[HN Gopher] U.K. demand for a back door to Apple data threatens ...
___________________________________________________________________
U.K. demand for a back door to Apple data threatens Americans,
lawmakers say
Author : ksec
Score : 337 points
Date : 2025-02-13 14:53 UTC (8 hours ago)
(HTM) web link (www.washingtonpost.com)
(TXT) w3m dump (www.washingtonpost.com)
| thiscatis wrote:
| It's only a threat when non US countries demand it, otherwise
| it's just a safety measure.
| gruez wrote:
| Said nobody ever.
| croes wrote:
| So why does the CloudAct still exist?
| panki27 wrote:
| Patriot act and cloud act threatens everyone else. More news at
| 11.
| grimui wrote:
| http://archive.today/ujbf8
| Shank wrote:
| I think this is an unquestionable overreach on the UK's part. If
| you live in any country that isn't the UK, you should feel the
| threat from this: the UK government believes that it is entitled
| to a backdoor on your hardware, even if you've never stepped a
| foot on UK soil or intend to. Mass surveillance is a threat to
| everyone, but this is not an instance of that, which has guards
| against it, like encryption. This is the UK asking for an
| encryption backdoor to everything, including for phones that
| never traverse its soil or internet boundaries, or even cross
| anywhere near FVEY collection devices.
|
| This is a dramatic overreach of authority.
| JoshTriplett wrote:
| We should not normalize the idea that it's acceptable _within_
| a country 's borders either.
|
| It's a massive overreach to demand a backdoor to phones
| _within_ the country. Don 't allow the even _bigger_ overreach
| to move the Overton window and make it seem like it should ever
| be acceptable.
| pc86 wrote:
| I think it's reasonable here to differentiate between
| acceptable and legal. It's completely unacceptable, but the
| British people have proven time and time again they're more
| than happy to make horrifically unacceptable things
| completely legal in the pursuit of "safety."
| JoshTriplett wrote:
| As with the US, I would not equate "British lawmakers
| passed" with "British people are happy to". British people
| are not given direct referendum on this issue specifically,
| and all of the mainstream British parties currently support
| the Snooper's Charter.
| flir wrote:
| Mate, the "take all steps necessary to root out
| paedophiles" referendum would be won with 95% of the
| vote. It's all in the framing, you know that.
| davethedevguy wrote:
| > It's all in the framing
|
| Yeah, that's the root of the problem, I think.
|
| It's easy to sell people that "we just need this one more
| bit of access to your private data, it helps us stops
| paedophiles and terrorists", but each step takes us
| further down a bad path.
|
| I'm sure everybody would agree that having full camera
| surveillance inside every UK home is too far, but no
| oversight at all is also bad.
|
| There is a point along that line where society would say
| "no, that's enough", but successive governments have
| realised that they can slowly push that point further
| right and nobody seems to notice, or care.
| pc86 wrote:
| I'm not aware of British people rioting in the streets
| over living in a society with multiple cameras on every
| corner of every street, where police knock on your front
| door based on social media posts. They seem to accept it,
| even welcome it.
|
| If the people were strongly against the Snooper's Charter
| there would be politicians willing to stand against it.
| The parties do not impose their will on the people, they
| do and say what they must to gain and keep power.
| jeroenhd wrote:
| A similar law passed in Australia a few years ago; various
| Australian law enforcement agencies can request or even demand
| companies to make changes to their code (read: introduce
| backdoors).
|
| Until people and companies start treating Australian-made
| software as dangerous to the extent that it affects the
| economy, other countries will probably follow with similar
| laws.
|
| That should include being hesitant to use American software as
| well. There's a good reason EU companies aren't allowed to
| store data on American servers.
| pjc50 wrote:
| Current state of this, as far as I can tell:
| https://www.firstattribute.com/en/news/eu-data-boundary-
| for-...
|
| Note that it's seemingly unclear whether it's OK for EU
| companies to store data even on EU servers of US parent
| companies. Although very little has actually been done about
| this and everyone, governments included, is still using
| Microsoft 365.
| eapressoandcats wrote:
| In principle as long as a state has legal hooks into a
| large enough part of the business it's probably ok. Data
| centers are less tricky than phones because they don't
| move.
|
| I'm also not sure there's so much practical difference
| between a company headquartered in the EU vs USA. The
| relevant thing would seem to be where operations happen,
| and what legal and practical hooks each side has into the
| company, including physical location of servers and the
| people who operate and write code for them.
| nickslaughter02 wrote:
| More context:
| https://www.schneier.com/blog/archives/2024/09/australia-
| thr...
| dannyw wrote:
| It's not just at Australian made hardware or software. You
| think Australia won't try to assert this against a global
| company with presence in Australia?
| throwaway290 wrote:
| With a warrant a company can be forced to implement this
| capability for a specific case. Is it the same?
| shakna wrote:
| "TCNs are orders that require a company to build new
| capabilities that assist law enforcement agencies in
| accessing encrypted data. The Attorney-General must approve
| a TCN by confirming it is reasonable, proportionate,
| practical, and technically feasible."
|
| It's a step above a warrant, as an order, when building a
| new capability. But yes, its focused in on one case. As to
| "reasonable" - our current AG is a strong supporter of
| expanding government powers as a way to fix any new problem
| that appears. He's done some good. And some bad. It isn't
| hard to see him rubber-stamping these, if someone across
| the hall needs it done.
|
| Also... If a TCN order comes through, you're not permitted
| to tell the business that you've been ordered to create a
| backdoor in them. And they can order random anyone in the
| company to comply - it doesn't have to go to the C-level.
| throwaway290 wrote:
| https://www.homeaffairs.gov.au/about-us/our-
| portfolios/natio...
|
| "What assistance can be provided"
|
| > Note: private communications and data may only be
| accessed with lawful authority pursuant to the existing
| warrant framework
| fransje26 wrote:
| > Until people and companies start treating Australian-made
| software as dangerous
|
| Atlassian?
| selimthegrim wrote:
| Do you remember when Theresa May had to tell the US no when
| they wanted to profile UK citizens of certain ethnic
| backgrounds for US travel?
| varsketiz wrote:
| > This is a dramatic overreach of authority.
|
| Well, the rest of the world lives with the USA constantly doing
| this. Hopefully you dont support that as well.
| graeme wrote:
| The US does not require Apple to make a backdoor to its
| encryption.
| Workaccount2 wrote:
| But it is greatly in the interest of US agencies to
| perpetuate conspiracies that they have access to all data,
| all the time, with no court needed.
| nickslaughter02 wrote:
| How do you know that? Similarly to the UK, USA has a
| process to force companies to add back doors. For all we
| know it might the USA wanting access and using its five
| eyes allies to get it done.
| sieabahlpark wrote:
| Point to the law that requires them to do it and keep
| quiet about it. The US law.
|
| I'll wait.
| varsketiz wrote:
| There does not have to be a law for the US government to
| do something.
|
| Remember the NSA spying scandal?
| fransje26 wrote:
| CALEA
|
| https://en.wikipedia.org/wiki/Communications_Assistance_f
| or_...
| alt227 wrote:
| Heres an example of when Apple got caught giving the US
| government all users push notifications, and then quite
| openly said they had been bound by law to keep quiet
| about it.
|
| https://www.macrumors.com/2023/12/06/apple-governments-
| surve...
|
| > "In this case, the federal government prohibited us
| from sharing any information,"
| quesera wrote:
| Compelled speech, and compelled work, are both disallowed
| by the US constitution.
|
| Apple successfully used this argument several years ago
| when the FBI tried to demand that they break a phone for
| an investigation.
|
| If there is more recent news or legislation, perhaps I'm
| not remembering it?
| giobox wrote:
| > Compelled speech, and compelled work, are both
| disallowed by the US constitution... Apple successfully
| used this argument several years ago when the FBI tried
| to demand that they break a phone for an investigation.
|
| I'm not sure this is how the San Bernardino case actually
| panned out:
|
| "Apple declined to create the software, and a hearing was
| scheduled for March 22. However, a day before the hearing
| was supposed to happen, the government obtained a delay,
| saying it had found a third party able to assist in
| unlocking the iPhone. On March 28, the government claimed
| that the FBI had unlocked the iPhone and withdrew its
| request."
|
| The arguments were never actually tested in court, the
| whole thing was quietly put away once the FBI found
| another way to unlock the phone.
|
| > https://en.wikipedia.org/wiki/Apple%E2%80%93FBI_encrypt
| ion_d...
| quesera wrote:
| Yes, in this case: _successfully used this argument_ to
| delay until the FBI gave up.
|
| If it had gone to court, the argument was considered
| strong, but of course no one knows until a verdict is
| reached and appeals are exhausted.
| giobox wrote:
| This is a gross simplification of the many factors that
| lead to the FBI dropping the demand against Apple, in my
| opinion.
| quesera wrote:
| But it is everything we know.
|
| The expectation was that FBI would lose in court. But
| that was not guaranteed, certainly.
|
| FBI had multiple reasons to abandon the effort, but one
| was that if legal precedent was established at that time,
| for that case, it would be harder to bypass in future
| cases.
| fransje26 wrote:
| https://en.wikipedia.org/wiki/Communications_Assistance_f
| or_...
| quesera wrote:
| Apple is not in scope for CALEA requirements. But point
| taken.
| croes wrote:
| But the US demands data from non US citizens stored in non-
| US countries aka CloudAct.
| alt227 wrote:
| Apple has a history of giving the US government whatever
| user data they want, lying about it, then when it leaks
| publicly they are able to say 'Well we couldnt tell you
| because it would have been breaking the law, sorry about
| that'.
|
| Have an example, of when it leaked that apple was secretly
| syphoning off all push notifications to the US government:
|
| https://www.macrumors.com/2023/12/06/apple-governments-
| surve...
| graeme wrote:
| Fundamentally not the same thing. Notifications aren't
| encrypted. Apple has made no claim that they're secret
| from the govt.
|
| Apple has very loudly and prominently and specifically
| stated that their encrypted is ecrypted and not even
| available to apple. They list which portions of icloud
| this applies to and not.
|
| Huge different between an omission and a large, positive
| lie.
| wellthisisgreat wrote:
| Well there is still a HUGE difference between some backroom
| dealing that blows up in government's face in the most
| scandalous, generation defining way when it gets exposed, and
| a bunch of power-hungry troglodytes saying they want to play
| Orwellian villains in the open.
| kitd wrote:
| Here's the BBC report on the matter:
| https://www.bbc.co.uk/news/articles/c20g288yldko
|
| It applies to content stored using ADP, Apple's E2EE tech. A
| backdoor into that would mean applying a backdoor into iOS on
| the phone itself, which is a much larger attack surface than
| anything centralised.
|
| All of which highlights the clownish nature of these
| regulations. They are so easy for bad actors to circumvent (eg
| using their own E2EE), resulting in the ridiculous situation
| where the innocent get their data stolen and the very people
| you're targeting being completely unaffected.
| swores wrote:
| I'm entirely against what the UK government wants, however I
| would say:
|
| Although you're right that tech people would still be able to
| choose secure encrypted options, the fact is that the
| majority of criminals by pure numbers are not very
| sophisticated - so while this sort of backdoor obviously
| wouldn't be a guarantee that every criminal conversation
| could be snooped on, it _would_ work on the 90-99% (I 'd
| guess towards 99) who aren't both cautious enough to try to
| be secure and tech savvy enough to make the right choices.
|
| (But it's still a terrible idea, both for the sake of general
| privacy principles, and for the risk that current or future
| governments or personnel will abuse the access, and for the
| risk that criminals outside government will be able to take
| advantage of the same backdoor.)
| sejje wrote:
| For three whole minutes until everyone knows it's totally
| compromised and stops doing that
| swores wrote:
| SMS is already known to be insecure and easily snooped on
| with a warrant, and has been used by police around the
| world in many cases, yet a surprisingly high number of
| criminals still use it.
| eapressoandcats wrote:
| Realistically most criminals probably don't even turn on
| ADP, so it will probably move the needle not at all.
| adim86 wrote:
| The idea that criminals are not sophisticated is a weak
| excuse for this system.
|
| Once the government starts mining data from iPhones,
| criminals will quickly adapt while every law-abiding
| citizen gets caught in the crossfire. It opens the door for
| abuse: officials could easily spy on their partners, dig up
| dirt on rivals, or target those they dislike without
| breaking any laws. Meanwhile, cybercriminals will have an
| easy target since every phone comes with this built-in
| vulnerability.
|
| This system is likely to snag small-time offenders, not the
| real masterminds behind organized crime. This isn't a smart
| solution for crime. It just sacrifices our privacy for a
| few token arrests.
| nottorp wrote:
| Criminals don't need to be all sophisticated anyway. They
| just need to know how to reach one of the sophisticated
| criminals and pay them to extract whatever they need.
|
| Incidentally, as a non US and non UKer, my data with the
| major tech firms has no protection anyway. Welcome to the
| club, US citizens :)
| zombiwoof wrote:
| Very weak considering we have a criminal in the White
| House
| watwut wrote:
| He is not sophisticated and did not needed to be
| sophisticated to be in the White House. And untouchable
| by the law.
| trinsic2 wrote:
| There are already replies with sound arguments against the
| ideology that 90 of criminals arnt that sophisticated.
|
| Secondly, I will also point out that criminals in general
| watch whats happening to other criminals. If people start
| going to jail because there mobile communications are being
| targeted, others will catch on and stop using mobile tech
| altogether for criminal activities.. People copy what works
| successfully, you don't need to be smart to do that. So
| yeah this argument is complete bullshit.
| KennyBlanken wrote:
| The majority of criminals have no idea that their their
| iMessage encryption keys and iMessages are synced into the
| cloud and available to law enforcement with a warrant. No
| need to break devices security, no need for back doors.
| fakedang wrote:
| Most GSW victims are killed by one or two bullets, not
| hundreds of them.
|
| You don't need a "vast majority" of criminals to break down
| a system and exfiltrate data when just a single, possibly
| state-backed, criminal operation can break your system down
| and do the job.
| wonderwonder wrote:
| This is a government that believes in thought crimes. They
| will likely arrest people for having illegal memes on their
| phones or for texting messages to friends of which the
| government does not approve. If there was prequal to 1984, it
| would look something like this.
| hnlmorg wrote:
| I really don't like the UK governments stance on cyber
| security / counter-terrorism / et al either. In fact, as a
| UK citizen I've actively campaigned against a great many of
| their policies.
|
| However this "thought police" and "arrested for posting
| memes" comment that often gets pointed on here is itself a
| nonsense meme.
|
| What actually happened was people were arrested for
| instigating riots. This is no different to what happened in
| the US regarding the Capital Hill riots -- people who
| helped organise it online were arrested too.
|
| The UK has a long history of shitty policies invented to
| "protect people" but we need to be clear on what's actually
| fact and what's fiction. Otherwise you end up wasting
| energy protesting against things that are imaginary.
| gruez wrote:
| >However this "thought police" and "arrested for posting
| memes" comment that often gets pointed on here is itself
| a nonsense meme.
|
| >What actually happened was people were arrested for
| instigating riots. This is no different to what happened
| in the US regarding the Capital Hill riots -- people who
| helped organise it online were arrested too.
|
| According to: https://news.sky.com/story/jordan-parlour-
| facebook-user-jail...
|
| One of the "instigators" was sent to prison for tweeting
| "every man and his dog should smash [the] f** out of
| Britannia hotel (in Leeds)". While I agree such tweet
| might be illegal under US law (it plausibly meets the
| "imminent lawless action" standard), it's a stretch to
| equate that to "organise [the Capital Hill riots] online"
| (whatever that means). A tweet by a nobody who got 6
| likes isn't "organising". It's shitposting.
| hnlmorg wrote:
| Did you actually read that article. In there it even
| stated there was a pattern of behaviour and that his
| comments on Facebook had been shared with thousands and
| directly resulted criminal damage. Not only that, that
| his comments were _intended_ to cause criminal damage and
| result in physical attacks against immigrants.
|
| What you've done is selectively quoted a small subset of
| portions from that article to misrepresent the full
| trial.
|
| Which is exactly why I had to write my comment defending
| the UK government earlier. Believe me, I really don't
| want to defend the government.
|
| The UK government get a lot wrong when it comes to
| legislation regarding technology. In fact they get nearly
| everything wrong and I've frequently had to have words my
| MPs about it (not that that's done any good). But they
| categorically do not lock people up just for shitposting.
| At best that's just an exaggeration. At worst it's an out
| right misrepresentation of the facts.
| graemep wrote:
| You are focusing on one set of incidents. There are lot
| of others not connected to any violence at all. People
| arrested for standing still because of what they admitted
| thinking and their motive for doing so. Police
| investigations of 'non-crime incidents'. Hate speech laws
| that can be very widely interpreted. Increasingly
| restrictive laws on public protests.
| foldr wrote:
| Just link to a report of an incident that you think
| proves your point. It's impossible to have a sensible
| discussion about this issue when comments are so vague.
| parasense wrote:
| >However this "thought police" and "arrested for posting
| memes" comment that often gets pointed on here is itself
| a nonsense meme.
|
| Are you for real? These accusations are not merely memes.
|
| While I don't endorse terrible people, it is note worth
| sometimes awful people are the target of even more awful
| laws. For example, you can do research into a person
| named "Adam Smith-Connor" who was literally convicted for
| standing in public while introspectively praying
| silently. The conduct of standing while appearing to pray
| was deemed as a form of illegal protest too near an
| abortion clinic. The same exact thing happened to another
| person "Isabel Vaughan-Spruce" who was not convicted.
|
| There are also well documented incidents in the UK
| involving the prosecution of people making remarks
| online, which could arguably cross into thought-crime
| territory. I'll leave it to you to actually research
| these incidence, Google is your friend.
| foldr wrote:
| The event you're referring to is actually a bit of a non-
| story:
| https://www.bbc.co.uk/news/articles/c4g9kp7r00vo.amp
| You're not allowed to protest right outside an abortion
| clinic: https://www.gov.uk/government/news/abortion-
| service-protecti... You can protest against abortion as
| much as you like. Someone spent a long time trying to
| politely get this man to leave the protected zone, but he
| refused, which is why he was then arrested.
|
| As usual in these HN threads on the UK, there's a
| reasonable point that _could_ be made about whether or
| not this restriction correctly balances the right to free
| speech against women's right to access healthcare. But
| instead we see a lot of wildly exaggerated talk about
| "thought crimes", etc. etc.
|
| The concept of restricting the time and place of protests
| is not exactly unknown in the US either:
| https://en.m.wikipedia.org/wiki/Free_speech_zone
| card_zero wrote:
| So, loitering with intent, like this guy was arrested for
| 120 years ago.
|
| https://en.wikipedia.org/wiki/Loitering#/media/File:Gilbe
| rt_...
|
| Or in fact a specific crime of hanging around abortion
| clinics.
| impossiblefork wrote:
| People have been arrested for perfectly legal anti-
| royalist propaganda, and threatened with arrest for such
| things as protesting by holding a blank sheet of paper,
| so I don't agree.
| hnlmorg wrote:
| Citation needed
| inejge wrote:
| Several examples, including blank piece of paper:
| https://www.bbc.com/news/uk-62883713
| foldr wrote:
| Nothing actually happened to the guy with the blank sheet
| of paper (or at least, if it did, that's not reported in
| the article).
|
| Certainly you can find examples of the British police
| overpolicing protests, and that's something that people
| rightly get angry about. It's just that there's a huge
| distance between that kind of thing (which happens pretty
| much everywhere from time to time - do US police forces
| have an exemplary record of policing protests?) and the
| kind of wild claims you can see in this discussion that
| the UK has become an Orwellian police state.
| impossiblefork wrote:
| Perhaps, but I am not comparing it to American forces.
| I'm Swedish and while I have some things to do with
| America, mostly indirectly, it's not my centre of
| reference.
| hnlmorg wrote:
| That's not really the same as what's being discussed
| though it's still troubling.
|
| Thankfully common sense prevailed and those people
| weren't convicted. meanwhile in other "less Orwellian"
| counties people are getting charged for similar actions:
|
| https://www.nbcnews.com/politics/2024-election/protester-
| int...
|
| Where's your freedom of speech there?
|
| I'm not saying I agree with Met. But I also don't agree
| it proves the UK are charging people for posting internet
| memes. Which was the original claim.
| inejge wrote:
| > That's not really the same as what's being discussed
| though it's still troubling.
|
| GP mentioned anti-royalist protester arrests and threats
| of arrest, you asked for a citation, I provided a link to
| a BBC article discussing those. How is it not "what's
| being discussed"? (At least in the context of this
| subthread.)
| doublerabbit wrote:
| > In London, a barrister who held up a blank piece of
| paper in Parliament Square was asked for his details by
| Metropolitan Police officers, and told that he would be
| arrested under the Public Order Act if he wrote "Not My
| King" on the paper.
|
| https://en.m.wikipedia.org/wiki/Blank_paper_protest
| hnlmorg wrote:
| Already commented on here
| https://news.ycombinator.com/item?id=43040546
|
| In short, he wasn't charged yet when similar protests
| happen in the US (for example) then people do get
| charged.
| cowfriend wrote:
| By "thought crimes", would you mean firing people for
| holding positions responsible for DEI policies which were
| assigned to them and which there was a legal obligation to
| enforce?
|
| Because that would NEVER happen in the US, certainly no
| government agency would fire its own people for having
| following legally enacted government policy just because
| that policy was no longer in fashion (though still legal
| government policy, because Congress hadn't yet changed the
| law).
| beeflet wrote:
| those are government workers
| karatinversion wrote:
| The people in the UK actually go to prison though
| tim333 wrote:
| It's not that bad. I think the demanding a backdoor from
| Apple is over the top / stupid. But I haven't heard mention
| of thought crimes yet (brit here).
| ljm wrote:
| Since it seems to be illegal to even reveal if one of these
| requests was received, it's also worrying that, by extension,
| it would be illegal to declare a data breach once the
| backdoor was inevitably exploited by another bad actor.
|
| So, how would anybody know that a foreign government was
| spying on them? Nothing would stop them installing Pegasus on
| your phone and exfiltrating even your 'secure' data.
|
| The stupid thing is that these laws always find a way to say
| that people in government are exempt from the provisions, and
| everybody except them is allowed to be spied on, but they are
| obviously going to be the first people to be targeted. Not
| some randomer hoarding CSAM.
| fujinghg wrote:
| This is exactly the problem. The logical outcome is so bad
| that the only risk mitigation is to not use their services
| at all.
| jtbayly wrote:
| Kind of like the EU overreach on privacy. Whether it's for a
| good cause or a bad one, these sorts of overreach are to be
| opposed.
| arlort wrote:
| It'd be kinda like GDPR if the EU has demanded that non EU
| companies apply GDPR to non EU citizens
|
| As described by the parent post it's nothing like EU
| "overreach" on privacy (whatever that even means)
| jtbayly wrote:
| How am I supposed to put up a website intended for US
| citizens onto the _world_ -wide-web, _without_ worrying
| about GDPR?
| croes wrote:
| So you track your website vistors?
| jtbayly wrote:
| I run multiple Discourse sites. You can spin that however
| you want. People have personal data on my sites for sure.
| Is that "tracking" in your book? What about in the EU's
| book? Anyway, I'm not going to read the GDPR to find out
| whether that's "illegal," no matter what they say.
| alt227 wrote:
| You only need to worry about GDPR if you are harvesting
| and saving personal and identifiable information on your
| users.
|
| If you are not doing that then you dont even have to
| think about it.
| rogerrogerr wrote:
| This always gets trotted out, usually by people who seem
| to have never run any web service before. IPs are
| apparently PII, and all default server configs log them.
| If you don't, good luck complying with any security
| audits that will require you to keep them to make
| forensics possible.
|
| This is just one of the things that makes GDPR, in
| practice, an "if we don't like you, we'll investigate you
| and will definitely find something" law.
| alt227 wrote:
| I am a data controller for multiple companies, I have
| read the GDPR legislation cover to cover multiple times,
| I have been through multiple audits. You only need to
| care about it if you are storing personal data, end of.
| Downvote me if you like but thats the cold hard truth.
|
| > IPs are apparently PII
|
| It always pains me when people spout stuff about GDPR
| that they think they know but dont. Go talk to an auditor
| like I have many times, then you wont need to use words
| like 'apparently' and you will actually know what you are
| talking about.
| jtbayly wrote:
| It's your job, and you've put more time into this than I
| will ever put into it. True. You (hopefully) understand
| the law better than me and the commenter you replied to.
| But you certainly haven't convinced _me_ to read the GDPR
| legislation cover to cover multiple times to decide
| whether and how I can comply! The EU can't tell me what
| to do with my Discourse website. I put it online. They
| can block it for their residents if they don't like it.
| That is not my responsibility.
| buzer wrote:
| > > IPs are apparently PII
|
| > It always pains me when people spout stuff about GDPR
| that they think they know but dont.
|
| Are you trying to suggest end user IPs are not PII? There
| is judgement from CJEU (Patrick Breyer v Bundesrepublik
| Deutschland, ECLI:EU:C:2016:779) regarding the older Data
| Protection Directive that IP address is personal data if
| the service provider can give the IP address to competent
| authority and that authority has a way to connect it to
| user. As most (all?) EU countries mandate that ISPs keep
| logs that match IP address to subscriber and competent
| authority can get this information, the IP address is
| almost always PII.
|
| Or is your auditor suggesting that GDPR is less strict
| than the older directive regarding this case? From my
| reading the only real difference was that GDPR added a
| bit more precision on what reasonable actions are ("such
| as the costs of and the amount of time required for
| identification, taking into consideration the available
| technology at the time of the processing and
| technological developments"). At least to me the example
| given in the court case would be reasonable when taking
| those in account.
|
| You can, of course, have legitimate interest to collect
| it (like many other forms of PII as well), even for cases
| where the data subject cannot object to it. It doesn't
| change the fact that it's almost certainly PII.
| arlort wrote:
| IP blocking if you really can't live without tracking
| your users unnecessarily
|
| If you're aware of any such website which has been
| investigated under GDPR I'd be happy to know
| jtbayly wrote:
| In other words, the EU mandates that I follow their law,
| even though they have no jurisdiction over me. I can
| follow it by refusing to track PII, or I can follow it by
| "blocking" Europe on the WWW. I can't be bothered to
| figure out how to do either of those things, so I don't
| bother. I just spin up an instance of Discourse and move
| on. Because their _claim_ that I must follow their laws
| is just as bogus as the UK's claim, even if I think the
| EU had admirable goals and the UK has terrible goals.
| matt-p wrote:
| Right. Who would be the first country the US might go to if it
| wanted to spy on it's citizens from abroad? Perhaps one who
| already does this for them using other methods such as wire
| tapping?
| quesera wrote:
| Are you suggesting that the UK government isn't snoopy or
| creative enough to initiate this idea on their own??
| matt-p wrote:
| No. Maybe it was their idea, maybe it was the US's. One
| thing's for sure though we wouldn't be pushing ahead with
| this without the tacit support of the US, particularly in
| the current environment.
| quesera wrote:
| Tenuous. The UK did not need US approval to make all of
| its existing privacy-violating laws. Nor did Australia,
| or parts of the EU.
|
| Don't get me wrong. The only thing holding the US
| government back from growing all the more monstrous is a
| patchwork of sketchy laws that might have teeth.
|
| But I don't see any reason to assume that the stupidity
| of Brits is the fault of Americans. This time.
| BiteCode_dev wrote:
| The US, through the Intel ME software, already got a backdoor
| in most laptop. Using PRISM, it also had one on most big Saas,
| and now that it's over, it probably has a similar one we don't
| know about given Snowden's revelations about xkeyscore and how
| it works.
|
| It's very likely they also have a backdoor in Apple phone with
| a gag order, given Apple was part of PRISM and we can't check
| their proprietary system.
|
| We also know China has backdoors to any software or hardware
| product you want to sell there.
|
| So it is a problem that the UK is asking for this for us, but
| from their perspective, they are just catching up with the
| current horrible state of things.
| quesera wrote:
| > _very likely they also have a backdoor in Apple phone with
| a gag order, given Apple was part of PRISM_
|
| People keep repeating this as if PRISM was a voluntary, or
| even secretly cooperative, program.
|
| PRISM was no such thing. PRISM was the US govt snarfing up
| whatever data they could (under questionable legal
| authority), but no one has ever alleged that the data they
| were snarfing was provided willingly or knowingly by Google,
| Apple, etc.
|
| These companies are also victims of PRISM, not participants.
|
| All have explicitly refuted claims of any backdoor into their
| systems. There is no evidence that they are lying, or being
| forced to lie.
| alt227 wrote:
| > People keep repeating this as if PRISM was a voluntary,
| or even secretly cooperative, program. PRISM was no such
| thing.
|
| Wheres the evidence to say they had no idea about it and it
| was purely an external hacking effort?
|
| > All have explicitly refuted claims of any backdoor into
| their systems. There is no evidence that they are lying, or
| being forced to lie.
|
| Except all the previous times they have lied because the
| government asked them to. Like the time they willingly gave
| all users push notifications to the US government and then
| lied and said they didn't, until it leaked and they
| admitted they did and then openly spoke about how the
| government had forced them to keep quiet about it.
|
| https://www.macrumors.com/2023/12/06/apple-governments-
| surve...
| BiteCode_dev wrote:
| Wikipedia clearly states:
|
| PRISM collects stored internet communications based on
| demands made to internet companies such as Google LLC and
| Apple under Section 702 of the FISA Amendments Act of 2008
| to turn over any data that match court-approved search
| terms.
|
| https://en.m.wikipedia.org/wiki/PRISM
|
| They were actively providing the data on request.
| quesera wrote:
| Sorry, I should have been more explicit. Of course all US
| companies comply with US court orders.
|
| The controversial new revelation re: PRISM, via Snowden,
| was that NSA was also snarfing everything they could
| including unencrypted comms over frame relay/etc networks
| comprising, e.g., Google's _internal_ inter-site
| networks.
|
| To which all mentioned companies said "we were not aware
| of this, we never authorized a backdoor for LE at any
| level, this is a breach of trust and probably not legal,
| and now we'll encrypt everything between our internal
| systems too".
| davethedevguy wrote:
| I'm from the UK, and I completely agree.
|
| The general public either don't know about growing mass
| surveillance and privacy invasions, or don't care. "Terrorism
| and child abuse = bad, and if this prevents it and I have
| nothing to hide then why would it be a problem for me?"
| Frieren wrote:
| European countries and the USA have an increased misalignment as
| the USA becomes more radicalized and less willing to work with
| other countries.
| kstrauser wrote:
| In this specific case: good. I don't want USA companies
| cooperating with UK's extremist policies like this one.
| gmueckl wrote:
| Companies cannot really stand up to governments. Unless
| another government gets involved, Apple will have to follow
| UK law if they want to keep doing business in that country.
|
| By the way, the US is not a stranger to that kind of
| overreach, either (e.g. CLOUD act).
| wincy wrote:
| A large part of what enables huge multinational companies
| like Apple to be successful and resist stuff like this is a
| friendly administration and threats by the largest economy
| in the world.
|
| Apple is being sufficiently friendly with the current
| administration that lawmakers are going to go to bat for
| them and prevent this sort of stuff from happening. Apple
| is a pawn on a global stage and the governments are the
| true players. It's always been this way, it's just more
| obvious now. The big sea change has been the last four
| years big tech has been a target of its own government as
| well as foreign governments. That's largely why you've seen
| big tech jump ship to a political party that better serves
| their interests and doesn't constantly investigate them.
| I'm not being political here, it's just a fact of life.
|
| Apple is going to be protected as they bent the knee and
| kissed the ring, just look at the name of the large Gulf to
| the southeast of the United States in Apple Maps.
| briandear wrote:
| The official name in the GNIS for that body of water is
| the Gulf of America. So what name should Apple and Google
| Maps use for US users?
|
| What do the map companies call the Islas Malvinas? Or the
| East Sea? How about the Gulf of California? Or the Sea of
| Cortez? How about Mt Everest?
|
| If a Mexican mapping tech company wants to call it the
| Gulf of Mexico, that's their right.
| kstrauser wrote:
| Whatabout.
|
| Apple's market cap is greater than UK's GDP. Giant
| companies have a long tradition of flouting British
| authority.
| graemep wrote:
| market cap is not comparable to GDP. GDP is comparable to
| value added or profit.
| croes wrote:
| Apple doesn't need the UK business, but many people will
| get upset if their iPhone stops working.
|
| That's pretty big leverage.
| graemep wrote:
| > Apple doesn't need the UK business,
|
| I think shareholders would disagree. Several billion in
| sales and all assets in the UK are not insignificant. On
| top if that would be the reaction of other governments to
| seeing a business successfully defy a government. ait
| could be them next.
|
| >That's pretty big leverage.
|
| True and it shows how foolish governments are to allow
| such reliance on foreign suppliers.
| croes wrote:
| But how would shareholders react if Apple complies?
| Gupta2 wrote:
| > their iPhone stops working
|
| Reminds of when UK regulator blocked Microsoft from
| buying Activision.
|
| It was suggested by some that Microsoft has lots of power
| of UK and can threaten to pull out of UK and disable
| every single Windows PC and server in UK and destroy data
| belonging to UK businesses held in Azure, etc.
|
| Shame it didn't happen, would have loved the reaction
| from Macron/French/EU given their hatred of US big tech.
| croes wrote:
| > Companies cannot really stand up to governments.
|
| That's only valid for non-US companies or the US or Chinese
| government
| beeflet wrote:
| I mean apple could just sell unlocked phones that work in
| any country, and let people smuggle them in however they
| want.
|
| Apple just happens to operate their buisness in a way
| that's very vulnerable to government overreach. Their OS is
| dependent on centralized, easily firewalled services. They
| have a lot of brick and mortar stores, and so on.
|
| I believe that corporations can operate paralegally when
| need be.
| wiredfool wrote:
| This is pretty clearly against EU principles. If anything this
| is more like a US alignment than a EU alignment.
|
| It's pretty in line with their online protection act though,
| which is threatening jurisdiction over worldwide websites, no
| matter the size and with no clear guidance as to what a
| significant audience in the UK means.
| AnimalMuppet wrote:
| After Brexit, EU principles are less relevant.
| pjc50 wrote:
| This is basically the reverse of the Microsoft Safe Harbor case.
| Europeans should be safe from US spying, Americans should be safe
| from UK spying, and so should everyone else.
| croes wrote:
| Don't confuse EU with Europe.
|
| And the EU citizens aren't safe from US spying, so why should
| US citizens be?
| gambiting wrote:
| Not to be cynical, but if anyone has looked at anything revealed
| about security agencies in the last few years it's very clear
| what's happening here - whenever US wants to do something
| unpopular/straight up illegal, it just asks the UK(or any other
| partner country) to do it instead. American government can't ask
| Apple for data on any American citizen, but if UK obtains that
| data and then it happens to be shared between
| agencies......that's all fine. It's been happening already for
| years.
| josefritzishere wrote:
| You are right... I hadn't put that together.
| flir wrote:
| I wouldn't go full-on conspiracy, because I expect the impetus
| came from the UK, but... I doubt it would have gotten this far
| without tacit US gov support.
| mjburgess wrote:
| Not only would I not be surprised if this was a US demand on
| the UK, but I'd think it highly likely that the law which the
| UK passed to allow this was also a demand from the US.
| michaelt wrote:
| Governments are huge and constantly changing things.
|
| The cops think this is great, more power in their hands.
|
| The feds think it'll help them out, but those local cops will
| try to abuse it for sure, let's hope the courts keep on top
| of the warrants.
|
| The spies already have access that's almost as good by
| illegal means, without the need for any of those pesky
| warrants. But it'll be useful not to have to keep their
| access secret.
|
| The judges think this is a Fourth Amendment bust-up waiting
| to happen, why would you even... ugh.
|
| The defensive cyber-security types think this is very
| obviously a bad move.
|
| The diplomats think the Brits are OK and will do their
| warrant stuff properly, but for sure there will immediately
| be a request from some oil-rich middle eastern dictatorship
| for the same access. That will make for some awkward
| conversations.
|
| The elected politicians in power want to get votes, and are
| safe against this power being used against them. Being tough
| on crime and Backing The Blue might be a vote-winner. 95% of
| voters don't know the difference between "encrypted end-to-
| end" and "encrypted in transit and at rest" so getting this
| right might not win you many votes. On the other hand, if
| this takes off in the public consciousness as snooping, or
| intrusion, or an expansion of state power, could lose you a
| lot of votes. Maybe wait and see how the public reacts?
|
| The elected politicians who _aren 't_ in power think ooooh
| boy, this is not a power I want used against me, and not an
| administration I'd trust not to use it against me.
| davethedevguy wrote:
| UK governments have been pushing for this for years, usually
| invoking some recent terrorist event as justification.
|
| I'm not suggesting you're wrong, but I don't think this is
| _just_ the UK being a US puppet, there is very much an appetite
| for it in the UK parliament too.
| lcnPylGDnU4H9OF wrote:
| Yes, officially since 1946.
|
| https://en.wikipedia.org/wiki/Five_Eyes (look also for Nine and
| Fourteen Eyes on this page)
|
| https://en.wikipedia.org/wiki/UKUSA_Agreement
| daedrdev wrote:
| I highly doubt that considering this article is about US
| complaints towards the UK demand.
| gambiting wrote:
| Why? Obviously in public they have to say they are outraged
| by it. The collaboration and intelligence sharing between UK
| and US is not really up to debate, it's been going on for
| decades.
| josefritzishere wrote:
| It is only safe to assume that every security vulnerability will
| eventually be discovered, and exploited by a bad actor. Knowing
| that, willfully creating more vulnerabilities, however well
| intnded, is just reckless.
| philipov wrote:
| That's why they say that the road to hell is paved with good
| intentions.
| micromacrofoot wrote:
| publicly asking for a backdoor is like telling a pirate "we
| buried treasure here, please don't dig"
| nickslaughter02 wrote:
| In case you're wondering why there hasn't been any reaction from
| the EU, it's probably because EU has long waged war on encryption
| and would like to have access too.
|
| "Anonymity is not a fundamental right": experts disagree with
| Europol chief's request for encryption back door (January 22,
| 2025)
|
| https://www.techradar.com/computing/cyber-security/anonymity...
|
| EU anti-encryption crusaders seek to turn your digital devices
| into spyware (June 12, 2024)
|
| https://www.techradar.com/computing/cyber-security/eu-anti-e...
| esafak wrote:
| If every country starts demanding a backdoor, and also banning
| companies for being backdoored by other countries, what are
| companies to do? So dumb.
| guelermus wrote:
| If US have a backdoor, why not others? Privacy is a myth and a
| mobile can be secure only after a hammer touch.
| gruez wrote:
| US has backdoor to icloud ADP?
| gman83 wrote:
| Why is it ok that the American government have a backdoor & have
| access to all non-American's personal data, but when the UK/EU
| wants something similar, suddenly it's a massive outrage. Is it
| just "we're stronger than you", so it's ok when we do it?
| madeofpalk wrote:
| Was Snowden not a massive outrage?
| gruez wrote:
| Define "backdoor". US authorities being able to demand data
| service providers have access to (eg. your gmail account) is
| nowhere comparable to an encryption backdoor, which is what's
| proposed here.
| croes wrote:
| Because the US don't ask for a backdoor in encryption, they
| build it
|
| https://en.wikipedia.org/wiki/Dual_EC_DRBG
| gruez wrote:
| Your own article admits it's basically used nowhere. That's
| important, because OP specifically claims that the US
| government has"access to all non-American's personal data".
| Moreover it was widely condemned, contrary to OP's claim of
| "but when the UK/EU wants something similar, suddenly it's
| a massive outrage. Is it just "we're stronger than you", so
| it's ok when we do it?".
| croes wrote:
| At least UK demands it openly.
|
| The US spied on EU's industry with ECHOLON, 9/11
| prevented further investigations.
|
| https://en.wikipedia.org/wiki/ECHELON
|
| And the US and Germany sold backdoored crypto hardware to
| allies per Crypto AG in Switzerland.
|
| https://en.wikipedia.org/wiki/Crypto_AG
|
| My point is: the UK demands are bad but I'm sure the US
| agencies have similar demands and also backdoors, I'm
| looking at you Cisco, just not openly.
|
| The UK is playing with open cards, the US don't. I trust
| neither but the US are more devious.
| gruez wrote:
| >The US spied on EU's industry with ECHOLON, 9/11
| prevented further investigations.
|
| >https://en.wikipedia.org/wiki/ECHELON
|
| >And the US and Germany sold backdoored crypto hardware
| to allies per Crypto AG in Switzerland.
|
| >https://en.wikipedia.org/wiki/Crypto_AG
|
| From a quick skim it looks like in both cases
| surveillance was bilateral? In other words, European
| partner countries also got access. Again, I'm not
| claiming US doesn't do any surveillance, that would be
| absurd. I'm specifically arguing against OP's claim that
| "American government have [...] access to all non-
| American's personal data", and that their access was
| somehow exclusive. All the source you presented so far
| only points towards the US having access to some data (in
| other words, they have an intelligence agency), and that
| they cooperate with foreign governments in some cases to
| get data.
|
| >My point is: the UK demands are bad but I'm sure the US
| agencies have similar demands and also backdoors, I'm
| looking at you Cisco, just not openly.
|
| Do you have evidence for US having backdoors in cisco
| hardware other than being "sure"?
| switch007 wrote:
| The US believes whatever the US does is morally right and
| justified
|
| Yes it's might is right
| waltercool wrote:
| Trash paywall media.
|
| Read this article for free from another website:
| https://appleinsider.com/articles/25/02/13/uks-iphone-spying...
|
| Also, response from Tulsi Gabbard:
| https://ca.news.yahoo.com/tulsi-gabbard-told-crush-uk-155712...
| ingen0s wrote:
| agreed, thank you
| k3nx wrote:
| Folks should stop playing with words, and call it what it is. I
| feel like this should be called an act of war. It is espionage.
| UK against is people, UK against the world. And yes, the same
| goes for the US, China, Russia, and anyone else that does it. It
| doesn't mean if you're country does it it's right. It's wrong
| everywhere, some are just OK with it, but it still doesn't make
| it right.
| hluska wrote:
| This is not an act of war, mate. War is a whole world nastier
| than breaking crypto.
| hnthrowaway0315 wrote:
| Maybe they can both demand a different backdoor so their
| adversaries don't even need to ask for one. /s
| nessbot wrote:
| How does this political story stay up but not the ones about
| DOGE? What gives?
| crazygringo wrote:
| There was a huge story with 1600 points three days ago:
|
| https://news.ycombinator.com/item?id=42981756
|
| We don't need new stories daily.
|
| And stories about encryption back doors are as much
| technological as political.
| nessbot wrote:
| The story[0] I'm referring to is about the Technology
| Transformation Services, which I think is also apt. Also, I
| would argue that the actions of government are more political
| than technological or, actually, that making such a
| distinction is naive.
|
| [0] https://news.ycombinator.com/item?id=43037426
| tim333 wrote:
| There are at least 60 recent DOGE stories on HN with
| comments on. I guess people get a bit DOGEd out.
|
| It's probably part of the Trump/Musk strategy. 'Flood the
| zone' with so many things people can't follow it.
|
| (on zone flooding https://youtu.be/iTSgL_R1CC4)
| croes wrote:
| It happened a lot more with DOGE
| reaperducer wrote:
| _U.K. demand for a back door to Apple data threatens Americans_
|
| Shoe, meet other foot.
| wonderwonder wrote:
| Has apple responded to this? Are they going to comply with the UK
| demand?
| andyjohnson0 wrote:
| As a brit I would find it amusing if Apple, Google, Meta and
| Microsoft jointly announced that privacy is a hill to die on, and
| they'd rather collectively withdraw their businesses from the UK
| than accede to demands like this. My government would cave within
| the hour.
| tim333 wrote:
| Probably Apple will refuse to comply then the UK govt will
| threaten fines and then nothing much will happen.
| kypro wrote:
| 100%. We have very little power to demand this in my opinion.
|
| Honestly I don't think Apple would even need to work with other
| tech giants on this (although that would help). The UK makes up
| a few percent of Apple's total revenues so while Apple would
| take a hit, they can afford to pull out of the UK and it could
| be worth doing if they're serious about proving how important
| privacy is to them.
|
| Apple will face some reputational harm should they choose to
| put a back door in their products at the threat of an
| authoritarian government, and that harm will need to be weighed
| against the cost of pulling out of the UK entirely.
|
| And realistically Apple announcing that they're going to pull
| out of the UK will result in panic in confidence in UK tech.
| How the hell are we going to build competitive tech companies
| if developers can't even access Apple products? And after 14
| years of economic stagnation it's not like we have excess
| growth we can give up...
|
| Apple should be very firm in their response to this. The UK are
| over playing their hand.
| randunel wrote:
| You mean, like the rest of the world'd financial institutions
| do for the US? https://en.m.wikipedia.org/wiki/Foreign_Accoun
| t_Tax_Complian...
| MrScruff wrote:
| Exactly, the UK's number one priority right now is growth,
| otherwise we're headed for austerity and possibly an election
| victory for Reform/Nigel Farage. I don't think entering into
| a standoff with Apple over this is going to do much to give
| the impression the UK is great for business.
| zombiwoof wrote:
| Uk should demand Tulsi send back to Russia
| Nifty3929 wrote:
| I keep saying this, and nobody believes me, but I'm just going to
| keep trying:
|
| These things happen because so often we focus the privacy
| conversation on corporations, which is exactly where the
| governments want it to be.
|
| My controversial but strong opinion is that privacy _from
| corporations_ matters very little, but privacy _from governments_
| matters very much.
|
| We need to stop allowing the conversation to get distracted by
| talking about cookies and ad-tracking and whatnot, and always
| bring it right back to privacy from governments.
|
| Yes, corporations and the government are often in cahoots here -
| but even then we should be talking about how wrong it is for
| governments to be buying/taking/demanding data from corporations
| - keeping the focus squarely on the government.
|
| The worst thing a corporation is likely to do (other than giving
| your data to governments) is to sell you something. That's all
| they want. They collect data so they can make money off you.
| That's not so scary to me. Governments want to _put you in jail_
| (or freeze your bank account, etc) if you get out of line.
| amelius wrote:
| > The worst thing a corporation is likely to do (other than
| giving your data to governments)
|
| There, you said it. If we want to keep data out of the hands of
| wrong governments, we better keep it out of the hands of
| corporations.
| schiffern wrote:
| Thank you. If governments have more restrictions than
| corporations, all that will happen is that corporations will
| immediately spring up to exploit this arbitrage opportunity.
| Angostura wrote:
| To be fair, Apple seem to try really quite hard to keep users
| data out of its hands
| 05 wrote:
| Non E2E encrypted on by default iCloud backups say
| otherwise..
|
| And remember that enabling advanced data protection just
| means they'll get your conversations from the other partys'
| iCloud backups.
| HelloImSteven wrote:
| On one hand, I get the business reasons for not using E2E
| by default (it'd make data recovery more difficult for
| probably the vast majority of their users, which would be
| a customer service headache). Hell, even some experienced
| users would be more inconvenienced when something goes
| wrong. But if they won't enable it by default, the option
| to enable it needs to be MUCH more clearly presented to
| users. The current implementation leads users to believe
| their data is more private than it is, which imo is just
| asking for trouble down the line.
| binarymax wrote:
| That's not the worst thing a corp can do. The worst things a
| corp can do is sell your private data to someone else,
| monopolize a critical function and squeeze you dry, or block
| you from a monopolized utility that is critical to modern
| society.
|
| The focus need to be on both
| Fernicia wrote:
| Is there an example of this happening? Seems like a stretch.
|
| On the other hand there are examples of people in the UK
| expressing racist sentiments in DMs and being jailed for it.
| biesnecker wrote:
| This was the first example that popped to mind:
| https://www.theguardian.com/technology/2022/aug/22/google-
| cs...
|
| Not having Google accounts isn't the end of the world, but
| given the amount that many (most?) of us rely on their
| services (I think of all the accounts I have tied to my
| @gmail email and cringe, but still I'm there), this is
| fairly disasterous.
| sbszllr wrote:
| I agree with your point that government overreach is more
| serious.
|
| Which is why I want to emphasize that various government police
| (like FBI) notoriously buy data that they would need a warrant
| for otherwise.
|
| I'm aware that you're saying it, but I think you're
| underestimating the extent to which preventing spying from the
| corps == preventing spying from the govt.
| rdtsc wrote:
| > The worst thing a corporation is likely to do (other than
| giving your data to governments) is to sell you something.
| That's all they want. They collect data so they can make money
| off you. That's not so scary to me. Governments want to put you
| in jail (or freeze your bank account, etc) if you get out of
| line.
|
| It depends what government and what corporations. If it's a
| healthy functionally representative government then it's rules
| and laws can be to a certain extent controlled by the public.
| It may be harder to influence corporations. If a bank wants to
| close your account, or Visa stops accepting your payments or
| airlines don't let you fly, you can't complain, they'll just
| "well tough luck, it's our bank, our airplanes, our payment
| system, go create your own if you disagree". So I agree with
| you that this should be a worrying thing for the U.K. citizens,
| they should ask their government why the heck does it want all
| that data and maybe it should stop.
|
| > Yes, corporations and the government are often in cahoots
| here - but even then we should be talking about how wrong it is
| for governments to be buying/taking/demanding data from
| corporations - keeping the focus squarely on the government.
|
| Very much in cahoots. They hide behind each others backs, too.
| "(Apple): Sorry, government made us do it, our hands are tied".
| "(Govt): Sorry, _we_ are not spying on you. We just bought some
| data from Google or Apple".
| bad_user wrote:
| In a democracy, the government is an outcome of elections,
| however they represent the majority and you may not be in
| that majority. This is why you can't talk about democracy
| without a strong culture focusing on the individual's rights,
| aka liberalism, otherwise all you have is a tyranny of the
| majority.
|
| You're also deeply wrong. The fundamental difference between
| a state and corporations is that the state has a monopoly on
| violence and anything that a corporation is doing, and that
| harms individuals, can only happen with the complicity of the
| state. For example, there is no such thing as a natural
| monopoly, all monopolies are granted by the state in one way
| or another.
|
| And the differences should be obvious, given the state can
| deprive you of freedom, it can starve you, it can inflict
| physical violence, and can even kill you. Corporations can't
| do this, unless the state commands it, obviously.
|
| > _It may be harder to influence corporations._
|
| Actually, depriving Apple of the money you'd pay for an
| iPhone has more impact that your democratic vote. And even if
| you disagree with this, consider that you can vote for
| politicians promising to regulate Apple. And switching to
| Android or Windows has a lower cost than switching countries
| (and yes, that's an oligopoly, but that's because your state
| granted it via IP laws).
| rdtsc wrote:
| > For example, there is no such thing as a natural
| monopoly, all monopolies are granted by the state in one
| way or another.
|
| I don't see that. They could just not care. As I said it
| depends on what state you mean. Are you thinking a
| particular one? Because the state could be busy or care
| about other stuff than handling monopolies. Maybe there is
| a war going on, political in-fighting, military coup, etc.
| If a company buys every other competitor and is now the
| sole electric toaster maker some governments could just
| care less.
|
| > This is why you can't talk about democracy without a
| strong culture focusing on the individual's rights, aka
| liberalism, otherwise all you have is a tyranny of the
| majority.
|
| Of course. So it depends. Again, are you talking about a
| particular instance or in general. You can certainly talk
| about anything you want. The "culture of individual's
| rights" may not last long if a large majority of the
| citizens decided to either directly vote against or elect
| officials who are against it. Can the citizens effectively
| influence the government to change or can't?
|
| > You're also deeply wrong. The fundamental difference
| between a state and corporations is that the state has a
| monopoly on violence and anything that a corporation is
| doing, and that harms individuals, can only happen with the
| complicity of the state.
|
| I don't think you've shown the depth of wrongness here. It
| would take a bit more convincing.
|
| > anything that a corporation is doing, and that harms
| individuals, can only happen with the complicity of the
| state
|
| So, there is a way to the citizens to influence the state?
| And the state then has to influence or control the company,
| and then company would change its behavior, because it's
| forced to. Ok, then why the extra level of indirection, and
| not just influence the government to not harvest private
| citizens data and stop there?
|
| > Actually, depriving Apple of the money you'd pay for an
| iPhone has more impact that your democratic vote.
|
| So someone has to already be wealthy enough to buy iPhones
| to affect some change. Sure, that could work in some
| countries/corporations it might not work in others. In a
| healthier environment citizens should aim to influence
| their government instead. In the model you're proposing
| citizens try to influence a corporation by boycotting
| products, that in turn would indirectly influence the
| government, so it can then again influence the laws, which
| influence the corporations? That seems like a less healthy
| and more convoluted dysfunctional scenario. Certainly
| possible, one may argue that's what's happening in US or
| Western Europe, but one can image a better a different
| scenario than that.
| impossiblefork wrote:
| Corporations can steal your work, etc. and thereby cause
| enormous problems that do not fit governments.
|
| For me I think they're a much greater danger than at least my
| government. My government has no reason to care about what's on
| my computer. A company however, has an incentive to use every
| scrap.
| scarface_74 wrote:
| Wait until you speak out against your government or try to
| organize a protest.
|
| More realistically, if you are a women trying to get an
| abortion in Texas and message someone to help you leave the
| state to get one see how much more you should be worried.
|
| https://www.texastribune.org/2024/02/09/texas-abortion-
| trans...
|
| The government has guns and policemen that can take away your
| freedom, your property without a trial (civil forfeiture),
| etc.
|
| Google can serve you ads
| jasonjayr wrote:
| Google can kill your digital identity for completely
| arbitrary, unknowable reasons. Especially if you are all-in
| on their system, as many, many people are.
|
| How many people have ran to social media begging for help
| because every avenue offered for appeals are simply
| automatically rejected?
| scarface_74 wrote:
| My "digital identity" isn't tied to Google.
|
| When Reddit started acting crazy, I deleted my Reddit
| account and didn't look back.
|
| When Facebook, went full MAGA, I deleted my Facebook and
| Instagram accounts.
|
| I use Gmail. But if it disappeared, there are a million
| other email providers.
|
| Google Photos is just one of many services my photos and
| videos sync to - iCloud, OneDrive, Amazon Drive (photos
| only) and my local Mac.
|
| It would be an inconvenience for the few places that I
| use Gmail for. But I have use Apple's Hide My Email
| feature since it's been a thing and that's connected to
| Yahoo address and I could change iCloud to forward to
| another email address.
|
| It's a lot easier to remove my dependence on Google than
| get from under the thumb of the US. I know, I'm seriously
| thinking about a "Plan B" to get out of the US after
| retirement with the way that the US is headed under
| President Musk with the dismantling of the health care
| system and trying to undermine Medicare and probably the
| ACA where I won't be able to retire early and buy
| insurance on the public market.
| impossiblefork wrote:
| Yes, but my government wouldn't care if I organized a
| protest. It's even likely that if I did, the police
| wouldn't even show up, and in the end, I have democratic
| control over it.
|
| Meanwhile, I am in literal competition with basically all
| other people's companies.
| Kudos wrote:
| FYI, it's widely known that the US government has being buying
| citizen data from data brokers.
| ta1243 wrote:
| I can hold my government accountable via the polling booth
|
| I have no control over Apple or Amazon or Alphabet. I can
| petition the government through the court system if it tries to
| put me in jail, the government functions with a massive series
| of checks and balances.
|
| I can't petition google, they are an unelected uncontrollable
| unaccountable entity that not even the government has power
| over
| neogodless wrote:
| It's easier to not buy an iPhone than it was trying to
| prevent a politician I didn't trust from getting in office.
|
| In either case, collective action is, at best, the best
| you're going to have.
|
| Do regulations not have meaning?
| ta1243 wrote:
| You might think you're safe because you don't carry a
| phone, never upload a photo, etc. You drove across the
| country in a car you paid cash for while bemoaning cameras
| that catch you speeding, in the name of "privacy".
| Meanwhile meta knows exactly where you are as their face
| recognition attached it to your shadow profile when someone
| took a selfie with you in the background, you were seen on
| a ring doorbell by amazon as you walked down the street
|
| This "individualism" and "I'm alright jack" approach is a
| fallacy the world can't afford.
|
| My government doesn't have a copy of my family tree or a
| good idea what my DNA is. Ancestry.com does.
| danielbln wrote:
| They all do though. Do you think the government isn't
| tapping the genetic databases of 23andme and Ancestry? Or
| the bottomless data out that is Gmail. Or iCloud. Or
| Gmaps location data.
|
| I'd rather not decide who is the worse privacy offender,
| companies or governments, and best restrict both to a
| need-to-know basis.
| itishappy wrote:
| > My government doesn't have a copy of my family tree
|
| They absolutely do, your parents were on your government
| issued birth certificate, and the government issues
| marriage certificates and official name change paperwork
| too. I'd be a bit surprised if they don't some idea of
| your DNA as well, though I'd agree not to the level of
| Ancestry.
| organsnyder wrote:
| > I can hold my government accountable via the polling booth
|
| Yes, but elected officials have used private information to
| disenfranchise groups of people before. Europe's right to
| privacy is in part a reaction to abuses that occurred in Nazi
| Germany.
| ta1243 wrote:
| Private information gathered, processed and stored by
| private companies
|
| There are large numbers of laws about the data that my
| government can gather, hold and use on me. No they aren't
| perfect.
|
| There are pretty much zero laws about what Elon or Zuck can
| gather, hold, and use
|
| I'm far more worried about the second set of data
| scarface_74 wrote:
| No you can't.
|
| If you live in California, with a population of 39.43
| million, you get the same representation in the Senate as
| Wyoming with a population of 538,486 residents. Not to
| mention gerrymandering, the electoral college, etc. Your vote
| even as part of a collective doesn't represent the will of
| the people.
|
| We are seeing right now with President Musk that the
| President can complete ignore the constitution and the laws
| with "qualified immunity". Is what we ste seeing now
| "accountability"?
| slillibri wrote:
| Citizens aren't represented in the Senate. Citizens are
| represented in the House of Representatives. That's why
| California has 52 representatives and Wyoming has 1. The
| Senate represents the state itself, which is why each state
| has 2 senators. This misunderstanding of the difference
| between the House and the Senate needs to end.
| scarface_74 wrote:
| Who confirms judges and heads of various departments? The
| House is powerless compared to the Senate.
| devilbunny wrote:
| Without the Senate, the United States of America would
| have taken a lot longer to congeal than it did. If it
| ever did.
|
| The popular election of senators fundamentally changed a
| lot about how American government works - senators
| elected by state legislators (which was the usual method
| prior to that) are beholden to a very different pressure
| group with very different interests than the populace at
| large.
|
| Now, they did go about the change properly. So points
| there. But at the time of the amendment, nobody really
| anticipated the Farm Bill (or, for that matter, Herbert
| Hoover getting into the positions of power he held prior
| to his election to the Presidency - where his performance
| was sufficiently strong to get him elected to the top
| job).
| jwkpiano1 wrote:
| Indeed, California has 52 times the representation but
| about 80 times the people. That disconnect is why the cap
| on the size of the House needs to be lifted.
| sneak wrote:
| Apple gives data to the United States government on over 70,000
| user accounts per year without a warrant.
|
| Anything Apple knows, the FBI can know, without probable cause.
| nickburns wrote:
| Not doubting this whatsoever, but what are you citing here?
| sneak wrote:
| Apple's own transparency report. Look at the FISA (FAA702,
| aka Prism) section.
|
| Per the Snowden slides, this (FAA702 collection) is the #1
| most used collection method by US spies.
|
| They can basically read approximately every camera roll and
| iMessage in the country with a few clicks.
| kdmtctl wrote:
| So, seems that E2E is a total bullshit then?
| nickburns wrote:
| Only if it's backdoored (or otherwise breakable).
| singleshot_ wrote:
| To be clear, tech companies provide subscriber metadata
| (e.g., billing address, real name) with a court order or
| subpoena. They provide actual user data (e.g., voicemail)
| only with a warrant.
|
| Or has something changed since the last time I requested user
| data from a tech company by subpoena? Or are you talking
| about intelligence collection as distinct from law
| enforcement?
|
| Also worth noting that LE frequently has PC without having a
| warrant (for example: every time they ask a magistrate for a
| warrant and secure one, we can infer they had PC first). In
| fact they perform many searches with only PC (see: exigency,
| eventual discovery, etc).
|
| It would be more apt to say any subscriber metadata Apple
| knows, the FBI can know without a warrant.
| sneak wrote:
| This is false. FAA702 collection provides full content.
|
| This was disclosed by Edward Snowden; the internal codename
| for such collection is PRISM.
|
| The line between foreign intelligence collection and
| domestic law enforcement no longer exists. This is why
| parallel construction is so common today.
| singleshot_ wrote:
| I do not agree with your last two sentences but greatly
| appreciate the quick reply.
| nickburns wrote:
| Outrageous and (obviously) unconfirmed claims. But again,
| and as an American whose private data should never fall
| under the purview of FISA or FAA or any other IC
| intelligence gathering activities, I don't seriously
| doubt domestic US spying/surveillance capabilities.
|
| That LE has to feign the need for a warrant should the
| need arise to make lawfully admissible that which they
| already know and are in possession of is the most likely
| scenario. Encryption really is the only safeguard.
| JKCalhoun wrote:
| > we focus the privacy conversation on corporations
|
| Focus on government, cool. Is the government tracking me with
| cookies, offering cloud services, tracking me with ads, and
| whatnot?
|
| Sorry, but we should talk about privacy at the source of where
| we are losing it.
|
| In fact, it might even be easier to make the case that
| corporations want our focus to be on privacy at the state level
| and not their brand.
| ApolloFortyNine wrote:
| >Is the government tracking me with cookies, offering cloud
| services, tracking me with ads, and whatnot?
|
| The ops point is that the 'risk' of the corporation having
| that data is that the government could get it.
|
| Otherwise the damage to you is what, an embarrassing ad if
| your sharing your screen? How does an ad on reddit having
| context of what you googled an hour ago actually hurt you?
|
| Yes it's 'privacy' but there's no human involved here. The
| companies involve don't actually care what you're viewing
| (unless again, they're required to report it to the
| government).
| zerocrates wrote:
| The way the law in the US works, it's much easier for the
| government to get your data once you've given it to a company
| first. So it's very much intertwined.
| kmeisthax wrote:
| Prior to the Progressive Era of American politics, corporations
| used to act a lot more like organized crime - the state sans
| the legitimacy. What we're seeing with governments and
| corporations working together is a slow return to this era. As
| the second Trump administration solidifies, we're going to
| learn the hard way that we're long past the point of
| corporations just wanting to sell you something.
| uoaei wrote:
| Corporations are legally allowed to collect much more and more
| varied kinds of data than governments, in general.
|
| Governments are not barred from purchasing data from private
| corporations, and it's unclear what an actually-enforceable and
| -effective regulation on that activity would look like.
|
| Governments can do a lot more damage than corporations when
| they have that kind of data, true. But nothing stops them from
| acquiring it by issuing money (fiat currency in the US --
| practically unlimited!) and employing it for their own ends.
|
| So it seems like focusing on the collection of which kinds of
| data, irrespective of who is collecting, is the real concern
| here.
| Lammy wrote:
| We should have privacy from both. In fact I very much dislike
| the framing of privacy as being _from_ something -- my privacy
| is _for_ me.
| ApolloFortyNine wrote:
| >My controversial but strong opinion is that privacy from
| corporations matters very little, but privacy from governments
| matters very much.
|
| The majority of people saying this just don't want ads at all
| in my opinion, since usually the argument comes up on the topic
| of targeted ads.
|
| When you're right, the only thing you are to google is a
| number, likely some uuid in a db. To them all other identifying
| info is just metadata to shove into an algorithm.
| codalan wrote:
| Your post is reminiscent of Rogaway's paper "The Moral
| Character of Cryptographic Work"
|
| https://eprint.iacr.org/2015/1162.pdf
| sega_sai wrote:
| If the companies are selling, then the government can always
| buy, or just ask.
| debeloo wrote:
| > privacy from corporations matters very little, but privacy
| from governments matters very much.
|
| Historically perhaps, but if you notice what's been happening
| in America then the line between government and corporation is
| getting very blurry.
|
| Also historically, when you have a fascist government then
| companies/corporations are quick to join the party if they want
| to survive.
| swagaccident wrote:
| The next step of this is when you realize that these entities
| are more intertwined than people give then credit for. The line
| between government, companies, and people gets very fuzzy very
| fast (especially on the levels below national governments)
|
| Privacy from government === privacy from companies === privacy
| from anything else. We need not split them into their own
| distinct groups, we can (and should) create software, policy,
| etc. to protect from all at once.
| like_any_other wrote:
| > The worst thing a corporation is likely to do (other than
| giving your data to governments) is to sell you something
|
| And squash unions:
|
| https://www.businessinsider.com/whole-foods-tracks-unionizat...
|
| https://www.newsweek.com/they-were-spying-us-amazon-walmart-...
|
| And steal tips:
| https://www.nytimes.com/2019/07/24/nyregion/doordash-tip-pol...
|
| And make sure you don't block ads:
| https://www.youtube.com/watch?v=ZaUv7mwdBUs
|
| Or use "their" products (they retain ownership even after you
| "buy" them) in unapproved ways:
|
| https://www.digitaltrends.com/computing/nvidia-bans-consumer...
|
| https://www.nbcnews.com/tech/tech-news/musk-bans-tesla-drive...
|
| Or catch whistleblowers: https://www.aspca.org/improving-laws-
| animals/public-policy/w...
|
| These are just off the top of my head, I'm sure I've missed
| plenty of ways. We also have personalized pricing to look
| forward to in the near future.
|
| I've also neglected how they abuse surveillance to squash
| competition and smaller firms. Consumers rarely care about
| this, but the private and business spheres are not hermetically
| separate - when there is only one telecom or supermarket or
| other company left (or just a handful, and they collude),
| because they've killed competitors with anti-competitive
| practices, consumers and employees _will_ feel the
| consequences. When they won 't be able to run their own e-mail,
| and farmers will see supermarkets take all the profits, and be
| forbidden from 'unauthorized' tractor repair, and innumerable
| other abuses.
| eximius wrote:
| Others are addressing your point about governments buying data
| from corporations also being bad.
|
| But also, you think companies like Twitter, Facebook, etc which
| are increasingly activist and distorting truth and public
| discourse aren't also privacy threats?
|
| And there is danger of it getting worse. So, your points have
| merit, but we cannot dismiss the threat of abusive corporations
| either.
| regularjack wrote:
| Corporations are the nice guys now? Please. We need privacy,
| period.
| ixtli wrote:
| I think this is partially correct but as the center moved
| rapidly to the right I'd say you need to study early 20th
| century governments and the arc of the US government as they
| decline into fascism. This is characterized primarily by
| privatization (and ofc surveillance and militarization of
| police.) In practice this means that the corps become a
| government just one that has zero accountability so people
| can't use words like "authoritarian"
| keybored wrote:
| > I keep saying this, and nobody believes me, but I'm just
| going to keep trying:
|
| You're the top comment currently and you are repeating the
| hegemonic American belief for the last half century+. Although
| focusing narrowly on the government has become less popular
| lately
|
| > The worst thing a corporation is likely to do (other than
| giving your data to governments) is to sell you something.
| That's all they want. They collect data so they can make money
| off you. That's not so scary to me.
|
| Coca Cola has allegedly murdered trade unionists.[1]
|
| > That's not so scary to me. Governments want to put you in
| jail (or freeze your bank account, etc) if you get out of line.
|
| Yes. And corporations want to fight against you if you
| unionize. It's not like it can sell products in order to fight
| unionization.
|
| [1] (progressive source apparently)
| https://prospect.org/features/coca-cola-killings/
|
| [2] (does not blame any corporation)
| https://www.amnesty.org/ar/wp-content/uploads/2021/05/AMR230...
| grvbck wrote:
| > The worst thing a corporation is likely to do (other than
| giving your data to governments) is to sell you something.
| That's all they want.
|
| That's not all they want.
|
| Just look at some recent scandals, like Cambridge Analytica.
| Harvesting and analyzing the right data makes it possible to
| influence democratic elections and referendums.
|
| Selling you stuff is great, but tricking you to vote for lower
| taxes for their trillion-dollar corporations or tariffs/other
| negative effects for their competitors is better.
| jltsiren wrote:
| Corporations can also kill you, enslave you, steal your
| property, start wars, and take over your country. Think of
| something like Pinkerton, United Fruit, Wagner, or the East
| India Company.
|
| Governments, corporations, and criminal organizations are not
| disjoint categories. There is a lot of overlap near the
| boundaries. You should focus more on what the organization is
| actually doing than on its nominal classification.
| andsoitis wrote:
| At least now we know that they don't have a backdoor yet (unless
| this is a charade and they already do, but that's probably less
| likely).
| kernal wrote:
| Tell the U.K that Apple will cease operations in the country if
| such a law is ever passed. The voters will then decide who they
| value more.
| richardw wrote:
| Once you start this, every country will want the backdoor. The
| mere presence of it guarantees continued hacking attempts.
| sneak wrote:
| What the UK is asking for is largely already provided to them by
| Apple: Apple can already read everyone's photos and notes, and
| the so-called e2ee iMessage because the messages are included in
| the non-e2ee backups.
|
| Approximately nobody has enabled the optional e2ee for iCloud, so
| the five eyes have warrantless access to everything Apple has.
|
| This is mostly posturing and reinforcement of the status quo.
| fujinghg wrote:
| UK here. All my data has been removed from iCloud and other
| public cloud services now. I cannot trust the UK government, the
| EU or the US government to do the right thing for my data. I also
| can't trust the cloud vendors to handle my data either on this
| basis as they are subject to the laws and as indicated recently
| intimately involved in political matters.
|
| The only option left is to draw a hard line and stay behind it
| and of course withdraw the only minuscule stick I have which is
| my investment in their business.
| randunel wrote:
| Limit it to UK persons of interest and the Americans will be ok
| with it, see
| https://en.m.wikipedia.org/wiki/Foreign_Account_Tax_Complian...
| ingen0s wrote:
| Paywall posts should not be allowed imho - not very inclusive.
| reaperducer wrote:
| _Paywall posts should not be allowed imho - not very
| inclusive._
|
| There are posts on HN all the time about tech companies that
| require you to sign up and pay a fee to use their services.
|
| Should HN never discuss Cisco, or Intel, or Samsung? Why is a
| newspaper any different?
| nilsbunger wrote:
| For a long time, the US wanted such back doors too. When did that
| change?
| davidmurphy wrote:
| Has anyone seen any indication the UK might be demanding similar
| backdoors in Signal?
|
| Is Signal likely to be compromised too?
___________________________________________________________________
(page generated 2025-02-13 23:01 UTC)