[HN Gopher] Apple pulls data protection tool after UK government...
___________________________________________________________________
Apple pulls data protection tool after UK government security row
Author : helsinkiandrew
Score : 823 points
Date : 2025-02-21 15:05 UTC (7 hours ago)
(HTM) web link (www.bbc.com)
(TXT) w3m dump (www.bbc.com)
| InsomniacL wrote:
| malicious compliance.
|
| Providing access when ordered by a court is not as secure so
| we're removing all encryption?
| smidgeon wrote:
| End-to-end-encryption-except-when-the-UK-government-is-
| interested doesn't have the same ring to it, liable to damage
| the brand ....
| nobankai wrote:
| FWIW people always put too much trust in E2EE where they
| didn't control either end. This was a loooong time coming.
| lokar wrote:
| It's not really end to end in that sense. They don't get
| the key, they just store opaque data for you.
|
| The only way apple could get your data is to push code to
| your device to steal the key.
| ferbivore wrote:
| I think their point was that you don't control your
| device. If Apple did push code to your device to steal
| the key, how would you be able to tell?
| dmix wrote:
| People aren't going to use your self-hosted E2E tools on a
| wide scale. We've been down that road. Best to secure the
| systems people already use.
| rxyz wrote:
| the whole point of ADP is that they cannot provide access
| CharlesW wrote:
| Yes, the parent commenter missed the part where Apple
| _cannot_ see the encrypted content when ADP is used.
| zikduruqe wrote:
| But Apple could say, you have 45 days to remove it or we
| will delete it, then you have to resync your data.
| brookst wrote:
| Why would they? What priorities are better served by that
| approach?
| zikduruqe wrote:
| Why would they say to all new users, that they cannot
| have Advanced Data Protection, whereas older customers
| can?
|
| Now you have a certain percentage of users with encrypted
| data, and a certain percentage of users that do not. The
| UK government will not like that. And now Apple has shown
| that it will not take a stand for privacy it might have
| to do it to comply.
| JKCalhoun wrote:
| No! That's not ... the comfy chair is it?
| InsomniacL wrote:
| I'm not suggesting Apple should be able to see the content,
| I'm saying the Police should be able to, when they have a
| valid court order issued in accordance with the
| legislation.
|
| For example, A 'Personal Recovery Key' could be recorded in
| a police database. To gain access to 'encrypted' data from
| Apple, a court order is needed, once they have the
| encrypted data, they can unencrypt it using the key only
| they hold.
|
| There's lots of ways to skin a cat.
| ferbivore wrote:
| Leaving aside the fact that RIPA was drafted by deranged
| lunatics and deserves zero compliance from anyone, who
| the hell would you trust to run this database?
| cassianoleal wrote:
| > A 'Personal Recovery Key' could be recorded in a police
| database.
|
| That's about as secure as not having ADP at all, or
| worse. If that police database gets compromised, not only
| my data is accessible to the attackers, but I will be
| none the wiser about it.
| InsomniacL wrote:
| An attacker would have to both compromise the police
| database AND Apple to retrieve the data.
|
| The Key could even be split, say 3 ways. Apple holds 1
| piece, the police hold another, and the Courts hold the
| third, all three would be needed to decrypt the data.
|
| This is too far in to the weeds though.
|
| It is not beyond humanities ability to have a system as
| secure as ADP while still providing a mechanism to access
| terrorists phones for example.
| svachalek wrote:
| We have a 5th amendment. You shouldn't have to do all the
| police work for them.
| ziddoap wrote:
| > _Providing access when ordered by a court is not as secure so
| we 're removing all encryption?_
|
| Providing a back door for one government reduces the security
| and privacy of the service worldwide.
|
| This decision keeps the security and privacy for the rest of
| the world. Sucks for the UK that your politicians decided to go
| this route.
| pjc50 wrote:
| "If we can't provide this product legally, we're not going to
| provide it at all" ends up being the only reasonable position
| in situations like this.
|
| At least this way doesn't compromise users in other countries.
| Retr0id wrote:
| As someone currently a citizen of the UK, what are my best
| emigration opportunities?
| nobankai wrote:
| If you abhor surveillance, don't pick a Five-Eyes nation.
| y33t wrote:
| Don't forget the 14-Eyes, which includes most of Western
| Europe.
| princetman wrote:
| Depends on what you're after * Australia * United States *
| Singapore * Dubai * Europe (Belgium/Switzerland/Netherlands)
| pjc50 wrote:
| If you're after freedom, you absolutely do not want Singapore
| or Dubai.
| faku812 wrote:
| Australia is the worst of all
| airhangerf15 wrote:
| The United States has the strongest laws for freedom of
| speech. You can't get arrested and face years of criminal
| legal trials, ending in an PS800 fine for making a joke
| with your dog in America. Police won't show up at your
| house for Facebook posts like they do in Aussiestan.
| American courts probably won't take your infant away from
| you and force a medical procedure on it like in Kiwistan
| just because you wanted to use your own blood donors for
| the operation.
|
| It's been degrading in the US too. Xitter is not at all a
| free speech platform and that technocrat says whatever he
| has to for popularity until he can chip your brain. Cutting
| a few million in wasteful government spending doesn't make
| up for how he loves China and deeply desires their level of
| autocracy.
|
| America's laws have somehow held in-spite of presidents
| that seek to crush it (yes, both of them, both sides.
| They're the same. Stop believing the headlines and read the
| damn articles). Although defamation law has been weaponized
| to neuter some forms of speech and reporting.
|
| There is an internal push by the CIA in America to further
| destabilize it and cause radical elements in the fake-left
| and fake-right to call for more authoritarianism. It's not
| a great nation, but sadly it is the last bastion of true
| liberty .. and it's eroding every day from every side.
|
| In 20 years there might not be anywhere to flee to. Fight
| for your country. They can't put every British person in
| prison if everyone decided to tell the truth.
| blibble wrote:
| this is not a free speech issue, it's about key escrow
|
| and the US invented technical crypto backdoors
|
| https://en.wikipedia.org/wiki/Clipper_chip
| nobankai wrote:
| That said, American leadership is still fine with dragnet
| surveillance and coercing corporations to lie to their
| audience: https://arstechnica.com/tech-
| policy/2023/12/apple-admits-to-...
|
| Being American has it's perks, but privacy isn't one of
| them.
| pjc50 wrote:
| > American courts probably won't take your infant away
| from you and force a medical procedure on it like in
| Kiwistan just because you wanted to use your own blood
| donors for the operation.
|
| Whenever someone writes "just" in a case like this I can
| tell there's a complicated, ugly legal case that's being
| grossly misrepresented, and quite possibly one where no
| responsible journalist is reporting because of child
| privacy issues/laws.
|
| The problem with both British and American surveillance
| state authoritarianism is it's hugely popular with the
| public when used against the ""wrong"" people. You might
| have "free speech" (subject to qualifications such as
| Comstock and their modern day equivalents) but you're
| much, much less likely to be shot and killed by the
| police - or a random stranger - in the UK.
| bananapub wrote:
| Australia is even more everyone-is-a-cop than the UK, and is
| doing this exact same shit for the exact same reason.
| ben_w wrote:
| Of the whole list, if the Investigatory Powers Act is what
| you didn't like, I'd pick Switzerland first, then
| Belgium/Netherlands.
|
| Of course, that assumes you're fluent in the local languages.
| Hoe goed spreekt u Nederlands?
|
| I made a jump to Germany in 2018, and, thanks to learning a
| new language, have had a front-row seat to how flat the real
| Dunning Kruger effect really is:
| https://en.wikipedia.org/wiki/File:Dunning-
| Kruger_Effect2.sv...
|
| Dubai, even as an international hub where you may be able to
| get by with English -- l tDy` wqtk bstkhdm dwlynjw lt`lm llG@
| l`rby@, lqd Hwlt khll lwb wm zlt l '`rf l'bjdy@ -- is much
| more authoritarian than the UK. Similar for Singapore.
|
| If you're monolingual, and privacy is your concern, then the
| US is an improvement over Australia.
|
| But also consider Canada and Ireland.
|
| Ireland isn't in Five Eyes, Canada is, but also Canada is
| slightly further away from the madness of Trump etc. than any
| company still inside the USA.
|
| I'm not even sure what's going to happen with the US federal
| government given that DOGE _cannot_ meet its stated goals
| even by deleting all discretionary-budget federal agencies
| like the NSA, CIA, FBI, all branches of the armed forces,
| etc. but on the other hand the private sector is busy doing a
| huge volume of spying anyway in the name of selling
| adverts... chaos is impossible to predict, and you should
| want to predict things at least a few years out if you 're
| going to the trouble of relocating.
| cge wrote:
| >Ireland isn't in Five Eyes,
|
| That's true, and I suspect Ireland does not do as much
| surveillance as many other countries, but if I recall
| correctly, it does have a passphrase-or-prison law like the
| UK. I also get the sense that in a number of cases, it
| tends to view its laws as suggestions, for example, with
| the autism dossiers scandal [1], and in some sense, gets
| away with it in the way that a small country can. To me, it
| feels like a country where you don't need to worry about
| organized, systemic surveillance abuses, but do need to
| worry about departments or even individual employees who
| decide that they just don't like you.
|
| [1]: https://en.m.wikipedia.org/wiki/Department_of_Health_a
| utism_...
| readthenotes1 wrote:
| Wasn't this in line with JD Vance's European Eulogy last week,
| that we shouldn't be using 1984 as a playbook?
| i2km wrote:
| 1984 could only ever have been written by an Englishman
| SSLy wrote:
| Dublin?
| donohoe wrote:
| Ireland might be easy option.
|
| UK citizens do not need a visa or residency permit to live and
| work in Ireland due to the Common Travel Area (CTA) agreement
| miroljub wrote:
| If you value personal freedoms, you should go to East Europe.
| The more to the east, the better. Snowden went to Russia.
| ben_w wrote:
| > Snowden went to Russia.
|
| He was stuck in an airport when his passport got cancelled.
| It's not really a free choice if you can't go anywhere else,
| and planes suspected of carrying you get forced to land, even
| if by virtue of being denied airspace access until they run
| out of fuel.
|
| https://en.wikipedia.org/wiki/Evo_Morales_grounding_incident
| bmicraft wrote:
| freedom to _what_? Corruption is high, media is pretty
| restricted under Orban, and it doesn't look all that great
| for freely expressing your identity either. Whether Poland
| will follow their direction or manage to turn around is still
| up in the air.
|
| You're only more "free" there if you have the money to bribe
| officials.
| filoleg wrote:
| Snowden didn't go to Russia because of the government there
| "valuing personal freedoms," he went there bevause it is one
| of the very few major countries that absolutely will not
| cooperate with any extradition requests from western
| countries.
|
| If you are thinking of going to east europe (and especially
| Russia) in search of personal freedoms, I got a bridge to
| sell you (for context, I grew up in Russia). The only
| "freedom" some of those countries might provide is the
| freedom from the long reach of the hands of western
| governments (and even that is a "maybe", as Andrew Tate has
| been discovering recently).
| pelorat wrote:
| Kremlin has full access to every service operating in Russia.
| If a service is banned in Russia, that's a service you should
| use. If it's not banned, it already has a backdoor.
| mtrovo wrote:
| You do realise that the UK government is, and always has been,
| notorious for surveillance. They haven't changed since before
| WW2 and probably never will, even if Apple suddenly decides to
| play hardball with them.
|
| And to be very, very honest, if you look across the Five Eyes
| nations, I don't think this is much different from what other
| countries deal with when it comes to access to data. You had
| PRISM, the trick of asking other countries for access to their
| own citizens data to avoid scrutiny, and Apple delaying the
| implementation of E2E in the US after federal agencies got
| pissed about it. The list goes on for a long time. At least in
| the UK, the government is so detached from commoners hurt
| feelings that they ask for what they want explicitly, with no
| fear of political consequences.
| Retr0id wrote:
| The fact that it's always sucked is precisely why I want to
| leave.
| LuciOfStars wrote:
| Not gonna lie, I expected Apple to just kind of roll over and
| take the blow on this one. Interesting.
| ben_w wrote:
| If any of the tech firms would resist, it would be Apple.
|
| I wasn't sure which way they'd go.
| scarface_74 wrote:
| While Apple especially under Tim Cook has done a lot
| questionable acquiescences under Cook for political
| expediences, they really didn't have a choice here. It was
| the law.
|
| Now going back on Twitter to get in the good graces of
| President Musk and bringing TikTok back to the AppStore even
| though it is clearly against the law is different.
| busymom0 wrote:
| > they really didn't have a choice here
|
| They did have a choice. They could have said they will just
| get out of UK. That would have resulted in enough political
| turmoil in UK that their government would roll back this
| stupid law. Apple chickened out.
| nobankai wrote:
| Abandoning the UK market would hurt Apple more than it
| would hurt the UK. They are not a nation-state, Apple
| cannot wage diplomacy by threatening the government, they
| can only shoot their own foot off and say it was for the
| good of everyone.
|
| It would also partially validate the EU's regulation if
| they abandoned the UK but stayed in Europe. Apple very
| much doesn't want to feed either side a line.
| busymom0 wrote:
| They could have started with not offering iCloud at all
| in UK. See how the blowback gets UK government to play
| ball and rollback the law.
|
| It may have hurt Apple in the short term but helped in
| the long term.
| thewebguyd wrote:
| Then instead of mandating a backdoor to cloud data, the
| UK would just mandate backdoor access to the devices
| themselves, again forcing Apple's hand to either comply
| or GTFO, if they want it bad enough.
|
| We're losing the fight, and people are as apathetic as
| ever around privacy and security issues.
|
| Besides, never trust E2EE where you don't control both
| ends, but everyone here should have already known that.
| scarface_74 wrote:
| If the UK wants the law to change, that's up to the
| citizens of the UK. These are the people they elected.
|
| Don't expect Apple to rescue the UK citizens to from
| their own choices.
| busymom0 wrote:
| So, Apple will just give in to whoever is in power? They
| were not this soft in the San Bernardino case when FBI
| asked them to unlock a phone.
| scarface_74 wrote:
| The FBI doesn't create laws. If Congress had passed a law
| then you would have a good analogy.
|
| Yes Apple follows the _laws_ of every country it operates
| in just like any other company.
| ImJamal wrote:
| There is an easy way to avoid having to follow laws of a
| country. Don't operate in that country.
| ben_w wrote:
| If you don't want to be sued by activist investors, you
| need a _good reason_ for that, and to be able to tell
| those investors what else you tried first before
| escalating that far if you eventually do pull out of a
| market.
| ben_w wrote:
| > So, Apple will just give in to whoever is in power?
|
| This is definitionally why a country is sovereign and a
| company isn't.
|
| > They were not this soft in the San Bernardino case when
| FBI asked them to unlock a phone.
|
| FBI has to follow the laws of the USA.
|
| The UK _writes_ the laws of the UK, which Apple (if they
| want to operate in the UK) has to follow.
| madeofpalk wrote:
| They did. They've giving the UK Government a backdoor to all UK
| users.
|
| Apple lost here.
| balozi wrote:
| Technically, they are leaving the front door open to all
| interested parties
| gormandizer wrote:
| But Apple is not giving the UK Government anything they
| didn't already have. Now iCloud encryption will function in
| the UK just as it has for years (decades?) before the
| inception of ADP.
| eugenekolo wrote:
| They heavily compete on "privacy" and "security", so I wouldn't
| expect them to. Additionally, once you start rolling with one
| government, every one wants you to do something for them while
| offering you no additional money for the work and weakening of
| your project.
| connorgurney wrote:
| Really disappointed that our government decided to take such a
| stance.
|
| What are people using when self-hosting services in the scope of
| iCloud nowadays? Nextcloud seems the closest comparable service.
| alt227 wrote:
| If you own an iPhone then nothing can come close to the feature
| set of iCloud. Apple just have it on lockdown and dont expose
| the functionality that would be needed for a competitor to take
| advantage of this.
|
| A great time for all people to jump to android IMO and
| experience the freedom of choice it gives you.
| jiriknesl wrote:
| I wonder, what are the alternatives now?
|
| Tresorit? Self-hosted Nextcloud?
| fguerraz wrote:
| There is no alternative really as only iCloud can back-up your
| settings, saved networks, and apps data.
|
| Other apps like Nextcloud, can only backup documents (those not
| in apps) and pictures, because there's an API for this.
|
| iTunes backup is an option, but it's not automatic and
| convenient.
| dmix wrote:
| It encrypts your entire phone backups as well
| alt227 wrote:
| Is that true? Only iCloud can back up an iPhone? They dont
| provide any way to even extract an encrypted archive so you
| can keep it safe for yourself?
|
| I get more and more amazed at Apples lock in tactics. This is
| why I own nothing Apple, and have complete control over
| everything in my digital world.
| SSLy wrote:
| No, you can use iTunes to make a local backup too. It was a
| thing long before iCloud.
| alt227 wrote:
| Fair enough, however iTunes is also Apple software no?
|
| So your choice is use Apple software to make your
| backups, or....?
| SSLy wrote:
| well, yeah, iphones could be bit more open, and I wish
| they were. But there's no real way for UK to force Apple
| into adding backdoors into _that_.
| nikisweeting wrote:
| iTunes backup is perfectly reasonable alternative to iCloud
| that retains e2ee, I don't know why they were dissing it.
| It can back up everything that iCloud can and it's
| automatic, you just plug your phone in, no lock in tactics.
| scarface_74 wrote:
| It's really not that complicated and none of those options can
| serve as an adequate backup for iOS devices including app data
| and meta data.
|
| Just back up your phone to your computer via iTunes (Windows)
| or the built in facility on Macs
| lrdd wrote:
| As a citizen, I don't understand what the UK government thinks
| they are getting here - other than the possibility of leaks of
| the nation's most sensitive data.
|
| Also is it not possible to set up my Apple account outside of the
| UK while living here?
| world2vec wrote:
| You need a valid payment method from that country and then
| cancel all current subscriptions and change to that new
| country/region.
| chatmasta wrote:
| btw, anyone know if this cancels Apple+ Support too? I've
| been resisting switching countries because I don't want to
| lose that subscription since you can only subscribe within 60
| days of device purchase.
| mr_toad wrote:
| You'll probably want a method of downloading apps tied to the
| UK app store though - particularly banking apps.
| GJim wrote:
| > other than the possibility of leaks of the nation's most
| sensitive data
|
| Amusing when you consider the National Cyber Security Centre
| (NCSC, a part of GCHQ), along with the Information
| Commissioners Office, both publish guidance recommending, and
| describing how to use, encryption to protect personal and
| sensitive data.
|
| Our government is almost schizophrenic in its attitude to
| encryption.
| gjsman-1000 wrote:
| Correct me if I'm wrong here, and maybe this is too charged
| for HN, but looking over at you guys from the US:
|
| The US has problems (don't get me wrong, look at our
| politics, enough said); but the UK seems to be speedrunning a
| collapse. The NHS having patients dying in hallways;
| Rotherham back in the popular mind; a bad economy even by EU
| standards; a massive talent exodus (as documented even on HN
| regarding hardware engineers); a military in the news for
| being too run down to even help Ukraine; and most relevant to
| this story - the government increasingly acting in every way
| like it is extremely paranoid of the citizens.
|
| Any personal thoughts?
| captain_coffee wrote:
| Yes - that is my impression as well as someone currently
| living in London. Literally ever single system that I have
| to interact with seems to be somewhere on the spectrum
| between barely functioning and complete disfunctionality,
| with almost very few exceptions that come to mind. By
| system in this context I mean every institution, service
| provider, company, business... everything. Couple that with
| low salaries across the board - including the "high paying
| tech jobs in London" with price increases that are out of
| control with no reason to believe this is ever going to
| stop you end up with a standard of living significantly
| lower than let's say for example the EU countries of
| Eastern Europe. Currently trying to figure out where to go
| next
| card_zero wrote:
| Well Albanians apparently want to live in Norwich,
| leading to a bizarre anti-propaganda campaign with bleak
| black-and-white photography to convince them it's
| horrible.
|
| https://www.bbc.com/news/articles/c99n0x4r17mo
|
| Probably your money would go futher in Albania, and
| they've got a cool flag, but the devil's in the details.
| captain_coffee wrote:
| I was referring to EU [European Union] countries. Albania
| is not in the EU so I am not sure what the point of your
| comment was besides trolling
| card_zero wrote:
| It isn't? Huh, you're right, a lot of the Balkans aren't,
| I did not know that.
|
| I don't think anywhere in the EU really describes itself
| as Eastern Europe, though. That's Ukraine, Belarus,
| Moldova. So really just Romania, sometimes.
| captain_coffee wrote:
| Literally quite a significant number of EU countries
| describe themselves as Eastern European, what you said is
| factually wrong. At this point I am considering your
| replies as either trolling or interacting in bad faith.
| card_zero wrote:
| Can't I just be incorrect?
|
| For my education, which countries?
| munksbeer wrote:
| I'm an immigrant to the UK. I have lived here permanently
| for 21 successive years, though I was actually in and out
| of the UK for years before that. My current anecdotal
| feeling about the UK is at a pretty low point.
|
| If it was an option, I would seriously look to emigrate
| again, but I honestly don't know where. The most appealing
| option for me is Australia, but my age works against me. I
| know everywhere has its issues, but I'm just so worn down
| by the horrible adversarial political system and gutter
| press in the UK right now. We seem unable to do anything of
| note recently. A train line connecting not very much of the
| UK has cost so much money, and in the end it hasn't even
| joined up the important part.
|
| I don't know, life is good at a local level. I am
| privileged and live in a fantastically beautiful town, and
| life here is safe and friendly. If I ignored everything
| else for a while it would probably do me good.
| DeepSeaTortoise wrote:
| Australia is hardly any better. E.g. it forces software
| engineers to try to sneak backdoors into the software
| they're working on.
|
| Imagine hiring someone you didn't know had an Australian
| dual citizenship and two years later all your customers'
| data is leaked onto the net.
| fdb345 wrote:
| Like most immigrants you were sold a lie. Enjoy.
| munksbeer wrote:
| Sorry? The UK has been an amazing place for me. It still
| is, when I focus locally, instead of being swept up by
| everything else.
|
| Are you also an immigrant to the UK? I suggest you
| embrace it.
| NegativeLatency wrote:
| Seems like the US is trying to catch up, especially with
| the whole talent exodus thing and defunding of vital
| research funding.
| pjc50 wrote:
| There's a lethargy, but it's hardly speedrunning. Things
| will be the same or slightly worse in a decade. I'm not
| sure I can say the same for the US, it seems different this
| time.
|
| > The NHS having patients dying in hallways
|
| Sadly routine in winter. Nobody wants to spend the money to
| fix this. Well, the public want the money spent, but they
| do not want it raised in taxes.
|
| > Rotherham back in the popular mind
|
| The original events were between 1997 and 2013. The reason
| they're back in the mind is the newspapers want to keep
| them there to maintain islamophobia. Other incidents (more
| recently Glasgow grooming gangs) aren't used for that
| purpose.
|
| > a bad economy even by EU standards
|
| Average by EU standards. But stagnant, yes.
|
| > the government increasingly acting in every way like it
| is extremely paranoid of the citizens.
|
| They've been like this my entire life. Arguably it was a
| bit worse until the IRA ceasefire. Certainly the security
| services have been pushing anti-encryption for at least
| three decades.
| lucasRW wrote:
| Many people think like you. Western Europe in general has
| been destroyed by a certain ideology, and whoever can
| emigrate does emigrate.
| hkwerf wrote:
| I suppose they don't believe certain facts engineers are
| telling them. With Brexit it was coined "Project Fear". Now
| they're being told that adding backdoors to an encrypted
| service almost completely erodes trust in the encryption and,
| as in the case with Apple here, in the vendor. However, I
| suppose it is very hard to find objective facts to back this.
| I'd guess this is why Apple chose to both completely disable
| encryption and inform users about the cause.
|
| Now we're probably just waiting for a law mandating
| encryption of cloud data. Let's see whether Apple will
| actually leave the UK market altogether or introduce a
| backdoor.
| palmotea wrote:
| > Our government is almost schizophrenic in its attitude to
| encryption.
|
| Of course: it's not a monolithic entity. It's a composite of
| different parts that have different goals an interests.
| spwa4 wrote:
| And yet if I steal your money and refuse to give it back,
| or let you steal it back, you'll call that hypocritical.
| What does the size of an entity have to do with whether
| this is idiotic or not?
| pjc50 wrote:
| You're not an entity, you're a person. Scale really does
| make a difference.
| spwa4 wrote:
| You're making the argument that the UK government will
| stop using encryption itself once the information about
| this becoming illegal makes it through the government.
|
| It won't. The courts will refuse to force them to stop,
| and even if the courts attempt to force it, some
| government departments just won't listen, and be
| protected from the consequences.
|
| This is another case of "the law applies to you, but not
| to me".
| pjc50 wrote:
| The law is that encrypted comms must be provided to the
| security services on request. This is not a problem for
| government agencies. It is not illegal per se.
| palmotea wrote:
| >> Of course: it's not a monolithic entity. It's a
| composite of different parts that have different goals an
| interests.
|
| > And yet if I steal your money and refuse to give it
| back, or let you steal it back, you'll call that
| hypocritical.
|
| That's a bad analogy.
|
| > What does the size of an entity have to do with whether
| this is idiotic or not?
|
| Because it's not about the size, _and I said nothing
| about the size_. It 's about it being composed of
| different minds, organized into different organizations,
| focused on different goals.
|
| It's just not going to behave like one mind (without a
| lot of inefficiency, because you'd need literal central
| planning), because that's not the kind of thing that it
| is.
| wrs wrote:
| In the US, the NSA has always had both missions (protect our
| country's data and expose every other country's data). Since
| everyone uses the same technology nowadays, that's a rather
| hard set of missions to reconcile, and sometimes it looks a
| little ridiculous. As of fairly recently, they have a special
| committee that decides how to resolve that conflict for
| discovered exploits.
| Macha wrote:
| I mean, this is no different than one part of the government
| suggesting running laundry at night to reduce the
| environmental impact of energy use, while another suggests
| only running it while awake to reduce fire hazard.
| Governments and corporations rarely have complete internal
| alignment.
| feb012025 wrote:
| I don't know, they've definitely been cracking down on
| journalists over the past year. Could be an attempt to crack
| down harder / create a chilling effect
| lucasRW wrote:
| They've been sending people to prison for posting memes....
| mr_toad wrote:
| Memes with illegal content. It's not hard to imagine
| creating a meme that would have the FBI knocking on your
| door.
| vr46 wrote:
| You need a non-UK card to use on your Apple Account to change
| its region.
| dawnerd wrote:
| Would a Wise card work?
| gambiting wrote:
| No, because it still has a British billing address.
| mr_toad wrote:
| You need proof of address.
| varispeed wrote:
| It's for Labour "data analysts" to go through people photos and
| search for nudes.
| mr_toad wrote:
| > Also is it not possible to set up my Apple account outside of
| the UK while living here?
|
| The ability to turn on Advanced Data Protection does seem to be
| tied to your iCloud region (as of now I can still turn it on,
| and I'm in the UK but have an account from overseas).
| world2vec wrote:
| I regret immensely not having turned ADP before... Now I'm
| feeling really angry at this whole thing.
| matthewdgreen wrote:
| The best time to turn on ADP was before this happened. For
| folks not in the U.K., the second best time is right now. The
| more people who use it, the more disruptive it will be to turn
| off.
|
| Keep in mind there are some risks with any E2EE service! You'll
| need to store a backup key or nominate a backup contact, and
| there's a risk you could lose data. Some web-based iCloud
| services don't work (there is a mode to reactivate them, with
| obvious security consequences.) for what it's worth, I've been
| using it for well over a year (including one dead phone and
| recovery) and from my perspective it's invisible and works
| perfectly.
| dmix wrote:
| Here's how:
|
| On iPhone or iPad Open the Settings app.
| Tap your name, then tap iCloud. Scroll down, tap
| Advanced Data Protection, then tap Turn on Advanced Data
| Protection. Follow the onscreen instructions to
| review your recovery methods and enable Advanced Data
| Protection.
|
| On Mac Choose Apple menu > System Settings.
| Click your name, then click iCloud. Click Advanced
| Data Protection, then click Turn On. Follow the
| onscreen instructions to review your recovery methods and
| enable Advanced Data Protection.
| soraminazuki wrote:
| Unfortunately, the title says
|
| > Apple pulls data protection tool after UK government
| security row
| dmix wrote:
| Only in the UK, everyone else should still do it. Not on by
| default
| grahamj wrote:
| Apple should start prompting users to enable it.
| dmix wrote:
| probably avoiding the support issues of users losing
| access to encryption key recovery
| doublerabbit wrote:
| Can confirm.
|
| "Apple can no longer deliver ADP in the United Kingdom to
| new users" with the enable button disabled.
| tomwphillips wrote:
| The article reports that it will be disabled for existing users
| at a later date.
| basisword wrote:
| I'm guessing this is because they haven't figured out a way
| to do it yet. I'm not very well versed in how these systems
| work but surely this type of encryption can't be disabled by
| Apple remotely (or they would have that backdoor they don't
| want)?
| neilalexander wrote:
| They will either just automatically turn it off in a future
| device software update, or they'll just post a deadline
| after which they will delete user data and prevent sync if
| it isn't disabled by the user.
| robinhouston wrote:
| The Bloomberg article has a little more detail about this:
|
| > Customers already using Advanced Data Protection, or ADP,
| will need to manually disable it during an unspecified
| grace period to keep their iCloud accounts. The company
| said it will issue additional guidance in the future to
| affected users and that it does not have the ability to
| automatically disable it on their behalf.
| basisword wrote:
| Wow, thanks for sharing! I thought that might be the case
| but "disable it or we'll have to nuke your data" seems so
| extreme I thought there must be a better way.
| george_perez wrote:
| I'm thinking that by losing their iCloud account is just
| means it will be blocked from syncing anything with
| Apple's servers.
| snowwrestler wrote:
| The "grace period" will also function nicely as a period
| of time for UK citizens to shout at their government
| representatives about this.
| kennysoona wrote:
| If you care, then it's time to ditch iPhone and Android phones
| altogether. It's not like anything they offer will be safe. You
| need to invest instead in a FairPhone with e/OS or a PinePhone
| or some similar alternative. Something where you have complete
| control of the software and ideally the hardware.
| piyuv wrote:
| This can set a dangerous precedent. Now why wouldn't any country
| demand the same, basically eliminating Advanced Data Protection
| everywhere, making user data easily accessible to Apple (and
| therefore governments)?
| JKCalhoun wrote:
| Wait, are you saying the U.S. might demand the same? In the
| current political environment?
| piyuv wrote:
| UK is much smaller than US and they didn't even fight this
| -\\_(tsu)_/-
| ziddoap wrote:
| The choice was either eliminate it now (globally, via
| introduction of a backdoor) or eliminate it in the UK (but keep
| it globally).
|
| So, perhaps this is a bit of a dangerous precedent, but it was
| the least-bad option.
| piyuv wrote:
| When UK demanded a backdoor to e2ee in iMessage, Apple told
| them they'd rather get out of UK. Why not do the same here?
| You're posing a false dichotomy.
| ziddoap wrote:
| What would that change, effectively, other than have Apple
| lose money?
|
| The UK would still lose ADP (and then also just Apple
| products in general). A precedent would still be set.
|
| Your posing a strictly worse third option. Sure, it's an
| option, I guess. Apple could also just close down globally,
| as a fourth option. Or sell off to Google as a fifth. But I
| was trying to present the least-bad option (turn off ADP),
| rather than an exhaustive list.
| elfbargpt wrote:
| I totally get your point, but calling the UK's bluff
| could work. Are they really willing to ban Apple products
| in the UK? Maybe, maybe not
| GeekyBear wrote:
| > Apple told them they'd rather get out of UK
|
| To my knowledge, Apple has always said that their response
| would be to withdraw affected services rather than break
| encryption.
|
| > Apple has said planned changes to British surveillance
| laws could affect iPhone users' privacy by forcing it to
| withdraw security features, which could ultimately lead to
| the closure of services such as FaceTime and iMessage in
| the UK.
|
| https://www.theguardian.com/technology/2023/jul/20/uk-
| survei...
| piyuv wrote:
| True! Thanks for the correction.
|
| IMO they could've categorized the whole iCloud service as
| "affected" and disable all of it.
| GeekyBear wrote:
| My guess is that the order they received would have only
| effected encrypted device backups, at least so far.
|
| Users in the UK do still have the option to perform an
| encrypted backup to their local PC or Mac.
| philsnow wrote:
| That's a false dichotomy.
|
| Another choice, however unpalatable to all parties, would
| have been for Apple to stop doing business in the UK.
| ziddoap wrote:
| See my other reply.
|
| They could also sell the entire business to Google. Why
| bother with listing options even worse for everyone
| involved?
| v3xro wrote:
| I mean they could have tried not complying, and fighting
| a lawsuit at the ECHR (right of every person to a private
| life). Takes money and time but more attractive than the
| other options.
| ziddoap wrote:
| It's less attractive, riskier, and more costly of a
| decision for Apple. Apple is a corporation, not an
| altruist.
|
| This play by Apple applies pressure to the UK government
| indirectly via its citizens, for free, rather than taking
| the risk and expenses of a lawsuit.
| netdevphoenix wrote:
| Why do pro-privacy tech folks on here act like Apple is
| some charity? Apple is a business. It won't fight a
| citizen's fight on your behalf. It is on citizens to use
| their democratic power to ensure their representatives act
| as the voting base wants. Apple's goal is to make money.
| The government is a representation of your will.
| haswell wrote:
| > _Apple is a business. It won 't fight a citizen's fight
| on your behalf._
|
| Being a business does not remove ethical considerations.
| And I'm an environment where corporations are considered
| people, it seems reasonable to expect some degree of
| alignment with normal citizens.
|
| > _Apple 's goal is to make money. The government is a
| representation of your will._
|
| The government is increasingly _not_ a representation of
| the collective will, and is instead captured by those
| corporations.
|
| I can't help but feel the "but they exist to make money"
| line too often ignores the many ways this is _not_ a
| sufficiently complex explanation of the situation.
| netdevphoenix wrote:
| Corporations are people in the legal sense not in any
| other philosophical way. Just like non-humans proposed
| for personhood, they are not entities expected to behave
| ethically. Like a dog, you set rules and apply
| punishments when they breach it. You don't argue ethics
| with a dog because they are not relevant to them
| kennysoona wrote:
| > where corporations are considered people,
|
| People always get this wrong. Corporations are not
| people. They just have certain rights like owning
| property. Corporate personhood != full personhood.
| lowbloodsugar wrote:
| lol. It literally does. This is a great example. You
| believe this is an ethical issue. Other shareholders (you
| are a shareholder, right?) could disagree and now there
| is a lawsuit. "Complying with national law" seems like an
| easy win for them.
| v3xro wrote:
| Because while a business goal is to make money, it is not
| necessarily, unlike what you have 80% of the people here
| believe, to make the most money possible. Ethics can
| exist in businesses too.
| aqueueaqueue wrote:
| This, plus privacy is in Apple's brand. Without this and
| other Apple-esque things (lack of bloatware etc.) you may
| as well get a Samsung for 2/3 price.
| madeofpalk wrote:
| > would have been for Apple to stop doing business in the
| UK
|
| Apple employes thousands of people in the UK. I really
| don't see any practical way they could have done that.
| spacedcowboy wrote:
| They _could_
|
| They could pull out of the UK, and to hell with the
| consequences, but then if the EU decide to do the same
| thing, or the US, or China says "hold my beer", then the
| problem becomes much larger.
|
| Losing the UK market wouldn't impact Apple that much -
| it'd be a hit to the stock, of course, but as a fraction
| of worldwide business, it isn't that huge. Larger markets
| would be a bigger issue.
| bargainbin wrote:
| I'm full in on Apple and hoped they nuked iCloud in the UK
| for this rather than compromise the product.
|
| This is still better than a back door but it sets an awful
| precedent.
| llm_nerd wrote:
| It isn't really a precedent. Companies, even high-rolling
| American tech companies, have to abide by the laws and
| regulations of the countries that they operate in. I guess
| there is a question of whether this is a legal demand that they
| truly had to follow, or just a request, and whether they could
| fight it in court, but Apple seems to be hoping to adjudicate
| it in the court of public opinion (apparently the initial
| backdoor request was secret and it got leaked).
| GeekyBear wrote:
| > abide by the laws and regulations of the countries that
| they operate in.
|
| In this case, the UK is seeking to use local law to change
| what is allowable on an international basis.
|
| That's a bit different than a nation controlling the law on
| their own soil.
| llm_nerd wrote:
| That was Apple's interpretation : That to comply with what
| the UK requested they would have to have the same thing
| everywhere.
|
| But of course that is nonsense, and Apple _could_
| theoretically have a nation-specific backdoor (e.g. for
| accounts in a given country a separate sequestered
| decryption key is created and kept in escrow for court
| order).
|
| I mean, Apple "complied" by disabling ADP just in the UK.
| They undermined their own "worldwide" claim, as ADP still
| works everywhere else, and the UK has no access.
| GeekyBear wrote:
| > of course that is nonsense
|
| Organizations like the EFF do not agree.
|
| > most concerning, the U.K. is apparently seeking a
| backdoor into users' data regardless of where they are or
| what citizenship they have.
|
| https://www.eff.org/deeplinks/2025/02/uks-demands-apple-
| brea...
| llm_nerd wrote:
| So Apple is non-compliant, given that all they did is
| disable ADP in the UK.
|
| Right?
| ziml77 wrote:
| IANAL but that's not for any of us to decide. Depending
| on their initial motivations, the UK might consider this
| to be enough to rescind the demand for a backdoor. If
| it's not then Apple will face going to court and in that
| case they could choose more extreme actions like ceasing
| business in the UK.
| spacedcowboy wrote:
| I think that's right, and I think the UK will tell them
| so, and the issue will escalate.
|
| Perhaps, if the UK continues to push, Apple will indeed
| pull out of the UK, but it'll make it as public as
| possible and tell the world who it was that forced its
| hand and what the consequences are - and I don't think
| the UK government is going to like that result.
| adgjlsfhk1 wrote:
| they're non-complient but they made it a lot harder for
| the UK to fight. by showing that the "backdoor" is
| disabling the feature, for the UK to pursue this further,
| the need a judge to rule that the UK has the authority to
| prevent an American company from providing a feature in
| America.
| kbolino wrote:
| The keys are stored only in the Secure Enclave.
| Encryption and decryption are handled outside the
| standard CPU and OS. This is hardware-level protection,
| not just some flag on a cloud account to be flipped. The
| only way for Apple to break this system is to break it
| for everyone, since anything else would risk bleed over
| or insufficient compliance.
| grahamj wrote:
| > They undermined their own "worldwide" claim, as ADP
| still works everywhere else, and the UK has no access.
|
| Disagree. There is a difference between ADP being
| unavailable in one country and it working differently in
| that country. Implementing a backdoor would mean changing
| the way ADP works.
| bananapub wrote:
| what do you mean? other countries have demanded the same, e.g.
| China.
| juanpicardo wrote:
| China only requires it for their citizens. The UK asked
| access to any person's data in the world.
| declan_roberts wrote:
| I don't get what's happening to civil liberty in Europe.
| GJim wrote:
| Pot, meet kettle!
|
| Frankly, our democracies are currently in a rather precarious
| state.
| vroomvroomboom wrote:
| Nothing is happening to it. Governmental overreach, and then if
| people really want encryption they will vote in privacy-
| friendly officials. Here in Oregon, USA, we have Ron Wyden, who
| knows more about netsec than most IT graduates.
|
| As long as you can vote there is still civil liberty, just vote
| for the right people who care about this stuff.
| thenaturalist wrote:
| None of what you just said translates to any European
| country.
|
| None.
|
| Executive power is very representative, not direct, with the
| sole exception imo being Switzerland?
| doublerabbit wrote:
| This was Brexits doing. As we are no longer EU, we have our own
| cool rules such as the upcoming PM allowed to watch me take a
| piss law.
| zimpenfish wrote:
| > This was Brexits doing.
|
| Not really? We've had horrors like the 2000 RIP[0] well
| before Brexit. The Blair government made a huge dent in civil
| liberties and the Tories carried it on.
|
| [0] https://en.wikipedia.org/wiki/Regulation_of_Investigatory
| _Po...
| Jigsy wrote:
| This is one of the reasons why I will never vote Labour.
|
| The UK has always hated not allowing people to self-
| incriminate, though...
| zimpenfish wrote:
| > This is one of the reasons why I will never vote
| Labour.
|
| The Tories are generally worse. But I agree it's
| currently a case of "lesser of two evils".
| Jigsy wrote:
| I wouldn't vote for Tory either.
|
| I usually vote for Lib Dem. Though they do things from
| time to time I don't like...
| doublerabbit wrote:
| This is why Scotland needs independence. It was once and
| with it chained by the UK, they're squeezing everything
| they can. Look at Wales, just pets for the UK. Scotland
| is an actually pretty awesome country but like Canada is
| kept pet by a leader. The only thing that could save this
| shitshow is Scotland getting independence. Lets be honest
| here. You thought Boris Johnson was bad ripping holes
| left right and center. Trump makes Boris look like a pet
| rat. And that's an insult to real rats.
| sunaookami wrote:
| The EU is currently planning exactly the same thing with Chat
| Control.
| nickslaughter02 wrote:
| What EU is planning with chat control is much worse. The UK
| still requires a warrant to access your iCloud data. EU
| wants to force companies to install spyware on your devices
| that will monitor whatever you send or receive in real time
| without any probable cause or suspicion.
| anal_reactor wrote:
| At least we don't get to pee in the cup at work
| alt227 wrote:
| We can drink alcohol in outdoor public places, can Americans?
| 15155 wrote:
| This is specific to each municipality/state. The United
| States federally has no laws regarding the outdoor
| consumption of alcohol.
| spacebanana7 wrote:
| The problem is the decline. We had more liberties 10 years
| ago than we do today.
|
| Whether Americans are free or unfree shouldn't distract us
| from this.
| thraway3837 wrote:
| Could moves like this by other repressive regimes finally open
| the door to consumer-owned, consumer-controlled, decentralized
| cloud storage systems that are fully encrypted and inaccessible
| by any agency or individual except by the owner?
|
| Would be a beautiful thing to see. Not sure how storage would
| work though since you cannot take payment (that would make it
| centralized), and storage would have to be distributed, but by
| who?
| zimpenfish wrote:
| > inaccessible by any agency or individual except by the owner?
|
| I believe the UK already has "you must unlock anything we ask"
| as part of the RIP/2000[0].
|
| [0]
| https://en.wikipedia.org/wiki/Regulation_of_Investigatory_Po...
| herf wrote:
| Why is there only one "iCloud" to backup your iPhone and store
| photos? Lots of ADP users would use a corporate or self-hosted
| solution instead.
| nobankai wrote:
| The reason is that Apple was never required by UK law to offer
| any alternative. I think the DSA intended to challenge that,
| but it would do nothing for UK residents.
| snowwrestler wrote:
| As far as I know you can still opt to backup your entire iPhone
| to a local computer instead of iCloud.
|
| You can also manually transfer photos to the computer. Or you
| can enable a different app (Google Photos or Dropbox for
| example) to store copies of every picture you take, and then
| turn off iCloud Photos.
|
| Note that neither Google nor Dropbox are E2E encrypted either
| though.
| varispeed wrote:
| What would you recommend as a DIY method?
|
| I have a NAS that is accessible through VPN. But I don't
| trust its encryption, thought it is in my controlled
| location.
| spacedcowboy wrote:
| Doing it locally doesn't really help. The RIP bill can
| force you to disclose your own encryption keys to the UK
| government, and if you "forgot them" you can be put in jail
| as if you were convicted of whatever they're accusing you
| of.
|
| That's why cloud backup was useful.
|
| [edit: actually I mis-remembered this, it's "only" 2 years
| (or 5 if it's national-security-related) that they'll jail
| you for. "Only" carrying a lot of water there...]
| varispeed wrote:
| For this you can use truecrypt nested containers, so it
| will reveal data depending on your given password and
| there is no way to prove there is something else in the
| container.
|
| To be fair this should be standard.
| vroomvroomboom wrote:
| It's the right choice: don't bow to government pressure, let the
| people pressure the government.
| ethagnawl wrote:
| > let the people pressure the government.
|
| Hopefully they will.
| tmjwid wrote:
| I can't imagine many here (UK) will really care, we've had
| multiple breeches of privacy imposed on us by the powers that
| be. - Removed incorrect assumption of this not being
| reported.
| darrenf wrote:
| It's literally the number one story on
| https://www.bbc.co.uk/news/ as I type this comment.
| tmjwid wrote:
| Yeah my bad.
| gambiting wrote:
| And I guarantee that the reaction from most people will
| be "good, I have nothing to hide so I have nothing to
| worry about". The apathy around this stuff in the UK is
| unbelivable - I've been trying to point out that hey, for
| years now something like 17 government agencies(including
| DEFRA - department of agriculture lol) can access your
| internet browsing history WITHOUT A WARRANT and that's
| absolutely fine. ISPs are required to keep your browsing
| history for a year too. Again, nothing to hide, why would
| I worry about it.
| genewitch wrote:
| Does and of the doh or other DNS stuff help with this at
| all? Is the only solution to VPN out of Europe?
| DeepSeaTortoise wrote:
| Only DNSCrypt provides any privacy. If you setup your
| relays properly.
| spwa4 wrote:
| The same is happening Europe-wide too. Everybody always
| points to the GPDR legislation. You know what is a
| feature of the GPDR too?
|
| Every European government (even some non-EU ones) can
| grant any exception to anyone to the GPDR for any reason.
| And, of course, every last one has granted an exception
| to the police, to courts, to the secret service, their
| equivalent of the IRS, and to government health care
| (which imho is a big problem when we're talking mental
| health care), and when I say government health care, note
| that this includes private providers of health care, in
| other words insurances.
|
| Note: these GPDR exclusions includes denying patients
| access to their own medical records. So if a hospital
| lies about "providing you" with mental health treatment
| (which they are incentivized to do, they get money for
| that), it can helpfully immediately be used in your
| divorce. For you yourself, however, it is conveniently
| impossible to verify if they've done this. Nor can you
| ask (despite GPDR explicitly granting you this right) to
| have your medical records just erased.
|
| In other words. GPDR was explicitly created to give
| people control over their own medical records, and to
| deny insurance providers and the IRS access. It does the
| exact opposite.
|
| Exactly the sort of information I would like to hide,
| exactly the people I would find it critical to hide it
| from. In other words: GPDR applies pretty much only to US
| FANG companies ... and no-one else.
|
| So: if you don't pay tax and use that money to pay for a
| cancer treatment, don't think for a second the GPDR will
| protect you. If you have cancer and would like to get
| insured, the insurance companies will know. Etc.
| alt227 wrote:
| I agree, have an upvote.
|
| Even though its making the media headlines today, 99% of UK
| citizens will forget this tomorrow and it will fade into
| the mists of time. Just like evey other security
| infringement that any government has imposed on its
| citizens.
| basisword wrote:
| There was a lot of campaigning against the Investigatory
| Powers bill when it was introduced. It didn't help much given
| the people in power want more power regardless of where they
| sit on the political spectrum.
| miroljub wrote:
| How?
|
| In the UK, there's no right to bear arms, so people are pretty
| helpless against their oppressing government.
| saintfire wrote:
| I'm sure shooting at the government would have solved this
| privacy issue.
| marknutter wrote:
| It solved the taxation issue
| krapp wrote:
| As far as I know Americans are still required to pay
| taxes, so no.
| brink wrote:
| We're working on it.
| spacedcowboy wrote:
| As a green-card holder, it really didn't.
| Tostino wrote:
| Surprisingly, the people in the government don't much like
| being shot. See the reaction to the UHC CEO for an example.
| krapp wrote:
| Weird. In the US there is a right to bear arms, yet people
| are also pretty helpless against their oppressing government.
| cupcakecommons wrote:
| Who do you know that's been arrested for posting on social
| media? I don't know of anyone.
| krapp wrote:
| True.
|
| American police will shoot people dead in the streets
| with impunity, the military industrial complex engages in
| constant wars regardless of popular sentiment and the
| American government is currently being carved up by neo-
| nazis and oligarchs but you _can_ legally be racist on
| the internet. I guess it truly is the land of the free.
|
| Also... wait six months.
| basisword wrote:
| >> In the UK, there's no right to bear arms, so people are
| pretty helpless against their oppressing government.
|
| There's a right to bear arms in the US and it doesn't seem to
| be helping them with their oppressive government.
| protonbob wrote:
| Look into the Black Panthers. It actually does work quite
| effectively.
| krapp wrote:
| How? the Black Panthers were infiltrated and undermined
| by COINTELPRO and effectively destroyed from within,
| meanwhile the white supremacist capitalist system they
| fought against persists.
|
| Their biggest success as far as I know is starting free
| school lunches in the US, but that wasn't at gunpoint.
| ch4s3 wrote:
| Ahh yes the murders of Alex Rackley and Betty Van Patter,
| truly brave and revolutionary acts!
| jahewson wrote:
| The fact that I can't tell if this is a joke speaks
| volumes.
| bloqs wrote:
| You people cannot seriously be this poorly educated
| cupcakecommons wrote:
| I feel like it's working pretty great
| grahamj wrote:
| It only works when the gun nuts aren't on the side of the
| oppressors.
| ornornor wrote:
| Because that's working so well for the US
| cupcakecommons wrote:
| it's working really well, we don't get arrested for social
| media posts as far as I can tell
| philipwhiuk wrote:
| https://www.justice.gov/usao-edny/pr/social-media-
| influencer...
|
| https://www.bbc.co.uk/news/articles/c86l4p583y6o
|
| https://www.aljazeera.com/news/2021/1/19/holdindigenous-
| man-...
|
| Yes you do
| jahewson wrote:
| That's not the same thing. You know what he means.
| ornornor wrote:
| If that's the bar then I guess yes it's a resounding
| success for freedom.
| Molitor5901 wrote:
| Technically I guess you're right, but one hopes that the
| foundations of British democracy provide its citizens with
| the tools to fight against an oppressive government. The only
| rub is getting them to stand up and do that.
| jahewson wrote:
| Like what? Britain is a constitutional monarchy. Its
| foundations anticipated an oppressive king, not an
| oppressive parliament. Britain never had a revolution, it
| never had free speech to begin with. It seems to me that
| what made Britain successful in the past is maladaptive to
| its current situation.
| quickthrowman wrote:
| Small arms are no match for drones and a fully armed
| military, a successful rebellion by any populace against a
| first world military is impossible unless the military lays
| their arms down voluntarily, full stop.
| protonbob wrote:
| Rebels are able to use techniques that a government never
| could or would. I think you underestimate the usefulness of
| small arms in guerilla warfare.
| gus_massa wrote:
| You underestimate the nasty things goverments have done.
| filoleg wrote:
| Every time this argument comes up, I just feel like rolling
| eyes, it is so overplayed.
|
| Yes, in a direct confrontation and an all out war, the
| populace stands no chance against the US military (assuming
| the military will unwaveringly side against the populace),
| no argument there.
|
| But an all out war is not an option, the government
| wouldn't be trying to pulverize an entire nation and leave
| a rubble in place. If you completely destroy your populace
| and your cities in an all-out direct war, you got no
| country and people left to govern. It is all about
| subjugation and populace control. You can't achieve this
| with air strikes that level whole towns.
|
| Similarly, if the US wanted to "win" in Afganistan by just
| glassing the whole region and capturing it, that would be
| rather quick and easy (from a technical perspective, not
| from the perspective of political consequences that would
| follow). Turns out, populace control and compliance are way
| more tricky to achieve than just capturing land. And while
| having overwhelming firepower and technological advantage
| helps with that, it isn't enough.
| bloqs wrote:
| I roll my eyes when I see this blissfully naive
| LARP/mallninja imagined scenario, but I do have to remind
| myself that the US was founded on the basis of forming a
| milita etc. and I would probably say the same thing if I
| had that upbringing. You forget that the vast majority of
| people are stupid and easily scared (this is not a
| solvable problem)
|
| Help me out - how can policing possibly work if no one is
| legally required to be policed? You just end up with
| murderers, rapists etc. expressing their right to
| "resist" with arms like in spaghetti westerns. It is
| totally symbolic, and would crumble at the first instance
| of serious government interest of arresting
| 'troublemakers', which would of course start with a well
| crafted PR campaign to get the rest of the public on
| their side. I think it's naive.
| jahewson wrote:
| This feels like a strawman because you're only
| hypothesizing a situation in which it wouldn't work well.
|
| Imagine a dark future with a sudden military coup by a
| small faction of extreme radicals that 85% of the
| population opposes. could enough citizens rise up and
| stop them? Could the calculus of being that coup leader
| be changed by the likelihood that they will be
| assassinated in short order, by one of millions of
| potential assassins? Quite possibly. These are not
| everyday concerns, of course, but the concerns of dark
| and dangerous times. It's a bit like buying life
| insurance: hopefully I never need it.
| emorning3 wrote:
| Guns are an inefficient/stupid way to kill people anyway.
|
| Just ask Russia and Ukraine.
|
| Look around, human beings are quite clever.
| fdb345 wrote:
| I just dont interact with the government or British society
| at all. I have turned my back on it.
|
| If they ever come to my door I'll either go postal or leave
| the country.
|
| Its so bad here now.
| Molitor5901 wrote:
| NO, it's the wrong choice. Most people do not understand this
| stuff enough to truly care about, and they just want their
| devices to work. This is an awful decision by Apple. There's
| really nothing consumers can do to pressure the British
| government.
| MikeKusold wrote:
| Those people aren't enabling ADP to begin with.
| Molitor5901 wrote:
| Exactly. There is a technological disconnect for a lot of
| people. They accept actions like this because they don't
| fully appreciate, IMHO, the ramifications. We do, and we
| must do more to educate people.
| vroomvroomboom wrote:
| I would love to see a website written in "Dumbass Redneck
| American-ese" explaining why privacy is important.
| 1propionyl wrote:
| I'm sure the condescending attitude and negative
| stereotyping will sway readers.
| afthonos wrote:
| Consumers being unable to pressure government, even if true,
| does not imply this is a bad decision.
| Molitor5901 wrote:
| It's a terrible decision that will have grave
| ramifications. I see no positive to this action.
| madeofpalk wrote:
| This is Apple condeeding. Apple lost. UK Government got
| (almost) what they wanted - a backdoor into iCloud accounts.
|
| Apple's only consolation prize is that its limited to UK users
| for now. But it seems inevitable that ADP will gradually be
| made illegal all around the world.
| jahewson wrote:
| Given that they've only prevented new signups it looks to me
| more like Apple is trying to apply pressure to the U.K.
| government to get them to back down. The law that permits
| this was passed in 2016 so the situation was default lost
| already.
| alt227 wrote:
| They have said all existing ADP enabled accounts will be
| disabled or deleted in time. They need to give people time
| to migrate their data out before they nuke it.
| vroomvroomboom wrote:
| It's the right decision. Don't bow to the government, let the
| people demand it from their leaders, and vote in new ones.
| v3xro wrote:
| Yes, countries lacking in proportional representation and
| having obscure procedures like proroguing parliament are the
| best at listening to important but fairly obscure issues from
| their voters. </s>
| v3xro wrote:
| Very disappointed with this, but I think will be finding
| alternatives.
|
| Family sharing especially of Reminders is a hard one - we use
| lists for grocery shopping and it is extremely convenient.
|
| Has anyone tried out Ente https://ente.io/ for photos?
| b800h wrote:
| What happens if you're an international traveller?
| SXX wrote:
| This will likely depend on your primary account region. Apple
| can't just turn off E2EE on existing account nilly willy.
| A4ET8a8uTh0_v2 wrote:
| << Apple can't just turn off E2EE on existing account nilly
| willy.
|
| If they are able to, then then can be compelled. Do you mean
| won't/wouldn't?
| SXX wrote:
| They can break a sync on server-side for your account.
|
| They can't disable it on device though.
| buildbot wrote:
| "Apple said it will issue additional guidance in the future
| to affected users and that it "does not have the ability to
| automatically disable it on their behalf.""
|
| From https://www.macrumors.com/2025/02/21/apple-pulls-
| encrypted-i...
| tome wrote:
| I'm confused. I thought iCloud was end-to-end encrypted anyway,
| and I've never heard of ADP before. Is ADP encryption _at rest_ ,
| whereas normal iCloud storage is only encrypted from the device
| to the server?
| dmix wrote:
| The only difference is Apple doesn't hold the encryption keys
| when you use ADP.
|
| In both cases it's encrypted in transit and at rest.
| tome wrote:
| TIL that Apple holds the keys to my iCloud encrypted data!
| AlanYx wrote:
| For most of it, yes. There are exceptions, e.g., Health and
| Keychain, for which Apple does not have the keys even
| without ADP enabled.
| burnerthrow008 wrote:
| Yes, otherwise, how would the web interface (iCloud.com)
| work?
| jamesmotherway wrote:
| See the "Data categories and encryption" section:
|
| "The table below provides more detail on how iCloud protects
| your data when using standard data protection or Advanced Data
| Protection."
|
| https://support.apple.com/en-us/102651
| pyuser583 wrote:
| How does this affect me if I travel to the UK with an E2E
| encrypted IThing?
| bananapub wrote:
| not at all
| cgcrob wrote:
| Removed all my stuff from iCloud about a month ago in preparation
| for this.
| ranger_danger wrote:
| The beginning of the end. A sad day for Brits
| Jigsy wrote:
| I don't like Apple, nor do I use any of their products, but as
| someone from the UK, I do respect them for doing this.
|
| Now if only the other companies who said they'd leave would grow
| a backbone...
| bArray wrote:
| Too right, it was far more problematic than they ever made out.
|
| > The UK government's demand came through a "technical capability
| notice" under the Investigatory Powers Act (IPA), requiring Apple
| to create a backdoor that would allow British security officials
| to access encrypted user data globally. The order would have
| compromised Apple's Advanced Data Protection feature, which
| provides end-to-end encryption for iCloud data including Photos,
| Notes, Messages backups, and device backups.
|
| One scenario would be somebody in an airport and security
| officials are searching your device under the Counter Terrorism
| Act (where you don't even have the right to legal advice, or the
| right to remain silent). You maybe a British person, but you
| could also be a foreign person moving through the airport.
| There's no time limit on when you may be searched, so all people
| who ever travelled through British territory could be searched by
| officials.
|
| Let that sink in for a moment. We're talking about the largest
| back door I've ever heard of.
|
| What concerns me more is that Apple is the only company audibly
| making a stand. I have an Android device beside me that regularly
| asks me to back my device up to the cloud (and make it difficult
| to opt out), you think Google didn't already sign up to this? You
| think Microsoft didn't?
|
| Then think for a moment that most 2FA directly goes via a large
| tech company or to your mobile. We're just outright handing over
| the keys to all of our accounts. Your accounts have never been
| less protected. The battle is being lost for privacy and
| security.
| sameermanek wrote:
| Feels like marvel was onto something with captain america and
| winter soldier.
| pplante wrote:
| Life is imitating too many dystopian books, movies, etc these
| days. I think we need to put an end to all creative works
| before the timeline becomes irrecoverably destroyed.
| ekm2 wrote:
| Banning art?
| Arubis wrote:
| I suspect you're being flippant, but destruction of and
| restrictions on creative works as an _antidote_ to dystopia
| is a take I haven't seen before.
| pplante wrote:
| Yes, I am being very flippant. Sometimes we need to jest
| in order to digest reality.
| dingdingdang wrote:
| The /s is strong with this one.
| dmonitor wrote:
| The real prescient threat in that movie was the predictive AI
| algorithm that tracked individual behaviors and identified
| potential threats to the regime. In the movie they had a big
| airship with guns that would kill them on sight, but a more
| realistic threat is the AI deciding to feed them
| individualized propaganda to curtail their behavior. This is
| the villain's plot in Metal Gear Solid 2, which is another
| great story.
|
| This got me thinking about MGS2 again and rewatching the
| colonel's dialogue at the end of the game:
| https://www.youtube.com/watch?v=eKl6WjfDqYA
|
| > Your persona, experiences, triumphs, and defeats are
| nothing but byproducts. The real objective was ensuring that
| we could generate and manipulate them.
|
| It's really brilliant to use a video game to deliver the
| message of the effectiveness of propaganda. 'Game design' as
| a concept is just about manipulation and hijacking dopamine
| responses. I don't think another medium can as effectively
| demonstrate how systems can manipulate people's behavior.
| nottorp wrote:
| > have an Android device beside me that regularly asks me to
| back my device up to the cloud
|
| But is that backup encrypted? If it's not, all they need is
| <whatever piece of paper a british security official needs, if
| any> to access your data.
|
| This is about having access to backups that are theoretically
| encrypted with a key Apple doesn't have?
|
| > We're talking about the largest back door I've ever heard of.
|
| Doesn't the US have access to all the data of non US citizens
| whose data is stored in the US without any oversight?
| burnerthrow008 wrote:
| > Doesn't the US have access to all the data of non US
| citizens whose data is stored in the US without any
| oversight?
|
| Er, no...? I'm not sure where you get that idea. Access
| requires a warrant, and companies are not compelled to build
| systems which enable them to decrypt all data covered by the
| warrant.
|
| See, for example, the Las Vegas shooter case, where Apple
| refused to create an iOS build that would bypass iCloud
| security.
| nottorp wrote:
| I asked if your Android backup is encrypted. Implies I'm
| talking about unencrypted data.
|
| > See, for example, the Las Vegas shooter case
|
| I am not in Las Vegas or anywhere else in the US. So as far
| as i know all the data about me that is stored in the US is
| easily accessible without a warrant unless it's encrypted
| with a key that's not available with the storage.
|
| > companies are not compelled to build systems which enable
| them to decrypt all data covered by the warrant
|
| Again, not what I was talking about.
|
| I'm merely pointing out that your data is not necessarily
| encrypted, and that the "rest of the world" was already
| unprotected vs at least one state. The UK joining in would
| just add another.
| skydhash wrote:
| People always overestimate how much companies will defy
| their government for you, legally or otherwise.
| GeekyBear wrote:
| This is why Apple, and more recently Google, create
| systems where they don't have access to your unencrypted
| data on their servers.
|
| > Google Maps is changing the way it handles your
| location data. Instead of backing up your data to the
| cloud, Google will soon store it locally on your device.
|
| https://www.theverge.com/2024/6/5/24172204/google-maps-
| delet...
|
| You can't be forced to hand over data on your servers
| that you don't have access to, warrant or no.
|
| The UK wants to make this workaround illegal on an
| international basis.
| pmontra wrote:
| > You can't be forced to hand over data on your servers
| that you don't have access to, warrant or no.
|
| But you can be forced to record and store that data even
| if you don't want to.
| GeekyBear wrote:
| Which is why Apple takes the stance that the users device
| shouldn't be sending data to the mothership at all, if it
| isn't absolutely necessary.
|
| Compare Apple Maps and Google Maps.
|
| Google initially hoovered up all your location data and
| kept it forever. They learned from Waze that one use case
| for location data was keeping your map data updated.
|
| Apple figured out how to accomplish the goal of keeping
| map data updated without storing private user data that
| could be subject to a subpoena.
|
| > "We specifically don't collect data, even from point A
| to point B," notes Cue. "We collect data -- when we do it
| -- in an anonymous fashion, in subsections of the whole,
| so we couldn't even say that there is a person that went
| from point A to point B.
|
| The segments that he is referring to are sliced out of
| any given person's navigation session. Neither the
| beginning or the end of any trip is ever transmitted to
| Apple. Rotating identifiers, not personal information,
| are assigned to any data sent to Apple... Apple is
| working very hard here to not know anything about its
| users.
|
| https://techcrunch.com/2018/06/29/apple-is-rebuilding-
| maps-f...
| spankalee wrote:
| > all the data about me that is stored in the US is
| easily accessible without a warrant
|
| No, law enforcement needs a warrant to legally access any
| data. This is why Prism was illegal, and why companies
| like Google are pushing back against overly broad
| geofence search warrants.
| alt227 wrote:
| > This is why Prism was illegal
|
| Yet it still existed, and was used for surveillance by 3
| letter agencies. Why do you think this is any different?
| somenameforme wrote:
| No idea why the two of you are using past tense. PRISM is
| still very much alive and well.
| fdb345 wrote:
| All Encrochat evidence was illegal in at least three
| different ways. UK Law enforcement didn't care. They just
| lied.
| multjoy wrote:
| No it wasn't.
|
| The Dutch cracked and wiretapped it. It has been held not
| to be intercept evidence per RIPA so capable of being
| used in evidence.
|
| Most went guilty because they caught red-handed in the
| most egregious criminality you've seen.
|
| Encro was designed to enable and protect criminal
| communications. It had no redeeming public value.
| mtrovo wrote:
| > Doesn't the US have access to all the data of non US
| citizens whose data is stored in the US without any
| oversight?
|
| Totally agree. Having this discussion so US centred just
| makes us miss the forest for the trees. Apart from data owned
| by US citizens, my impression is that data stored in the US
| is fair game for three letter agencies, and I really doubt
| most companies would spend more than five minutes agreeing
| with law enforcement if asked for full access to their
| database on non-US nationals.
|
| Also, remember that WhatsApp is the go-to app for
| communication in most of the world outside the US. And
| although it's end-to-end encrypted, it's always nudging you
| to back up your data to Google or Apple storage. I can't
| think of a better target for US intelligence to get a glimpse
| of conversations about their targets in real time, without
| needing to hack each individual phone. If WhatsApp were a
| Chinese app, this conversation about E2E and backup
| restrictions would have happened a long time ago. It's the
| same on how TikTok algorithm suddenly had a strong influence
| on steering public opinion and instead of fixing the game we
| banned the player.
| causal wrote:
| Agree in principle, though WhatsApp backups are encrypted
| with a user provided password, so ostensibly inaccessible
| to Google or whoever you use as backup
| mox1 wrote:
| International users that have Advanced Protection enabled
| would in theory be safe from all of the 3-letter agencies
| (like safe from those agencies getting the data from
| Apple...not safe generally).
|
| Realistically we are talking about FISA here, so in theory
| if the FBI gets a FISA court order to gather "All of the
| Apple account data" for a non-us person, Apple would either
| hand over the encrypted data OR just omit that....
|
| Based on the stance Apple is taking here, its reasonable to
| assume they would do the same in the US (disable the
| feature if USG asked for a backdoor or attempted to compel
| them to decrypt)
| mtrovo wrote:
| Would your answer be the same if this encrypted data was
| stored in China instead of US?
|
| I don't think messages should ever leave the device, if
| you want to migrate to a different device this could be
| covered by that user flow directly. Maybe you want to
| sync media like photos or videos shared on a group chat
| and I'm fine with that compromise but I see more risks
| than benefits on backing up messages on the cloud, no
| matter if it's encrypted or not.
| nickburns wrote:
| > its reasonable to assume they would do the same in the
| US (disable the feature if USG asked for a backdoor or
| attempted to compel them to decrypt)
|
| I think it's more likely that Apple would challenge it in
| US courts and prevail. Certainly a legal battle worth
| waging, unlike in the UK.
| GeekyBear wrote:
| This has already happened, and Apple did fight it in the
| US courts.
|
| Eventually the US government withdrew their demand.
|
| https://en.m.wikipedia.org/wiki/Apple%E2%80%93FBI_encrypt
| ion...
| nickburns wrote:
| Exactly.
|
| https://en.wikipedia.org/wiki/Apple%E2%80%93FBI_encryptio
| n_d...
| SJC_Hacker wrote:
| > Totally agree. Having this discussion so US centred just
| makes us miss the forest for the trees. Apart from data
| owned by US citizens, my impression is that data stored in
| the US is fair game for three letter agencies, and I really
| doubt most companies would spend more than five minutes
| agreeing with law enforcement if asked for full access to
| their database on non-US nationals anyone.
| squeaky-clean wrote:
| > But is that backup encrypted? If it's not, all they need is
| <whatever piece of paper a british security official needs,
| if any> to access your data.
|
| Based on them mentioning the difficulty of opting out, I
| presume OOP does not use Google's cloud backup.
| crimsoneer wrote:
| Android data isn't encrypted at rest (or at least not in a
| way Google doesn't have the key). If the uk gov has a
| warrant, they can ask Google to provide your Google Drive
| content. The whole point of this issue is Apple specifically
| designed ADP so they couldn't do that.
| sunshowers wrote:
| Android backups are encrypted at rest using the lockscreen
| PIN or passphrase: https://developer.android.com/privacy-
| and-security/risks/bac...
|
| So not hugely secure for most people if they use 4-6
| decimal digits, but possible to make secure if you set a
| longer passphrase.
|
| I don't know what Google's going to do about this UK
| business.
|
| edit: Ah it looks like they have a Titan HSM involved as
| well. Have to take Google's word for it, but an HSM would
| let you do rate limits and lockouts. If that's in place, it
| seems all right to me.
| noinsight wrote:
| > non US citizens whose data is stored in the US
|
| They don't even care where it's stored...
|
| See: CLOUD Act [1]
|
| [1] https://en.wikipedia.org/wiki/CLOUD_Act
| 93po wrote:
| i think people focus on whether backups are encrypted too
| much. it really doesn't matter when the government has remote
| access equivalent to your live phone when it's in an
| unencrypted state, which they almost certainly do.
| grahamj wrote:
| This is why, while I applaud what Apple is doing here, they
| need to allow us to supply our own E2E encryption keys.
| shuckles wrote:
| That's literally what the feature they're removing did.
| kbolino wrote:
| Not exactly. It generates the keys for you and stores them
| on device in the Secure Enclave. You cannot "bring your
| own" encryption key, but the primary benefit of doing so--
| that Apple does not have access to it--is intentionally
| accomplished anyway by the implementation.
| shuckles wrote:
| I'm not sure I appreciate the value of literally bringing
| your own keys. My device generating them on my behalf as
| part of a setup process seems sufficient. You'd use
| openssl or something and defer to software to actually do
| keygen no matter what.
| IshKebab wrote:
| > What concerns me more is that Apple is the only company
| audibly making a stand.
|
| Meta also _said_ they would make a stand if a similar request
| comes for WhatsApp. I 'm not going to hold my breath though.
| AutistiCoder wrote:
| They wouldn't even be able to.
|
| WA is end-to-end encrypted.
| alex-robbins wrote:
| WhatsApp is closed source. They could backdoor it if they
| wanted to (or were forced to).
| bitpush wrote:
| And so in Apple and iOS. What is your point?
| j-bos wrote:
| > (where you don't even have the right to legal advice, or the
| right to remain silent)
|
| A lot is posted about LEO's lying in the US, this seems worse.
| dustingetz wrote:
| how much distance between
|
| 1) tech monopoly strong enough to stand up to G7 nation state
| demands
|
| 2) tech monopoly strong enough to remove itself from G7 nation
| state jurisdiction?
|
| edit: s/monopoly/empire, apologies
| r00fus wrote:
| It's amusing to think of Apple as a "monopoly" (if anything
| they have a monopsony on TSMC production) but let's just
| replace that with "giant" for purposes of discussion.
|
| Tech giants typically devolve local operations to small
| companies to avoid liability - think petroleum suppliers not
| owning gas stations (because those typically end up as
| superfund sites). Not sure if this analogy this works for
| Google Android and all the manufacturers that deploy it for
| their smartphones too.
|
| So corporations have been doing this forever, trying to find
| legal loopholes where they can have their cake and eat it
| too.
| nobankai wrote:
| If Apple has no monopoly, why do people even care if their
| services are backdoored? Clearly they can just buy another
| cell phone if the idea of persistent surveillance disturbs
| them.
|
| Good news, everyone; we've solved the UK's privacy crisis!
| stalfosknight wrote:
| Apple is not a monopoly.
| fdb345 wrote:
| Your Android and Microsoft backup aren't encrypted. They are
| already fair game for a warrant.
| Krasnol wrote:
| It's always hilarious to see how far people here are ready to
| go to twist some bad Apple news into something which might be
| considered good.
|
| I mean seriously. Apple making a stand? What stand? They are
| ripping security out of their customers hands. Customers which
| are already dependent on the company's decision in their locked
| in environment.
|
| There is absolutely nothing good about it, and you dragging
| Android into it and making it look like it's even worse is
| suspicious. You can have full control over your Android device.
| Something impossible on an Apple phone. You can make your
| Android device safer than your iPhone.
| amatecha wrote:
| There is an upside (if you trust them) -- they're pulling a
| feature rather than adding a back door to it. Supposedly,
| anyway.
| yunwal wrote:
| The government forced them to pull the feature. Would you
| rather they left a toggle-switch that doesn't actually do
| anything? Or are you thinking they should just pull out of
| the EU altogether?
| troupo wrote:
| > What concerns me more is that Apple is the only company
| audibly making a stand.
|
| They are not making a stand. They roll over without a peep. And
| this is concerning users' privacy which they say is the core of
| the company.
|
| Compare it to fighting every government tooth and nail over
| every single little thing concerning the "we don't know if it's
| profitable and we don't keep meeting records" AppStore
| givinguflac wrote:
| " They roll over without a peep."
|
| What are you talking about? This is literally them doing the
| opposite, and there are multiple other public instances of
| them making a stand, not to mention in the design of their
| systems.
|
| Truly curious how you see this that way.
| troupo wrote:
| "Literally doing the opposite" would be keeping encryption
| on.
|
| Removing encryption for everyone is literally doing the
| opposite of making a stand
| coaksford wrote:
| They had two paths to comply with the law. Silently
| backdoor the worldwide cloud serving every Apple device,
| or loudly tell people in the UK they don't get to have
| security because their government prohibits them. Between
| these two options, this is clearly "making a stand".
|
| It's not as much "making a stand" as telling a major
| government that you have substantial seizable assets
| under their jurisdiction who is a major market you want
| to be in, that you're not going to do the thing that
| their laws say you are required to do, but it's hardly
| simple compliance either, instead of doing what the
| government wants them to do, they are making sure there
| is blowback.
|
| Whether to try to fight it in court likely depends on
| details of case law and the wording of the laws they'd be
| contesting, I imagine much of the delay in their response
| to the demand was asking their lawyers how well they
| think they would fare in court.
| alt227 wrote:
| > Apple is the only company audibly making a stand
|
| Apples stand is false, they take with one hand and give with
| the other. There have been many times that Apple have been
| caught giving user data to governments at their request, lied
| about it, then later on admitted it once it had leaked from
| another source.
|
| This whole 'we will never make a backdoor' is a complete
| whitewash marketing stunt, why do they need to make a backdoor
| when they are providing any and all metadata to any government
| on request.
|
| https://www.macrumors.com/2023/12/06/apple-governments-surve...
| jonhohle wrote:
| I think that's the whole point of their push to E2E encrypt
| as much as possible. Saying they can't unencrypted something
| worked for a while.
| lilyball wrote:
| > _There have been many times that Apple have been caught
| giving user data to governments at their request, lied about
| it, then later on admitted it once it had leaked from another
| source._
|
| In other words, Apple complies with legal government orders,
| as they are required to. The government can compel them with
| a warrant to hand over data that they have, and can prohibit
| them from talking about it. That's the whole reason for the
| push towards end-to-end encryption and for not collecting any
| data Apple doesn't need to operate the products. This also
| ties into things like photo landmark identification, where
| Apple designed it such that they don't get any information
| about the requests and so they don't have any information
| that they could be compelled to hand to the government.
| tholdem wrote:
| > What concerns me more is that Apple is the only company
| audibly making a stand.
|
| But still Apple operates in China and Google does not. This is
| weird to me. Google left China when the government wanted all
| keys to the citizens data. Apple is making a stand when it's
| visible and does not threaten their business too much.
|
| Apple is not really in the business of protecting your data,
| they are just good at marketing and keeping their image.
| dclowd9901 wrote:
| Perhaps Apple has a greater leverage in China due to its
| outsized manufacturing presence. And it's likely they already
| dont offer ADP to Chinese citizens.
| bitpush wrote:
| lol you think Apple has more leverage than China? What
| world are you living in?
| noirbot wrote:
| China feels like an important difference here though. Google
| leaving China doesn't protect Chinese citizen's data any more
| than Apple turning off ADP in the UK does. As far as I know,
| Apple isn't _pretending_ that the data of Chinese users is
| encrypted from their government, and the way they 're
| complying with the Chinese laws shouldn't impact the security
| of users outside of China.
|
| Apple pulling ADP from UK users is similar - the UK has
| passed an ill-considered law that Apple doesn't think it can
| win a court case over, so they're complying in a way that
| minimally effects the security of people outside the UK. If,
| as someone outside the UK, I travel to the UK with ADP turned
| on, my understanding is it won't disable itself.
|
| Would you have been more satisfied if Apple just pulled out
| of the UK entirely? Bricked every iPhone ever purchased
| there? Google doesn't seem to have made any stand for
| security ever - them pulling out of China feels more to do
| with it meaning they wouldn't have had access to Chinese
| users' data, which is what they really want.
| WhyNotHugo wrote:
| iCloud in China is operated by a local subsidiary. There is a
| dedicated screen explaining this when you set up an iCloud
| account in this region.
|
| They adapt to the local rules of each region, much like
| they're doing here in the UK.
| wrsh07 wrote:
| Eh Google had pretty good reasons to not operate in China
| (not seeing them in this thread, don't recall the details
| precisely enough to relate here)
|
| Apple is deeply embedded in China (manufacturing) and
| benefits from a decent (but shrinking) userbase in the
| country. China isn't asking for the keys to all iphone user
| data, just data stored in China.
| GeekyBear wrote:
| > Google left China when the government wanted all keys to
| the citizens data.
|
| Google left China after China started hacking into Google's
| servers.
|
| > In January, Google said it would no longer cooperate with
| government censors after hackers based in China stole some of
| the company's source code and even broke into the Gmail
| accounts of Chinese human rights advocates.
|
| https://www.nytimes.com/2010/03/23/technology/23google.html
|
| They were working to reenter the China market on China's
| terms many years later, when Google employees leaked the
| effort to the press. Google eventually backed down.
| JumpCrisscross wrote:
| > _One scenario would be somebody in an airport and security
| officials are searching your device_
|
| No Heathrow connection necessary. "The law has extraterritorial
| powers, meaning UK law enforcement would have been able to
| access the encrypted iCloud data of Apple customers anywhere in
| the world, including in the US" [1].
|
| [1]
| https://www.ft.com/content/bc20274f-f352-457c-8f86-32c6d4df8...
| kimixa wrote:
| The US claims the same
|
| https://en.wikipedia.org/wiki/CLOUD_Act
|
| Lots of Americans in this thread seem to be talking down to
| other countries laws while being completely unaware of their
| own
| Fnoord wrote:
| > There's no time limit on when you may be searched, so all
| people who ever travelled through British territory could be
| searched by officials.
|
| > Let that sink in for a moment. We're talking about the
| largest back door I've ever heard of.
|
| Codename 'Krasnov' is the largest backdoor _I_ have ever heard
| of. And, we only need to look at his behavior.
|
| These E2EE from USA can be tainted in so many ways, and FAMAG
| sits on so much data, that codename 'Krasnov' can abuse such to
| target whoever he wants in West. Because everyone you know is
| or has been in ecosystem of Apple, Google, or Microsoft.
|
| Whataboutism! Fair. From my PoV, as European, the UK government
| is (still) one of the good guys who will protect Europe from
| adversaries such as those who pwn codename 'Krasnov'. Such
| protection may come with a huge price.
| martin_a wrote:
| > We're talking about the largest back door I've ever heard of.
|
| Meh, I don't know. I can still decide to not go the UK and be
| fine. I think the CLOUD Act is much worse because it's
| independent from where I am.
| h4ck_th3_pl4n3t wrote:
| Remember that the last fiasco was related to 2FA stores being
| stored unencrypted on google's backup cloud, namely google
| authenticator.
|
| And yes, it's still pwnable this way, and happens regularly.
|
| Everything in the cloud is not yours anymore, and you should
| always treat it like that.
| marcprux wrote:
| > you think Google didn't already sign up to this?
|
| My understanding is that Android's Google Drive backup has had
| an E2E encryption option for many years (they blogged about it
| at https://security.googleblog.com/2018/10/google-and-
| android-h...), and that the key is only stored locally in the
| Titan Security Module.
|
| If they are complying with the IPA, wouldn't that mean that
| they must build a mechanism into Android to exfiltrate the key?
| And wouldn't this breach be discoverable by security research,
| which tends to be much simpler on Android than it is on iOS?
| nomel wrote:
| My assumption is that Google has keys to everything in its
| kingdom [1].
|
| [1] https://qz.com/1145669/googles-true-origin-partly-lies-
| in-ci...
| marcprux wrote:
| > My assumption is that Google has keys to everything in
| its kingdom
|
| If that were true, then their claims to support E2E
| encrypted backups are simply false, and they would have
| been subject to warrants to unlock backups, just like Apple
| had been until they implemented their "Advanced Data
| Protection" in 2022.
|
| Wouldn't there have been be some evidence of that in the
| past 7 years, either through security research, or through
| convictions that hinged on information that was gotten from
| a supposedly E2E-protected backup?
| chatmasta wrote:
| Ugh. Is this by App Store country? Anyone know what happens if I
| already have it configured? I'm actually in US App Store region
| and sometimes switch to UK... I wonder if that would disable it.
| drcongo wrote:
| Could any hackers on here now please hack the fuck out of UK
| government ministers please?
| alecco wrote:
| I doubt it would play out like you think.
| wackget wrote:
| So instead of building a back door they're just completely
| removing the option to use E2E encryption altogether, thus making
| everything freely available to government by default?
|
| How is that not worse or at least equivalent to a back door?
| wonderwonder wrote:
| The UK requested the backdoor for all users, not just UK
| citizens.
| mholt wrote:
| No illusion of privacy.
| roughly wrote:
| They're just pulling the feature in the UK. If they put in a
| back door, they're pulling the feature for everyone.
| ziddoap wrote:
| > _How is that not worse or at least equivalent to a back
| door?_
|
| It's bad for the citizens of the UK and better for everyone
| else on the planet with an iPhone. UK citizens should be angry
| with their government, not Apple.
| poisonborz wrote:
| Much better than a false sense of security. Customers know what
| they get, and can choose other products instead of being
| confused or cheated.
| incorrecthorse wrote:
| It _is_ equivalent to a back door, that's the point. The UK
| demand can be accessed more rapidly and properly by disabling
| the feature than by implementing a backdoor, since it is the
| same thing.
| varispeed wrote:
| Many departments use iphones. I wonder how it will affect
| government security or government employees will be exempt?
| Eavolution wrote:
| What are you actually supposed to do in the UK if you oppose this
| sort of thing to stop laws like this coming in? It feels like the
| government has been incredibly out of touch for the last number
| of years.
| redox99 wrote:
| I would guess you'd vote a libertarian party.
| Apfel wrote:
| Probably the best on the civil liberties front are the
| Liberal Democrats (they were pretty good at quashing
| mandatory national ID cards back in the day, at least).
|
| That being said, they still have a lot of folk angry at them
| for allowing university fees to be introduced 15 years ago
| when they were in coalition government (a Tory policy!).
| IneffablePigeon wrote:
| Join the ORG for starters. Contact your MP. But yes, the number
| of people who care is small and so things will not change until
| it is large.
| i2km wrote:
| You get the hell out and emigrate. I did so last year. It's not
| going to get better chap
| nobankai wrote:
| Stop buying iPhones? _You 're_ the one patronizing the
| "Leopards eating people's faces" business, the writing has been
| on the wall for decades now.
| aqueueaqueue wrote:
| That doesn't help. Next they'll come for the privacy phones.
| nobankai wrote:
| "Privacy phones" don't force a single cloud provider down
| your throat. They are fundamentally not capable of
| enforcing a vertically integrated backdoor like the one the
| UK requests.
| aqueueaqueue wrote:
| New Law: "Usage of an unsanctioned phone by a
| manufacturer not certified as meeting the UK privacy
| standards is illegal to operate.".
|
| You fight the less draconian draconian law to avoid
| needing to fight the worse one.
| nobankai wrote:
| Right, that will go down in history with the UK's other
| notoriously effective regulations like... _checks
| clipboard_ ...TV licenses and the alcohol ban on public
| transport.
|
| As an American I have lost all sympathy for people that
| refuse to regulate our businesses. They ate us alive, and
| unless you do something about it they will eat you too.
| wonderwonder wrote:
| The UK wanted access to anyone's data. Not just UK citizens and
| then additionally added regulations forbidding apple to disclose
| this.
|
| UK is ~3-4% of apples income. While I appreciate Apples actions
| here, I wish they would make a real stand here and pull
| completely out of the UK.
| mtrovo wrote:
| I really wish they would sit down and negotiate this more
| openly. The silence from the other players is what really makes
| me uncomfortable. The fact that only Apple is making a stand
| against this ask is really scary.
| wonderwonder wrote:
| Agreed, the UK is speed running 1984 right in front of us.
| ta8645 wrote:
| Free speech already under threat and now y'all are giving up the
| right of private communication too? For anyone cheering this on,
| do you honestly think this will only affect the "bad people", and
| you'll never have your own neck under the government's boot? Even
| if you trust the government today, what happens when your
| neighbors elect a government you disagree with ideologically?
| multimoon wrote:
| I don't think anyone is cheering this on.
| mihaaly wrote:
| Instead of the word cheering we could use letting.
|
| Bad people flourish over the inaction of good people.
|
| (but yes, there are always several who protect and argue for
| things risking their own and everyone's livelihood, exposing
| themselves to shady elements, along singled out and elevated
| thin aspects, cannot understood why)
| ohnoitsahuman wrote:
| Let's vote Labor and Liberal to keep the UK from going fascist on
| our data.
|
| Oh wait....shit.
| basisword wrote:
| This was done under the Investigatory Powers Act which was
| brought in in 2016. Saying that Labour weren't exactly against
| it at the time. Point being snooping isn't left or right - they
| all love it.
| switch007 wrote:
| Labour are not anti authoritarian. Often quite pro
| b800h wrote:
| The party most likely to cut this stuff out is Reform, although
| they'd probably be closer to ambivalent about it.
| spacebanana7 wrote:
| I'm pretty sure Reform would scrap this stuff, given the
| belief their part of politics has been a victim of these
| laws.
|
| Also worth considering Lib Dem if you're not into right wing
| politics- they did vote against the relevant investigatory
| powers act back in 2016.
| JansjoFromIkea wrote:
| UKIP/Brexit/Reform as a vehicle to hold large influence over
| politics from outside Westminster might.
|
| I would imagine the party's attitudes on a myriad of things
| would shift if they were in power though.
| rvz wrote:
| They got what they voted for and now that those voters are
| surprised?
|
| It's really hilarious to try to blame previous governments for
| such unpopular moves like this one.
|
| If Labour was any better, then they would never have used the
| Investigatory Powers Act to force Apple to take actions such as
| this.
|
| For those who thought Labour would never do this, should just
| admit that this move was done under Labour and they are no
| better than the Tories.
| JansjoFromIkea wrote:
| The Blairite wing of that party has always been extremely bad
| with this kind of thing (see Tony Blair's obsession with ID
| cards over the decades) so it's unsurprising they'd push
| something like this.
| ilumanty wrote:
| What exactly can UK users do now? Turn off "backup iPhone to
| iCloud" and stop syncing notes?
| buildbot wrote:
| If you have ADP, Leave it on and have them automatically delete
| it at some point? Otherwise yes.
|
| "Customers who are already using Advanced Data Protection, or
| ADP, will need to manually disable it during an unspecified
| grace period to keep their iCloud accounts, according to the
| report. Apple said it will issue additional guidance in the
| future to affected users and that it "does not have the ability
| to automatically disable it on their behalf."
| GeekyBear wrote:
| UK users can still perform an encrypted backup to their local
| PC or Mac.
| Jackknife9 wrote:
| I'm going to start purging anything I store on the cloud. I'm not
| doing anything illegal, but why does the government want to treat
| me like I am.
| docmars wrote:
| Indeed. Time to leave the panopticon!
| dsmurrell wrote:
| _disables apple cloud sync_
| tw600040 wrote:
| Ok, I am not very technical. Can someone help me understand this.
| I don't have Advanced data Protection on. Does that mean UK Gov
| can see my data now?
| itishappy wrote:
| Potentially. It really just means your data is stored
| unencrypted, so anybody that has access to Apple's servers can
| access your data. I don't believe any government has open
| access to Apple's servers, but they can get a warrant.
| tw600040 wrote:
| I just realized ADP is not same as Lockdown mode. which Apple
| mentioned that only people that are likely to be targets need
| to turn on.
|
| Now I don't see any reason why I shouldn't turn ADP on.
| Turning on now.
| frizlab wrote:
| They always could. With advanced data protection they could
| not. The law mandated to add a backdoor to allow the government
| to also see encrypted data (which made the encryption insecure
| by definition). Apple refused to comply so you don't even have
| the option to encrypt your backups now.
| tene80i wrote:
| It means Apple has the encryption keys to your backed-up data.
| So they can, in theory, access it, if the UK Gov demands that
| they do. That might never happen to you, but with ADP it would
| have been impossible, because even Apple can't access it.
|
| See https://support.apple.com/en-us/102651
| Goleniewski wrote:
| Think about it.. You don't even have to be an Apple user to be
| affected by this issue. If someone backs up their conversations
| with you to apple cloud, your exchange is now fair game. You get
| no say in it either.
|
| We all lose.
| noahjk wrote:
| Very similar to sites like LinkedIn, which ask you to share
| your personal info & contact list.
|
| I don't want to share my contact details, but the second
| someone I know decides to opt in, I lose all rights to my own
| data as they've shared it on my behalf.
|
| Maybe they have other info, such as birthday, home address,
| other emails or phone #s, etc. stored for me, which is all fair
| game, as well.
| freeqaz wrote:
| That's why it's important to use apps like Signal where you can
| set the retention of your messages. I've got everybody I know
| using it now!
| madeofpalk wrote:
| Given historical backups are the norm here, retention only
| does so much.
|
| Really, apps should encrypt their own storage with keys that
| aren't stored in the backups. That's how you get
| security/privacy back.
| cma wrote:
| Many people want control over whether they back up
| conversations with others, and think it would be crazy for
| sender to control the retention policy instead of receiver.
|
| I think sender should just be able to send a recommended
| preference hint on retention and you could have an option
| to respect it or not.
| buran77 wrote:
| > That's how you get security/privacy back.
|
| Nothing an app does on a device guarantees you security or
| privacy if you don't trust or fully control the device.
| hugh-avherald wrote:
| Setting a retention time out is playing with fire. If the
| police get ahold of the other party's device, and present an
| exhibit which they say contains the true conversation, you
| could be worse off than if you retained the conversation. The
| fact that you have since deleted it could be incriminating.
|
| In some jurisdiction, yes, legally, such evidence might not
| be probative, but you might still convicted because of it.
| fdb345 wrote:
| message retention has literally NEVER been used as
| incrimination in a court of law. So you are wrong.
| sangeeth96 wrote:
| Umm, isn't this related?
| https://www.theverge.com/2024/4/26/24141801/ftc-amazon-
| antit...
| nickburns wrote:
| No. That's a civil discovery matter.
| dvtkrlbs wrote:
| I don't think so. Corporate communication is bound by
| different laws and you have way higher burden of evidence
| in case of legal requests. I don't think this creates a
| precedent for personal communications.
| bunderbunder wrote:
| This isn't Amazon getting in trouble for implementation
| of a routine records retention policy. It's Amazon
| getting in trouble for violating a document retention
| mandate related to an ongoing lawsuit.
| the_other wrote:
| Yes, but if I'm reading it right, Amazon staff were
| already inder instruxtion to retain and share data
| relevant to an ongoing investigation. They were aware of
| the process and, if the article is to be believed, worked
| against the instructions.
|
| That's quite different from turning disappearing messages
| on when you're not explicitly under insteuctions to keep
| records.
| vuln wrote:
| The retention time can be set by individual conversation
| not just the whole app.
| nickburns wrote:
| Ephemeral messaging is not a crime.
| fdb345 wrote:
| In a world where they cancel encryption they can't access...
| doesn't Signal and its CIA funded origins concern you?
| HumblyTossed wrote:
| Nope. I actually think that would bring more scrutiny and
| so I feel safer knowing it's not be cracked.
| fdb345 wrote:
| interesting and illogical reply
| HumblyTossed wrote:
| No more illogical than trusting Apple's security because
| it is ... Apple.
| Vaslo wrote:
| Scary - I try to use signal as much as possible now for this
| reason.
| IshKebab wrote:
| Signal can't evade this law either.
| blfr wrote:
| Why not? Signal was willing to run all kinds crazy setups
| to evade foreign laws, like domain fronting.
|
| https://signal.org/blog/doodles-stickers-censorship/
| globular-toast wrote:
| Security hinges on trust. The only real privacy tool is PGP
| which uses a web of trust model. But it only works if people
| own their own computers and storage devices. What they've done
| is got everyone to rent their computers and storage instead.
| There's no security model that works for the users here.
| ComputerGuru wrote:
| Note that this doesn't satisfy the government's original request,
| which was for _worldwide_ backdoor access into E2E-encrypted
| cloud accounts.
|
| But I have a more pertinent question: how can you "pull" E2E
| encryption without data loss? What happens to those that had this
| enabled?
|
| Edit:
|
| Part of my concern is that you have to keep in mind Apple's
| defense against backdooring E2E is the (US) doctrine that work
| cannot be compelled. Any solution Apple develops that enables
| "disable E2E for this account" makes it harder for them to claim
| that implementing that would be compelling work (or speech, if
| you prefer) if that capability already exists.
| madeofpalk wrote:
| When you disable ADP, your local encryption keys are uploaded
| to Apple's servers to be read by them.
|
| Apple could just lock you out of iCloud until you do this.
| oakesm9 wrote:
| That's exactly the plan. Anyone with this enabled in the UK
| will need to manually disable it or they'll get locked out of
| their iCloud account after a deadline.
| jl6 wrote:
| We are told the encryption keys reside only on your device. But
| Apple control "your" device so they can just issue an update
| that causes your device to decrypt data and upload it.
| RenThraysk wrote:
| Would just upload the keys
| drexlspivey wrote:
| Presumably these keys live in a hardware security module on
| your phone called "secure enclave" and cannot be extracted
| RenThraysk wrote:
| Ah yes, good point.
| fsflover wrote:
| Is this module auditable though, or is "just trust us",
| like everything in the Apple world?
| LPisGood wrote:
| It's auditable in the sense that there is a very high
| potential for reward (both reputationally and
| financially) for security researchers to break it.
| theshrike79 wrote:
| If someone has a reliable and workable secure enclave
| hack they can become a multi-millionaire for selling to
| state actors or become one of the most famous hackers in
| the world overnight (and possibly get a life changing
| amount of bounty from Apple)
|
| Basically it's not a hack someone just throws on the
| internet for everyone to use, it's WAY too valuable to
| burn like that.
| watusername wrote:
| From the Advanced Data Protection whitepaper [0], it
| appears the keys are stored in the iCloud Keychain
| domain, so not the Secure Enclave:
|
| > Conceptually, Advanced Data Protection is simple: All
| CloudKit Service keys that were generated on device and
| later uploaded to the available-after-authentication
| iCloud Hardware Security Modules (HSMs) in Apple data
| centers are deleted from those HSMs and instead kept
| entirely within the account's iCloud Keychain protection
| domain. They are handled like the existing end-to-end
| encrypted service keys, which means Apple can no longer
| read or access these keys.
|
| [0]: https://support.apple.com/guide/security/advanced-
| data-prote...
| jiveturkey wrote:
| wrapped by a key hierarchy ultimately rooted by a key
| stored in the secure enclave.
| watusername wrote:
| Well yes, the entire storage is. I was trying to explain
| how it's extractable.
| jiveturkey wrote:
| fair!
| GeekyBear wrote:
| Apple has already fought US government demands that they push
| an update that would allow the US governmrnt to break
| encryption on a user's device.
|
| > In 2015 and 2016, Apple Inc. received and objected to or
| challenged at least 11 orders issued by United States
| district courts under the All Writs Act of 1789. Most of
| these seek to compel Apple "to use its existing capabilities
| to extract data like contacts, photos and calls from locked
| iPhones running on operating systems iOS 7 and older" in
| order to assist in criminal investigations and prosecutions.
| A few requests, however, involve phones with more extensive
| security protections, which Apple has no current ability to
| break. These orders would compel Apple to write new software
| that would let the government bypass these devices' security
| and unlock the phones.
|
| https://www.wikipedia.org/wiki/Apple%E2%80%93FBI_encryption_.
| ..
| rdtsc wrote:
| > how can you "pull" E2E encryption without data loss? What
| happens to those that had this enabled?
|
| They'll keep your data hostage and disable your iCloud account.
| Clever, huh? So they are not deleting it, just disabling your
| account. "If you don't like it, make your own hardware and
| cloud storage company" kind of a thing.
| lynx97 wrote:
| More like "If you don't like it, talk to your local
| politicians", which is, IMO, a totally valid approach.
| rdtsc wrote:
| > "If you don't like it, talk to your local politicians",
|
| Indeed people only noticed this because Apple tried to do
| the right thing and now it's somehow also Apple's fault. No
| good deed goes unpunished, I guess.
|
| I think there is a feeling the government power is so
| overwhelming that they are hoping maybe some trillion
| dollar corporation would help them out somehow.
| tripdout wrote:
| The iOS screenshot displays a message saying it's no longer
| available for new users.
| globular-toast wrote:
| > But I have a more pertinent question: how can you "pull" E2E
| encryption without data loss? What happens to those that had
| this enabled?
|
| Well exactly. The UK just showed the whole thing is a joke and
| that Apple _can_ do this worldwide.
| wrs wrote:
| > how can you "pull" E2E encryption without data loss
|
| You can't. The article says if you don't disable it (which you
| have to do yourself, they can't do it for you, because it's
| E2E), your iCloud account will be canceled.
| nashashmi wrote:
| At this point, the right thing to do is allow for an alt-
| service.
| mtrovo wrote:
| Apple is in a really tough position. I don't know if there's
| any way they could fulfil the original request without it
| effectively becoming a backdoor. Disabling E2E for the UK
| market is just kicking the can down the road.
|
| Even simply developing a tool to coerce users out of E2E
| without their explicit consent to comply with local laws could
| be abused in the future to obtain E2E messages with a warrant
| on different countries.
|
| A very difficult position to be in.
| replete wrote:
| Or, this is how they save face with their customers having
| complied with the request rather than stop trading with the
| UK.
| MetaWhirledPeas wrote:
| > Apple is in a really tough position.
|
| You mean Apple is in a unique position to make a statement.
| _No more Apple products in the UK._ Mic drop. Exit stage
| left.
| TeaBrain wrote:
| I think Prof Woodward's quote in the article will likely hold
| true for Apple's response to the original UK government
| request:
|
| "It was naive of the UK government to think they could tell a
| US technology company what to do globally"
| kelnos wrote:
| > _the (US) doctrine that work cannot be compelled_
|
| Is this actually a thing? Telecoms in the US are compelled to
| provide wiretap facilities to the US and state and local
| governments.
| yapyap wrote:
| yikes
| DataOverload wrote:
| This was predictable vs creating a backdoor
| mynameyeff wrote:
| Yikes... looks like Apple sun is setting. This cannot be allowed
| to happen.
| HPsquared wrote:
| It's not just an Apple thing. It's not even just a UK thing.
| throwaway77385 wrote:
| The nightmare continues. For now I am using 3rd party backup
| services that are (currently) promising me that my backups are
| encrypted by a key they do not have access to, or control over.
| But can this even be believed in an age where these secret
| notices are being served to any number of companies? I suppose
| the next step would be to ensure that files don't ever arrive in
| the cloud unencrypted, but I have yet to see a service that
| allows me to do this with the same level of convenience as, say,
| my current backup solution, which seamlessly backs up all my
| phones, my family members' phones, my laptops, their laptops etc.
| I depend on having an offsite backup of my data. Which inevitably
| includes my clients' data also. Which I am supposedly keeping
| secret from outside access. So how does that work once everything
| becomes backdoored?
| nemomarx wrote:
| security and convenience are ever at war.
| grahamj wrote:
| IMO the only thing you can have a high level of trust in is
| your own *nix server. Backup those devices to it then encrypt
| there before being sent to the cloud.
| JohnFen wrote:
| Handling the encryption yourself is the way to go, but for
| maximum security, don't send that encrypted data to the
| cloud. Keep it all on your own server(s).
|
| That doesn't help people who aren't technically capable, of
| course. But at least those who are can protect themselves.
| acuozzo wrote:
| > your own *nix server
|
| Just be sure it's pre-Intel Management Engine / pre-AMD
| Platform Security Processor!
| globular-toast wrote:
| Convenience usually comes at a cost. You shouldn't have to
| trust anyone. Just use a generic storage service and only
| upload encrypted files to it. Syncthing + Rclone will probably
| get you a similar setup that you control.
| jahewson wrote:
| In the case of the U.K., they can throw you in jail for not
| handing over your encryption key, so it's a moot point. They've
| been slowly expanding this power for twenty years now.
| bloqs wrote:
| Not for content in the cloud, as far as I understand. Someone
| will correct me, but you can be arrested and threatened with
| terror charges if you dont unlock your device, but this does
| not give them permission to access other computers via the
| internet.
| commandersaki wrote:
| Tommy Robinson trial for refusing to provide his unlock
| credentials when ingressing UK is happening in March this
| year.
| fdb345 wrote:
| ive been through all this with the law. no one ever got
| jailed for not handing over encryption keys unless they were
| a definitive criminal and theres strong evidence there is
| criminal data on the device.
|
| they tried this with me (NCA) but the judge wouldnt sign off
| as they had nothning on me or my device. this did however
| REALLY want to access it! fuck them. pricks
| callc wrote:
| Ah yes, the "we have all the power but pinky promise to
| only use it on the bad guys" playbook. I have complete
| confidence and trust in that promise. /s
| jcarrano wrote:
| The smartphone is a terrible platform. Something like this could
| never happen on the PC, where you can install any encryption and
| backup software that you want.
|
| While Apple did the right thing by refusing to give the UK
| government a backdoor, they are responsible for getting users in
| this situation in the first place.
|
| I'm not familiar with the iPhone and maybe there is already an
| alternative to iCloud ADP, although that would make this whole
| situation completely nonsensical.
| snowwrestler wrote:
| I haven't checked lately but since it launched the iPhone has
| allowed the owner to choose whether to back up to Apple's
| servers (which would be affected by the UK order) or back up to
| their local computer.
| inetknght wrote:
| > _or back up to their local computer._
|
| You mean back up to their Apple computer, yes?
|
| I certainly can't back up an iPhone to my Linux computer.
| sumuyuda wrote:
| Actually I think you can backup and restore your iPhone on
| Linux using libimobiledevice. They reverse engineered the
| protocols for the backup and restore service running on
| your iPhone.
|
| https://libimobiledevice.org/
| inetknght wrote:
| > _Something like this could never happen on the PC, where you
| can install any encryption and backup software that you want._
|
| Microsoft wants to have a word with you regarding their Windows
| operating system that's installed on their device that you're
| renting.
| shuckles wrote:
| The smartphone platform is the most secure by default personal
| computer most people own, largely because of the control
| enforced by Apple.
| sunshowers wrote:
| But along with that also comes a massive pressure point for
| rogue states to take advantage of. With a diversity of
| services this would not be nearly as possible.
| devsda wrote:
| If we are saying "secure", we should talk about what we are
| securing and against whom.
|
| A smartphone may be secure against malicious individual
| actors but its certainly not the most secure when it comes to
| your private data. Modern day smartphone is designed to
| maximize capturing your private information like location,
| communication patterns, activity and (sometimes) health
| information and pass it on to as many private players(a.k.a
| apps) as possible, even to governments without your
| knowledge. You don't have much control over it.
|
| In that aspect it is less secure than your typical PC. A PC
| doesn't have that level of private information in the first
| place and whatever information it has will leak only if you
| opt-in or get infected by malware.(recent Windows versions
| without necessary tweaks may be considered a malware by
| some).
| shuckles wrote:
| Plenty of people access their health records, etc. on a PC
| via files downloaded to random places on their computer.
| Are you trying to just say smartphones have a lot of
| sensors and are carried around in intimate places?
| jahewson wrote:
| Given that the most popular software of this kind is Dropbox
| I'm quite confident that nothing you've said is true.
| fjjjrjj wrote:
| Does this mean I should treat travel to the UK the same way as
| China and only bring a burner device with no information on it or
| on cloud backup accounts?
| gnfargbl wrote:
| Border control agents in all countries -- including the US --
| have fairly extensive powers to search your devices or deny you
| entry. I'm not sure this decision should change your calculus
| on that point.
|
| See also https://medium.com/@thegrugq/stop-fabricating-travel-
| securit...
| fjjjrjj wrote:
| Company trade secrets probably shouldn't be on the device?
| Edit - or the device's cloud backups?
| tene80i wrote:
| I have a naive question, and it's genuine curiosity, not a
| defence of what's happening here.
|
| This ADP feature has only existed for a couple of years, right? I
| understand people are mad that it's now gone, but why weren't
| people mad _before_ it existed? For like, a decade? Why do people
| treat iCloud as immediately dangerous now, if they didn't before?
|
| Did they think it was fully encrypted when it wasn't? Did people
| not care about E2E encryption and now they do? Is it that E2E
| wasn't possible before? If it's such a huge deal to people now,
| why would they have _ever_ used iCloud or anything like it, and
| now feel betrayed?
| writtenAnswer wrote:
| I think it is more about going backwards. It is often difficult
| to remove laws than to add them. This is a similar situation.
|
| In this situation, I agree that it is bad day for personal
| privacy/security
| RenThraysk wrote:
| Think most people had no idea how it worked, it was magic to
| them.
|
| iCloud hacks (like in 2014) have raised awareness for the need
| for E2EE.
| Shank wrote:
| I guess I'm one of the people who was upset that it didn't
| exist before, and I didn't enable iCloud Backup as a result. I
| didn't use iCloud Photos. I had everything stored on a NAS
| (which was in-fact encrypted properly) and used a rube
| goldberg-esque setup to move data to it periodically. I used
| iMazing and local encrypted backups on a schedule.
|
| Lots of people called for E2EE on this stuff, but let's be real
| about one thing: encryption as a feature being more accessible
| means more people can be exposed to it. Not everyone can afford
| a rube goldberg machine to backup their data to a NAS and not
| make it easily lost if that NAS dies or loses power. It takes
| immense time, skill, and energy to do that.
|
| And my fear isn't the government, either, mind you. I simply
| don't trust any cloud service provider to not be hacked or
| compromised (e.g., due to software vulnerability, like log4j)
| on a relatively long timescale. It's a pain to think about
| software security in that context.
|
| For me, ADP solves this and enables a lot of people who
| wouldn't otherwise be protected from cloud-based attacks to be
| protected. Sure, protection against crazy stuff like government
| requests is a bonus, but we've seen with Salt Typhoon that any
| backdoor _can_ be found and exploited. We 've seen major
| exploits in embedded software (log4j) that turn out to break
| massive providers.
|
| So, there were people upset, their concerns were definitely
| voiced on independent blogs and random publications, and now,
| we're back in the limelight because of the removal of the
| feature for people in the UK.
|
| But, speaking as a user of ADP outside of the UK, I am _happy_
| that ADP is standing up for it, and thankful that it exists.
|
| (To be clear: government backdoors, and government requests
| also scare me, but they aren't a direct threat to _myself_ as
| much as a vulnerability that enables all user data to be viewed
| or downloaded by a random third-party).
| freeone3000 wrote:
| iCloud and iPhones have traditionally resisted _US_
| governmental overreach, only giving data to iCloud in cases of
| actual criminal prosecution against specific individuals. As
| well, iPhone backups in iCloud is relatively new, as are many
| other arbitrary storage features -- it used to just be your
| songs and your photos! Now it's data from all of your apps and
| a full phone backup. Hence the resistance: the stories of
| police being unable to recover data from a locked iPhone may
| now be over
| hirako2000 wrote:
| A few factors
|
| - e2e encryption is not ubiquitous yet, but awareness is
| ascending.
|
| - distrust for government also is on the uptrend.
|
| - more organized dissent to preserve privacy.
|
| No people didn't assume data was encrypted.
|
| Yes E2E has been possible for many decades, but businesses
| don't have privacy as a priority, sometimes even counter
| incentives to protect it. Personal data sells well.
|
| Things have changed because more people are getting to
| understand why it matters, forcing the hand of companies having
| to choice but at least feign to secure privacy.
| ziddoap wrote:
| At one point in time, the entirety of web communication was
| completely unencrypted.
|
| Why were people not mad then? Do you think people would be
| angrier now, if HTTPS were suddenly outlawed?
|
| Among other valid answers, removing rights and privileges
| generally makes people angrier than not having those rights or
| privileges in the first place.
| viciousvoxel wrote:
| Counterpoint: when web communication was unencrypted it was
| before we did our banking, tax filing, sent medical records,
| and sent all other kinds of sensitive information over the
| internet. The risks today are not remotely the same as they
| once were.
| bostik wrote:
| > _Why were people not mad then?_
|
| Oh, we were. I am in the crowd who had been asking for
| generally used encryption since 1995. After all, _we_ were
| already using SSH for our shell connections.
|
| The first introduction to SSL outside of internet banking and
| Amazon was for many online services to use encryption _only_
| for their login (and user preferences) page. The session
| token was then happily sent in the clear for all subsequent
| page loads.
|
| It took a while for always-on encryption to take hold, and
| many of the online services complained that enabling SSL for
| all their page loads was too expensive. Both computationally
| _and_ in required hardware resources. When I wrote for an ICT
| magazine, I once did some easy benchmarking around the impact
| of public key size for connection handshakes. Back then a
| single 1024-bit RSA key encryption operation took 2ms.
| Doubling it to 2048 bits bumped that up to 8ms. (GMP
| operations have O(n^2) complexity in terms of keysize.)
| aqueueaqueue wrote:
| "We" is an special group. I am technical but never thought
| much about it back then. There is a boiling frog. The 90s
| internet was used for searching and silly emails. Now it
| has you life in the cloud. But that didn't happen in a day.
| muyuu wrote:
| always used my own encryption and cyphered any sensitive
| data/communications, but the problem is that most people
| won't and you're often compromised by them
|
| simple solutions like Whatsapp, Signal and ADP brought this
| to the masses - which some governments have issues about -
| and this makes a massive difference to everybody including
| those who wouldn't be caught dead using an iphone anyway
|
| if we could go back to the early 1990s when only
| professionals, Uni students, techies and enthusiasts used the
| internet I'd go in a heartbeat but that's not the world we're
| living in
| jahewson wrote:
| The problem here is not with iCloud but with the U.K.
| government. People like to tell themselves the government isn't
| actually trampling their rights but events like this make it
| impossible to ignore.
| matthewdgreen wrote:
| Many of us were very upset about Apple's slow-rolling this
| feature. There were many claims that they delayed the rollout
| due to government pressure [1] (note: that story is by the same
| reporter who broke today's news a couple of weeks ago.)
|
| Rolling out encryption takes time, so the best I can say is
| "finally it arrived," and then it was immediately attacked by
| the U.K. government and has now been disabled over there. I
| imagine that Apple is also now intimidated to further advertise
| the feature even here in the U.S. To me this indicates we
| (technical folks) should be making a much bigger deal about
| this feature to our non-technical friends.
|
| [1] https://www.reuters.com/article/world/exclusive-apple-
| droppe...
| post_break wrote:
| Yes, I was mad before it existed and didn't use icloud backups.
| With the E2E and ADP I turned it on. If it gets nuked in the US
| I'll go back to encrypted local backups only.
| xyst wrote:
| People were mad. Remember the Snowden leaks and PRISM program
| from NSA? [1]
|
| In fact, Apple began to adopt "privacy" first marketing due to
| this fallout. Apple even doubled down on this by not assisting
| FBI with unlocking a terrorist suspects Apple device in 2016.
| [2]
|
| It was around that time I actually had _some_ respect for
| Apple. I was even a "Apple fanboy" for some time. But that
| respect and fanboi-ism was lost between 2019 and now.
|
| Between the deterioration of the Apple ecosystem (shitty macOS
| updates), pushing scanning of photos and uploading to central
| server (CSAM scanning scandal?), the god awful "Apple wall",
| very poor interoperability, and very anti-repair stance of
| devices.
|
| [1] https://www.theguardian.com/world/2013/jun/06/us-tech-
| giants...
|
| [2] https://money.cnn.com/2016/03/28/news/companies/fbi-apple-
| ip...
| GeekyBear wrote:
| You've always been able to perform encrypted backups to your
| own local PC or Mac out of the box, so people who do care about
| privacy have always had that option.
|
| One thing I've found concerning is that Apple had encrypted
| cloud backups ready to roll out years ago, but delayed
| releasing the feature when the US government objected.
|
| > After years of delay under government pressure, Apple said
| Wednesday that it will offer fully encrypted backups of photos,
| chat histories and most other sensitive user data in its cloud
| storage system worldwide, putting them out of reach of most
| hackers, spies and law enforcement.
|
| https://www.washingtonpost.com/technology/2022/12/07/icloud-...
|
| So the UK government isn't the only government that has
| objected to users having real privacy protections.
| fauigerzigerk wrote:
| I think it makes sense for the services we rely on to get more
| secure as the world gets more dangerous. It's an arms race. You
| don't want to go back.
| nikisweeting wrote:
| I was mad for years that ADP didn't exist / was being witheld
| due to Apple+FBI negotiations for years.
|
| I 100% treated iCloud as dangerous until they released it, and
| I cheered in the streets when they finally did.
| AzzyHN wrote:
| Hacker News is a small subsection of the internet. I think the
| majority of people, probably 90% or more, simply do not care
| that much.
| TradingPlaces wrote:
| Apple and the FBI were squabbling over this for a few years,
| and then Apple decided to end the conversation one day and
| implement ADP
| procaryote wrote:
| An E2E encrypted thing that later gets a special backdoor added
| is obviously much worse than a not E2E encrypted thing.
|
| It's like when google suddenly decided that their on-device-
| only 2FA app Google Authenticator should get an opt-out
| unencrypted cloud backup.
|
| It means people who don't pay a lot of attention can suddenly
| have much less protection than they were originally sold on.
| LeoPanthera wrote:
| iCloud did a lot less, in the past. Disabling it now gives you
| access to more data than it did a few years ago. And I also
| suspect it has far more users today than it did a few years
| ago.
| deelowe wrote:
| Apple has been advertising security and privacy as a top
| feature for years now. It would make sense for people to get
| upset if those features were removed.
| mihaaly wrote:
| The situation was not something existed since the beginning of
| time, it evolved gradually. Long ago not that much and not that
| many critically private data was circulating the net, it
| increased and got essential living online by time, in some
| instances forced in an increasing portion of situations. Worry
| then had no grounds yet. As exposure of the population grew, so
| did the benefit for adverse elements breaking online data
| stores, growing in numbers fast, not all made properly in the
| headless chase of success. Damage and hence awareness grew
| gradually.
|
| But basically yes, people are stupid and gave no shit but
| believed all f nonsense, the marketing frauds made them eating
| up their crap happy if it had pretty words and pictures,
| promising something halfway to Paradise. Like the Cloud mirage.
| Those of careful personality were cautious since the first time
| Apple and alike pushed on people giving up control over their
| own data for tiny comfort (or no comfort eventually due to all
| hostile patterns in the full picture) not putting all and every
| precious or slightly valuable stuff to some unknown server on
| the internet protected only by hundreds of years old method:
| password (so not protected at all essentially). Memories,
| contacts, schedules, communications, documents, clone of their
| devices in full, putting all into 'cloud' (much before secure
| online storage became a thing)? Many times to the very same
| one? Who are that much idiots, really?!
| saljam wrote:
| i mainly use apple devices, but never put anything on icloud
| before adp came out.
| aqueueaqueue wrote:
| People learn stuff over time. If you are not living like RMS
| you probably are allowing something to spy on you. If that
| spying gets removed you become aware. You don't want it back.
|
| It is like anything that gets better. Fight for the better. It
| is like aviation safety: who cares about a few crashes this
| year when people didn't complain in the 70s.
| fdb345 wrote:
| How will they enforce this?
|
| They will have to send out messages 'You have 32465 hours before
| you account is deleted unless you decrypt'
|
| This is NOT a good look.
| perdomon wrote:
| Can someone explain what's changed in the UK that they would
| consider requesting unfettered access to all Apple customer data
| (including outside their own borders)? I get that the NSA is
| infamous for warrant-less surveillance, but this seems a step
| further.
| varispeed wrote:
| Uncontrolled immigration and terrorist threat, but also
| probably they want to look at people's nudes. Jolly lot.
| chippiewill wrote:
| Nothing's changed, they just want the same access to people's
| data they've always had. They loved completely unencrypted text
| messages.
|
| The rise of first-party end-to-end encryption has made life
| difficult for the security services so they just want to get
| rid of it.
|
| Also historically the US government loved the UK doing all this
| spying because the US wasn't allowed to do a lot of it on their
| own citizens.
| r00fus wrote:
| This is part and parcel of the collapse of western capitalism
| (aka American empire). You get two main choices when capitalism
| fails - fascism or communism/socialism. It's clear that the UK
| has chosen fascism (either liberals like Labor or extreme right
| like Reform).
| crimsoneer wrote:
| This isn't warrant-less, it's with a warrant. This isn't really
| a change the UK, it's the UK trying to adapt to the
| proliferation of E2E encryption - ten years ago, law
| enforcement could _always_ access your messages, now the
| default if you 're on whatsapp/iMessage is they can't because
| E2E is on by default. UK lawmakers aren't happy with a default
| position of the state being totally incapable of reading
| messages, no matter what the law says.
|
| It might not be cryptographically sensible, but it is
| responding to a real change in the strength of the state.
| guccihat wrote:
| It is "just" the domestic intelligence agency ordering Apple to
| backdoor their own system be able to supply data for lawful
| interception. As I read the article, it's not a UK backdoor in
| the sense they can roam around in every users data. The
| domestic agencies still need to follow the rules of lawful
| interception, namely they need a warrant, and it is targeted at
| UK nationals only. At least that is how I read the article.
| drak0n1c wrote:
| Labour Party was elected six months ago. It is doubling down on
| existing government surveillance policy as a cure-all weapon to
| investigate and chill opposition, and to humble foreign tech
| companies.
| kouru225 wrote:
| I'm at the point where I'm ready to get a pixel and install
| graphene
| varispeed wrote:
| Until it will be illegal to do so.
| noescgchq wrote:
| Right but then you are jailed at Heathrow for not unlocking
| your phone.
|
| The UK has made it clear that Counter Terrorism legislation has
| no limits in UK law even if that means compromising all systems
| and leaving them vulnerable to state actor attacks.
|
| MPs will continue to use encrypted messaging systems that
| disappear messages during any inquiries of course.
| sangnoir wrote:
| Schiphol was already the superior airport for connections
| anyway, not being arrested just sweetens the deal.
| shaky-carrousel wrote:
| You can provide a self destroy PIN with GrapheneOS.
| runjake wrote:
| And that certainly wouldn't raise their suspicion. Surely,
| they'd immediately let you go after that stunt.
| dclowd9901 wrote:
| But it would be up to him, wouldn't it? I think that's
| the main deal here: cart blanche access to your data, or
| giving into someone's bullshit fishing attempt because
| it's inconvenient.
| fdb345 wrote:
| Except no one has ever been jailed for simply refusing to
| unlock a phone unless there was heavy evidence there was
| something on the phone.
|
| Stop spreading incorrect FUD
| timc3 wrote:
| No one that we have heard of yet.
| aqueueaqueue wrote:
| Take a dumb phone (or none)?
| andyjohnson0 wrote:
| Presumably this applies to the iPhones owned by UK government
| ministers, civil servants, personal devices of military
| personnel, UK businesses, etc.
|
| As a brit, I find that my government's stupidity is almost its
| only reliable attribute.
| mrweasel wrote:
| Presumably not, politicians have a way of excepting themselves
| in these types of laws. It's almost as if they understand the
| need for privacy, they just fail to apply that understanding to
| any scenarios beyond their own.
| andyjohnson0 wrote:
| I meant that Apple's decision to withdraw ADP applies to
| them, not the Investigatory Powers Act. Or are you saying
| that Apple will give them a free exemption?
| fdb345 wrote:
| "Presumably not"
|
| Rubbish. Give me one example? They will have to abide as
| well.
| 8fingerlouie wrote:
| Not a UK example, but Chat Control (2.0) explicitly exempts
| various politicians and government officials from being
| spied on.
| santiagobasulto wrote:
| What happens if a British citizen/resident buys an iPhone in the
| USA?
|
| Btw, as a European citizen, I always buy my devices in the USA.
| We can complain about the US as much as we want, but Europe is on
| another level.
| Ylpertnodi wrote:
| As an EU citizen, the US* (govts) can stay way from my stuff. I
| won't even vpn through the
|
| *or any other gubments.
|
| Of course, when the rubber truncheon comes out, I'd be happy to
| show my encrypted stuff. But until then, or without a warrant,
| I'd prefer not to.
| commandersaki wrote:
| I think the iCloud services is based on the region of your
| Apple Account. So you could theoretically use a US region Apple
| Account and enjoy iCloud services. But that means you won't get
| UK region apps, except in the app store you can switch to
| different Apple Accounts as you please, so you can have
| multiple accounts for different regions (which is what I do).
| Ruq wrote:
| Honestly I'm surprised that rather than trying to build stupid
| backdoors and such, tyrannical governments don't just try to make
| a encryption key database. They hold ALL the keys and can get
| into anything they want, anytime they want. If you get caught
| with keys or encrypted data they can't access, punishment ensues.
|
| Like if you're gonna try to eliminate privacy and freedom, just
| be honest and open about your intentions.
| xyst wrote:
| If you care about privacy and security of your data, you aren't
| using public services from Apple or Google, or "big tech"
| anyways.
|
| I always thought of "cloud" services to be a sham. I only trust
| them with transient data or junk data anyways (glorified temp
| storage, at best).
| j-bos wrote:
| This law raises serious concerns about being a non UK resident
| using British software, like Linux Mint.
| nobankai wrote:
| No, it really does not.
| Ylpertnodi wrote:
| How can you definitively know?
| nobankai wrote:
| In the case of Linux Mint, I can check the commit history,
| build the software myself and even validate it against
| public checksums. It is expressly defended against these
| types of attacks, making it an odd choice to single out.
| mihaaly wrote:
| Isn't it already a law violation using it in certain
| scenarios? Or will be soon?
| sumuyuda wrote:
| Apple could have disabled iCloud completely for UK users. This
| would protect both UK users and other users who's data would also
| been captured in an iCloud backup.
|
| They would lose some money on services, but would have been the
| better choice to stand up to the UK government and protect the UK
| users.
| jdminhbg wrote:
| It's fine to continue providing the service as long as people
| know it's not encrypted. I am not worried about my photos being
| subpoenaed; I am worried about losing them. I'd rather have the
| service.
| CodeWriter23 wrote:
| If Apple was a real American Company they would solve this issue
| by withdrawing their devices from the UK.
| nomilk wrote:
| Wow - how sad. To think the 2nd highest scoring post ever on
| hacker news is Apple's 2016 _A Message to Our Customers_. A
| display of intelligence, morality and courage under great
| pressure: https://hn.algolia.com
|
| How things have changed.
|
| > In a statement Apple said it was "gravely disappointed"
|
| So are we, Apple. So are we.
| okeuro49 wrote:
| Apple did the right thing.
|
| I would much rather they were transparent, so that people can
| move services, rather than build a backdoor in secret, to
| appease the far-left Labour government.
| nomilk wrote:
| Building a backdoor and telling us is better than building a
| backdoor and not telling us, but not building a backdoor at
| all is ideal.
| stoobs wrote:
| Oh stop with "far left" nonsense, none of our main political
| parties are much further than slightly left or right of
| centrist.
| ljm wrote:
| Fundamentally, I think the issue is more about technical literacy
| amongst the political establishment who consistently rely on the
| fallacy that having nothing to hide means you have nothing to
| fear. Especially in the UK which operates as a paternalistic
| state and enjoys authoritarian support across all parties.
|
| On the authoritarianism: these laws are always worded in such a
| way that they can be applied or targeted vaguely, basically to
| work around other legislation. They will stop thinking of the
| children as soon as the law is put into play, and it's hardly
| likely that pedo rings or rape gangs will be top of the list of
| priorities.
|
| On the technical literacy: the government has the mistaken belief
| that their back door will know the difference between the good
| guys (presumably them) and the bad guys, and the bad guys will be
| locked out. However, the only real protection is security by
| obscurity: it's illegal to reveal that this backdoor exists or
| was even requested. Any bad guy can make a reasonable assumption
| that a multinational tech company offering cloud services has
| been compromised, so this just paints another target on their
| backs.
|
| I've said it before, but I guarantee that the monkey's paw has
| been infinitely curling with this, and it's a dream come true for
| any black or grey hat hacker who wants to try and compromise the
| government through a backdoor like this.
| kmeisthax wrote:
| What the politicians want is partial security: something they
| can crack but criminals can't. That is achievable in physical
| security, but not in cybersecurity.
|
| I have a feeling the politicians already know partial
| cybersecurity isn't an option, and don't care. Certainly, the
| intelligence community advising them absolutely does know. We
| don't even have to be conspiratorial about it: their jobs are
| easier in the world where secrets are illegal than in the world
| where hackers actually get stopped.
| joncp wrote:
| > That is achievable in physical security, but not in
| cybersecurity.
|
| Not with physical security either, I'm afraid.
| cryptonector wrote:
| With physical security the state apparatus can provide
| physical security in the form of police and what not, as
| well as deterrence and punishment.
|
| In the world of cryptography it's... a bit harder to do
| something similar. In the best case they can come up with a
| key escrow system that doesn't suck too much, force you to
| use it, and hopefully they don't ever get the master keys
| hacked and stolen or leaked. But they're not asking for key
| escrow. They're asking for providers to be the escrow
| agents or whatever worse thing they come up with.
| kingkongjaffa wrote:
| > Especially in the UK which operates as a paternalistic state
| and enjoys authoritarian support across all parties.
|
| This seemed strange to point out. It's not really any more or
| less "paternalistic" than most western nations including the
| US.
| 15155 wrote:
| Folks in the United States aren't routinely arrested for
| Facebook posts.
| 4ndrewl wrote:
| They're not arrested for posting on Facebook. They're
| arrested for _what_ they're posting on Facebook.
| pb7 wrote:
| Yes, people in the US don't get arrested for that.
| maccard wrote:
| Yes, they do.
|
| https://www.justice.gov/usao-az/pr/page-man-charged-
| threaten...
|
| https://edition.cnn.com/2015/04/30/us/georgia-woman-
| facebook...
|
| https://www.cnbc.com/amp/2023/10/19/influencer-gets-
| months-i...
|
| https://www.justice.gov/usao-ndal/pr/birmingham-man-
| sentence...
| 4ndrewl wrote:
| Stop it. We don't deal in "facts" any more.
| fencepost wrote:
| No, they get arrested for conduct that would be criminal
| no matter where they did it. Facebook (2x) and Twitter
| (2x) were the (virtual) venues where the crimes were
| committed, but the crimes were attempting to organize a
| mob to burn down a courthouse, inciting and threatening
| to murder police, conspiracy to suppress votes and
| threatening to kill the President. The crimes would be
| just as criminal had they been done in person at a local
| bar (or any other physical location).
| maccard wrote:
| Which is exactly the same as in the UK.
|
| > The crimes would be just as criminal had they been done
| in person at a local bar (or any other physical
| location).
|
| I agree. Where the US differs is that because of the US's
| 1st amendment it's _not_ a crime to say those things even
| in a bar.
|
| Anyway, all of that to say that americans are arrested
| for posting things on the internet, despite what people
| claim.
| JBSay wrote:
| Just like any other authoritarian state
| 4ndrewl wrote:
| Hardly. There are limits to speech in most jurisdictions.
| That hardly crosses the threshold for "authoritarian".
| The high profile cases in the UK have been around
| incitement to violence and contempt of court.
| jirf_dev wrote:
| Of course they are. Violent threats and admitting illegal
| activity on social media can lead to arrests in the US. By
| being so unspecific your comment does not really foster
| good discussion on the topic. You should describe what kind
| of posts they are being arrested for and which
| laws/protections in the UK you are specifically
| criticizing.
| gleenn wrote:
| If you see a red car driving down the street do you not call
| it red because there are many other red cars? They're adding
| color (pun intended) to their description of the general bias
| of the UK government. What you're doing is called
| Whataboutism - the argument that others are doing something
| similar or as bad in different contexts. It doesn't make what
| the UK is doing any less bad for citizens (and non-citizens)
| privacy or data sovereignty.
| exe34 wrote:
| > that having nothing to hide means you have nothing to fear
|
| hopefully the US turning from leader of the free world to
| Russia's tool will give them the kick they need to realise that
| just because you trust the government now doesn't mean you
| trust the next government or the one after it.
| GeekyBear wrote:
| You probably don't want to look up which US President tried
| to force Apple to insert an encryption back door into iPhones
| back in 2015.
|
| However, Google did only start moving to protect location
| data from subpoenas after people started to worry that
| location data could be used as a legal weapon against women
| who went to an abortion clinic, so your larger point stands.
| jshier wrote:
| That would be none, as it was the FBI, operating
| independently (as it's supposed to), which tried to force
| the issue. They even tried to go to Congress but found
| little support for their stunt. I'm not even sure Obama
| ever spoke in support of the backdoor, much less used any
| political power to make it a reality.
| GeekyBear wrote:
| Sorry, but the FBI is part of the executive branch.
|
| This is exactly like saying that President Trump has
| nothing to do with the actions of the executive branch
| agencies today.
| exe34 wrote:
| it's true that the honour system only works when there's
| honour in the people in charge.
|
| when a clown moves into a palace, the clown doesn't
| become the king - the palace becomes a circus.
| isaacremuant wrote:
| > hopefully the US turning from leader of the free world to
| Russia's tool
|
| So much humour in one short phrase.
|
| Do you really believe your propaganda or is it just
| absentmindedly parroting pro permanent war talking points?
| exe34 wrote:
| He demands $500bn of rare earth minerals, insists that
| Ukraine started the war by getting invaded and wants
| Zelensky to be replaced by a Russian puppet. It's amazing
| how the US went from the defender of the free world to just
| another thug.
| miohtama wrote:
| Furthermore, one UK head of state call everyone supporting
| encryption pedophiles
|
| https://x.com/BenWallace70/status/1892972120818299199
| scott_w wrote:
| Just to be clear: Wallace is not a head of state, or even an
| MP any more. At one point, he was Secretary of State for
| Defence, a Cabinet position, however he resigned this in
| 2023.
|
| This doesn't justify his position (it's stupid) but he
| doesn't speak for the current government.
| onei wrote:
| To clarify a bit further, the UK head of state is King
| Charles III, as he is for a bunch of other countries in the
| Commonwealth.
|
| Head of state in the UK is a bit weird compared to
| countries that abolished or never had a monarchy.
| scott_w wrote:
| You're correct, however I gave GP the benefit of the
| doubt and assumed they meant Secretary of State ;-)
|
| And, to be fair, while I'm generally a small r
| republican, I'm seeing benefits of having a non
| politically aligned head of state after J6. While the
| monarch has limited power, booting out a PM that can't
| command the confidence of Parliament is one of them. The
| question of whether Johnson would accept being dethroned
| a la Trump was always silly given his consent was never
| needed.
| onei wrote:
| The UK monarch's power is largely based on convention
| more than active decision making. For example, a
| government is formed at the invitation of the monarch,
| but that's long reflected the results of an election.
| Getting rid of a PM generally happens when they run out
| of luck. That sometimes coincides with the ruling
| party/coalition imploding. The next PM is then
| shortlisted by MPs and selected by a minority of the
| electorate.
|
| I guess the US equivalent is the leader of the house
| being unable to hold their majority together. In some
| ways the presidential election feels more democratic if a
| relative outsider (like Trump was) can win. But a 2 year
| lead up is crazy.
| worik wrote:
| > And, to be fair, while I'm generally a small r
| republican, I'm seeing benefits of having a non
| politically aligned head of state
|
| One of the benefits of a constitutional monarchy is the
| head of state did not campaign for the position.
| ojhp wrote:
| Technically we did abolish the monarchy back in the 17th
| century, but the replacement was so bad we brought them
| back about 10 years later, which I think makes us a
| minority of one and even more weird.
|
| Anyway, back on topic: this is a ridiculous law that is
| forcing services to erode their security while smart
| criminals can just use some nice free open-source
| software somewhere else for E2E communication. And a lot
| of this is definitely down to lawmakers not understanding
| technology.
| ttepasse wrote:
| The vast majority of democracies separated the roles of
| head of state and head of government.
| ThePowerOfFuet wrote:
| https://xcancel.com/BenWallace70/status/1892972120818299199
| doublerabbit wrote:
| Thank you.
| mschuster91 wrote:
| And that's why it is so important to nip this "pedo" / "think
| of the children" crap right in the bud.
|
| Obviously pedos on the interwebs are bad, but hey as long as
| it's just anime they're whacking off to I don't care too
| much. But the real abuse, that's done by - especially in the
| UK - rich and famous people like Jimmy Savile. And you're not
| gonna catch these pedos with banning encryption, that's a
| fucking smokescreen if I ever saw one, you're gonna catch
| them with police legwork and by actually teaching young
| children about their bodies!
| worik wrote:
| > But the real abuse, that's done by - especially in the UK
| - rich and famous people like Jimmy Savile
|
| Jimmy Savile was a vile predator. He was protected by the
| inane customs of the British ruling class.
|
| He was not alone among the toffs of England.
|
| But do not be mistaken. It is not just the rich and
| powerful where you find sexual predators. They exist at all
| levels of society, all genders, most ages (I will except
| infants and the aged infirm....)
|
| Jimmy Savile was a symptom of something much darker, much
| worse and widespread.
| mschuster91 wrote:
| Yeah but if you sell the populace on the idea that pedos
| are only something that's a threat on the interwebs the
| populace won't care about all the other pedos, and if
| there is a pedo scandal like the next Savile the
| government can just go and shrug and say "we did all we
| could". And _that_ is the point behind all that pedo
| scare.
| bigfudge wrote:
| Jimmy Saville was many things, but I don't think he was a
| toff. His ability to abuse was about power, and perhaps
| gender, but not class.
| yubblegum wrote:
| > technical literacy amongst the political establishment who
| consistently rely on the fallacy that having nothing to hide
| means you have nothing to fear.
|
| That's an awfully generous assessment on your part. Kindly
| explain just what "technical literacy" has to do with the
| formulation you note. From here it reads like you are
| misdirecting and clouding the -intent- by the powerful here.
|
| Also does ERIC SCHMIDT an accomplished geek (who is an official
| member of MIC since (during?) his departure from Sun
| Microsystems) suffers from "technical literacy" issues:
|
| https://news.ycombinator.com/item?id=983717
|
| Thank you in advance for clarifying your thought process here.
| Tech illiteracy -> what you got to hide there buddy?
| stavros wrote:
| I feel like the comment was clear, technical illiteracy leads
| politicians to believe that they'll be the only ones with
| access to this backdoor, which isn't true.
| ninalanyon wrote:
| It isn't necessarily the case that they all care if
| criminals can get in to the average person's data so long
| as the authorities also can.
| trinsic2 wrote:
| Yeah. Not buying it. They know, or someone smart enough
| told them that backdoors can be accessed by anyone with
| enough skill. They just don't care because the people that
| are asking for this are criminals already and wanting
| profit off of other people's data.
| yubblegum wrote:
| The comment's clarity was not questioned. You are passing
| around the same tired line that because politicians do not
| understand technology and how it can be used against
| anyone. Sure computers are new but communication technology
| is not. All a politician needs to understand is
| "capability". That is it. "We can read their
| communications", no degree in CS required. Also, they have
| power geeks advising them left and right. They know
| "capabilities" can be misused. They know this.
|
| Is this clear?
| bunderbunder wrote:
| Let me offer a possible example that might be more in line
| with the HN commenting guideline about interpreting people's
| comments as charitably as reasonably possible:
|
| My password manager vault isn't exactly something to hide in
| the political sense, but it's definitely something I would
| fear is exposed to heightened risk of compromise if there
| were a backdoor, even one for government surveillance
| purposes. And it's a reasonable concern that I think a lot of
| people aren't taking seriously enough due, in part, to a lack
| of technical literacy. Both in terms of not realizing how it
| materially impacts everyday people regardless of whether
| they're up to no good, and in terms of not realizing just how
| juicy a target this would be for agents up to and including
| state-level adversaries.
|
| As for Eric Schmidt, he's something of a peculiar case. I
| don't doubt his technical literacy, but the dude is still the
| head of one of the world's largest surveillance capitalist
| enterprises, and, as the saying goes, "It is difficult to get
| a man to understand something when his salary depends on his
| not understanding it."
| smsm42 wrote:
| It's not literacy. They don't care. They need control, and if
| establishing control means increased risks for you, it's not
| something they see as a negative factor. It's your problem, not
| theirs.
| ben_w wrote:
| The government put in restrictions against using certain
| powers in the Investigatory Powers Act to spy on members of
| parliament (unless the Prime Minister says so, section 26),
| so I think they're just oblivious to the risk model of "when
| hackers are involved, the computer isn't capable of knowing
| the order wasn't legal".
|
| https://www.legislation.gov.uk/ukpga/2016/25/section/26
| lozenge wrote:
| That actually shows they understand and care because they
| don't want the law to apply to them. They don't care about
| its effects on other people.
| ben_w wrote:
| No, it shows they're thinking of computers like they
| think of police officers.
|
| Computer literacy 101: to err is human, to really foul up
| requires a computer.
|
| They don't understand that by requiring the capability
| for going after domestic criminals, they've given a huge
| gift to their international adversaries' intelligence
| agencies. (And given this is about a computer
| vulnerability, "international adversaries" includes
| terrorists, and possibly disgruntled teenagers, not just
| governments).
| redeeman wrote:
| opinion: any government that "needs" such control, is an
| enemy of the people and must be abolished, and anyone can
| morally and ethically do so
| jbjbjbjb wrote:
| Well it's important that the argument is correct. They view
| ending end-to-end encryption as a way to restore the
| effectiveness of traditional warrants. It isn't necessarily
| about mass surveillance and the implementation could
| prevent mass surveillance but allow warrants.
|
| I oppose that because end to end encryption is still
| possible by anyone with something to hide, it is trivial to
| implement. I think governments should just take the L in
| the interest of freedom.
| cryptonector wrote:
| They don't even need control. They _want_ control. Why?
| Either they 're idiots who think they need control or they
| are tyrants who know they'll need control later on when they
| start doing seriously tyrannical things.
| kypro wrote:
| Agreed.
|
| I used to think it was illiteracy, but when you hear
| politicians talk about this you realise more often than not
| they're not completely naive and can speak to the concerns
| people have, but fundamentally their calculation here is that
| privacy doesn't really matter that much and when your
| argument for not breaking encryption based around the right
| to privacy you're not going to convince them to care.
|
| You see a similar thing in the UK (and Europe generally) with
| freedom of speech. Politicians here understand why freedom of
| speech is important and why people some oppose blasphemy
| laws, but that doesn't mean you can just burn a bible in the
| UK without being arrested for a hate crime because
| fundamentally our politicians (and most people in the UK)
| believe freedom from offence is more important than freedom
| of speech.
|
| When values are misaligned (safety > privacy) you can't win
| arguments by simply appealing to the importance of privacy or
| freedom of speech. UK values are very authoritarian these
| days.
| EchoReflection wrote:
| "it's hardly likely that pedo rings or rape gangs will be top
| of the list of priorities".... is this not one of the most
| disturbing, disgusting, psychologically troubling and damning
| ideas ever to be put to words/brought to awareness? . Right up
| there "let's meticulously plan out this horrific, atrocious,
| dehumanizing act and meditate upon the consequences, and then
| choose the most brutal and villainous option". Dear Lord....
| freedomben wrote:
| Devil's Advocate (meaning I don't agree with this, in fact I
| disagree with it, but I don't see this argument being made
| anywhere and think it would be interesting. If you're one of the
| people who are offended by this practice of people steel-manning
| "the other side" and only want to read comments that affirm your
| position, please don't read this comment).
|
| Question: Wouldn't it be better for Apple to build a UK-only
| encryption that is backdoored but is at least better than
| nothing? If Apple really cared about people's privacy, why just
| abandon them?
|
| My position: No because this is a war, not a battle. Creating a
| backdoored encryption would immediately trigger every government
| on the planet passing laws banning use of non-back-doored
| encryption, which would ultimately lead us to a much, much worse
| world. Refusing to do it is the right thing IMHO.
| cat_meowpspsps wrote:
| The UK's law here is specifically targetting encrypted data
| globally.
|
| > The UK government's demand came through a "technical
| capability notice" under the Investigatory Powers Act (IPA),
| requiring Apple to create a backdoor that would allow British
| security officials to access encrypted user data globally.
| everfree wrote:
| Without Advanced Data Protection, your data is still encrypted
| at rest, it's just that Apple safeguards the encryption key.
| The purpose of ADP is to remove control of this key from Apple,
| so that it's impossible for Apple to leak your data to any
| third party, even if they are compelled to.
|
| So to me, backdoor encryption seems like it defeats the whole
| point of ADP, no? But if not - even if there is some tiny
| marginal benefit - cryptography is extremely expensive to get
| right. It's doubtful that it makes financial sense to Apple to
| develop a new encryption workflow for a single country for very
| slight security benefits.
|
| And it still wouldn't be complying with the UK's demands
| anyways. The UK demanded access to accounts worldwide. If Apple
| is going to be non-compliant, then they might as well be non-
| compliant the easy way.
| nomilk wrote:
| Wonder what the cost/benefit looks like from Apple's perspective.
|
| If this requirement increases the proportion of data on Apple's
| servers that is now unencrypted (or encrypted but which _can_ be
| trivially unencrypted), that could be a huge plus to Apple; more
| data to use for ad targeting (or to sell to third parties), and
| more data to train AI models on.
| backyardflock wrote:
| Current days' UK is mostly a bunch of draconian laws, the
| political elite disrespecting "their" people (common European
| scenario) and third-world economic immigrants fucking up the
| country even further.
|
| It's so sad...
| smashah wrote:
| Notice all the undemocratic dictatorships that did not require
| this of apple. The UK is in decline completely.
| Kim_Bruning wrote:
| The current EU-UK adequacy decision[1] is up for review this 27
| June [2] .
|
| Aspects of the UK investigatory powers act is close enough to US
| FISA [2] that I think this might have some influence, if brought
| up. IPA 2016 was known at the time of the original adequacy
| decision, but IPA was amended in 2024 . While some things might
| be improvements, the changes to Technical Capability Notices
| warrant new scrutiny.
|
| Especially seeing this example where IPA leads to reduced
| security is of some concern, I should think. The fact that
| security can be subverted in secret might make it a bit tricky
| for the EU to monitor at all.
|
| [1] https://eur-lex.europa.eu/legal-
| content/EN/TXT/HTML/?uri=CEL...
|
| [2] ibid. Article 4
|
| [3] FISA section 702
| https://www.govinfo.gov/content/pkg/BILLS-110hr6304pcs/html/...
| lucasRW wrote:
| Not a surprise from TwoTierKier, who like most socialist
| government, has a natural tendency to lock dissidents, suppress
| their fundamentals rights, send the police to to people who
| posted this or that online...
| cynicalsecurity wrote:
| Could this have been a reason UK pushed to separation from the
| EU?
|
| EU is all for privacy while UK is slowly drifting towards
| becoming a Stasi state.
| nickslaughter02 wrote:
| No, EU is NOT "all for privacy". I don't know where this myth
| comes from but I see it repeated here often.
|
| 1. EU is pushing for mandatory on-device scanning of all your
| messages (chat control). The current proposal includes scanning
| of all videos and images all the time for all citizens. The
| proposal started with analyzing all text too. The discussions
| are happening behind close doors. EU Ombudsman has accused EU
| commission of "maladministration", no response.
|
| 2. EU is allowing US companies to scan your emails and messages
| (ePrivacy Derogation). Extended for 2025.
|
| 3. EU is pushing for expansion of data retention and to
| undermine encryption security (EU GoingDark).
|
| "The plan includes the reintroduction and expansion of the
| retention of citizens' communications data as well as specific
| proposals to undermine the secure encryption of data on all
| connected devices, ranging from cars to smartphones, as well as
| data processed by service providers and data in transit."
| https://www.patrick-breyer.de/en/eugoingdark-surveillance-pl...
|
| 4. EU is pushing for mandatory age verification to use email,
| messengers and web applications. Citizens will be required to
| use EU approved verification providers. All accounts will be
| linked back to your real identity.
|
| 5. "Anonymity is not a fundamental right": experts disagree
| with Europol chief's request for encryption back door (January
| 22, 2025)
|
| https://www.techradar.com/computing/cyber-security/anonymity...
|
| -----
|
| Do you still believe EU is all for privacy? EU's privacy is
| deteriorating faster than in any other developed country /
| bloc. Some of these proposals have been blocked by Germany for
| now but that is expected to change after the upcoming
| elections.
| rdm_blackhole wrote:
| This is blatantly false.
|
| The EU has been pushing to pass the Chat Control law for the
| last 3 years which is even worse because at least in the UK the
| government would still need to get a warrant for the data they
| want whereas the EU wants to analyze your chat messages, emails
| and pictures in real time without cause or need to justify
| themselves.
| izacus wrote:
| The Chat Control law was voted down and it would not apply
| for UK if they'd still be in EU.
| adfm wrote:
| It's a drag that we're seeing this crap happen, but
| authoritarians will be authoritarians. What's the general opinion
| of tools like Cryptomator? [^1]
|
| [^1]: https://cryptomator.org
| leonewton253 wrote:
| They should of forced ADP on by default and this would of never
| happened.
| commandersaki wrote:
| That would alienate users due to key management complexity.
| Apple is about having a smooth user experience.
| IceHegel wrote:
| I'm sympathetic to the J.D. Vance angle, which is that European
| governments are increasingly scared of their own people. This is
| not doing a lot to change my mind.
| pathless wrote:
| This unexpected news really cemented that point for him.
| Cornbilly wrote:
| The unspoken part of that is Vance likely thinks that the
| people should fear their government.
| bilbo0s wrote:
| True.
|
| It's a very unwise position Vance takes.
|
| The world would clearly be better run if all governments
| feared their people, than it would if all people fear their
| governments.
|
| The UK can pull this kind of stuff precisely because they do
| _not_ fear any consequences from their people.
| duxup wrote:
| I think the US government has made these kinds of requests too,
| similar tactics such as mass data collection without a warrant
| and so on.
|
| I don't think it is "scared" as much as just the usual human
| desire to do whatever the task is ... without thinking of the
| consequences.
| nobankai wrote:
| And yet it is the _senators_ we have to trust in America to
| responsibly disclose our own surveillance overreach:
| https://www.techdirt.com/2023/12/11/letter-from-sen-wyden-to...
|
| Face it: bugging your smartphone is a bipartisan effort.
| Nothing we've seen from the past 30 years of presidential
| administrations indicates otherwise. JD Vance is the pot
| calling the kettle black, and he knows it too.
| deelowe wrote:
| Then Vance should do something about the 5 eyes which is likely
| the source of this sort of thing.
| mihaaly wrote:
| Very wrong conclusions.
|
| They are not scared of people, but of working, doing their job,
| especially when it is difficult (catching criminals). They
| expect the job to be done for them by others, on the expense of
| everyone, while they collecting all the praise.
|
| On sympathetic to Vance I did not really found a presentable
| reaction, would not find on any other accidentally agreeable
| sentence leaving his mouth (very low chance btw.). Talking a
| lot about all kind of things sooner or later will hit something
| acceptable, which will not yield an unacceptable and
| destructive to society figure sympathetic.
|
| You also should be aware of practices and conducts the various
| US security services practice (and probably all governemnts out
| there), if not from news or law but at least from the movies.
| When we come to the topic of who is afraid of their own.
| RIMR wrote:
| Well put. It's pretty much impossible to sympathize with
| Vance saying this when the administration he is a part of is
| scaremongering about "the enemy within".
| rdm_blackhole wrote:
| Exactly, it's the same thing with the Chat Control law in the
| EU and it reminds me of the scene in the movie Office Space
| where the consultants are trying to figure out who is doing
| what in the company.
|
| Basically instead of doing their jobs, the cops expect Apple,
| Meta et al to intercept all the data, then feed it into some
| kind of AI black box (not done by them but contracted out to
| someone else at the taxpayer's expense) that will then decide
| if you get arrested within the next 48H (I am exaggerating
| but only slightly)
|
| What are the cops doing instead of doing their jobs? That's
| my question. Aren't they paid to go out and catch the
| criminals or do they simply expect to get the identity of
| people each day that need to be investigated?
| kelnos wrote:
| Governments _should_ be scared of their people, though not in
| the way that I expect Vance means.
|
| It's certainly better than the opposite, where citizens and
| residents are scared of their government, which wields the
| power to deprive them of their freedom, possessions, and life.
| gnfargbl wrote:
| To give you a counterpoint: from this side of the pond it is
| extremely surprising to see how effective Vance's speech has
| been in _distracting_ a good proportion of the American public.
| Which, I have to suspect, was the real point.
| dtquad wrote:
| J.D. Vance's problem with Europe is that we have too many brown
| people.
|
| As a very privacy-oriented European I don't need American alt-
| right populists to concern troll about surveillance and privacy
| in Europe.
| bongodongobob wrote:
| What the fuck? They _should_ be. They absolutely aren 't right
| now and that's a major problem.
| odiroot wrote:
| On our continent, the obvious solution to every problem under
| the sun is "more state".
| als0 wrote:
| Is there a way for a UK iPhone to circumvent the warning and
| enable ADP? Like connecting through a VPN?
| mrandish wrote:
| > Online privacy expert Caro Robson said she believed it was
| "unprecedented" for a company "simply to withdraw a product
| rather than cooperate with a government".
|
| > "It would be a very, very worrying precedent if other
| communications operators felt they simply could withdraw products
| and not be held accountable by governments," she told the BBC.
|
| Attributing this shockingly pro-UK-spy-agencies quote to an
| "online privacy expert" without pointing out she consults for the
| UN, EU and international military agencies is typical BBC pro-
| government spin. In fact, Caro, it would be "very, very worrying"
| if communications operators didn't withdraw a product rather than
| be forced to make it deceptive and defective by design.
| AlanYx wrote:
| Many people might not be aware of it, but Apple publishes a
| breakdown of the number of government requests for data that it
| receives, broken down by country.
|
| The number of UK requests has ballooned in recent years:
| https://www.apple.com/legal/transparency/gb.html#:~:text=77%...
|
| Much of this is likely related to the implementation and
| automation of the US-UK data access agreement pursuant to the
| CLOUD Act, which has streamlined this type of request by UK law
| enforcement and national security agencies.
| sva_ wrote:
| Looking at the ones for Germany, those seem like rookie numbers
|
| https://www.apple.com/legal/transparency/de.html#:~:text=77%...
| AlanYx wrote:
| It's also comparatively worse than the raw numbers suggest
| because the customer base of Apple phones in Germany is much
| smaller than in the UK.
| dvtkrlbs wrote:
| The problem is AFAIK this act is a lot different and Apple or
| any party that gets this order is completely forbidden to talk
| about it. So these kind of requests would not show up in this
| transparency requests. It is IMHO fair to assume Apple will UK
| this backdoor given they chose to disable Advanced Data
| Encryption and public would have no insight to amount and
| reasons to the backdoor usage. It is really troubling.
| fdb345 wrote:
| Are anyone of you lot getting the realisation onto why they are
| pushing Passkeys so hard?
|
| They know they access 8 out of 10 phones they seize.
|
| DONT USE PASSKEYS
| butterknife wrote:
| If you're in the UK, please consider signing the below petition.
| Thanks.
|
| https://you.38degrees.org.uk/petitions/keep-our-apple-data-e...
| -__---____-ZXyw wrote:
| Workers in tech jobs over the past few decades are the ones who
| are primarily to blame for the total degradation of the very
| notion of privacy, and our societies are, I think, reaping the
| consequences of this now in many ways.
|
| This story didn't spring up out of nowhere, like a monster from
| under the bed. It's been a gradual decline since, let's say, the
| 90s or so.
|
| I don't want to be vulgar, but the people who understood the best
| what was happening were mostly too busy taking large paychecks to
| get too upset about the whole thing. It got explained away,
| rationalised, joked about, and here we are.
| mihaaly wrote:
| Easier to push away the blame for a foot soldier, claiming to
| do things on orders or claiming to be absolutely f clueless
| where it leads, one is worse than the other. Thousands had to
| make this work and function as it is.
|
| Still, this is a different topic than the government use of law
| enforcement for preserving the shity situation that was built
| by the industry and its actors just when the trend becomes of
| fixing what was made to be crap, just when people want to
| correct the f up of the ignorant collaborants.
| ianopolous wrote:
| If anyone's looking for open-source, self-hostable, E2EE storage
| then checkout Peergos (disclaimer: lead here):
|
| https://peergos.org
| cluckindan wrote:
| The UK backdoor means US and other FVEY states are able to freely
| request any person's private data from GCHQ.
| anoncow wrote:
| >Online privacy expert Caro Robson said she believed it was
| "unprecedented" for a company "simply to withdraw a product
| rather than cooperate with a government.
|
| That is such a self serving comment. If Apple provides UK a
| backdoor, it weakens all users globally. With this they are
| following the local law and the country deserves what the rulers
| of the country want. These experts are a bit much. In the next
| paragraph they say something ominous. >"It
| would be a very, very worrying precedent if other communications
| operators felt they simply could withdraw products and not be
| held accountable by governments," she told the BBC.
| yunesj wrote:
| Fake privacy experts like Caro Robson need to be held
| accountable.
| boxed wrote:
| Governments forcing companies from other countries to do
| business in their country seems like the worrying precedent to
| me.
| kelnos wrote:
| It's also just false. Google pulled out of China many years ago
| because they didn't want to bow to the Chinese government's
| demands.
|
| And they didn't just withdraw a product, they withdraw their
| entire business.
| kshacker wrote:
| I wonder what the impact of Apple withdrawing from China will
| be. I know we are talking about UK, but this made me think.
|
| Not only their sales will reduce, but hey Chinese
| manufacturing cuts down. By how much? Will it be impactful? I
| would think so but wonder if it is quantifiable.
| aqueueaqueue wrote:
| "a product" and "cooperate" are doing so much work in that
| statement that they collapsed and look like ________ and
| ________
|
| They re-emerged as "security feature" "add vulns to security
| features to make it an insecurity feature"
| StanislavPetrov wrote:
| >Online privacy expert Caro Robson
|
| Ironic to refer to her as a "privacy expert" given her open
| hostility to privacy.
| throwaway106382 wrote:
| >"It would be a very, very worrying precedent if other
| communications operators felt they simply could withdraw
| products and not be held accountable by governments,"
|
| This would actually be a very very very very VERY GOOD
| precedent if you ask me.
|
| Facebook pulled something similar when Canada passed the Online
| News Act and instead of extorting facebook to pay the media
| companies for providing a service to them (completely
| backasswards way to do things), they just pulled news out of
| Canada. I despise Meta as a company, but I had to give them
| credit for not just letting the government shake them down.
|
| Good riddance. Governments need to be reminded from time to
| time that they are, in fact, not Gods. We can and should, just
| take our ball and go play in a different park or just go home
| rather than obey insane unjust laws.
| AutistiCoder wrote:
| How many UK people who haven't heard of ADP will now enable it?
| SirMaster wrote:
| Well this is double plus ungood...
| mmaunder wrote:
| Not relevant to the Apple story but as a general comment on UK
| surveillance/search/detainment laws: Five Eyes means the US just
| needs to get their citizen into the UK for their partner to gain
| access that the US doesn't have to their citizen. The reciprocity
| possibilities are endless.
| ancorevard wrote:
| Deep betrayal by Apple.
|
| "privacy is a fundamental human right" - Tim Cook.
| Zufriedenheit wrote:
| Does Apple offer this type of encryption in China?
| edge17 wrote:
| Are there non-icloud backup options? There used to be local
| encrypted backups through itunes, but I can't tell if that
| feature is still around.
| aqueueaqueue wrote:
| ITunes but it is a PITA. Do a test backup restore too. It may
| not restore if the phone was nearly full (maybe 80%) when
| backed up.
| mattfrommars wrote:
| Could this be the catalyst for the rise of third party encryption
| companies that operate in UK? Or perhaps, rise to third party
| self host E2E cloud solution?
|
| Only time will tell.
|
| I've already invested in USB storage :)
| ein0p wrote:
| How do you like your "liberal democracy", UK-ians? Is that
| democratic enough for you yet? Do you feel in control?
| EGreg wrote:
| Why can't governments simply compel every software developer to
| create a backdoor, or go to jail?
|
| If even one government does it, then the backdoors exist
| globally. Here is an overview of the global situation:
| https://community.qbix.com/t/the-global-war-on-end-to-end-en...
| sensanaty wrote:
| Lol so much for the privacy-first Apple BS everyone keeps touting
|
| If they had any balls whatsoever they would've rejected this and
| pulled out of the UK, but of course money comes before anything
| else.
___________________________________________________________________
(page generated 2025-02-21 23:00 UTC)