[HN Gopher] NCSC, GCHQ, UK Gov't expunge advice to "use Apple en...
___________________________________________________________________
NCSC, GCHQ, UK Gov't expunge advice to "use Apple encryption"
Author : jjgreen
Score : 311 points
Date : 2025-03-05 19:34 UTC (1 days ago)
(HTM) web link (alecmuffett.com)
(TXT) w3m dump (alecmuffett.com)
| martinsnow wrote:
| Did the site get hugged to death?
| dizhn wrote:
| works fine for me
| marcellus23 wrote:
| not working for me.
|
| edit: it did load eventually after waiting for a minute or
| two
| bigfatkitten wrote:
| Yes. Here's the substance of the post:
|
| https://archive.is/YZF6r
| martinsnow wrote:
| Thank you
| dang wrote:
| I've made a (shortened) copy of your comment and pinned it to
| the top of the thread. I hope that's ok with you! I just
| thought it's only fair for you to get the karma.
|
| (If not, let me know and I'll undo.)
| bigfatkitten wrote:
| It was fine, but I inadvertently deleted it before I saw
| your comment. I saw it in my comment history and thought I
| double-posted!
| dang wrote:
| Ha! I guess I'll make a new one. Sorry for the
| confusion...
| sarcasticfish wrote:
| Could someone that understands more than a third of what was
| written explain what's going on?
| nickthegreek wrote:
| Uk Govt wanted Apple to give them backdoor keys to all
| accounts. Not even just UK accounts, all accounts. Apple said
| no and said they will remove encryption from iCloud for UK
| users. Apple then sued UK govt to try and get the whole thing
| stopped so that they dont need to remove the encryption from
| UK. But some parts of the govt were telling other parts to use
| some of the encryption features.
| Hizonner wrote:
| One part of the UK government is trying to force Apple to
| introduce back doors in cloud data encryption. The back doors
| are intended for UK government access to user data. This
| undermines the whole feature. Meanwhile, other parts of the UK
| government have been encouraging at-risk people to use the same
| feature, including to hide information from hostile _foreign_
| governments. The UK government as a whole has apparently
| realized that this is embarrassing and taken down the advice.
| dingdingdang wrote:
| Surely Apple's lawyers can use this information in court -
| the fact that the government itself is relying on, and
| recommending, citizens and (presumably) intelligence assets
| to use Apple's encryption technology abroad makes it VERY
| clear that outlawing said technology will systematically
| weaken ALL UK information infrastructure and make it 110%
| easier for foreign powers to exploit and sabotage the UK as
| whole.
|
| edit: removed political quip since, as evidenced by sub-
| comments, it too easily derails from the primary discussion
| point, excuse-moi.
| miohtama wrote:
| Apple is not planning to fight for the UK citizens over
| encryption.
|
| It's a job for the democracy and voters.
| Hizonner wrote:
| Well, the rumor is that Apple has secretly appealed the
| order (which is officially secret) to whatever secret
| tribunal reviews such secret orders to create secret
| features giving secret government investigations access
| to various people's secrets. The Court of the Star
| Chamber, I think it's called.
|
| Which is at least Apple doing something vaguely like
| fighting. But, yeah, UK citizens might want to think hard
| about doing something about the situation themselves. For
| one thing, Apple will probably lose. And the US
| government isn't going to have Apple's back against the
| UK, either.
| jen20 wrote:
| If you think Reform are likely to be in favour of anything
| other than the most authoritarian implantation of whatever
| law enforcement suggests they want, I don't think you've
| been paying attention to who Reform are.
| danparsonson wrote:
| > Do we really need Reform in power for common sense to
| flourish in the UK to any degree?!
|
| No. You've mistaken demagoguery for common sense I'm
| afraid. That's one of their favourite tricks though, so you
| could be forgiven for the mistake.
| gessha wrote:
| Reminds me of this sketch from A bit of Fry and Laurie:
|
| Hugh: And by demagoguery you mean ...?
|
| Stephen: I mean demagoguery, I mean highly-charged
| oratory, persuasive whipping up rhetoric...
|
| Transcript: https://abitoffryandlaurie.co.uk/sketches/lan
| guage_conversat...
|
| Video: https://youtu.be/3MWpHQQ-wQg
| HPsquared wrote:
| Notice which side wins out.
| treesknees wrote:
| It was not removed out of embarrassment, it's just wrong
| advice. The government can't tell people use this feature,
| because the feature no longer exists for them to use.
| dark-star wrote:
| As I understand it (which might be incorrect), they don't want
| to tell people "use Apple encryption" anymore and e silently
| removed that advice from their websites. Probably due to the
| fact that they didn't get their Backdoor access to user data,
| so now they want people to just now encrypt stuff
| ohgr wrote:
| Wankers! Sorry that's not constructive. But that's what they are.
|
| Especially when government ministers regularly accidentally
| delete everything and get away with it...
| gred wrote:
| Muppets!
|
| (As an American, I love UK slang. It's both familiar and exotic
| at the same time.)
| petecooper wrote:
| >I love UK slang
|
| I recommend checking your preferred book source for Roger's
| Profanisaurus:
|
| https://en.wikipedia.org/wiki/Roger%27s_Profanisaurus
| bigyabai wrote:
| Fights like this only legitimize the EU's DSA to me. UK users
| would not be beholden to Apple for E2EE if their clients had
| legitimate alternatives to the first-party iCloud service. There
| would be no world where Apple could even threaten to disable it.
|
| Break the walled garden down, and all of the sudden it doesn't
| matter what Apple's stance on E2EE is. But Apple wouldn't want
| that, since then you might realize they aren't the sole arbiters
| of online privacy.
| nkellenicki wrote:
| I'm all for the DSA as well, but this argument doesn't hold
| water. Any sufficiently large cloud provider alternative (ie.
| Google, Microsoft, etc) would likely be the target of similar
| government instructions. In fact, I bet they already are - they
| just can't talk about it.
|
| And of course, it's already possible to disable iCloud backups
| and use a smaller provider or host your own alternatives. I
| already do, through Nextcloud, etc. It's not as fully
| integrated of course, but you bet that if it was, then the
| largest alternatives would be targeted all the same.
| petedoyle wrote:
| If Apple were to add new APIs, it might be possible to use
| personal cloud storage (NAS, Decentralized Web Nodes, etc.)
| with the same UX as iCloud with E2EE.
| zimpenfish wrote:
| > it might be possible to use personal cloud storage [...]
| with E2EE
|
| Which would quickly become illegal if UKGOV is set on
| getting access to people's iOS backups / cloud storage /
| etc. Hell, it's already a legal requirement to hand over
| your keys if UKGOV demands them[0].
|
| [0] "Regulation of Investigatory Powers Act 2000 part III
| (RIPA 3) gives the UK power to authorities to compel the
| disclosure of encryption keys or decryption of encrypted
| data by way of a Section 49 Notice." https://wiki.openright
| sgroup.org/wiki/Regulation_of_Investig...
| doublerabbit wrote:
| I would be less pissed with this if the UK actually kept
| the data to the UK.
| timewizard wrote:
| You'd be fine with _domestic surveillance_ as long as
| it's kept within country? The average jurisprudence of a
| UK citizen is mind blowing to me.
| throwaway290 wrote:
| I'm not british. I would be fine under their government.
| Not too thrilled but fine
| LocalH wrote:
| Parent said "less pissed", not "fine"
| timewizard wrote:
| I don't negotiate with terrorists.
| alwayslikethis wrote:
| Scale matters. Police don't have the time to go through
| everyone's computers. It is much easier to scan
| everyone's conversations, notes, or photos. Cloud storage
| invites this kind of mass surveillance by being high-
| value targets with little capacity to resist.
| Aloisius wrote:
| Bit more complicated than that. iCloud isn't passive
| storage. A fair bit of the logic exists on the server.
| alwayslikethis wrote:
| You can always have an company without legal presence in the
| UK to do the operations, beyond the reach of the UK
| government. If you are allowed to run your own software on
| your devices, you can always encrypt before sending. Apple
| and to a lesser extent Google got themselves in this position
| of being able to spy by building their walled gardens.
| alecmuffett wrote:
| OP here. I am sympathetic, really I am, but the challenge then
| is a diversity of solutions tends to lack really good high
| quality security systems integration, meaning that data leaks
| differently. It's hard to have a high integrity solution which
| is an open standard and implemented equally well by all
| players.
| bigyabai wrote:
| I would rather that Apple invests in solving hard problems.
| Spending that money on legal representation only kicks the
| can down the road.
| alecmuffett wrote:
| One of the hardest problems you can face is getting a
| community of disparate developers to do the right thing at
| scale; sometimes the easiest solution for that is a
| monolithic integrated blob.
| bigyabai wrote:
| I agree, that's why I applaud smart regulation. Apple is
| a disparate business too, you have no way to bring them
| to the table for doing "the right thing" unless there's
| some threat of repercussions.
|
| It's really easy for Apple to back themselves into a
| vulnerable corner with the "ecosystem" mentality drawn
| out to it's logical extremes. I'd argue it's our
| democratic duty to stop businesses from endangering their
| customers like that, but that really depends on how you
| feel about consumer protections.
| easytiger wrote:
| The EU and the EUC are not your friend when it comes to privacy
|
| https://home-affairs.ec.europa.eu/networks/high-level-group-...
| bigyabai wrote:
| Nor is the jurisdiction Apple is headquartered in:
| https://arstechnica.com/tech-policy/2023/12/apple-admits-
| to-...
|
| It feels like a moot point, to me.
| easytiger wrote:
| How is an exploration of broad spectrum legislative attacks
| on all forms of encryption regardless of hosting and
| corporate ownership and data communication moot?
| bigyabai wrote:
| The UK has to formally ask for a backdoor, the United
| States has the leverage to coerce Apple into implimenting
| one while demanding that it remain a secret. We don't
| know if the US has implemented equivalent iCloud
| backdoors yet, it might be under wraps like the push
| notification bug.
|
| Maybe that doesn't concern you though, and that's fine.
| Apple is always looking for customers that don't care
| that much about their devices.
| easytiger wrote:
| I genuinely have no idea what you are talking about.
|
| Is there a particular reason you don't want to discuss
| the EU working group which is what I posted in response
| to your comment.
|
| I didn't even dive in to how your original comment
| doesn't make sense to me. How do you think the DSA would
| help or change anything regarding either.
| bigyabai wrote:
| Is there any particular reason you ignored Apple's
| admission of extralegal surveillance that they were
| demanded to hide by the US government?
|
| If you want to turn this into a relativist pissing
| contest, be my guest. I think it's a moot point, since
| the United States is complicit in an even more heinous
| form of surveillance. Don't moralize to me when America
| refuses to lead by example, this is the precedent that
| _we_ set.
| freehorse wrote:
| > There would be no world where Apple could even threaten to
| disable it.
|
| They did not "threaten to disable it" and apple's stance on
| E2EE is not the issue here, UK's stance is. UK essentially made
| icloud E2EE by demanding apple to make a global backdoor into
| it, and essentially thus forced them to disable it. It is not
| disabled anywhere else in the world.
|
| Essentially the UK (and other states) want somehow to have
| their pie and eat it too, but that's just not possible.
| doublerabbit wrote:
| If UK is already doing this, then what's them from banning
| all new iPhones? Some countries do.
| mikestew wrote:
| _then what 's them from banning all new iPhones?_
|
| The torches and pitchforks that are soon to follow? You
| might get away with that in oppressive "some countries",
| but I just can't imagine it ending well in someplace like
| the UK.
| andrewflnr wrote:
| I'd hope so, but you never know what you can get people
| to tolerate "for the children". This is, after all, the
| same UK population that voted these halfwits into power.
| nicoburns wrote:
| The children themselves would be in the streets
| protesting if you banned iPhones in the UK.
| andrewflnr wrote:
| Naturally we have to protect them from themselves. /s
| andylynch wrote:
| My kid just brought this up today- it's absolutely a
| concern for their age group.
| FirmwareBurner wrote:
| If it's indeed like you say, that sounds like a monopoly
| that should be addressed, not protected and allowed to do
| as it pleases.
|
| Sure, it's orthogonal to the EE backdoor issue, but Apple
| or any other company, having a monopoly of a nations
| youths means of communication is still an issue.
| giuseppe_petri wrote:
| >these halfwits
|
| You're doing them a favour calling them halfwits, if most
| of the current crop of British politicians were light
| bulbs they wouldn't be bright enough the light the
| cupboard under my stairs.
| yakshaving_jgt wrote:
| We also voted Starmer into power, who is one of the few
| leaders of the free world with a spine.
|
| It's not that black and white.
| PrivacyDingus wrote:
| Can I ask what it is that makes you believe he has a
| spine? His fawning over Trump didn't dispell this? Or his
| constant changes in direction?
| yakshaving_jgt wrote:
| Well he hasn't taken Trump's direction on the war, has
| he?
| dambi0 wrote:
| You could just as well argue that changing direction or
| admitting you got things wrong requires more spine than
| blindly sticking to the same direction even in light of
| new information.
|
| Whether that applies to Starmer is a matter of opinion I
| suppose
| andrewflnr wrote:
| I mean, sure, the US _also_ elected some people who
| oppose the wannabe fascist dictator in chief, but we did
| elect the wannabe fascist dictator. There are a lot of
| forces, but the vector sum is distinctly fuckwitted.
| coldtea wrote:
| Starmer has a spine? He's a warmongering careerist shill,
| hateful of his own people, who never did anything
| remotely worthy of the Labour party pre-Blair legacy...
|
| One of the least spine-owing politicians in the world
| jjani wrote:
| Bread and circuses is what stops them. Whoever would get
| the iPhone banned is guaranteed never to win another
| election. Like banning beer or football.
|
| It would also be banning Macbooks, imagine what companies
| would have to say about that.
|
| The reason Apple isn't calling their bluff is not that
| they're scared the UK will actually ban their products.
| It's for optical and political reasons.
| maxglute wrote:
| I don't know how UK electorate feels about this, global
| backdoor feels like much more unreasonable ask than
| domestic backdoor. Really takes particular hubris to ask
| for it in the first place.
| akimbostrawman wrote:
| Apples stance on E2EE is off by default. UK stance is no E2EE
| at all.
|
| If Apple wasn't a walled garden neither opinions would matter
| since the user could just decide for themselves without Apple
| or the government having power over it.
|
| I dislike how removing a optional feature is being equated to
| a backdoor since unlike this situation it would effect
| everyone without there knowledge. If no E2EE is a backdoor
| then Apple by default is backdoored (which it is but people
| here like to pretend otherwise).
| freehorse wrote:
| > without Apple or the government having power over it
|
| As we are talking about E2EE for cloud storage, governments
| have very much control over it as in banning the use
| certain software by law and applying it through ISPs and
| other means. Not saying I wouldn't prefer a scenario where
| there was indeed some degree of such choice, but that would
| not change anything if a government decides it does not
| want E2EE.
|
| > Apples stance on E2EE is off by default
|
| True E2EE in the context of cloud storage has also certain
| downsides that one should acknowledge, notably if you lose
| access to your keys your data is effectively gone. When we
| talk about a large userbase that includes people who do not
| have a good understanding of this fact (prob most people)
| and this choice is not made by themselves in a more
| conscious manner, this could be a headache for a company
| (and customer service). Go to subreddits of E2EE encrypted
| services and notice how often people come up with having
| forgotten their passwords thus effectively their keys and
| their data (and that's an audience making a more conscious
| choice) and not actually understanding that forgetting
| password + losing any recovery keys = loss of data and that
| proton cannot give them access back (if they could, there
| could not be much privacy there). I am not saying that E2EE
| is bad, but that it is not necessarily the best choice for
| everybody, and thus I have no issue with apple's opt-in
| approach.
| akimbostrawman wrote:
| >governments have very much control over it as in banning
| the use certain software by law and applying it through
| ISPs and other means.
|
| They ofc can however it would take a new even more
| tyrannical law that applies to each citizen which would
| impact all encrption software not just apple. The
| Cryptowars have also shown that such laws are not only
| technical unenforcable but also economical
| disadvantageous.
| avianlyric wrote:
| > new even more tyrannical law that applies to each
| citizen which would impact all encrption software not
| just apple.
|
| The current law does impact all encryption, not just
| Apple. It gives the government the right to force any
| provider to backdoor their encryption, and gags those
| providers in the process. There's nothing in the law that
| restricts it to Apple, or to cloud providers, or to large
| companies, or to it being blanket applied to all
| providers of encryption operating in the UK.
|
| The only reason why we're talking about it with regards
| to Apple, is because Apple is the first confirmed case of
| a provider being instructed to backdoor their crypto, and
| we only know about it because the order leaked, and Apple
| coincidently took public action that unambiguously
| confirmed the leaked info.
| nixgeek wrote:
| Apple's stance is not all E2EE is off by default... Instead
| there are a set of things which are E2EE when you are using
| Standard Data Protection and a wider set of things become
| E2EE when you opt-in to Advanced Data Protection.
|
| This is all clearly documented here:
| https://support.apple.com/en-us/102651
|
| What's changing is the UK government is apparently serving
| a Technical Capability Notice compelling Apple to provide
| access to their customers data, and the only reasonable way
| for Apple to comply is to remove ADP as an option in the
| United Kingdom.
| ziddoap wrote:
| > _UK users would not be beholden to Apple for E2EE if their
| clients had legitimate alternatives to the first-party iCloud
| service._
|
| Any sufficiently popular alternative would be subject to the
| same issue: you can't backdoor encryption without making it
| insecure.
|
| > _There would be no world where Apple could even threaten to
| disable it._
|
| Your framing of this seems to blame Apple, and I don't
| understand why.
| alwayslikethis wrote:
| You can have a service beyond the reach of UK law
| enforcement. Somehow piracy on the clearnet never really
| stopped with it being illegal in most countries.
| tree_enjoyer wrote:
| If you're a company with offices, personnel, and assets in
| the UK, well your "service" may be beyond the reach, but
| the rest isn't.
| ziddoap wrote:
| You're suggesting that Apple, a giant publicly traded
| company with known people that can be summoned to court and
| assets located in places that can be seized, should ignore
| lawful orders from a country they are operating in?
|
| Can I ask you how you think that would play out?
|
| > _Somehow piracy on the clearnet never really stopped with
| it being illegal in most countries._
|
| I'm sure you can spot the difference between a small group
| of people running a piracy site and a multinational company
| selling physical devices in physical stores.
| alwayslikethis wrote:
| I'm not talking about Apple here.
|
| This is what you said:
|
| > Any sufficiently popular alternative would be subject
| to the same issue: you can't backdoor encryption without
| making it insecure.
|
| I'm just saying this is not true because you can have a
| company without any legal presence, thus susceptibility
| to law enforcement, in the UK. The legal issue will be
| shifted onto the user, but it's hard to go after millions
| of users compared to one big company.
|
| The parallel with piracy is that they also tend to be
| operated from beyond the jurisdiction of countries
| enforcing the copyright.
| ben_w wrote:
| That didn't work out for X in Brazil. The government of a
| sovereign nation can just _require_ you to have a
| presence to do business there.
| alwayslikethis wrote:
| That's mostly because of them using Musk's other business
| as leverage. A good company created explicitly to operate
| like this has no such vulnerability. The UK can try to
| stop them by trying to block the IPs or whatever, and the
| company is in turn free to try to circumvent it. The only
| issue is they may be banned from App store, which is a
| self-inflicted problem caused by Apple.
| robertlagrant wrote:
| > you can have a company without any legal presence, thus
| susceptibility to law enforcement, in the UK
|
| This is true, although you'd need to sideload to avoid
| things like "UK government bans this app from the UK app
| store".
| Filligree wrote:
| Or worse, "UK government requires the App Store version
| to be backdoored".
| wqaatwt wrote:
| > should ignore lawful orders from a country they are
| operating in?
|
| By allowing users to install arbitrary software on their
| computers which is not directly controlled by them?
|
| That certainly would be shocking and unheard of.
| lll-o-lll wrote:
| > you can't backdoor encryption without making it insecure.
|
| That's not really true is it? If I have a building where
| every room has its own key, but there is also a "master key"
| that can open all doors; then it's not "insecure". You want
| to be pretty bl--dy careful with that master key, sure, but
| the _idea_ isn't crazy.
| akimbostrawman wrote:
| Even the most secure masterkey can just be stolen.
|
| https://en.m.wikipedia.org/wiki/EternalBlue
| ziddoap wrote:
| It is _absolutely_ a crazy idea.
|
| Physical analogies don't really work in this situation
| because of the scale, and the payout.
|
| A physical master key for a building has a few hundred
| thousand/a few million people that could potentially access
| it. The payout is low (i.e. the motivation is low on
| average)
|
| An encryption backdoor to phones has a few _billion_ people
| that could potentially access it. From anywhere in the
| world. The payout is huge (access to all iPhones).
|
| Multiple entire governments would dedicate tens of millions
| of dollars and thousands of people to gain access to a
| ubiquitous backdoor on something like a phone. The same
| just isn't true with your building analogy -- they are
| completely different.
| lll-o-lll wrote:
| It doesn't have to be one key for all, one key for a
| bucket, per user if needs be. Can't these master keys be
| in offline HSM's? I get your argument, but it doesn't
| seem an impossible problem to solve.
| gopher_space wrote:
| More to the point, a master key is a _management tool_
| for infrastructure maintenance. Its relationship to
| security is that I can securely keep all the monkeys
| organized in my monkey hut. The master key exists in a
| world where you can throw a brick through a window.
|
| Security *around* the master key is entirely about
| pinning liability to one human being at a time. Security
| through hot potato.
| qwertox wrote:
| That master key sounds like a high value target, if it can
| open so many doors. Are you sure the one who guards that
| key is storing it securely enough and not just in a keyring
| together with other "important" keys he sometimes carries
| around needlessly? Are you sure he can't be coerced into
| "borrowing" it to someone, or handing it over to the police
| without first letting a lawyer check the warrants?
|
| Have you considered that the locks need to have a weaker
| security if a key must exist which can open all the doors
| in the building?
| vunderba wrote:
| The ability to steal the master key by virtue of it being a
| physical object is _SEVERAL_ orders of magnitude lower than
| a "virtual master key" that is potentially vulnerable to
| the entire online community.
|
| If you consolidate security into a singular "skeleton key"
| - you 100% weaken your security.
| jeroenhd wrote:
| The UK demands a backdoor in the backups, so having an
| alternative backup app isn't the solution here. All the
| alternatives would just get forced into also adding backdoors,
| or everyone working for the companies that provide alternatives
| find themselves unable to ever enter the UK again.
|
| That said, I do wish there were more backup solutions for
| mobile platforms. Android has an API for this, but it's only
| available to software signed with manufacturer keys. LineageOS
| and various other custom ROMs use this to allow Seedvault
| backups, but as a stock Android user I can only pick between
| Google backups and no backups.
|
| On the other hand, these backups do contain material you don't
| necessarily want random apps to have access to. Seeing how
| powerful stalkerware/"parental control" already is on Android,
| I recognise that there are dangers that the general population
| might not realise. Adding additional warnings and messages
| about backups (even when the backups are made using
| manufacturer software) would probably strike a balance, though.
| t00 wrote:
| Both Apple and Android (stock) are candidates for anti-
| monopoly regulations regarding the limited, vendor locked
| backup API.
|
| Enforcing choice of the backup solution would solve the
| problem of rogue countries like the UK meddling with privacy
| and security.
|
| Like the browser choice, backup provider choice can end up
| being enforced, likely by the EU as they have a good history
| of breaking up vendor lock-ins.
|
| Possibly an information/lobby campaign can be started and
| endorsed by some major online storage providers?
| jeroenhd wrote:
| I agree, though with Android an argument can be had that
| Samsung and other manufacturers can offer alternatives if
| they want to (they have their own stores and their own
| platform keys).
|
| I don't think there's a large lobby for the backup app
| industry but a lawsuit against Apple/Google/Samsung should
| be easily won here.
| XorNot wrote:
| No android backup software I've seen is remotely good enough
| though: as in "indeop my phone in a shredder, and replace it
| with another identical model but thanks to the backup it
| relaunches _exactly_ as it was "
|
| Like a bunch of stuff will backup data, yet it's just about
| impossible to autonomously and confidently ensure I can
| restore my home screen and other app configuration data.
| stetrain wrote:
| The UK is the one saying that they have the right to request
| backdoor access to any E2EE services.
|
| This could extend to any app available in the UK market, or in
| preventing the phone makers from allowing software to run that
| is not approved by the UK.
|
| A truly open software ecosystem would make this harder to
| enforce, but it wouldn't stop them from trying.
| mig39 wrote:
| Man, you know you're the baddies when you have to have "secret
| courts."
| ndegruchy wrote:
| Didn't realize he was _also_ talking about the US secret
| courts. Sorry.
|
| Uh...[1] yeah. Secret courts are the worst! Those British and
| their secrets!
|
| [1]:
| https://en.wikipedia.org/wiki/United_States_Foreign_Intellig...
| mig39 wrote:
| Like I said, you know you're the baddies when you have to use
| "secret courts."
| abtinf wrote:
| A charge of hypocrisy necessarily implies you agree with the
| principle.
| ndegruchy wrote:
| I don't. I was merely pointing out the hypocrisy, not
| understanding that he meant it as a blanket statement for
| both/all countries with secret courts.
| mig39 wrote:
| I'm not American. But if my country had (or has) secret
| courts, I'd think they were evil too.
| breakingcups wrote:
| What hypocrisy were you pointing out?
| ben_w wrote:
| Not so. Hypocritical positions tell you an error exists,
| but not which of the two contradictory positions is the
| wrong one.
| paulddraper wrote:
| FISA abuse has been broadly reported in recent years.
| crimsoneer wrote:
| ... this is very silly. Sometimes the government needs to have
| secret stuff, and that needs an oversight body... _and they
| need to see the secret stuff_
| timewizard wrote:
| The oversight body is the legislature. The judiciary has no
| ability to provide oversight. The judiciary cannot act on
| it's own. It cannot conduct investigations. It can only act
| on cases and motions within those cases. The two ideas you've
| presented do not have anything to do with eachother.
| paulddraper wrote:
| Specific details, sure.
|
| Locations of military assets, passcodes, officials' personal
| details, etc.
|
| _But you cannot have a democracy without the people knowing
| what their government is doing._
| 93po wrote:
| There is absolutely no reason why the public at large can't
| know that some three letter agency is legally forcing a
| company to provide information with a national security
| letter. The public knowing that this is happening doesn't
| divulge any useful information to anyone. The fact that free
| speech is in fact being trounced in the US is really freaking
| gross to me.
| genbugenbu wrote:
| That's a pretty naive take imo ; divulging such information
| leads to change in behaviour of nefarious actors.
|
| I totally get the viewpoint, but there are other
| perspectives to consider
| treesknees wrote:
| I don't disagree that it can change behavior, but surely
| many or most of these nefarious actors must already
| assume that uploading illegal materials to Apple or
| Google, whether they claim E2EE or not, is a risk? See
| for example Apple's ditched efforts to scan and flag CSAM
| material on-device.
|
| My assumption has been that the real bad guys use their
| own infrastructure attached to anonymous access methods
| like Tor, or using anonymous file sharing accounts that
| can't be tied to an iPhone's serial number. Maybe that's
| not true?
|
| Offering transparency in these areas may help to
| understand whether the government is really doing this to
| arrest criminals, or just to have unfettered access to
| everyone's data.
| robertlagrant wrote:
| It's not naive. I can definitely see value in a two-tier
| warrant system. The first (and normal one), just like a
| physical warrant: you know you're being searched. The
| second, and it is much harder to get: a covert warrant,
| more like a wiretap.
| 93po wrote:
| Literally any bad actor with half a brain cell assumes
| every large american tech company has been served a NSL.
| Disallowing them from disclosing they received one seems
| pretty pointless and only done to prevent bad optics and
| public opinion
| ChrisArchitect wrote:
| Related:
|
| _Apple takes UK to court over 'backdoor' order_
|
| https://news.ycombinator.com/item?id=43270079
| rvz wrote:
| Why would you want to live in the UK, especially under this
| government?
|
| Unless you want to enjoy a full surveillance state close to
| China?
|
| Even if you are running away from the US, you should just ignore
| the UK as a destination at this point.
| ajsnigrutin wrote:
| Most people were born there and have nowhere to go.
|
| The problem is, that it's spreading... EU already wants "AI" to
| read our private messages, US and it's patriot act was not much
| better (+ everything within wikileaks), etc.
| bigfatkitten wrote:
| https://archive.is/YZF6r
| cs02rm0 wrote:
| _So the question in my mind is: is the UK Government attempting
| to cover-up its previous advocacy of ADP, by censoring this old
| document?_
|
| In a word, yes.
|
| I'd be fascinated to know who in the hive mind decided to do it
| though; I can't see someone too senior coming up with an http
| redirect as the answer. I guess the scrub order came down the
| chain and an automaton jumped into action.
| mike-the-mikado wrote:
| Perhaps they know that ADP security is broken. That would
| justify both changing the recommendation and asking to read it.
| tweetle_beetle wrote:
| Interestingly, the well respected head of the Home Office
| announced departure around the same time as this story
| breaking.
|
| There are always lots of juicy things going on in the big
| government departments, so connections could be made at almost
| any time. But the timing and quick departure does seems
| notable.
|
| https://www.independent.co.uk/news/uk/home-news/matthew-rycr...
| Aloisius wrote:
| Simply turning off ADP for UK users seems like it wouldn't
| satisfy the UK who likely wants the keys to people's data who
| live outside the UK as well.
|
| So Apple either has to fight this in court, compromise security
| worldwide, disable iCloud worldwide or exit the UK market.
|
| The same law can arguably be used to compel Apple to backdoor
| phones and devices themselves as well.
| gjsman-1000 wrote:
| The good news: The US Director of National Intelligence, Tulsi
| Gabbard, is fully aware of the request and has responded to a
| letter from Congress about it. She has stated that in her
| opinion, while this plays out, it would actually be possibly
| illegal for the UK to make this request, let alone Apple to
| comply with it, under the US CLOUD Act. If this is true, Apple
| will have no choice but to leave the UK than comply, and the UK
| will find themselves in a no-win situation for this demand.
|
| https://www.reuters.com/technology/us-examining-whether-uks-...
|
| Edit: This is in addition (for better or worse, I'm just the
| messenger) to Trump personally calling the EU's rules for tech
| unfair, JD Vance giving a speech accusing the UK and Europe at
| large of violating free speech, the UK's prime minister being
| personally teased by Vance at their meeting about free speech
| (overshadowed by Zelensky's meeting later the same day), and
| FCC Commissioner Brendan Carr stating the EU Digital Services
| Act is incompatible with American free speech values. In my
| opinion, this turned out to be the dumbest possible time for
| the UK to attempt such a move, even if it wasn't foreseeable
| when the demand was issued.
| bigyabai wrote:
| That's great news, now Ron Wyden won't have to feel so lonely
| when congress ignores his demands to end illegal surveillance
| of American citizens. It'll be like a hunky-dory, bipartisan
| "anti-surveillance surveillance club" or something!
| vfclists wrote:
| There is too much deflection from the true purpose for these
| regulations.
|
| The main thing here is that if a Govt approaches a party to gain
| access to their encrypted data the party can stall them, destroy
| the data, claim amnesia or point the Govt in the direction of
| their lawyers. If the Govt approaches Apple or some other
| company, the companies don't have to inform the targets and can
| probably compel the companies not to inform the targets.
|
| With encryption there is even no hard evidence that the data
| sought exists.
|
| This is the main reason for the laws. Their purpose is to gain
| access to encrypted information without their target's knowledge.
| jeroenhd wrote:
| Though I doubt it's the main driving force of the government, a
| common theme in news articles about suicides and murders is
| family members being upset that Apple won't give iPhone backups
| or unlock codes to loved ones. Grieving family members often
| portray Apple as uncaring and unwilling to unlock devices with
| a simple software update.
|
| There are plenty of people with good intentions calling for
| backdoors like this. I believe a good government will know the
| implications and ignore the pleas, but it seems there aren't
| that many good governments left.
| dfawcus wrote:
| There is still a picture of the front of the document available:
|
| https://archive.ph/uXyEf
| yapyap wrote:
| We really live in the stupidest timeline
| theandrewbailey wrote:
| Oy! You got a loicense for that encroiption?
| eterm wrote:
| Says someone from a country where the act of crossing the road
| is outlawed.
|
| But seriously, get some new material. Tiresome fake accents
| mocking another country is just childish, especially when it
| has nothing to do with the article in question.
| brink wrote:
| If ya ain't doin' nuffin' illegal, ya got nuffin' to 'ide,
| mate.
| seanw444 wrote:
| Soon enough you're gonna need a license to protest.
| immibis wrote:
| You already need one, and they don't exist. That is,
| protesting is outright illegal. Actually, that's the case in
| most countries already.
| BobaFloutist wrote:
| I've always wondered, what happens if there's no organizers
| and a bunch of people just sorta independently agree to
| show up together somewhere and tell all their friends by
| word of mouth? Is the first person who tweeted "Let's all
| go protest!" held accountable as the organizer, or what?
| greenavocado wrote:
| In the UK they go to prison anyway. You will be arrested
| for praying in silence.
|
| https://www.thefp.com/p/abortion-buffer-zones-united-
| kingdom...
|
| https://aleteia.org/2023/03/09/pray-get-arrested-repeat-
| uk-w...
|
| https://reason.com/2024/10/17/british-man-convicted-of-
| crimi...
| immibis wrote:
| Yes, pretty much.
| Oarch wrote:
| To a degree this exists. For large protests you need to give
| notice and can even face jail time for failing to inform the
| police.
| seanw444 wrote:
| True. I'm meaning more "take a one month government-
| sponsored class to learn about safe methods of protest, the
| relevant regulations on sound amplification, and what words
| are deemed too profane for putting on a sign, in order to
| obtain your Protester ID Card."
| f1shy wrote:
| Oh. Not again that german ideas!
| cft wrote:
| and a license to program a computer
| xdennis wrote:
| It's already a criminal offense to protest inside your mind.
| [1]
|
| [1]: https://reason.com/2024/10/17/british-man-convicted-of-
| crimi...
| oliwarner wrote:
| It's the _where_ that matters, there.
|
| Having seen the other extremes, eg Westboro attacking
| mourning families, I'll take the UK's interpretation of
| freedom. It includes the idea that other people have a
| right to go about their business without busybodies with no
| standing getting in the way.
|
| Edit: I also wouldn't claim the UK always gets it right,
| but sometimes balancing those ideas --rights to speech,
| privacy, and to exist unimpeded-- isn't simple. Nasty
| artefacts like super-injunctions feel stifling, people
| arrested for online speech sometimes a little too far, but
| I'd still take it over many alternatives.
| card_zero wrote:
| The reason for that is because you can fuck off with the
| persistent harassment of those who come to get abortions,
| including by "praying", that is, hanging around near the
| clinic trying to guilt-trip pregnant women. You're
| completely free to _fuck the fuck off away from the area_
| and bow your head disapprovingly. You 're also free to
| think whatever you like inside the designated safe zone so
| long as you're not being demonstrative about it. Anyone
| who's deliberately come near to the clinic in order to
| visibly pray is picketing it. Having a grievance about this
| as if it was thought policing is dishonest.
| hansvm wrote:
| If it were a fish and chips stand there'd be no problem
| with picketing, praying, or most other nonviolent, non-
| threatening demonstrations that didn't get in somebody's
| way. You could make it your full-time job to protest
| every fish and chip stand in the country without issue.
| It _is_ thought policing, since the only crime is
| protesting the "wrong" thing.
|
| Maybe it's still fine to ban that sort of protest, but
| let's call it what it is.
| pessimizer wrote:
| Pretty sure that the US, UK and Europe fixed that back in the
| 90s, during the anti-globalization protests.
|
| Ever since the Democratic Party established in 2004 that you
| could designate "Free Speech Zones" where the constitution
| would be in effect, and literally put _bars_ around them, it
| was an inevitability that people living in US vassals that
| have never had strong speech protections would lose it all.
| The US sets the standard for a written absolute free speech
| right, but makes bad speech its biggest enemy and covertly
| finances censors overseas to lobby _against_ free speech
| protections.
|
| -----
|
| Random person on internet:
|
| > Has anyone heard about the protester pen set up at the
| Democratic convention?
|
| > It's constructed with mesh, chain link & razor wire to
| contain any DNC protesters - not after they've been rounded
| up by police for unlawful activity - but to house them while
| they are protesting!
|
| > "U.S. District Court Judge Douglas P. Woodlock called the
| barbed-wire pen "an affront to free expression'' and
| "irrefutably sad'' but necessary because of protesters'
| antics in New York and Los Angeles."
|
| > Story here. [http://news.bostonherald.com/dncConvention/vie
| w.bg?articleid...]
|
| > And this is the Democratic convention.
|
| > I've got a really bad feeling about this.
|
| https://files.electro-music.com/forum/topic-2781-0.html
|
| -----
|
| truthout, Sunday 25 July 2004:
|
| > Demonstrators who want to be within sight and sound of the
| delegates entering and leaving the Democratic National
| Convention at the Fleet Center in Boston this coming week
| will be forced to protest in a special "demonstration zone"
| adjacent to the terminal where buses carrying the delegates
| will arrive. The zone is large enough only for 1000 persons
| to safely congregate and is bounded by two chain link fences
| separated by concrete highway barriers. The outermost fence
| is covered with black mesh that is designed to repel liquids.
| Much of the area is under an abandoned elevated train line.
| The zone is covered by another black net which is topped by
| razor wire. There will be no sanitary facilities in the zone
| and tables and chairs will not be permitted. There is no way
| for the demonstrators to pass written materials to the
| convention delegates.
|
| https://web.archive.org/web/20050625073603/http://www.trutho.
| ..
| thepaulmcbride wrote:
| Not everyone from the UK is English or indeed has a London
| accent...
| UrineSqueegee wrote:
| can you be that socially inept that you can't understand it's
| a joke?
| card_zero wrote:
| Is something that's just wrong the same as a joke?
|
| Anyway London accents don't go "oi". This is a Birmingham
| accent. London accents go "ah".
| kristiandupont wrote:
| I am honestly trying to figure out what you are arguing
| here. GGP didn't say something like "This is what
| everyone in England sounds like: ..."
| card_zero wrote:
| Isn't that what a caricature is supposed to do?
|
| Here we have a caricature which is irritating because
| it's off the mark. I demand better mockery.
| tempodox wrote:
| Is Birmingham accent bad mockery?
| card_zero wrote:
| It's oddly specific mockery, like Ozzy is England's
| international representative. I don't know, maybe he is.
| But I doubt Birmingham even inspired the meme, this is
| probably a caricature of Dick Van Dyke more than anyone.
|
| To be fair, Brits seem to think New Yorkers go "oi" and
| they don't really either.
| yieldcrv wrote:
| we know, enjoy the mockery
| worik wrote:
| > Not everyone from the UK is English or indeed has a London
| accent...
|
| That is true. Especially these days, even in London.
|
| But England completely dominates the politics of the UK.
|
| FWIIW this sounds English to me. They bought us the Magna
| Carta that made Kings subject to law, but they have never
| been free.
| alasdair_ wrote:
| >but they have never been free.
|
| Different kinds of freedom. In London you can legally
| jaywalk naked while drinking a beer in front of a cop and
| know that even if you really pissed the cop off, you'd
| never get shot for it.
| blitzar wrote:
| quite
| tempodox wrote:
| Could you write your comment in a Scottish accent, please?
| glitchc wrote:
| Certainly m'lord, but it does look like gibberish.
| kichimi wrote:
| You know this is just making fun of the poor working class?
| It's offensive.
| jodrellblank wrote:
| Yes! I got it from the US government department which regulates
| encryption:
|
| https://en.wikipedia.org/wiki/Export_of_cryptography_from_th...
|
| I can use more than 56-bit DES :)
| verisimi wrote:
| The UK government should mandate http (not https) everywhere.
| botanical76 wrote:
| Why bother? They can just visit Cloudflare HQ, who already
| proxy 19.3%[1] of the internet. AFAICT, all https traffic
| proxied by them is accessible to them in plaintext. Of course,
| Cloudflare are disallowed by law from letting us know if the UK
| government were surveilling all of their proxied traffic.[2]
|
| [1] according to this particular metric:
| https://w3techs.com/technologies/details/cn-cloudflare [2] "the
| IPA makes it illegal for companies to disclose the existence of
| such government demands."
| https://www.macrumors.com/2025/02/21/apple-pulls-encrypted-i...
|
| IANAL
| kypro wrote:
| It surprises me I don't hear more about this in tech circles
| to be honest because it's something that concerns me greatly.
|
| I like Cloudflare as a product, but it seems to me they've
| effectively made privacy from state actors online impossible.
|
| Of course, if you cared enough you don't have to use services
| that use Cloudflare or other reverse proxy services, but most
| of the web is behind a reverse proxy these days making that
| difficult.
| smittywerben wrote:
| I assumed from the headline this was about GDPR Article 32.
| Instead, I got tricked into reading about Apple fighting for
| their right to sell me another adapter to add back the features
| they removed for security.
|
| Edit: It appears my comment was moved from a duplicate discussion
| titled "UK quietly scrubs encryption advice from government
| websites" which linked to TechCrunch.
|
| https://techcrunch.com/2025/03/06/uk-quietly-scrubs-encrypti...
| cassianoleal wrote:
| > Apple fighting for their right to sell me another adapter
|
| What adapter is that you read in the article about?
| blitzar wrote:
| The encryption dongle adaptor.
| smittywerben wrote:
| My comment was a joke connecting wiretapping (from the
| Investigatory Powers Act) with Apple's proprietary adapters.
| The parallel I was drawing: just as the UK suggests requiring
| licenses for encryption, Apple already charges $99/year to
| develop devices you own. A wire "tap" is an adapter (a tap)
| in the communication line. You can add one yourself at the
| end of the chain, but the UK also fights with Apple about
| their USB-C standardization, so it was also referencing the
| larger regulatory battle.
|
| Clearly, you didn't understand enough to respond to the joke,
| and it's against HN guidelines to suggest I didn't read the
| article. However, this topic is derailed due to The Online
| Safety Act. As I said, the headline was well crafted.
| GoToRO wrote:
| And they recommend Apple instead.
| vsgherzi wrote:
| UK trying to ban math...
| giancarlostoro wrote:
| Doubt this is due to security concerns and moreso being
| instructed to do so for political reason.
___________________________________________________________________
(page generated 2025-03-06 23:01 UTC)