The U.S. Justice Department told Congress in November there were no major disputes with the United Kingdom over how the two allies seek data from each other’s communication companies.

But at that time, officials knew British authorities were preparing a demand that Apple build a back door to its users’ encrypted data, according to people familiar with the process, who spoke on the condition of anonymity to discuss internal department matters.

Director of National Intelligence Tulsi Gabbard on Tuesday called that British demand an “egregious” violation of American rights, and on Wednesday lawmakers asked the Justice Department to investigate.

November’s report to Congress was required by law to renew an agreement that lets the U.K. obtain electronic data from U.S. providers without going through U.S. courts. In it, the Biden Justice Department certified that U.K. laws and procedures provided “robust substantive and procedural protections for privacy and civil liberties.”

Sen. Alex Padilla and Rep. Zoe Lofgren, both California Democrats, asked Attorney General Pam Bondi to reexamine that finding, saying Britain’s threat to compromise encryption violated the information-sharing deal between the two countries under the 2018 CLOUD Act.

“No entity, foreign or domestic, should be able to make Americans’ data more susceptible to breaches,” Padilla said. “That’s why we are demanding accountability, not just from other countries, but from the Department of Justice, which has the responsibility to keep Americans’ data safe — we must not set this terrible precedent.”

The U.K. ordered Apple in January to create a way for British authorities to obtain content that Apple users store in iCloud with Advanced Data Protection, an encryption option rolled out worldwide two years ago. That content is end-to-end encrypted, meaning only the user, and not Apple, can access it. Apple withdrew the encryption option in the United Kingdom Friday rather than comply, an action that would have left its users with less security than they had been promised.

The Justice Department’s 10-page report to the Foreign Relations and Judiciary committees of the House and Senate noted that unnamed U.S. companies had complained that the U.K. Investigatory Powers Act required advance notice if they wanted to enhance privacy or security in their services and that Britain could then block those offerings globally.

The department said it reminded its British counterpart of the CLOUD Act’s “requirement that the terms of the Agreement shall not create any obligation that providers be capable of decrypting data.” The report did not mention the looming order, and said any demands for reduced security would come under Britain’s Investigatory Powers Act, and so were not within the scope of the CLOUD Act.

The Justice Department official who conveyed that document to Congress referred questions Wednesday to a department spokeswoman, who said she had nothing to add to the report.

On Wednesday, lawmakers Padilla and Lofgren faulted the November certification, saying “it splits the finest of hairs” by suggesting that the CLOUD Act didn’t apply to any decryption order. The two lawmakers, who sit on the Judiciary committees in their respective houses of Congresses, asked Bondi to reconsider whether Britain was violating the CLOUD Act by ordering a break to Apple’s encryption.

Two of the people familiar with the certification process said the FBI has pursued backdoor capabilities unsuccessfully in the United States and would have been in a stronger legal position to win that if Apple had already had to create such a mechanism for another government.

The FBI did not respond to a request for a comment. The U.K. Home Office did not immediately respond to a request for comment, and has previously said it does not comment on “operational matters.”

Gabbard on Tuesday wrote to Sen. Ron Wyden (D-Oregon) and Rep. Andy Biggs (R-Arizona), saying she had directed a legal review of the order and had not known of it before it was reported by The Washington Post and confirmed by other publications. The legislators had urged her to act just after her confirmation as the top U.S. intelligence leader.

“I share your grave concern about the serious implications of the United Kingdom, or any foreign country, requiring Apple or any company to create a ‘backdoor’ that would allow access to Americans’ personal encrypted data,” she wrote. “This would be a clear and egregious violation of Americans’ privacy and civil liberties, and open up a serious vulnerability for cyber exploitation by adversarial actors.”

Apple was forbidden from disclosing the order to Congress or U.S. regulators under the Investigatory Powers Act, which allows British officials to compel communications and technology providers to assist in government inquiries.

While not addressing the existence of the order, when Apple said it was pulling the secure storage from U.K. customers it added that it had never built a back door into its products and never would.

Even the U.K. pullout would not be enough to end the U.K. demand that the tech giant create the back door for spying on those in other countries. Gabbard’s complaints might do that, and she pledged to keep Congress apprised.

The CLOUD Act cooperative agreement bars the British from deliberately seeking information on Americans, but forcing the creation of a universal back door would create a new target not just for law enforcement officials, but for hackers and spies as well.

“Any information sharing between a government — any government — and private companies must be done in a manner that respects and protects the U.S. law and the Constitutional rights of U.S. citizens,” Gabbard wrote. “I look forward to ensuring the UK government has taken necessary actions to protect the privacy of American citizens, consistent with the CLOUD Act and other applicable laws.”

U.K. officials and the FBI have complained that the increasing use of end-to-end encryption has stymied investigations into terrorism, child abuse and other serious crimes. Such communications can only be seen by the sending and receiving devices. Apple’s Advanced Data Protection, iMessages and FaceTime are end-to-end encrypted, as are Google Android backups and some chats, Meta’s Messenger and WhatsApp texts, and content sent over Signal.

While acknowledging that strong encryption is used by criminals, the vast majority of security professionals and government cyber defenders have endorsed increased adoption as hackers win access to regular emails, text and voice calls.

“Director Gabbard is right to raise alarm over the UK’s demand for backdoor access to Apple users’ encrypted data,” said Kia Hamadanchy, senior policy counsel at ACLU. “While this might be a British government demand, it will have huge consequences for anyone in the U.S. with an iPhone.”