3 comments

[ 10.3 ms ] story [ 15.5 ms ] thread
> Under the Online Safety Bill, which is currently being debated in the House of Commons, companies will be compelled to weaken security and provide “backdoor access” that bypasses encryption and provide access to any encrypted data in messages, cloud storage or logs on request.

If companies are required to provide backdoors, presumably what this means in practice is that they release a targeted update to their app with extra code in which breaks the privacy guarantees just for a specific user.

Assuming the app is open source and reproducibly builds, app stores could protect users by implementing Binary Transparency with a public append-only log, but presumably the law will be flexible enough to apply to OS vendors too, forcing them lie about the hashes of the apps that are downloaded.

I feel like people would quickly demand the repeal of this law if Apple refused to comply and was banned in the UK. The average person (and the average politician) may not care about privacy or security, but they like Apple products. If I was the decision maker at Apple, I would call the government's bluff and refuse to comply.
The alternative for Apple is some sort of "malicious compliance", where they offer "Insecure Messages" as a UK-alternative to their Messages app.

It should prominently display an uncloseable banner at the top of the app saying "Due to a surveillance law passed by the Tory government, Apple is not allowed to secure any messages you send or receive in this app".

Users in other countries who communicate with UK users should have a similar but minimisable message, warning them of the same problem.