I wish Apple (and other tech companies) would have the guts to actually pull out of a place that mandates backdoors. Then the public outcry would finally be enough to cause a repeal of the law.
It would be financially detrimental for any country. Technology is going to play a bigger and bigger role in the future of all businesses, and stifling it now will hurt its growth in whatever countries try to limit it in this way. I say try because encryption and mathematics are not governed by human laws.
Plus, the government relies on encryption for communication too. Are they going to say that only certain government officials should be allowed to use secure devices? What happens when someone in government wants to have a private conversation with someone in the private sector? The private sector person will need a secure device too, and we're back where we started.
The fact is our government needs to figure out how to keep us safe without relying on backdoors.
>Then the public outcry would finally be enough to cause a repeal of the law.
If Apple pulls out, then maybe. If Samsung pulled all it's Android phones, some other company would just swoop in and replace them. You would end up with a marked filled with companies with no morals, who just do what ever the government asks, no questions asked.
You run the risk of companies that are actually trying to do the right thing going out of business, and you left with the ones with no morals. Apple might be a bit different, customers would complain bitterly if iPhones where no longer available in the UK.
Being as Google have come out supporting Apple could they not just stop licensing Android/Google Play for sale in the UK? In fact Google actually have precedent for this when they stopped providing search in China.
Google never stopped providing search in China. The Chinese government blocked them. Google pulled development from China because of all pervasive spying.
Wow. They must think there's a way to let government officials have secure communications without letting criminals have secure communications.
Either everyone can have access to locks, Mr. Cameron, or nobody has locks. And by the way, since locks already exist, and since they are in the form of software which can be replicated across the world in seconds, and in the brains of people across the world, it's going to be impossible to enforce the no-locks law without introducing the world described by George Orwell in his seminal work, 1984.
It's as though government officials are perfectly happy with keeping their heads in the sand - they can't grasp (or more probably won't ) the fact that a security hole USA vulnerability, and it will be exploited.
Whenever you hear about a violation of privacy by the US government, you can guarantee that GCHQ laughs at how much easier it is for them. We have no constitution to tie their hands, and the Human Rights Act is a hopelessly weak substitute. The public doesn't complain, because the government and media have managed to convince them that human rights are something only used by terrorists and paedophiles. There's no separation of legislative and executive branches either, and the Human Rights Act has no special status and can be repealed like any other act of Parliament. The one saving grace is that our Supreme Court is not political, so doesn't rule on partisan lines.
Preach. Most people are sheep, and worse than that, they are naive. The biggest delusion they have is that we as citizens actually have a say in the running of our country.
We do have a say inasmuch as we can vote them out every five years. This doesn't help if the rest of our fellow voters are wrong. Human Rights are for terrorists, immigrants are paedophile terrorists and benefit scroungers who are stealing our jobs, the EU lets terrorist immigrant scrounging paedophiles into the country, and so on.
As a thought experiment: What would the repercussions be if Apple did pull iPhone sales out of the UK?
I'd guess that there would be huge complaints from the populace. I'd guess that Android providers would swoop in.
However, given Google's support of Apple's position here, would they too try to influence the hardware providers to pull out too (not bloody likely, I'd hazard.)?
Given that this election cycle seems to be leaning toward a 'burn the place down' mentality, I wonder if now is not the perfect time to be drawing lines in the sand…
> As a thought experiment: What would the repercussions be if Apple did pull iPhone sales out of the UK?
> I'd guess that there would be huge complaints from the populace.
Probably. Most people seem to care more about the latest Apple status symbol than about privacy. They don't seem to realize that the surveillance systems that are being put in place now, could for example be used against labor activists, who are simply fighting for decent wages and safe working conditions for ordinary people, in the future.
This is an interesting point -
If Apple decided that the requirements set out by the UK Government were at odds with its ethos and chose not to comply -
Would this result in a sales/import ban?
How would this effect devices already in circulation?
This would certainly educate the populous that the conversations happening in parliament and the media do/are having a direct impact into their daily lives - especially if it means someone is considering banning their favorite phone.
Most modern computers come with a non-free BIOS etc. I wonder if this bill could be used to order companies like Intel and AMD to make changes to that proprietary code? When I first heard Richard Stallman talk about a free BIOS, that sounded kinda extreme. It no longer sounds very extreme.
That kind of absolute demand is just as useless. One might just as well ask "Where is the code and the audit?" And until we have that we are left with a strong motive on the part of snoops to force Intel and every other technology provider to create back doors.
Moreover there is evidence that at least some makers of mobile baseband systems included the ability to parse and execute special commands to turn phones into room bugs. This was revealed in a federal case against mafia activity. So it's not unprecedented for very large technology companies to comply with requests of that nature and keep them confidential.
Sorry, I suppose I'm guilty of the same thing that I objected to.
I didn't mean that as an absolute demand. Rather, I disapprove of the absolute x-sucks attitude, along the lines of "guaranteed Intel did <name bad thing>, after all <some other bigco> did <some other bad thing>".
>"And authorities can exploit a high-profile event, like a terrorist attack, to do just that." [the OP] //
The EFF always seem to go just that little bit too far and make their arguments silly. Do they really seek to convince us that the UK authorities are "exploiting" terrorist attacks to gain access to people's everyday inane communications?
People don't care about government seeing their communications because their communications aren't worth seeing.
If it saves one life for the a GCHQ analyst to see all my inane texts (SMS) then I'm absolutely fine with that [in practice of course it's more like, they check the metadata and decide to ignore me, then delete all the data after a year or two].
They also mention 'the legislation will let them do this and that' but they don't mention the restrictions, like needing warrants or court orders, or signed permissions from the Secretary of State, or whatever. The way it's couched is 'all your communications will be accessed whenever the gov want' - if there really aren't any preconditions then the EFF should have shouted about that more, if there are any then they appear to be being deceptive by not mentioning them.
We've enough politicians not being straight with us already, we don't need pressure groups doing the same.
Looking for example at S189 [1] of the IPB one sees that (though I only took a cursory look) the requirement for a telecoms/postal company to take action needs first a warrant from the court (warrants tend to require evidence of criminal activity, not just suspicion, but again I haven't looked in detail about the specifics here - the EFF lawyers presumably have). The the Secretary of State (SoS) needs to make consultations with relevant parties including the Technical Advisory Board and representatives of the manufacturers/service operators.
People are talking about infringement of HRA/ECHR or generally held moral rights but there is a balance between the right to privacy and the right for the populous to use the mechanisms of state to enable the proper investigation of criminal activity (and other non-beneficial actions). Whilst I have rights not to have my family life impinged on by the state they only extend so far as it is not necessary to limit those rights to protect my children, say, or prevent me committing crimes. I'm pretty much OK with that and think the majority of the populous - who are decried here as sheeple - are OK with the state having such powers _given the checks and balances built in to the legal system in the UK_.
If the government see people taking part in criminal activity and solicit a warrant from the court and in order to perform a search in that warrant the SoS finds there is sufficient suggestion of a national security issue, or significant loss of life, and on consultation with the affected companies they find that access to that information is possible with limited financial cost, then I consider that the SoS should be able to issue an order that the company cooperates with the legal system to enable appropriate officers to see the content that would otherwise be hidden.
>>"And authorities can exploit a high-profile event, like a terrorist attack, to do just that." [the OP] //
>The EFF always seem to go just that little bit too far and make their arguments silly. Do they really seek to convince us that the UK authorities are "exploiting" terrorist attacks to gain access to people's everyday inane communications?
Yes, just watch the interviews of a Home Secretary on the news after any terrorist news.
> If it saves one life for the a GCHQ analyst to see all my inane texts (SMS) then I'm absolutely fine with that [in practice of course it's more like, they check the metadata and decide to ignore me, then delete all the data after a year or two].
Bully for you but it isn't just you. It is people with legitimate needs for privacy; journalists, whistleblowers lawyers, MPs and many others. You also don't know when you may need privacy in future.
> They also mention 'the legislation will let them do this and that' but they don't mention the restrictions, like needing warrants or court orders, or signed permissions from the Secretary of State, or whatever. The way it's couched is 'all your communications will be accessed whenever the gov want' - if there really aren't any preconditions then the EFF should have shouted about that more, if there are any then they appear to be being deceptive by not mentioning them.
There may be a government right to access a particular device with appropriate oversight. The idea that they can force third parties to prevent strong protections or to weaken their security (for all devices not just those subject to a warrant) is an entirely separate proposition. Nobody is saying that the FBI don't have a right to crawl all over the phone, the argument is about the extent they can force Apple to do work for them, the knock on consequences of that.
>People are talking about infringement of HRA/ECHR or generally held moral rights but there is a balance between the right to privacy and the right for the populous to use the mechanisms of state to enable the proper investigation of criminal activity (and other non-beneficial actions). Whilst I have rights not to have my family life impinged on by the state they only extend so far as it is not necessary to limit those rights to protect my children, say, or prevent me committing crimes. I'm pretty much OK with that and think the majority of the populous - who are decried here as sheeple - are OK with the state having such powers _given the checks and balances built in to the legal system in the UK_.
Yes a balance is required and rights are not absolute. The UK government can already imprison you if you don't provide the passcode. The suggestion is that they can cripple the entire country's security.
Also while you trust the UK government Apple operates across the world. What about China, Saudi Arabia or even Syria? Don't you see that if Apple takes a hard line that they don't backdoor their phones it is far easier than if they do it for the US (or US/UK) but not for others. The global consequences of Apple bending on this are very significant.
>If the government see people taking part in criminal activity and solicit a warrant from the court and in order to perform a search in that warrant the SoS finds there is sufficient suggestion of a national security issue, or significant loss of life, and on consultation with the affected companies they find that access to that information is possible with limited financial cost, then I consider that the SoS should be able to issue an order that the company cooperates with the legal system to enable appropriate officers to see the content that would otherwise be hidden.
To what extent and with what side effects? If to access the phone they had to disable all security for all users would that be appropriate? The reality is the side effects are not that extreme but they are very significant. Also how much cost/...
>Don't you see that if Apple takes a hard line that they don't backdoor their phones it is far easier than if they do it for the US (or US/UK) but not for others.
>[[...]
>To what extent and with what side effects? If to access the phone they had to disable all security for all users would that be appropriate? [...] //
I think I must have misunderstood the situation. As I understood we were talking about Apple having the capability to access their technology and them refusing to use it for individual cases following issue of a warrant and personal intervention of the SoS. That is an entirely different proposition to what you're suggesting - the a company be forced to design a system with a particular back door. That doesn't appear to be in the information I read about the IPB but I stand to be corrected as necessary.
If [as it appears to be the case here] Apple, say, have the capability to disable security on all phones then I can't see how the findings in this case change the ability of another state - China, SA, Syria, as your examples - to demand that Apple push changes to disable the security of phones. It's not like China will say 'oh, USA courts found it unconstitutional so we better not ask Apple to do it'.
FWIW I don't really trust the government; as you say "Bully for [me]" if I don't have things to hide. But I was attempting to answer the comments saying 'why isn't everyone up in arms, they're all sheeple'.
Another aspect is, your notional MP being snooped on for unwholesome reasons means that the entire fabric of the British legal and political system is corrupt. If we're at that point then I dare say the Secretary of State will just call in Apple bosses and have their partner's fingernails pulled until the bosses agree to push a firmware update.
48 man-weeks vs Apple's tens of thousands of man weeks per day [from 115k employees] seems pretty small cost. There's no reason Apple couldn't/shouldn't be compensated for that time. TBH in the USA situation it would surprise me if TLA-agencies wouldn't write the code (if they haven't already), they really only need Apple for the distribution keys I expect.
Good points but I'm afraid I remain as yet unswayed.
Regarding MPs being monitored you need to pay some more attention. As we know everyone has been monitored recently and there is plenty of targeted monitoring of left wing MPs during the 60's and 70's.
The software development teams at Apple are really quite small and they can't just get new people in for this work because large amounts of knowledge are needed. The 115k employees are largely not OS engineers.
> Do they really seek to convince us that the UK authorities are "exploiting" terrorist attacks
Yes I'd suggest they're doing just that. After all, you're more likely to die as a result of a lightning strike or accident with household furniture than be victim of a terrorist attack.
It seems as though there has been a sustained effort to move the Overton Window[1] towards the acceptance of ever more onerous restrictions on freedom. The Daily Mail is more than happy to take this line, as they have since their founding.
It's interesting to remember that at the end of WW2 the UK abolished dumb cardboard identity cards as they were seen to be an infringement of civil liberties.
If it saves one life for the a GCHQ analyst to see all my inane texts ...
Do you want to keep anything at all private? Do you trust every GHCQ and government employee? There have already been cases of abuse.
From a security point of view there appears to be little benefit either. How many recent events were revealed to have been discussed on Twitter or Facebook, yet all these various surveillance schemes didn't prevent them happening. In which case, what's the point? In fact, in more than one case the perpetrator was already on some security watch list.
I submit that the government should be able to monitor my communications etc, if and only if I am suspected of a crime and a warrant to do so is obtained beforehand. Blanket surveillance is counter productive and, crucially, ineffective.
In the event my phone, for instance, cannot be accessed they should ask me for access as is already on the statute book. A backdoor into devices will be hacked and on the net in remarkably short order.
34 comments
[ 3.2 ms ] story [ 74.4 ms ] threadPlus, the government relies on encryption for communication too. Are they going to say that only certain government officials should be allowed to use secure devices? What happens when someone in government wants to have a private conversation with someone in the private sector? The private sector person will need a secure device too, and we're back where we started.
The fact is our government needs to figure out how to keep us safe without relying on backdoors.
If Apple pulls out, then maybe. If Samsung pulled all it's Android phones, some other company would just swoop in and replace them. You would end up with a marked filled with companies with no morals, who just do what ever the government asks, no questions asked.
You run the risk of companies that are actually trying to do the right thing going out of business, and you left with the ones with no morals. Apple might be a bit different, customers would complain bitterly if iPhones where no longer available in the UK.
Nobody else has proven to be at his level, as far as I can remember. Not during my lifetime anyways.
Either everyone can have access to locks, Mr. Cameron, or nobody has locks. And by the way, since locks already exist, and since they are in the form of software which can be replicated across the world in seconds, and in the brains of people across the world, it's going to be impossible to enforce the no-locks law without introducing the world described by George Orwell in his seminal work, 1984.
And that exploit will be worked on from hour one.
The world where management was under constant scrutiny but proles not ?
In "1984" the "proles" weren't constantly monitored, but they also had no influence to anything.
But you are right, the techological capabilities of today seem to surpass the imagination of the author writing the book 70 years ago.
you mean "we can vote another similar group in"
And GHQ will be the same people
I'd guess that there would be huge complaints from the populace. I'd guess that Android providers would swoop in.
However, given Google's support of Apple's position here, would they too try to influence the hardware providers to pull out too (not bloody likely, I'd hazard.)?
Given that this election cycle seems to be leaning toward a 'burn the place down' mentality, I wonder if now is not the perfect time to be drawing lines in the sand…
> I'd guess that there would be huge complaints from the populace.
Probably. Most people seem to care more about the latest Apple status symbol than about privacy. They don't seem to realize that the surveillance systems that are being put in place now, could for example be used against labor activists, who are simply fighting for decent wages and safe working conditions for ordinary people, in the future.
Would this result in a sales/import ban?
How would this effect devices already in circulation?
This would certainly educate the populous that the conversations happening in parliament and the media do/are having a direct impact into their daily lives - especially if it means someone is considering banning their favorite phone.
Moreover there is evidence that at least some makers of mobile baseband systems included the ability to parse and execute special commands to turn phones into room bugs. This was revealed in a federal case against mafia activity. So it's not unprecedented for very large technology companies to comply with requests of that nature and keep them confidential.
I didn't mean that as an absolute demand. Rather, I disapprove of the absolute x-sucks attitude, along the lines of "guaranteed Intel did <name bad thing>, after all <some other bigco> did <some other bad thing>".
The EFF always seem to go just that little bit too far and make their arguments silly. Do they really seek to convince us that the UK authorities are "exploiting" terrorist attacks to gain access to people's everyday inane communications?
People don't care about government seeing their communications because their communications aren't worth seeing.
If it saves one life for the a GCHQ analyst to see all my inane texts (SMS) then I'm absolutely fine with that [in practice of course it's more like, they check the metadata and decide to ignore me, then delete all the data after a year or two].
They also mention 'the legislation will let them do this and that' but they don't mention the restrictions, like needing warrants or court orders, or signed permissions from the Secretary of State, or whatever. The way it's couched is 'all your communications will be accessed whenever the gov want' - if there really aren't any preconditions then the EFF should have shouted about that more, if there are any then they appear to be being deceptive by not mentioning them.
We've enough politicians not being straight with us already, we don't need pressure groups doing the same.
Looking for example at S189 [1] of the IPB one sees that (though I only took a cursory look) the requirement for a telecoms/postal company to take action needs first a warrant from the court (warrants tend to require evidence of criminal activity, not just suspicion, but again I haven't looked in detail about the specifics here - the EFF lawyers presumably have). The the Secretary of State (SoS) needs to make consultations with relevant parties including the Technical Advisory Board and representatives of the manufacturers/service operators.
People are talking about infringement of HRA/ECHR or generally held moral rights but there is a balance between the right to privacy and the right for the populous to use the mechanisms of state to enable the proper investigation of criminal activity (and other non-beneficial actions). Whilst I have rights not to have my family life impinged on by the state they only extend so far as it is not necessary to limit those rights to protect my children, say, or prevent me committing crimes. I'm pretty much OK with that and think the majority of the populous - who are decried here as sheeple - are OK with the state having such powers _given the checks and balances built in to the legal system in the UK_.
If the government see people taking part in criminal activity and solicit a warrant from the court and in order to perform a search in that warrant the SoS finds there is sufficient suggestion of a national security issue, or significant loss of life, and on consultation with the affected companies they find that access to that information is possible with limited financial cost, then I consider that the SoS should be able to issue an order that the company cooperates with the legal system to enable appropriate officers to see the content that would otherwise be hidden.
[ 1 - See for example the S189 on p180 and the explanatory notes on pp 285+, https://www.gov.uk/government/uploads/system/uploads/attachm...]
>The EFF always seem to go just that little bit too far and make their arguments silly. Do they really seek to convince us that the UK authorities are "exploiting" terrorist attacks to gain access to people's everyday inane communications?
Yes, just watch the interviews of a Home Secretary on the news after any terrorist news.
> If it saves one life for the a GCHQ analyst to see all my inane texts (SMS) then I'm absolutely fine with that [in practice of course it's more like, they check the metadata and decide to ignore me, then delete all the data after a year or two].
Bully for you but it isn't just you. It is people with legitimate needs for privacy; journalists, whistleblowers lawyers, MPs and many others. You also don't know when you may need privacy in future.
> They also mention 'the legislation will let them do this and that' but they don't mention the restrictions, like needing warrants or court orders, or signed permissions from the Secretary of State, or whatever. The way it's couched is 'all your communications will be accessed whenever the gov want' - if there really aren't any preconditions then the EFF should have shouted about that more, if there are any then they appear to be being deceptive by not mentioning them.
There may be a government right to access a particular device with appropriate oversight. The idea that they can force third parties to prevent strong protections or to weaken their security (for all devices not just those subject to a warrant) is an entirely separate proposition. Nobody is saying that the FBI don't have a right to crawl all over the phone, the argument is about the extent they can force Apple to do work for them, the knock on consequences of that.
>People are talking about infringement of HRA/ECHR or generally held moral rights but there is a balance between the right to privacy and the right for the populous to use the mechanisms of state to enable the proper investigation of criminal activity (and other non-beneficial actions). Whilst I have rights not to have my family life impinged on by the state they only extend so far as it is not necessary to limit those rights to protect my children, say, or prevent me committing crimes. I'm pretty much OK with that and think the majority of the populous - who are decried here as sheeple - are OK with the state having such powers _given the checks and balances built in to the legal system in the UK_.
Yes a balance is required and rights are not absolute. The UK government can already imprison you if you don't provide the passcode. The suggestion is that they can cripple the entire country's security.
Also while you trust the UK government Apple operates across the world. What about China, Saudi Arabia or even Syria? Don't you see that if Apple takes a hard line that they don't backdoor their phones it is far easier than if they do it for the US (or US/UK) but not for others. The global consequences of Apple bending on this are very significant.
>If the government see people taking part in criminal activity and solicit a warrant from the court and in order to perform a search in that warrant the SoS finds there is sufficient suggestion of a national security issue, or significant loss of life, and on consultation with the affected companies they find that access to that information is possible with limited financial cost, then I consider that the SoS should be able to issue an order that the company cooperates with the legal system to enable appropriate officers to see the content that would otherwise be hidden.
To what extent and with what side effects? If to access the phone they had to disable all security for all users would that be appropriate? The reality is the side effects are not that extreme but they are very significant. Also how much cost/...
>[[...]
>To what extent and with what side effects? If to access the phone they had to disable all security for all users would that be appropriate? [...] //
I think I must have misunderstood the situation. As I understood we were talking about Apple having the capability to access their technology and them refusing to use it for individual cases following issue of a warrant and personal intervention of the SoS. That is an entirely different proposition to what you're suggesting - the a company be forced to design a system with a particular back door. That doesn't appear to be in the information I read about the IPB but I stand to be corrected as necessary.
If [as it appears to be the case here] Apple, say, have the capability to disable security on all phones then I can't see how the findings in this case change the ability of another state - China, SA, Syria, as your examples - to demand that Apple push changes to disable the security of phones. It's not like China will say 'oh, USA courts found it unconstitutional so we better not ask Apple to do it'.
FWIW I don't really trust the government; as you say "Bully for [me]" if I don't have things to hide. But I was attempting to answer the comments saying 'why isn't everyone up in arms, they're all sheeple'.
Another aspect is, your notional MP being snooped on for unwholesome reasons means that the entire fabric of the British legal and political system is corrupt. If we're at that point then I dare say the Secretary of State will just call in Apple bosses and have their partner's fingernails pulled until the bosses agree to push a firmware update.
48 man-weeks vs Apple's tens of thousands of man weeks per day [from 115k employees] seems pretty small cost. There's no reason Apple couldn't/shouldn't be compensated for that time. TBH in the USA situation it would surprise me if TLA-agencies wouldn't write the code (if they haven't already), they really only need Apple for the distribution keys I expect.
Good points but I'm afraid I remain as yet unswayed.
The software development teams at Apple are really quite small and they can't just get new people in for this work because large amounts of knowledge are needed. The 115k employees are largely not OS engineers.
Yes I'd suggest they're doing just that. After all, you're more likely to die as a result of a lightning strike or accident with household furniture than be victim of a terrorist attack.
It seems as though there has been a sustained effort to move the Overton Window[1] towards the acceptance of ever more onerous restrictions on freedom. The Daily Mail is more than happy to take this line, as they have since their founding.
It's interesting to remember that at the end of WW2 the UK abolished dumb cardboard identity cards as they were seen to be an infringement of civil liberties.
If it saves one life for the a GCHQ analyst to see all my inane texts ...
Do you want to keep anything at all private? Do you trust every GHCQ and government employee? There have already been cases of abuse.
See: http://jacquesmattheij.com/if-you-have-nothing-to-hide
From a security point of view there appears to be little benefit either. How many recent events were revealed to have been discussed on Twitter or Facebook, yet all these various surveillance schemes didn't prevent them happening. In which case, what's the point? In fact, in more than one case the perpetrator was already on some security watch list.
I submit that the government should be able to monitor my communications etc, if and only if I am suspected of a crime and a warrant to do so is obtained beforehand. Blanket surveillance is counter productive and, crucially, ineffective.
In the event my phone, for instance, cannot be accessed they should ask me for access as is already on the statute book. A backdoor into devices will be hacked and on the net in remarkably short order.
[1] Overton Window is the range of ideas the public will accept. See: https://en.wikipedia.org/wiki/Overton_window
The press is asking questions about Apple vs. DOJ daily in the White House Press Secretary's briefings [2] [3]
[1] http://www.politico.com/tipsheets/morning-cybersecurity/2016...
[2] https://www.whitehouse.gov/the-press-office/2016/02/24/press...
[3] https://youtu.be/j469gTWuk0g?t=19m30s