"Upon initial review of the U.S. and U.K. bilateral CLOUD Act Agreement, the United Kingdom may not issue demands for data of U.S. citizens, nationals, or lawful permanent residents ("U.S. persons"),..."
OK, I can see that, though even then I could imagine this sometimes being the case.
"...nor is it authorized to demand the data of persons located inside the United States."
Really, even if in the case of individual UK citizens, under all circumstances ?
What happens to foreign citizens traveling to UK with encrypted devices? If I have advanced data protection on my iPhone, it surely won't be disabled automatically when I cross the border. How do they handle this case legally?
I'm certainly sure that US is spying on everyone it wants. This is ridiculously hypocritical and I wouldn't be surprised if this was motivated by some politics.
If I were Gabbard, I would go further and be more concerned that a UK company forced a US company to downgrade its privacy to suit its politics on privacy, which clearly confict with US ideals of privacy and free speech.
Speaking as the person who pops up to defend the Online Safety Act (which regulates social media), I think the Investigatory Powers Act (which allows for this spat with Apple) is a terrible piece of legislation.
The Online Safety Act is about internet systems that are akin to traditional publishing, and so it holds the operators of those systems to the same standards to which we hold traditional publishers, but the Investigatory Powers Act relates to individuals' private use of computer systems. It represents a serious breach of individuals' privacy, which is a foundation stone in the culture of a country as densely populated as the United Kingdom. The extraterritorial aspect of the legislation is not only uncouth in the twenty-first century, but presently unenforcible given the United Kingdom's diminished Armed Forces. Finally, choosing to pick this fight now was a poor choice given the current state of international politics.