Ireland.
Jude Bunting KC, representing the BBC and Kearney, told the tribunal that MI5 should disclose whether it had carried out further surveillance against Kearney and other BBC journalists for what it regards as lawful reasons.
In March, the IPT took the unusual step of publishing a notification of a closed-door hearing, days after leaks revealed that Apple was intending to appeal against the secret order.
Press and civil society groups later petitioned the tribunal, which rules on matters of national security, to hold the hearings in open court, given the important public interest surrounding the case and the fact that the government’s order had been widely leaked.
The decision by home secretary Yvette Cooper to issue a TCN requiring Apple to give UK law enforcement and intelligence services “backdoor” access to data stored by Apple’s customers on the encrypted version of its iCloud service raised tensions between the UK and the US.
In September, we reported that a lawyer representing Hamas in a legal case in the UK is seeking a judicial review to challenge North Wales Police after he was stopped and questioned, and his mobile phone seized.
The solicitor, Fahad Ansari, an Irish citizen, was detained for nearly three hours after being stopped under Schedule 7 of the Terrorism Act 2000, which allows police to seize and copy electronic devices at UK borders without reason for suspicion.
The case is understood to be the first time police have used Schedule 7 of the Terrorism Act to seize a phone belonging to a solicitor in the UK.
Ansari has filed a claim for a judicial review against the chief constable of North Wales Police and the Home Office.
US lawmakers have hit out at the UK Home Office for “attempting to gag” US companies by preventing them from telling Congress whether they have been subject to secret UK orders requiring them to hand over their users’ data.
In an unprecedented intervention, five lawmakers from both sides of the US political divide, led by senator Ron Wyden, wrote to the IPT in March, accusing the British government of undermining Congressional oversight and restricting the free speech of US companies.
Their letter came as the IPT was preparing to hear closed-door arguments from Apple, which challenged a notice requiring it to extend UK law enforcement’s existing access to encrypted data stored by customers on the Apple iCloud service anywhere in the world to users of its ADP who choose to hold encryption keys privately on their own devices.
An obscure British government committee was asked in February to advise home secretary Yvette Cooper on whether to go ahead with government demands that Apple provide British agents with a secret backdoor to break into the company’s iCloud ADP system, enabling British spies to secretly copy and read users’ private data.
The government committee, called the Technical Advisory Board (TAB), is charged with reviewing secret legal orders given to internet communications companies to arrange surveillance of their users, and to copy their emails and files, or monitor their calls and videos. Enquiries by Computer Weekly revealed, astonishingly, that the Home Office had failed to renew the contracts for TAB members.
For Dame Muffy Calder and the small group of academics, former spies and technical experts that advise Britain’s oversight body for intelligence agencies and police on developments in technology, their work is all about “trust”.
Calder, a distinguished computer scientist whose research interests include artificial intelligence, computational modelling and automated reasoning, is the chair of the Technical Advisory Panel, a group of six experts charged with advising Britain’s surveillance oversight body.
The role of the TAP is to advise the Investigatory Powers Commissioner’s Office (IPCO), overseen by Brian Leveson in his role as investigatory powers commissioner, and nine judicial commissioners who provide independent oversight of the police and intelligence services’ use of intrusive surveillance powers.
Can this small group of experts act as an effective counterbalance to organisations such as GCHQ, MI5 and MI6, which had a combined budget of £4.5bn in 2024-2025?
The European Commission has been accused of rigging the selection process for Europe’s next data protection watchdog in favour of its own candidate, according to a complaint submitted to the European Ombudsman and shared with Computer Weekly.
Submitted by privacy experts Maria Farrell, Douwe Korff and Ian Brown, the complaint alleged “procedural irregularities” with the commission-led process, including a lack of transparency around the selection criteria for shortlisted candidates, the identities of the selection committee and why certain decisions had been made.
Canadian businessman Thomas Herdman is awaiting trial in France for his alleged role in the distribution of modified smartphones installed with the Sky ECC app.
The 63-year-old was arrested in June 2021, despite cooperating with US investigators over his involvement with the encrypted communications firm Sky ECC. He has spent 45 months in pre-trial detention since.
Computer Weekly spoke to Herdman’s daughter, Julie Kawai Herdman, who says her father is innocent, citing inaccuracies in the evidence and flawed legal processes.
During the Second World War, there were an estimated 250 signals intelligence sites across the UK, from as far south as Cornwall to as far north as the Orkneys.
Many important sites are now in danger of disappearing, either being demolished for housing or simply being left to decay, and their significance is being lost to history.
Dave Abrutat, the official historian at GCHQ, is on a mission to preserve this history before it is lost and the folk memories are forgotten.
Abrutat estimates that since the First World War, tens of thousands of people have worked in signals intelligence and communications security in organisations as diverse as the Post Office, the Admiralty, the Royal Signals and the Foreign Office, and US Airforce sites such as Chicksands in Bedfordshire, known for its “elephant cage” radio receiver.