[HN Gopher] The UK is still trying to backdoor encryption for Ap...
___________________________________________________________________
The UK is still trying to backdoor encryption for Apple users
Author : CharlesW
Score : 189 points
Date : 2025-10-04 20:07 UTC (2 hours ago)
(HTM) web link (www.eff.org)
(TXT) w3m dump (www.eff.org)
| bigyabai wrote:
| If your OEM can be coerced into pushing a backdoor in an OTA
| update, maybe our software habits are to blame.
|
| We'll always be powerless to stop top-down attacks like this
| until we demand real audits and accountability in the devices we
| own. Shaming the UK only kicks the can down the road and further
| highlights the danger of trusting a black box to remain secure.
| beeflet wrote:
| When a company has the ability to push OTA updates to a device
| locked down with trusted computing, it's not even a backdoor at
| that point, it's a frontdoor.
|
| I agree political action here is totally fruitless. The UK
| government and Apple could already be cooperating and you would
| have no way of telling the difference.
| JoshTriplett wrote:
| > When a company has the ability to push OTA updates to a
| device locked down with trusted computing, it's not even a
| backdoor at that point, it's a frontdoor.
|
| Ideally, everything that runs outside of an app sandbox would
| be 100% Open Source. Anything short of that is not sufficient
| to give people full confidence against a backdoor. (Even that
| _also_ relies on people paying attention, but it at least
| gives the possibility that people outside of a company
| whistleblower could catch and flag a backdoor.)
| zzo38computer wrote:
| I think so too. It should include full free open source
| specifications of hardware, as well as fully FOSS for all
| software that is not inside of the sandbox system, and
| probably also FOSS for most of the stuff that is using the
| sandbox, too. Other things should also be done rather than
| this way alone, but this will be a very important part of
| it.
| mulmen wrote:
| Open source alone isn't enough. You also need a way to
| build and deploy the code yourself.
| JoshTriplett wrote:
| Agreed. And demonstrated reproducibility showing that the
| result is identical.
| Xelbair wrote:
| I'll go even further and bring up Trusting Trust - whole
| chain needs to be open source and verifiable.
|
| and you need to be able to compile each and every part of
| it.
| hunter2_ wrote:
| > you would have no way of telling the difference
|
| If only specific individuals are targeted, I agree. But if
| it's pushed to all users, wouldn't we expect a researcher to
| notice? Maybe not immediately, so damage will be done in the
| meantime, but sooner than later.
| SV_BubbleTime wrote:
| How long was HeartBleed exploitable? How many people looked
| at that code? Now, take the source away and make the
| exploit intentional.
| michaelt wrote:
| _> But if it 's pushed to all users, wouldn't we expect a
| researcher to notice?_
|
| Think of the security a games console has - every download
| arrives encrypted, all storage encrypted, RAM encrypted,
| and security hardware in the CPU that makes sure everything
| is signed by the corporation before decrypting anything. To
| prevent cheating and piracy.
|
| Modern smartphones are the same way.
|
| We can't expect independent researchers to notice a
| backdoor when they can't access the code or the network
| traffic.
| thewebguyd wrote:
| That's the trick. We don't own the devices. We merely license
| their use. No root, no ownership.
|
| People have been warning of this outcome for years and years.
| Stallman was right and all that. We got laughed out of the room
| and called paranoid weirdos.
|
| Ever since smartphones were a thing it's been obvious that this
| is where we were heading.
| ktallett wrote:
| As someone who lives in the UK, I hope Apple tell the government
| where to shove their requests, and that they don't bow down like
| they did in China. I would prefer a company withdraws from the UK
| than listens to these over reaching requests of a power hungry
| government.
| bigyabai wrote:
| > I would prefer a company withdraws from the UK than listens
| to these over reaching requests of a power hungry government.
|
| That doesn't sound super profitable. Apple made money by the
| truckload bending over to accommodate surveillance in China.
| Normal_gaussian wrote:
| Whilst this is true; its also worth considering:
|
| If Apple did not stay in the Chinese market they will very
| quickly have a competitor appear in that market that will
| then threaten other markets. Arguably, there are already
| Apple competitors in it and Apple's position keeps them from
| occupying a space that quickly leads to competing with Apple
| globally.
|
| China is generally viewed as a unique market and capitulating
| to the Chinese government may lead to capitulation to the US,
| but not to any other nation as they are incomparable.
|
| The UK market will neither create an Apple competitor nor
| will it provide enough scope to allow existing competitors to
| meaningfully grow.
|
| Capitulating to the UK government will lead to many other
| countries requiring similar capitulations.
| anonymousiam wrote:
| So from the selfish Apple perspective, it made perfect
| sense and Apple did the right thing (for them). From a
| rights/freedom perspective (for their users), they did the
| wrong thing, but that's not a battle that they they alone
| can win.
|
| Out of the 197 countries in the world, how many have
| governments that respect the privacy rights of their
| citizens enough to prevent mass surveillance of them?
| Answer: Zero. Bring on the arguments about the various laws
| that prevent this, and I'll point you to the "national
| security and law enforcement exceptions" they they all
| have, sometimes in the form of "classified" contracts or
| court orders, and sometimes in the form of "executive
| orders" or other similar instruments. There are also
| agreements between the intelligence services of allied
| countries that facilitate information sharing, so each
| counterpart can do the collection and analysis of the
| partner nation and share the results, without technically
| violating any of their laws.
| beeflet wrote:
| Keep hoping
| jeroenhd wrote:
| > I hope Apple tell the government where to shove their
| requests
|
| They complied with the previous request, and stopped because
| the US government pressured the UK government because they
| didn't want US nationals to also fall victim to reduced
| security.
|
| I'd love to see Apple stand up this time, but given their
| history I don't think it'll happen beyond a miffed comment on a
| blog somewhere.
| jonplackett wrote:
| If they do it once though, they'll have to do it everywhere
| that asks. I hope they can see they're standing at the top of
| a very slippery slope.
|
| I also hope our idiotic government starts to go deal with the
| country's _actual_ problems sometime soon instead of coming
| up with pointless / dangerous bs ideas like this + digital ID
| Onavo wrote:
| There's an easy way out of it but most HN users here would
| hate it. Apple can just donate to Trump and the problem with
| the British would go away overnight. Downing Street and GCHQ
| combined cannot match the coffers of Apple and the greenback
| is the only currency of power that the whitehouse
| acknowledges.
|
| At the end of the day, the emperor is happy to yank on the
| leash of the special relationship so long you pay him off.
| blitzar wrote:
| CEOs wont go to jail for their customers, especially when there
| are billions of customers.
|
| There are only two defences, the law - which is on the
| governments side or not giving your data to people who fuel
| their yacht and their jet with customer data.
| wotmatetherow wrote:
| If you're hoping for multi-trillion dollar multinationals to
| fight political battles on your behalf, you're playing the
| wrong game.
|
| Either your country is a democracy where people get to choose
| what their government does (aka, a majority of people want
| these invasive policies), or it's illegitimate and should be
| treated as such.
| sneak wrote:
| They don't need to. All of the photos and iMessages are stored in
| iCloud without e2ee (nobody has ADP turned on, and it's blocked
| in the UK anyway) and Apple provides the data to the Five Eyes
| without a warrant.
|
| This is already the status quo in the US. The fact that ADP is
| offered as an option is irrelevant.
| zer00eyz wrote:
| https://support.apple.com/en-us/102651#:~:text=Advanced%20Da...
|
| Lots of things to fault apple about. This likely is not one of
| them.
| bigyabai wrote:
| > likely
|
| These load-bearing assumptions are part of Apple's issue.
|
| Anyone can write a whitepaper, keeping a transparent SBOM is
| a different level of commitment.
| throawy wrote:
| This must be a response to the headline, without reading the
| article. It's specifically users' ADP content that the UK gov
| wants to be able to access.
| leakycap wrote:
| It's encrypted iCloud backups, not ADP.
|
| ADP hasn't been available in the UK for some time now.
| throawy wrote:
| It's ADP. That's why Apple didn't reinstate ADP in the UK.
| The UK wants a backdoor for UK users of ADP.
|
| And there are plenty of UK users of ADP - those who got in
| before it was banned still have it.
|
| From the article:
|
| > After the U.K. government first issued the TCN in
| January, Apple was forced to either create a backdoor or
| block its Advanced Data Protection feature
|
| > the US claimed the U.K. withdrew the demand, but Apple
| did not re-enable Advanced Data Protection
|
| > The new order provides insight into why: the U.K. was
| just rewriting it to only apply to British users
| leakycap wrote:
| perhaps you overlooked the literal first line?
|
| > The Financial Times reports that the U.K. is once again
| demanding that Apple create a backdoor into its
| _encrypted backup services._
|
| If you read further, or click the FT link, you'll see the
| UK is now demanding access to encrypted iPhone backups.
|
| ADP is not relevant beyond the history; the UK is not
| doing anything with ADP but I understand the confusion if
| you don't know that "iPhone iCloud backup" is a separate
| service for iPhones.
| leakycap wrote:
| > nobody has ADP turned on
|
| This isn't the type of question I normally ask people, so it
| sounds like you've made a bad guess here and are treating your
| own assumption as fact. You are incorrect; I have ADP turned
| on.
|
| > Apple provides the data to the Five Eyes without a warrant.
|
| Source? Or are you assuming here, too?
|
| > The fact that ADP is offered as an option is irrelevant.
|
| Only if you think no one uses it.
| ChrisArchitect wrote:
| Discussion:
|
| https://news.ycombinator.com/item?id=45440226
| pipes wrote:
| The article states that apple removed the feature in the UK. So
| what are the UK government demanding access to?
| leakycap wrote:
| Advanced Data Protection, where Apple does not keep a copy of
| your encryption keys (essentially), was removed in the UK.
|
| The UK seems to now want Apple to decrypt/provide access to
| encrypted iPhone backups. This is where your device backs
| itself up in a restorable format to the cloud, including
| passwords and private data. Since Apple has a way to decrypt
| non-ADP iCloud data, UK wants it.
| blitzar wrote:
| Frankly if Apple (or any provider for that matter) hold the
| encryption key then it isn't encrypted.
| varispeed wrote:
| It's encrapped.
| leakycap wrote:
| Frankly most of the services you use work exactly like
| this, so you must think very few things are encrypted
| throawy wrote:
| It's not removed in the UK for users who enabled it before the
| ban. There may be existing users of it that the UK gov are
| interested in.
| holoduke wrote:
| What is happening in the UK really?. I see numerous clips of the
| desperate state of many parts of various cities. It seems the
| country is in a steep decline. The once mighty UK sailing the
| world now became an island of elitists and many more poor low
| class folks. Sad reality
| mulmen wrote:
| They didn't just "sail the world". They brutally conquered the
| world. Over time those conquered colonies said no thanks to
| being ruled. Hard to maintain a great empire when you can't
| keep stealing from your subjects.
| monero-xmr wrote:
| I have been following this thread for a long time. The UK is
| poor, simply put, but it has taken a long time to realize it.
| But the chickens are coming home to roost now. The blame is
| primarily the rich and immigrants. The real problem is
| socialism and heavy taxes, plus a denigration of entrepreneurs
| and business owners. They will learn, once everything has gone
| to utter shit
| leakycap wrote:
| > The UK is poor, simply put
|
| That's far too simply put
|
| The UK has incredible wealth, it is just more concentrated
| than ever in a few select pockets
| monero-xmr wrote:
| Yes like I said you have the socialism take and your enemy
| is the rich. You will learn eventually
| crimsoneer wrote:
| Clips don't tell you anything. The UK is suffering in the same
| way as every other developed country outside of the US and
| China - low growth that isn't propped up by booming AI and
| demographic issues.
| Normal_gaussian wrote:
| I'd be very curious to see the desperate state you are talking
| about.
|
| For physical infrastructure, there are certainly less well
| maintained areas and historical policies causing issues, but
| I'm not aware of any areas that are structurally/physically
| unsafe.
|
| There are 'rougher' areas, places where theft is more likely
| but very, very few areas that are genuinely unsafe to walk
| through. The only ones I'm really aware of are two very small
| areas in London (basically 2-3 buildings) and certain kinds of
| traveller camps.
|
| For pretty much everything else, it seems to be on par with
| other European nations - generally behind the Nordics of
| course.
|
| Share the videos - I'd love to understand where you are coming
| from.
| encom wrote:
| >What is happening in the UK really?
|
| Everyone knows it, but you're not allowed to say it, and you're
| definitely not allowed to say it in the UK or you will
| literally be arrested for speech.
| lucasRW wrote:
| What, so JD Vance was right ?!
| aucisson_masque wrote:
| Aren't the English already forced to give cops their phone
| passwords and face jail time if they refuse to?
|
| Giving away Apple's encrypted cloud is just another small step
| into making 1984 a reality.
|
| In France, they tried to make a law to force signals, WhatsApp,
| and other encrypted messaging to implement backdoors so that they
| could catch drug dealers.
|
| Thankfully, it wasn't voted for, but truthfully, the average
| people didn't give a shit. I wish there was a way to make people
| learn how important privacy is to freedom and, therefore, to
| democracy.
|
| I blame the education system that teaches almost nothing
| relevant. We even had 'citizen lessons', but it was about
| learning how the political institution works. We never spoke
| about what is freedom, what it involves, how easy it is to lose
| it, how hard it is to gain it.
| pbalau wrote:
| > Aren't the English already forced to give cops their phone
| passwords and face jail time if they refuse to?
|
| Ha? Source?
| ThePowerOfFuet wrote:
| Ha! Source: https://en.wikipedia.org/wiki/Regulation_of_Inves
| tigatory_Po...
| varispeed wrote:
| Section 49 of the Regulation of Investigatory Powers Act 2000
| (RIPA).
|
| This section grants police and other public authorities the
| power to issue a formal written notice (a "Section 49
| notice") demanding that a person disclose the password, PIN,
| or encryption key to a protected device or data.
|
| A notice cannot be issued lightly. It requires approval from
| a judge and can only be used when it is deemed necessary and
| proportionate for purposes such as:
|
| In the interests of national security.
|
| For the purpose of preventing or detecting crime.
|
| In the interests of the economic well-being of the UK.
|
| Refusing to comply with a lawfully issued Section 49 notice
| is a criminal offence under Section 53 of RIPA
|
| Standard cases: Up to two years' imprisonment.
|
| Cases involving national security or child indecency: The
| maximum penalty is increased to five years' imprisonment.
| pessimizer wrote:
| The most important thing about this, and other similar overreach,
| is that there is _no_ democratic constituency for this. It 's a
| waste of time, almost a distraction, picking at the rationality
| of these constant attacks. The important thing is to find out
| exactly who they are doing it _for._
|
| Who asked for it? Let them speak up, and explain why they are so
| special that governments should and do obey them. Starmer doesn't
| personally care about any of this (or anything.) No Labour MP
| cares about any of this. Who is _convincing_ them to override
| democracy to create tools that make it easier to override
| democracy? _Force_ them to drop the pretense that they have come
| up with this themselves, and that they personally believe that it
| is important.
|
| Start by finding out who the hands were who wrote the actual
| text. The MPs themselves, and the network of important nephews
| and nieces that work on their respective staffs are too stupid to
| write this stuff. Who are the minds that are crafting law for
| supposed democracies from whole cloth?
| afh1 wrote:
| Government is overreaching, it must be someone else's fault!
___________________________________________________________________
(page generated 2025-10-04 23:00 UTC)