US tech needs to obey the laws of the country in which it operates. I am sure the demands of UK government are more than reasonable - and, as it is a democracy - as full endorsement of the people / users
It doesn't. Apple could play hardball and threaten to withdraw from the UK market, with a propaganda notification like TikTok did. They could also appeal to Trump/Elon for help.
Also the wider part of this order is that Apple would access to the international users data, including US customers, if I understand the article correctly.
Tim Cook is a master of negotiating with governments. See how he played off China and the US during Trump's first term to avoid both American tariffs and Nike-style Chinese boycotts.
If he's antagonising Trump it's for a reason. Perhaps to avoid showing weakness by being too keen.
> They're currently antagonizing Trumpelon by refusing to halt DEI stuff, so they might not get any help.
I'd probably categorize that more as "declining to halt" rather than "refusing to halt", AFAIK the US government doesn't have an actual law/mandate/whatever for non-governmental organizations on that front.
The Investigatory Powers Act 2016 was one of the big things (before Brexit) that made me realise the UK wasn't a suitable place to run a tech business.
> I am sure the demands of UK government are more than reasonable - and, as it is a democracy - as full endorsement of the people / users
"Full endorsement" of the electorate isn't how representative democracy works. Given FPTP, the government got a huge majority of seats with 33.7% of the votes, but as there's not universal voting that's only 14% of the actual population, and even with those who did vote it's not clear how many people were voting "not the other lot".
The government did get more than third of the votes. So this is the choice of democratically elected government and the voters and as such should be followed.
Of course, the U.K. is rather famously not a republic, but rather a democratic monarchy. Now, if only the King would do his job and refuse assent to the Parliament when it does something wrong.
The King is only two years younger than Trump, and has cancer. His main interests are watercolor painting, traditional architecture, homeopathy, the Goon Show, and vegetables. He was never likely to do anything confrontational.*
I wonder if a future King William might try something like this, though.
* Come to think of it, Hitler liked three or four of those things too, so this is less demonstrative of character than I imagine.
This sort of policy comes from the Home Office regardless of who gets elected. The spooks always want everything.
You could probably make an ECHR argument about it, but even Germany who are most paranoid about Stasi-like behavior have some sort of rights carveout for law enforcement purposes.
Germany hasn't imposed any similar ban on end-to-end encryption without a law enforcement backdoor. My configured iPhone region, configured Apple ID region, and physical location are all in Germany right now, and I was able to enable Apple's Advanced Data Protection here without a problem.
Yes, German law enforcement does have a rights carveout, but not nearly as big of one as in the UK (or the US).
Yes. Unfortunately those who thought a Labour government would be any less likely to deploy surveillance law than the Conservatives clearly do not have a very long memory. A pervasive obsession with snooping and controlling people's private affairs is one thing the two parties are quite united on
Rather than break the security promises it made to its users everywhere, Apple is likely to stop offering encrypted storage in the U.K., the people said. Yet that concession would not fulfill the U.K. demand for backdoor access to the service in other countries, including the United States.
It depends on whether other countries make or enforce conflicting laws. The UK order says they can't tell people after implementing the backdoor that Advanced Data Protection no longer provides the claimed level of security, which is a form of dishonesty that probably violates consumer protection laws in many countries.
And Apple argued to the UK Parliament when the relevant law was being enacted that it violates the right to privacy confirmed by the European Court of Human Rights, which other countries will still be bound by even if the UK follows through on its occasional threat to withdraw from the European Convention on Human Rights.
The UK doesn't have the geopolitical clout it once did, especially not after Brexit.
> The UK doesn't have the geopolitical clout it once did, especially not after Brexit.
Aye.
But (1) I don't think the UK government really understands that, and (2) for intelligence operations, they might still have enough.
Everyone else has the exact same dichotomy of simultaneously wanting all the computers safe from other hackers while also hacking everything themselves, and many also want the added extra of guaranteed citizen's right to privacy, so legal fights like this are advantageous to most nations: all the other countries watching this get to have their cake (they can spy on encrypted comms) while eating it too (in this metaphor, when Apple is found out, they get to punish Apple and pretend to be above such things).
Sure. But if one country (or one group of countries) legally requires Apple to do this worldwide and another country (or group of countries) legally forbids Apple to do this even within their own national borders, then Apple has to decide which country (or group of countries) it cares more about. It's not obvious to me how that would shake out, but the UK certainly can't assume it would like Apple's decision there, especially since seeming to care about privacy is an important part of Apple's marketing brand.
Considering that the UK and Aus are both countries that share all their data with the US, I'm surprised at the naivety of the comments here about this.
This is a well worn path for the CIA gather dirt without needing to break any rules on monitoring US citizens.
Presumably the US government will have no compunction in using this to view US citizens private materials under UK government access rights, irrespective of US privacy law.
They'll share the data on US citizens with their US counterparts. Thats what the US and Australia do. That way govt's can claim they dont spy on their citizens. Their allies do it for them.
I don't know to what extent this is true. A lot of criminals strike me as good at chopping off fingers etc but not computer stuff.
There absolutely is a balance between Average Joe's right to privacy and privacy restrictions for fighting crime. Without undermining the former, I'm astounded how HN discounts the latter 100%. It is real.
I disagree. There should no compromise on my privacy ever. We are not (yet) in a dictatorship and I’m not a criminal. Why should I suffer because governments are incompetent?
In a situation where a criminal used Whatsapp and decrypting it is needed for the conviction, why should I suffer because of your absolute views on privacy?
I hold neither of the extreme views, and frankly I am baffled by anyone in either of them.
In a situation where an accused criminal used Whatsapp and decrypting it is needed to view the content which may or not lead to a conviction. This ridiculous idea that law enforcement knows people are guilty and it is these pesky rights that keep getting in the way is just false. Police regularly and consistently abuse their power to railroad people and take the easiest path to convicting someone.
Even in situations where citizen rights do “get in the way” of convicting the guilt, that is the price we pay to not be thrown in jail for crimes we didn’t commit. Former Supreme Court Justice William O. Douglas said “It is better, so the Fourth Amendment teaches us, that the guilty sometimes go free than the citizens be subject to easy arrest.” He also said “Big Brother in the form of an increasingly powerful government and in an increasingly powerful private sector will pile the records high with reasons why privacy should give way to national security, to law and order... and the like.”
It's easy to construct a reasonable scenario. You catch a guy doing something bad. You know he's a part of a big organized crime organisation, because you already caught some of the other conspirators. And you could bring the whole thing down based on documents / chats etc which are encrypted.
I'm not saying, based on that, you throw away privacy rules. But to not even acknowledge that there is a conflict is IMO insane.
Reading through this thread, I get the sense that the desire for absolute privacy stems from a perception of the government as basically another mafia - a ruthless, unprincipled organisation that will exploit any weakness in you, just because. Maybe that's the root of the difference. I'm lucky enough to have never lived in such a country. Sure, I care about government accountability, there will always be bad actors, and governments in general aren't always super-competent, but I believe fundamentally, governments in places I have lived are not evil. They aren't another mafia I need a firewall against.
If you have evidence that he was doing something bad, prosecute him. You must have evidence, because you couldn’t know he was doing something bad based off these chats you can’t read.
>You know he's a part of a big organized crime organisation, because you already caught some of the other conspirators.
So charge them with conspiracy or RICO (Racketeer Influenced and Corrupt Organizations).
>you could bring the whole thing down based on documents / chats etc which are encrypted.
How can you possibly know that? If you have evidence of crimes, use that to prosecute. If you don’t have evidence, then you don’t know crimes were committed. Regardless, you don’t even know if these encrypted chats contain anything incriminating.
Government is not another mafia, they are a group of people who are flawed. “Good” governments have laws protecting the rights of citizens against individuals within government. That is like saying that we don’t need defense attorneys because prosecutors are good people and wouldn’t bring a case against an innocent person, or would never bend/break the rules to get a conviction. We have them to protect the rights of the innocent and the guilty.
Devil's advocate: we accept compromise of people's basic freedom of movement (via arrest) when under investigation. Even though we know a non-negligible amount are innocent, virtually everyone considers it a necessary compromise
Perhaps part of the difference is that the public acknowledge this as a necessary _evil_ and get rightly outraged when they hear of people being detained without good cause. But with privacy, especially electronic privacy, almost nobody cares when "we will only allow a small number of agents to use this for imminent terrorist danger" inevitably turns to "we will let any random council worker casually pull up every website you've been to with no warrant"
So, strictly speaking, that's not how UK law, at least, works. The court can absolutely compel you to say things you memorized - in fact, including encryption passwords. You can of course, physically, refuse, but you can be held in contempt of court, and jailed until you reveal the information, indefinitely. So not at all off limits.
Indefinitely jailing people to get a confession sounds like a midevil torture tactic. Is that a good balance of the Average Joe's right to privacy and privacy restrictions for fighting crime you speak of?
> Indefinitely jailing people to get a confession sounds like a midevil torture tactic.
That's very clearly not what I wrote. You can demand information this way, not a confession... People in the UK generally have a legal obligation to answer any questions the court has, unless they are themselves the accused. There are a small few other exceptions.
Just because UK law allows compelled disclosure doesn’t make it right—it makes it a bad law. It creates a self-incrimination loophole, shifting the burden of proof onto individuals instead of the state. Leading to erosion of due process and a presumption of guilt, forcing people to either comply or face punishment, even when no crime has been proven. Civil rights advocates have lambasted this law.
So I ask: Do you believe it to be balanced?
Using flawed laws to justify more erosion of privacy only deepens the problem.
Yeah, this is likely not intended to catch the most sophisticated of hackers, but your average drug dealer / murderer / thief / paedophile.
I don't know where the belief that all criminals are tech experts comes from; the popularity of cool-looking "encrypted" phones as opposed to actually encrypted apps like Signal should have long dispelled that myth.
I'd argue that the opposite is probably true, people who think that crime pays are less smart and more impulsive than the average person, and hence less likely to think about things like this.
> I don't know where the belief that all criminals are tech experts comes from; the popularity of cool-looking "encrypted" phones as opposed to actually encrypted apps like Signal should have long dispelled that myth.
> I don't know where the belief that all criminals are tech experts comes from;
From forums of tech experts.
I do not think this attempt by the authorities will be any useful, while it would initially work... well these guys may not be hackers but are not idiots and over time you will get your average baddies become tech-savvy enough to circumvent this.
That's true at a point in time, but bad guys start out as clueless noobs with poor opsec. The Silk Road guy, for example, was identified by forum posts he made before becoming a drug lord. The sort of people who become radicalized through online videos aren't using strong crypto until after they've committed to becoming terrorists. So a database of texts going back several years is quite useful in catching actual bad guys.
Which is not to say I approve of more surveillance. Just that surveillance of convenient modes of communication (iMessage) is useful to serious crime fighting.
I'm in the UK pretty much only use iMessage/Snapchat.
I had a look at the stats though and you're probably correct about WhatsApp being default, although we do have a surprisingly diverse and competitive messenger market:
Id be very interested to break that data down by age. I'd hypothesise people who grew up during the dawn of social media (late 00s, early 2010s), will be strongly aligned with whatsapp whereas younger generations might be more iMessage/snapchat whatever else is out there these days. The most interesting generation would be gen X'ers. I guess theyll be a jumble of all solutions, including SMS
I also suspect international social structures could play a big role. In the UK many people have friends & family that emigrated to iMessage counties like the US & Australia. But many have links to WhatsApp countries like India or even Telegram countries in Eastern Europe.
Don't they almost all work on a "goodybag" model now where you top-up £x for the next month of tens of GB of data, hundreds or unlimited minutes, and unlimited texts? Using "real" balance is uncommon in my experience
I was wondering whether this is about Advanced Data Protection, which encrypts almost all data end-to-end on iCloud. It’s only later in this report that it gets into this key detail:
> At issue is cloud storage that only the user, not Apple, can unlock. Apple started rolling out the option, which it calls Advanced Data Protection, in 2022.
Before stating this, the article says:
> Rather than break the security promises it made to its users everywhere, Apple is likely to stop offering encrypted storage in the U.K., the people said.
This means Apple would be prevented from providing Advanced Data Protection to users in the U.K.
Not making Advanced Data Protection available is made worse by this requirement:
> One of the people briefed on the situation, a consultant advising the United States on encryption matters, said Apple would be barred from warning its users that its most advanced encryption no longer provided full security.
Apple can appeal, but is forced to comply meanwhile (until the appeal is heard) anyway:
> Apple can appeal the U.K. capability notice to a secret technical panel, which would consider arguments about the expense of the requirement, and to a judge who would weigh whether the request was in proportion to the government’s needs. But the law does not permit Apple to delay complying during an appeal.
If they had some balls, they would just stop offering icloud altogether in the UK until they have appealed. Let's see how the judge feels when half the country can't access their files anymore and Apple points to this decision as the reason.
In the UK the employment arrangements of politicians are very unconventional. In some ways, they're more like independent contractors than salaried employees.
If your MP has an office in their constituency? They rent the office and buy all the computers and desks and printers and whatnot out of their own pocket, and get the expenses reimbursed later on.
The separation between work life and professional life is also extremely blurry. After all, you have to build up a network of supporters and donors and people in the party who like you before you can get elected. So hundreds of your best supporters and closest allies already have your personal number saved against your name in their phone.
True, the UK is one of the few European countries where iOS is bigger than android just like in the US. I work in mobile management and we see those a lot in northern Europe. Where they're scarce is in South and East Europe.
Here in Spain no person has even tried to SMS me (which is the fallback for iMessage which I don't have) for 6 years or so :). I also don't have RCS enabled. It's all WhatsApp and Telegram.
The SE is also relatively expensive in Europe. And in Spain Apple seems to have completely removed all trace of the SE from their website. Strange enough. Didn't check other EU sites.
Apple can't offer icloud with encryption. It doesn't force them to offer the service at all afaict? Forcing a company to offer service at all seems like a gigantic judicial overstep IMO.
Not just most of the judges, but most of the MPs who voted on this. Let them eat their own cake.
I think they could do something like what Tik Tok did, by letting users know why they can no longer provide the service.
I would personally give Apple money to see them actually stand-up to this. What's probably more concerning is the number of companies not complaining about this at all.
Even in that case, Apple could withdraw from the market.
If push comes to shove and apple actually called their bluff and withdrew completely from the UK market, I'd bet that that government would become so unpopular that they would not be elected again for quite some time.
Even to the extent that parliament does care — and both this lot and their predecessors have ignored a lot of criticism about this specific law — turning public disfavour into a change to the law is often a slow process.
I don't see UK judges getting motivated to rule in favour of a foreign company because they took their ball and went home, not even in cases where the ball happens to be very popular.
Just make TimeCapsule for iOS and iPadOS. With option to store it fully encrypted in AWS cold storage as Apple subscription. I want my data to stay at home.
I’m so ashamed to be a U.K. citizen and to have both legacy parties (Tories and Labour) staunchly supporting these horrendous breaches of privacy.
We have had a number of bad laws over the last ten years that have entrenched state surveillance and presumption of guilt.
The only party I can see taking a principled stance on civil liberties is Reform UK, whose policy document states:
> A British Bill of Rights
> Our freedoms must be codified and guaranteed. Never again can our entire country be locked down on shoddy evidence and lies. Our data and privacy must be protected. Surveillance of the public must be limited and those monitoring us held to account.
Yes - Reform UK is a far right populist party. They currently have 5 out of 650 MPs and are steadily gaining popularity - similar to the rise of other parties like AfD across Europe.
1. Nice cherry-picking. The US and Canada (and, in fact, a majority of world nations) are not signatories of the ECHR. Those countries seem to get on just fine without it. In particular they are able to deport dangerous foreign criminals without issue - meaning their citizens are safer. There's nothing extreme about leaving the ECHR.
2. The WHO is notorious for failures in policy e.g. Covid response, bends to political pressure from China (e.g. not respecting Taiwan as an independent entity), and is dependent on private donors like Bill Gates which means they have undue influence. A 2021 probe into the WHO found its staff were involved in sexual abuse during an Ebola outbreak in Congo. There are plenty of reasons for leaving it. There's nothing extreme about leaving the WHO.
3. We absolutely should get the oil and gas we need from our own reserves, rather than buying it from despotic regimes and shipping it half way round the world at great ecological expense. There's nothing "extreme" about using our own natural resources.
4. We know now that there were many serious side effects from the mRNA injections and that the contracts granting lifetime immunity to the manufacturers for harm were extremely suspicious. This is a totally novel form of medical intervention, administered to a large population in a hurry, under intense political pressure. There's nothing "extreme" about an enquiry on mRNA injection harms. What are we afraid of? Uncovering the truth?
"CV events such as thrombosis, thrombocytopenia, stroke, and myocarditis frequently occur with the mRNA vaccines studied. A significant number of studies included in our review reported BNT162b2 events, which presses the need to conduct more research into the CV implications of mRNA‐1273 (Moderna) vaccine."
Reform UK believe that the detrimental side effects of lockdown policy outweighed the benefits of lockdown policy (again, there's evidence to support this view)
"While this meta-analysis concludes that lockdowns have had little to no public health effects, they have imposed enormous economic and social costs where they have been adopted. In consequence, lockdown policies are ill-founded and should be rejected as a pandemic policy instrument."
We need more voices that are willing to state these truths in Parliament IMO.
Your comment makes it sound like they're all about research, but they also want to ditch human rights and the world health organisation? This conflict of logic makes me think there's probably more to it than just research and doing good in the world. Can it be that they speak of e.g. lockdowns having been bad based on that ReformUK voters were particularly badly affected by that policy and that this study after the fact found that, indeed, they did more harm than good? Ignoring that this wasn't necessarily knowable at the time, but it reflects badly on the government to have made a mistake with hindsight and so they can gain votes since they weren't in power back then and thus the fallacy is to think they'd have known better?
Thanks for confirming that they're indeed extremist, right in point#1 of that link. "Nothing extreme about disavowing a human rights convention" my ass, lol
Replacing one human rights convention with another human rights convention is not "extremist" any more than it was extreme for the UK to enter the ECHR in the first place (which necessarily meant changing our existing human rights laws).
It is disingenous at best to claim that leaving the ECHR means that the UK will abandon or downgrade human rights, unless you have detailed insider information on the proposed British Bill of Rights, and if you're in a position to analyse the relative strength of the ECHR vs the BBR.
I am confident that a new-found ability to send rapists and murderers out of the UK and back to their home country will IMPROVE the human rights of UK citizens.
> Reform UK believe that the purported efficacy of the mRNA vaccines at preventing transmission was massively exaggerated (we now know it was).
Okay, let's check the paper.
> Thus, the current evidence suggests that current mandatory vaccination policies might need to be reconsidered, and that vaccination status should not replace mitigation practices such as mask wearing, physical distancing, and contact-tracing investigations, even within highly vaccinated populations.
I must conclude, as a party dedicated to the science, that Reform UK therefore would be on board with the above mitigations, if they are genuinely interested in pursuing at least the simplest / cheapest effective mitigations for Covid.
In the past the Lib Dems were quite good at standing up for privacy and liberties when Lab and Con were both agreeing on more intrusion, but I'm not sure if that's still the case
Lib Dems did vote against the Investigatory Powers Bill (2016), and Nick Clegg blocked the original Snoopers Charter (Draft Communications Data Bill). So they have good form on this.
However, since 2016 the party almost exclusively shifted focus to opposing Brexit... which is ironic for a party that describes itself as "Liberal Democrats," trying to overthrow a public referendum (the strongest form of democracy)
See also "U.K. orders Apple to let it spy on users’ encrypted accounts":
> The law, known by critics as the Snoopers’ Charter, makes it a criminal offense to reveal that the government has even made such a demand. An Apple spokesman declined to comment.
> The Investigatory Powers Act 2016 (c. 25) (nicknamed the Snoopers' Charter)[1] is an Act of the Parliament of the United Kingdom which received royal assent on 29 November 2016.[2][3] Its different parts came into force on various dates from 30 December 2016.[4] The Act comprehensively sets out and in limited respects expands the electronic surveillance powers of the British intelligence agencies and police.[4] It also claims to improve the safeguards on the exercise of those powers.[5]
See also "U.K. orders Apple to let it spy on users’ encrypted accounts"
Not just "see also." Your link is the original reporting.
Without journalists and organizations like these doing hard, expensive work like this no one -- not even on HN -- would know about it.
It's a shame that the link being used for the HN entry is to a blog re-writing other people's work, and not doing any of that work or sharing any of that expense themselves.
I doubt very much if any terrorist, criminal or child abuser is going to use any google or apple cloud service to back up their files.
Anyone with a fundamental understanding of online privacy and security would encrypt any files prior to uploading them to the cloud rendering any back doors and access to those files useless and toothless.
I dont use any of these services. I have never understood the thinking around uploading your private life to some server in the cloud when they are more secure on an external hard drive at home.
I think you have a very high opinion of the millions of people around the globe, with varying levels of computer literacy, who are terrorists, criminals, and/or child abusers.
I once worked with a business lady who used her dumbphone as an argument in a discussion where we were deciding whether all our users have smartphones. She proudly displayed the dumbphone and said that if she has one, others probably have too.
I learned only much later that her husband was prosecuted for fraud related to government funds. So she had a good reason to have a dumbphone.
It's anecdotal evidence, but still.
You are of very low opinion of people, probably assuming that you are smarter because you are some kind of IT guy.
> I learned only much later that her husband was prosecuted for fraud related to government funds. So she had a good reason to have a dumbphone.
Does she? Law enforcement can wiretap and track dumbphones just as easily as smart phones. The lack of encrypted calling/texting options even make it easier for law enforcement. If she's trying to hide more fraud, the dumbphone isn't helping her. And of course if she is trying to hide fraud from law enforcement, she probably shouldn't be doing the fraud in the first place.
There are good reasons for using dumbphones (smartphones distract, and it's having a serious impact on everyone these days) but avoiding being prosecuted isn't one.
> I doubt very much if any terrorist, criminal or child abuser is going to use any google or apple cloud service to back up their files.
Meanwhile, the amount of local news arrests for people getting busted for uploading CSAM to online platforms like Google and Apple is exponentially increasing.
The real goldmine is WhatsApp. In most cases, WhatsApp backups are enabled and uploaded by default, including when the whole iPhone backup is created. And by default, backups are unencrypted.
So if you ever wonder how they access those WhatsApp messages, when you think that they would be end-to-end encrypted, reality is something else.
The overlap between “criminal” and “fundamental understanding of online security” is fairly small.
I use online services and sync, but my life is so boring (and data breaches have exposed so much) that a disaster that destroys my house and all backups is far more likely that harm from government or private snooping on my cloud files.
I know we’re supposed to stand on principle and make data storage choices as if today’s cat photo were evidence of being the real JFK assassin, but I don’t have the energy.
News stories seem to indicate that many criminals use computers just like any given person does.
Even people concerned with security who know a little seem to be terrible at it.
A local protest group in my area was passing around an image with security tips. They were hilariously bad, suggestions based on very confused understandings of risk. These people weren’t criminals necessarily, but they were motivated and concerned and somehow just terrible at basic security.
They are still people committing crimes. I don't think that's quite the same as the prototypical survivorship bias would imply.
There is the possibility that there is a great deal more crime being commuted by capable super criminals who understand the nuances of security .... but I'm more of a subscriber to the theory that for "most" crime, it's a lot of stupid people.
Hamas switched from smartphones, with encrypted messengers to pagers, a communication device with encryption so weak it may as well not be there. Criminals get caught because they used plain phone calls and texts _all the time_. Hell, child abusers are regularly reported to the police because someone saw a suspicious picture on their phone when scrolling through the gallery. Crime and an understanding of cybersecurity don't necessarily overlap.
I agree that cloud services cannot be trusted to do encryption within their clients, but on platforms like iOS it's difficult to do automated backups using independent encryption. It's also quite difficult not to accidentally enable backups to these services because the setup flow for every phone guides you to hitting the "upload everything I do to Apple/Google".
To Apple's credit, while they normally store a copy of the encryption key, making most cloud encryption entirely useless, they do offer setting a custom key at least. GDrive and OneDrive sure don't.
there are dumb people out there but can you sum up (just talking about illegal drugs) an industry that makes $360 billion per year? Brazilian ghettos have army grade weapons like anti-aircraft missiles [0]
psychopathy is a mental disease who impair people to control their impulses/defected judgment; often these are permanent personality traits, which either will let them sit in a prison for the rest of their lives depending on what they did or they will be liberated if they get caught with a high chance of another incidence... search for papers/work from Kent Kiehl if you are interested in this type of stuff
I believe they switched to pagers because their location can't be tracked. Every pager message is broadcast across the whole country and the pagers just listen to all of them and only tell the owner about the ones meant for them.
A phone has to at least tell the nearest tower that it's within range so that the tower can know to send it messages. After that, when it get's a message it sends some sort of acknowledgement. In theory anyone can pick up those messages with a phased array or set of directional antennas and get a directional fix on the phone.
> I have never understood the thinking around uploading your private life to some server in the cloud when they are more secure on an external hard drive at home.
Depends on your threat model. If someone unofficial wanted at what you're doing, they'd likely find it easier to go after your home data than what you have in iCloud -- particularly if using Advanced Data Protection for iCloud.
As mentioned in the article, Salt Typhoon and the recency of this request by the UK. At this point they should know better.
My pet theory is anytime the US wants to do something illegal under US law, they simply ask the UK to do it and vice versa. That's why Salt Typhoon isn't and never will be a lesson learned.
Australia does a great job of enacting wacky authoritarian policies in the last 5 years; It would make sense to use them as a staging ground. Does any specific legislation come to mind?
This week we've had the federal laws strengthend to a one year minimum jail time for nazi salutes. I think saying "punch a nazi" unironically could now also get you a year in jail, but I'm not sure about that one.
I'm not deflecting I think we just have different points of view.
> The point ... is to defeat them while you can.
That can be your point, and with that framing almost anything is permissible!
My point is generally to let free, open democracy run its course without putting our fingers on the scale too much.
I'm not scared of people doing a salute in the style of a movement that's been dead for almost a century. I'm not scared of communists flags or chants, or people chanting from the river to the sea. I think it's all healthy as long as it's non violent. The argument that it leads to violence is not logically sound and very minority reportesque.
> The argument that it leads to violence is not logically sound and very minority reportesque.
That a nazi salute, corroborated with converging political views…? You obviously don’t understand, don’t see how things happen.
Or you do, and you know downplaying “nazi wannabees” is part of the game.
It’s not about being scared but principled: an open democracy does not tolerate ideas going against its very foundations: it makes sure these are, expressed maybe, but kept in a very strict perimeter which they ought no get out from.
We don't ban Maoists or Stalinists or Mussolini style facists. We don't ban Napoleonics or Confederates.
After WW2 there was a period of strong Jewish support for nazi rights. Were they not an open democracy? Is the risk in 2025 stronger than what they faced?
I don't know really, is it that every era needs a boogeyman or is it just that we are on a grand cycle away from liberality? Both maybe?
We don't? Maybe you don't. From where I am (France), maoists, stalinists, mussolinists, napoleonics or confederates are pretty badly considered, maybe only considered weird and silly as long as they are just spouting vague theory stuff or giving some substance to the conversation.
But as soon as they associate their "thing" to a violent/segregationist personality/behaviour, you can be certain that they are banned, and in no gentle manners.
Wow, I don't know either. Saying nazis could be sort of boogeyman or victims?... that tolerating nazis would be liberal? Wow. Sounds like a line from "OSS 117: Cairo, Nest of Spies".
You seem not to understand how a society works or what liberal even means... A liberal cannot tolerate ideas that are explicitly against tolerance, as those lead to illiberal behaviours. The best illustration of it is the actual suppression of speech that is happening in the USA, by the very people that reclaimed freedom of speech.
Or again, you do know.
Either way, you're certainly not in the middle, you're actually supporting the violent ones to be violent, asking the ones reacting to that violence to accept it as it is. Not too good looking.
It's not a pet theory, it's exactly how the Five-Eyes system is meant to work. I remember when Total Information Awareness was announced and they even had a cool badge designed for the new govt department. It wasn't a popular idea.
It is a pet theory. It is illegal for the US to access its citizens' and residents' data without a warrant, and asking somebody else to do it doesn't magically make it legal.
It's not a pet theory when there's proof they have engaged in it through five eyes. We're not saying it respects the constitution or its intent. We're saying it's what happens.
Black CIA sites weren't legal either, nor was torture.
> It's not a pet theory when there's proof they have engaged in it through five eyes
What proof? You would think after all the leaks there have been, some proof would exist. Instead, you cling to a conspiracy theory based on a misunderstanding of an agreement.
The fact that you immediately went for "conspiracy theory" discredits you more than you think it discredits me.
They're all conspiracy theorists when the government is accused of wrongdoing and the "proof" demands and moving goalposts happen all the time. Helped by the lack of transparency and all encompassing powers of agencies and governments.
Your arguments boil down to repeating narratives and things like "X is illegal so it doesn't happen" which just shows how naivety is part of your bad argument repertoire. I'm sure black CIA sites and coup d'etats didn't happen if I can't prove them to your liking... And if I somehow satisfied you, there's some justification that make them lawful and correct.
The fact that you fixated on "conspiracy theory" means you don't know what the term means. It means that a large group of people must be working together to make something happen, yet none of them have said anything.
If the Five Eyes participants worked as you have stated instead of as the leaked agreement documents say they work, you would expect Snowden to leak that first because it is obviously illegal. He did not. Why not reduce the number of people required to keep quiet in the conspiracy by having the US spy directly on its citizens? Every question you might ask about your conspiracy theory makes it sound even more ridiculous if you bother to ask it.
Apple still has legal entities in the UK. Pulling out cloud services would be insufficient to prevent the UK authorities from interfering with their activities.
> prevent the UK authorities from interfering with their activities
I'm still missing how this could be enforced ? To my layman understanding, this reads the same as if China said : "Meta, Tesla, Valve etc has entities in China therefore we get to see all data they store in the EU and the US.
The UK has Zero jurisdiction in Ireland for example where a lot of EU data may be stored.
I have lived to the day that we give an example on china not doing something stupid a western democracy does about rights and freedom. Wild times to be alive. I am also surprised that they demand worldwide access and not just UK users data or all the data stored in UK jurisdiction. But this is going too far.
The difference is that China and Russia have the sense to spy on foreign citizens with hackers, trackers, and other covert means. Somehow the UK feels entitled to Apple doing their espionage for them, and has the gall to ask publicly.
Note that this is not China apologia: they do the same brazen shit locally, but they're an authoritarian regime. I have lower expectations for human rights there.
Those who are charged with stopping cyber crime are very must against this. End to End encryption is one of the better protections they can give you against foreign hackers and they want you to use it.
Meanwhile down the hall are people who are charged with investigating crimes someone in the country commits and they are want this. It is a lot easier to prove someone is involved in some crime if a warrant can get their data, but end to end encryption means they can only get random bytes. (of course they don't want warrants either, but that is a different issue not relevant here so they will specify warrants in this debate)
China has forced Apple to outsource iCloud in China to a state run company, so all data is just directly controlled by the government there. It’s an even worse situation.
That is just China's general rules around tech. Awful? Yes. But not a global issue. Most non-chinese companies are forced to have their chinese properties ran by a chinese company.
This is shown by companies like VW having cars made in china with effectively a license model, these cars are designed and built by a third party with a few interesting exceptions (VW actually licensed a design, the Taos, back and shipped it worldwide)
The insane overreach was the UK wanting data on people not in the UK
We literally tried to do this with TikTok. We can't exactly stand on a high-horse when the highest level of government in the US was totally fine with it.
Our noble "we can't have American data in the hands of our enemies," their savage "forcing American companies to turn over user data."
Edit: I misread the comment tree, I thought this comment was equating the TikTok situation to the UK's request.
I agree that the TikTok demands are pretty similar, though I might quibble over whether they're literally the same, since arrangements like that are the status quo in China but not in the US
Original comment below:
How is "remove foreign control of data on our nation's users" remotely the same as "give us access to foreign users' data"?
They're not even figuratively the same, despite you literally misusing that word
It's not clear which scenario you are referring to.
If by "give us access to foreign users' data", you mean TikTok, then ByteDance is only required to sell the US portion of TikTok to American buyers. If you mean iCloud, then Apple is only required to keep Chinese users' data on local servers.
Oh my bad, I misread the comment tree and thought this comment was a response to the grandparent.
"give us access to foreign users' data" referred to what the UK is asking for, I thought the post i was replying to was equating the UK's request to the US'
It is worse than that, I never expected that most democracies would go back to foregone days, because people get sold out on populism and decided to ignore history lessons.
As a child of Portuguese revolution, I am aware of plenty of stories, apparently many folks nowadays think those are stories to scare misbehaved kids.
It would be enforced by fining the UK legal entities (or worse, like charging their legal representatives) if they don't comply. If the UK is serious about this, the only alternative for Apple would eventually be to completely cease operations in the UK.
By the way, this is similar to why for true GDPR compliance, data centers should be operated by EU companies that aren't subsidiaries of US companies, because even if the latter operate data centers located in the EU, they would still be bound to secret orders by the US government.
The most horrible part of the discussion we're making is that we're arguing that UK intelligence should be able to access only UK related data, and not that UK intelligence should not undermine privacy of people
The Overton window is the range of subjects and arguments politically acceptable to the mainstream population at a given time.[1] It is also known as the window of discourse.
[…]
The political commentator Joshua Treviño has postulated that the six degrees of acceptance of public ideas are roughly:[7]
unthinkable
radical
acceptable
sensible
popular
policy
The Clipper Chip died a quick death back when the Clinton administration wanted it, as the push back against it was pretty strong. Now? Seems like a matter of time before every form of electronic communication has a dozen different back, side, and front doors into it.
I don't think that was mandated to be used for every device though. It was also shown to perform key escrow in secret and had its security defeated before it launched.
The moral thing to do would be to resist obeying such laws as much as is feasible. If that fails close all your legal entities and continue offering services to the citizens of that country to the extent that is feasible.
Of course it wouldn’t be very profitable. So unfortunately you really can’t expect a major public company to take a stand like in a case like this.
Fully agree. Imagine giving your data to company XYZ which promises you full encryption privacy. The company XYZ opens a subdivision in country CBA and all's okay unless CBA's law is changed to mandate all companies to give all their data. Now your data is lost to CBA's agents.
> By the way, this is similar to why for true GDPR compliance, data centers should be operated by EU companies that aren't subsidiaries of US companies, because even if the latter operate data centers located in the EU, they would still be bound to secret orders by the US government.
This is interesting, I know GDPR does not mandate data localization but I was under the impression that the requirements are a bit more difficult/stringent for transferring data out of the EU region ? While not perfect, it's a bit less 'open door' than it would be if it was hosted in the US.
The EU has a law saying "don't transfer data out of the EU without the right paperwork, but of course if your American sysadmins have SSH access to servers in the EU to do maintenance that's no problem, just tell them not to copy the data off it"
The US has a law saying "If our spies tell American sysadmins to SSH into a server in the EU and copy data off it, they must do it and they must keep it secret"
I’ve never worked in a company with data the gov’t cared about that wouldn’t have sirens going off. Why is Joe SSHing into the EU data center? And now why’s he trying to turn off the GuardDuty rule that caught him? And why is he trying to delete that from CloudTrail? And why is the SOC 2 auditor asking why he has access to delete things from CloudTrail in the first place?”
You’d have to get a surprising number of people to go along with it.
That's why it's important to choose a sysadmin who has the authority to SSH to servers. Joe SSHes in all the time, it's not an anomaly.
If you think a SOC2 auditor would spot something like this, in a company the size of Apple or Google - you've probably never been through a SOC2 audit :)
I wish that I had not been through many SOC 2 audits. But the point was just that in a sufficiently large org that might have cross-continent data centers, it’s not common to have one person who can access remote data and cover their trail and turn off the alarms and all the other things required to do it surreptitiously. Possible? Maybe. Likely? Probably not.
In my experience, every sufficiently large org with data centres on multiple continents has an accretion of legacy systems and special exceptions.
And a heuristic anomaly detection system that generates masses of false alarms, and enough different teams and documents and policies to bury an army of SOC2 auditors. And so many log lines almost anything can get lost in the noise.
The janitors always have keys to everything. Especially when it’s required by law.
Surely if the current government were dumb enough to try and ban Apple from the UK over something like this it would it would make even Truss look competent in comparison.
Not so much because British people love their iPhones to such a extreme degree but because they willing to waste money and resources over something this stupid.
IMHO Apple could bring down the government that tried this if they really wanted to.
It is a relatively small market, and if Apple decides to shut down while flooding the streets of London with posters saying “We are forced by your government to shut down in order to uphold your privacy”, the UK
Government would take a massive blow.
Imagine Russian Oligarchs on android devices! Polonium will roll, I tell you!
There are lots of different ways to do business. UK is unlikely to be able to ban the iphone, and I doubt Apple has much business in the UK. As such they can lay off all workers in the UK "because of legal issues" and the workers feel the pain. They can still sell in the UK through third parties, and go to the EU if you need warranty work
The phone itself is only a piece. Apple sells multiple services, without them the phone is useless. If you can't access the appstore, the backups, etc. what good is an iPhone? Now, the UK can say that UK citizens' data can't travel outside of the UK without the UK government permission.
So it's still a problem. This seems like a looming PR battle.
So if British voters get to chose between having access to iPhones or voting for a government that wants to spy on them at whatever the cost surely the choice must be clear?
The US used a similar strategy decades ago to break Swiss Bank Secrecy laws (either Swiss banks had to give up the info or they were going to be kicked out of the US).
Yep, and the US had a lot more leverage; out of the US translates into no access to US dollars either directly or via a correspondent bank, which essentially means bankruptcy.
I really hope so. I would love to see that showdown. Hopefully, "can't buy an iPhone in the UK and everyone knows why" makes the Snooper's Charter a radioactive mess that legislators fall all over themselves to repeal.
Then they can vote in a board of directors that agrees with them, and have that board fire Tim Cook.
I would hazard to guess that you'll see an exodus of a lot of folks leaving Apple either because (a) they won't follow that order, or (b) in solidarity with those that are fired.
Reminder that privacy is feature that Apple touts (how much you believe them is up to you):
> On January 28, 2021, Apple CEO Tim Cook delivered remarks at Computers, Privacy & Data Protection Conference: Enforcing Rights in a Changing World. The virtual conference — hosted annually in Brussels, Belgium — is one of the foremost international privacy and technology conferences bringing together leaders from academia, government, civil society and the private sector. Learn more about the features and controls Apple provides users to safeguard their privacy at http://www.apple.com/privacy
I don't know where your ideas are coming from - Apple easily folded and gave all data to Chinese government when commanded to do so under leadership of Tim Cook.
Where does your thinking that they'll suddenly forget about revenue from UK over this come from?
Swiss banks didn't care - they didn't have a large Us presence anyway. Until the US started enforcing this by proxy, other banks couldn't do business with you and the US and overall the US is more important to the world than Swiss banks.
Not so sure. Yeah, they didn't have a large US presence but they did a lot of business with US banks and securities markets -- that's what was threatened. It's wasn't the ability to have branches in the US but the ability to conduct business in US markets.
As someone else here said, Apple would 100% call this bluff. And you can be certain the UK won't have the US to put pressure on Apple for them. All the would happen is the UK Apple users would be with an expensive paperweight.
That assumes that Apple's shareholders believe that Apple's privacy reputation (relative to other companies) is more valuable than access to the UK market.
All evidence that I have seen suggests that consumers by and large do not care about this kind of privacy. They do not buy iPhones instead of other phones due to the privacy properties.
Therefore Apple's shareholders could order Apple to stay in the UK market.
And if not, then Apple's customers could be compensated with money and other UK-held assets that the government could confiscate.
According to NASDAQ [1] the two main investors are Vanguard and Blackrock, but the two of them together are far away from 50%. There are a number of other large investors. I didn't do the sums but there must be probably 30 of them to get to 50%. Do some of them care about privacy of common people? Probably not. About the people in their boards? Probably yes.
This is usually true of any corp. However, Apple is the one big tech company that has built its reputation on privacy more than any other, and Cook in particular is very strong on that -- and he's not prone to Zuck-like flip/flopping, at least not so far.
You may be right, of course. But if there's one tech company who _might_ say "no", it's Apple.
Most users don't care about that stuff, but I think a small but significant percentage do. I have never been an Apple fan but I am aware that they are significantly better than Windows and Andorid for security and privacy.
This is not just a case of the British intelligence services secretly “tapping into” Irish telephonic and internet traffic via land and maritime cables. Rather in most cases they are being provided free (or commercial) access to the information by companies associated with the use, ownership or maintenance of these cables.
Post-Snowden the Irish government retroactively legalised it...
It can be enforced in this way: police raids the local headquarters and jail a bunch of people because their company didn't comply with the law.
The only way to prevent that is not having any local office, no employees, nothing. Sell physical objects only by the means of local 3rd party resellers which will import goods. Same thing for services. Of course they can ban imports and services or go after those 3rd parties. It depends how nasty they want to be.
I suspect the UK government would back down way before Apple. People aren’t politically active as those of years pass, but brick their iPhones you’d have a riot.
Note that it the bar is having the ability to access the server, so this law is completely incompatible with most GPDR solutions: It's illegal to store European user data and then refuse to hand it over to US law enforcement, regardless of whether the data is stored in Europe or the request breaks European law.
I imagine they would fine apple a large sum of money. If apple refuse to pay they send high court sheriffs to confiscate any property they have in the UK to pay the debt.
More importantly, apple has customers in the UK. The business from captured apple users is more valuable than apple's privacy reputation.
This all seems very similar to RIM and the aftermath of the riots in the UK. The backdoors became too obvious for customers to ignore. Did not go well for RIM in the market afterwards.
Who has more to lose though? I mean any government that would do something as stupid as banning Apple because Apple didn’t allow it to spy on its citizens wouldn’t be very popular or last that long..
I mean this would be even more stupid than Partygate and the whole Truss debacle put together.
> More importantly, apple has customers in the UK. The business from captured apple users is more valuable than apple's privacy reputation.
Is it though? I wonder how much of Apple's revenue is from the UK, probably around 5-6%? Apple isn't exactly as popular in the rest of the world as they are in the US.
Would damaging their privacy reputation globally be more valuable than the UK market? I honestly don't know, but my hunch says no - they are likely to want to keep their reputation and dump the UK market. I think more likely is Apple is going to be able to get the UK to cave in. Apple is extremely competent with PR, and would be able to spin any kind of pull-out or degraded service in the UK as the government's choice and fault, to the ire of UK citizens.
> a back door that allows UK security officials unencumbered access to encrypted user data worldwide
As far as I can tell, China is asking to keep Chinese data in China and have access to it, but it is not asking to access data of American or European citizen and if it did we would be pissed off.
It seems apparent to me that Apple leaked this information to US press in an attempt to get the UK to back off. Wouldn't Apple also try to subvert the attempt for US intelligence to get a backdoor? Or do we think Apple has less of a leg to stand on with US and would be more likely to roll over?
You're including end-to-end encrypted content in that as well, like from Advanced Data Protection?
> If you choose to enable Advanced Data Protection, the majority of your iCloud data – including iCloud Backup, Photos, Notes and more – is protected using end-to-end encryption. No one else can access your end-to-end encrypted data, not even Apple, and this data remains secure even in the case of a data breach in the cloud.
I have no opinion on whether US intel has a backdoor into this e2e encryption or not. It seems like the sort of thing where people non-chalantly state that it must happen, but of course no one ever has actual proof or a source.
I mean, you're right. People think "end to end" encryption helps them, but they forget that Apple controls both the server and client more than the user does.
> Or do we think Apple has less of a leg to stand on with US and would be more likely to roll over?
Apple has no leg to stand on at all. When the NSA comes to your door and demands access to everything you have you don't get to say no. There is no court you can appeal to, and they'll take whatever they want and order you to keep your mouth shut about it. They'll walk right into your headquarters and data centers, force you to move your employees so they can set up an office for themselves on your property, insert their equipment into your network directly and take everything just like they did with AT&T decades ago (https://en.wikipedia.org/wiki/Room_641A)
Your only options are to comply or shut down (https://en.wikipedia.org/wiki/Lavabit) and I'm not even sure the US government would allow "shut down" as an option in some cases. It seems likely that they'd keep a massive target like Apple running even if the owners of the company wanted to cease operations, but lets be honest, Apple makes a lot of people very very rich so they'd never walk away from that. They'll keep making their money and just try to convince themselves that the US are the "good guys" and so it must be okay.
Obviously, Apple is going to comply with US federal law, given that their headquarters and employees are there, as well as their most profitable market. But when possible, they have shown themselves willing to fight against intrusion.
First, that's notably the FBI and not NSA. As gp says, NSA has greater powers with less legal oversight on national security grounds.
Second, a cynic might argue that Apple put up a noisy, principled fight that one time precisely to create the perception that you have here. It could be the FBI learned data requests to Apple are a dead end!
Or the two came to a mutually beneficial understanding: "don't come in the front door waving a court order for the cameras and we'll see what we can do when our reputation isn't on the line, see? And maybe if we help out, that antitrust investigation isn't necessary after all!"
I can't imagine all cloud providers weren't leaned on heavily to provide this access long time ago. Its a treasure trove too juicy to be ignored. Pro quid pro of course.
Anything else is highly illogical or outright stupid, imagine CIA or NSA having meeting on this decade and a half ago and deciding 'well if they won't give us full access when we asked nicely I guess that's it, we have to respect the law and their wish'. LOL. They don't respect basic human rights at all if you don't hold US passport, and even then the list of cases breaking laws and constitution is endless.
Apple is good with their PR, but why do folks accept their every word literally and not as part of marketing spin to sell more services is beyond me. Rest of the market is not even trying to spin it that way which is actually more respectable behavior.
Apple is famous for keeping projects secret from its own employees. To be clear, I think it's unlikely that this has already been set up for the US, but it would be easiest to do at Apple.
Not necessarily. There's a lot of people absolutely unwilling to risk loosing their salary and career. If you are doxxed as the leaker, what other company would hire you? I'm not even considering if there could be criminal charges involved as well.
Snowden left an example of what kind of lifestyle is possible after leaking, and I doubt snowflakes at FAANG would be down for that. Or how about other examples of leakers that have turned up dead? That's a cheery thought to consider.
So yeah, at this point in time, I do believe there's a lot of people that might not agree, but are not up for the task.
Snowden chose that lifestyle. If he had stayed in the US, he would be out of prison already, just without a security clearance. The longest sentence anyone ever got for leaking government information to the media is 63 months, with a release after 50 months on good behavior.
Manning was released early from her 35 years prison sentence only because there was Obama who had balls to do it and go against extreme far right part of society and government employees. Not going to happen again anytime soon in US.
I am actually surprised she survived this and wasnt suicided or sent to Guantanamo for water boarding till heart stops, I guess thats only for those without US passports.
No. Whistleblowers are extremely rare. Snowden did it, but he also worked with thousands of other employees who had knowledge of some, if not all, of the abuses Snowden told us about, but not one of them came forward. This is pretty much always the case when it comes to whistleblowers. For every one who came forward there were many many more who knew and stayed silent and it's hard to blame them. Whistleblowers are harshly punished, and sometimes killed in retaliation.
Being willing to sacrifice everything you have, including your career, your freedom, and potentially your life, just to let the public know the truth is not something you should expect people to do. It's a huge amount of risk and sacrifice while the only reward is knowing that you've done the right thing even though you'll be vilified and punished for it. That's what makes whistleblowers heroes.
MI6 probably gutted the cybersec division. Probably don’t have many viable sploits in their cache against Apple.
I suppose this is _good_ but more competent and well funded groups out of Israel, Israeli military complex, Cyprus don’t need to “ask” for a back door.
As long as Apple has a business presence in the UK, they are subject to the laws the UK imposes on them even if they're vastly overreaching and impose on other government's citizens. Not supporting cloud services wouldn't be sufficient to avoid the compliance requirement, they would have to formerly stop doing business in the UK.
Looking at the market size that might be a decision that Apple is willing to make as it would most likely be a temporary stick. The government can spin it anyway they want, but Apple devices do not work basically at all without the deep integration of their services. A geoblock would effectively mean UK citizens would be left with unusable devices and I can't see the resulting outrage being directed exclusively at Apple.
It'll be interesting to see how this plays out for sure.
> As long as Apple has a business presence in the UK, they are subject to the laws the UK imposes on them even if they're vastly overreaching and impose on other government's citizens.
I wonder if this means that Apple would ultimately take the same approach that they have in China, where the iCloud data and services are entirely localized within China and allows the Chinese government unrestricted access.
china had leverage because of the manufacturing happening over there and the incredible market opportunity, UK doesn't have much.
technically i believe apple could get out of the UK market to provoke a backslash on the government.
If they concede, other government will use the exact same blackmailing technique and one can say it will be the absolute end of their "privacy" marketing campaign they spent so much money into.
Apple offers the same escrowed key and non-escrowed key (advanced data protection) features in China as far as I'm aware. The extra capability GCBD has would be access to protected at rest data like iCloud email.
I think this is the most solid answer I’ve seen so far that makes any sense. Could they still go through with it , I’m not sure, they want to project some influence but I still feel this is like haggling for half price to get cost.
Someone else here said something spot on for me, we’re all focusing on how bat sh*t this is because it’s global without even considering how human privacy obligations are just ignored.
Humans have a right to privacy, feels unbelievably pretentious and privileged to even say that. But it’s still true
I think it’s a cultural issue. The British have an inflated sense of national self worth as a result of being the world’s largest power during the British empire. While this has not been the case for some time now (since Suez in 1948? Longer?) the people still carry the memory and national myth of great importance. This is likely what drives a sense of entitlement that British demands should bypass the laws of every other country in the world and give them unfettered access to everyone’s data. Think about that, literally everyone who has an Apple device!
> When asked by The Post whether any government had requested a backdoor, Google spokesman Ed Fernandez did not provide a direct answer but suggested none exist: "Google cannot access Android end-to-end encrypted backup data, even with a legal order," he stated.
No, that does not suggest none exists, it only says they don’t have access to it. They could have chosen or have been ordered to give the keys to the government agency but not keep one themselves. I’m not saying that’s likely, just that it’s important to not take these statements as saying more than they do. They wouldn’t hesitate to use “technically correct” as a defence and you have to take that into account.
But if they could give a key to the government agency, it wouldn't be end-to-end encrypted, right? Or are you thinking they would have a copy of users' keys that they gave out? (Which I guess is technically possible.)
They could also cripple user key-generation. E.g. they choose random primes from a known subset. It would make communication crackable while also being difficult to detect.
It would be no different from how multiple devices and users access the same content (chat, shared data, etc.). The government’s keys would always be included in set which encrypts the real key. They don’t need the users’ key, Apple doesn’t need their private keys. So technically still end to end encrypted, just with a hidden party involved. Users have no way of knowing this doesn’t already happen.
And when their key leaks, it’s as good as no encryption, but still end-to-end encrypted.
You can not use a DH key exchange, and create the symmetric key by some procedure that is predictable, or encode the symmetric key with the government's public key and send it to them.
It doesn't stop being end-to-end when you add another end. We often do group chats that way.
Or you can create a side-channel and send al the data there. That would stop it from being end-to-end.
Before people immediately think the worst of Google or other corporate representatives, be aware that people working in these companies need to weight their words carefully. From The Verge's article on the issue:
The UK has reportedly served Apple a document called a technical capability notice. It’s a criminal offense to even reveal that the government has made a demand. Similarly, if Apple did cede to the UK’s demands then it apparently would not be allowed to warn users that its encrypted service is no longer fully secure.
How does this work wrt false advertising laws? If I relied upon their end to end encryption and it turns out to be false advertising because there's a secret backdoor, who do I sue?
so in this hypothetical, some blackhat is able to download data in mass from apple servers? And you're worried that the only thing stopping that, or creating a duty to protect the data is encryption?
Which is exactly why I’m making this point. If no government had requested a backdoor, they could’ve simply answered “no”. When you have to weight your words, it means you’re not at liberty to say whatever you want. That is itself a signal, and why warrant canaries are a thing.
You're right to point out how carefully worded these statements are. But I suspect it's rare for companies of Google's status to not have been asked for a backdoor. It's not really an informative question to ask Google.
My guess is Google, Microsoft, Signal, Apple, Cloudfare, etc etc etc have all been asked if they could make backdoors. I expect they have all been asked. It's not the same as asking if they have made a backdoor.
So I think a journalist asking an organization like Google if they've been asked isn't really informative, because they almost certainly have been.
I'm not sure how it's relevant other than to say an answer from Google's response might seem oblique, but they're also being asked obliquely and that colors how you might interpret their response.
Of course they were asked. That doesn’t matter, my point is the author is assuming more from the reply than what was said.
It’s like if you conspired with your brother to steal from the cookie jar. He stole the cookies while you distracted your parents. Later on your mother reports to your father:
> When asked whether they stole from the cookie jar, derbOac did not provide a direct answer but suggested they didn’t didn’t know who did it: "I did not see anyone removing cookies from the jar," they stated.
Your statement is factually correct, but it doesn’t say what your mother concluded.
That concept has always sounded like tech people trying to hack the law without the proper real-world legal knowledge, IMO.
Bruce Schneier wrote in a blog post that "[p]ersonally, I have never believed [warrant canaries] would work. It relies on the fact that a prohibition against speaking doesn't prevent someone from not speaking. But courts generally aren't impressed by this sort of thing, and I can easily imagine a secret warrant that includes a prohibition against triggering the warrant canary.
Simply answering "no" when that's the truth could be illegal too. The ability to say no creates the ability to say yes as well. If I ask Apple whether they got an order and they say "no", then a year later they say "we cannot confirm nor deny", well then that's a yes.
Kinda depends on judicial interpretations of free speech, but that's how warrant canaries work. Are warrant canaries legal in the UK? They seem to be in the US but idk how well established that is.
But they can still notify the public, through those canary statements. (I forgot the name commonly used).
For example (a simplistic one), you can have a statement like "we do not have any backdoors in our software" added to your legal documents (TOS, etc). But once a backdoor is added, you are compelled by your lawyers to remove that statement. So you aren't disclosing that you have added a backdoor. You're just updating your legal documents to make accurate claims.
Such actions, even just the act of deleting text, conveys a message you were ordered to not convey and the government is not likely to take too kindly to that.
Not exactly the same but I've had a discussion around a similar topic with a Canadian immigration lawyer. We were put in contact by a mutual friend and the lawyer was looking for an email provider that was hosted in Canada and didn't rely on any US-based services (e.g. spam filtering). I asked him about the requirement and he pointed out that it was legally impossible for him to simultaneously comply with the USA PATRIOT Act and Canadian data protection/privacy laws. The US Gov't could compel his email provider to disclose solicitor-client privileged data with a gag order, and by not telling his client he would be breaking Canadian law.
By putting statements like what you're proposing in your TOS or marketing material you are potentially setting yourself up for a situation where it's now impossible to comply with all applicable laws. As others have mentioned, Australia passed legislation preventing you from disclosing the existence or non-existence of specific legal documents; they're at least warning you up front that the canary itself is illegal. The solution is to not make marketing statements that would become fraudulent in a situation where you can't legally retract them, unfortunately.
Edit: since lawyers are mentioned here... if the lawyer who is telling you that you need to remove the line from the TOS is the same lawyer who told you it was ok to put the line in the TOS... you should probably find a new lawyer because they didn't think through the consequences of approving it in the first place.
> if Apple did cede to the UK’s demands then it apparently would not be allowed to warn users that its encrypted service is no longer fully secure.
One would think this runs afoul of other laws though, truth in advertising and similar.
Its such a legal minefield, and the UKs request borders on violating the sovereignty of other nations I can't see Apple complying, but maybe that's hopium talking.
My layman’s understanding is that a user’s private key is used to decrypt a random key, which is then used to protect data. Shared files then only require adding key access to that small secret by someone who knows the original key. If one of the original public keys is always one held by authorities, Google never needs to have custody of the private key and can’t access the data themselves making the statement true, but misleading.
> No, that does not suggest none exists, it only says they don’t have access to it. They could have chosen or have been ordered to give the keys to the government agency but not keep one themselves.
The whole definition of "end-to-end encrypted" is that only the two ends have the keys. If anyone or anything other than the two ends (the one sending and the one receiving) has access to the keys, it's not end-to-end encrypted.
Whatsapp has had end-to-end encryption since 2016. But it only added encryption to cloud backups in 2021. They didn't share any key material with Google, just backed up the messages and media without any encryption to begin with.
Yes exactly. Google is very careful to say that "Google cannot access Android end-to-end encrypted backup data" and notice it doesn't say that all Android backups are end-to-end encrypted. For what we know, Google could have decided to use non-end-to-end backups in the UK and end-to-end backups everywhere else.
This is so disheartening. I thought we were making progress in the anti-surveillance privacy narrative, but this says otherwise. As a UK citizen, is there anything I can do to dissuade this?
> I thought we were making progress in the anti-surveillance privacy na[rra]tive
What lead to to believe that? The Conservatives and Conservative-Continuity governments both agree that our data simply must be in the hands of the police, DEFRA, and your local council.
RIPA will never be repealed and only strengthened.
I don't disagree with your analysis but i wouldn't be so fatalistic. This stuff _isn't_ inevitable and i think it's possible to win people over to our side. Things can change for the better, but they won't unless people who care don't give up
Ahh, I used to have that opinion, but I've encountered too many "It's fine if they want it, I've got nothing to hide" people. (They never give you their Facebook password if you ask, though. Funny, that.)
Change what you can, I say, VPN on the network device.
> When Oliver shows Snowden evidence that all typical Americans care about is whether the government can see our "dick pics," he encourages Snowden to go through a list of every government surveillance program and explain its capabilities in terms of access to "dick pics."
> As a UK citizen, is there anything I can do to dissuade this?
If you voted for this Tory-lite government, then you can stop voting for any future Tory-lite governments. If you did not, there's not much you can do in practice without devoting your life to it.
Well, in the UK just planning a non-violent protest can get you 5 years in prison as many people have already discovered. Protesting has been pretty much made illegal by a very broad legislation that defines any protest that causes "disruption" as illegal - what "disruption" means is up to interpretation of course.
Which just means you need a large group to protest. They can arrest 10,000 people no problem, but get several million together and you have an army. Best is to get some of the actually army/police with you so that when (not if!) they try to get violent you can make it clear this is a revolution they won't win.
I hope it never reaches the above level, but always remember that remains an option.
Yeah but to get a million people together you need to plan for it first, and that's where they get you :P It's honestly shocking the state of things in the UK in that regard. I'm surprised there isn't more outrage around it, even the people I know who used to say they hate the Just Stop Oil protesters expressed shock that they've been given 5 years for just talking about a protest, not actually doing it.
I don't support the legislation you're referring to, but I think you're painting an exaggerated picture (unfortunately a common theme of these threads on HN about the UK). You can easily find examples of recent protests in London: https://news.google.com/search?q=protests%20london&hl=en-GB&...
Note how I didn't say that protests don't happen in the UK. They obviously do. But the problem is that now that effectively every protest has been made illegal due to the fluid definition of what "disruptive" means, the enforcement is arbitrary. Just stop oil protesters? Thrown in jail. Protesting in front of the Chinese embassy? Carry on. That's the problem with the broad legislation in the UK - government wants to have the power to spy on everyone, but obviously it doesn't mean everyone will be spied on. Just people who do something the government doesn't like.
I understand. However, I think your original post was very much open to being misinterpreted by people who don’t live in the UK or follow UK news. It’s obvious to us that protests still happen in the UK. But many people here only read negative news stories about the UK and would just assume from your post that protest in general was now effectively banned.
Weren’t the few JSO protestors who were jailed convicted of doing things that would be objectively illegal in more or less any country? Where are the countries that allow me to deface priceless works of art or block public highways without any legal consequences? I am not saying that these are necessarily illegitimate forms of protest, but they come under the heading of ‘civil disobedience’. The whole point of civil disobedience is that you get punished and thereby draw attention to your cause. Even in the US you can easily be jailed for protests involving blockading or trespassing: https://www.bbc.com/news/world-us-canada-69003240.amp, https://www.vpm.org/news/2024-06-24/gaza-protest-interstate-...
It may well be that the new legislation is overly broad, but I don’t think the JSO protests are a great example of this.
Yeah know, at some point a historical review would suggest that the constant stream of labour led initiatives to end privacy might indicate that the problem is not just the tories.
Labour have no problem with it, just the same as the Online Safety Act which is causing chaos right now. They're fine with the legislation and have never expressed a desire to see it repealed. They didn't even do much to prevent it in the first place.
This is what the parent comment is getting at when they say "Tory-lite".
Are you still under the impression that different political parties will actually do diffrent things? It even sounds like you think Labor are 'good' and the Tories are 'bad'. I think you may change this opinion after the next 4 years.
Wait. The Tories aren’t in power yet you want to attribute this to “Tory-lite?” It’s the Labour Party that is in charge, so why not put the blame on the actual perpetrators? Is it because you don’t want Labour getting blamed? I am confused. The Labour Party is the one jailing people for speech, so it follows that they would want backdoors into iCloud so they can better investigate ThoughtCrime.
The director of public prosecutions of England and Wales, Stephen Parkinson (appointed by the Labour Attorney General), warned against "publishing or distributing material which is insulting or abusive which is intended to or likely to start racial hatred. So, if you retweet that, then you’re republishing that and then potentially you're committing that offense [incitement to racial hatred]."
He added further, "We do have dedicated police officers who are scouring social media. Their job is to look for this material, and then follow up with identification, arrests, and so forth."
I'm very surprised that I got as many as three replies by people who interpred my comment this way! You got it right indeed.
I'm a bit confused though, surely if I call someone "Hitler-lite" this couldn't possibly be inteprered as something positive, haha. Maybe it's just tribalist reflexes, or maybe I did word things strangely.
This stuff started from the Online Safety Act 2023 passed under Rishi Sunak's Tory government.
For some reason Americans, including Musk, go all partisan and feel the need to blame speech restriction on the lefty party but it's not what happened.
You know the answer, of course with FPTP there's only two parties with a realistic chance. But why do they? Because you keep voting on them. Your votes made e.g. Corbyn lose but Starmer win. What signal does this give off? A very different signal than if both would've lost. Would another Tory government would have been even worse? In the short term, maybe. But this kind of short-termism is what has got Labour (and all of the other similar parties all over Europe) in this exact predicament. Better to make them lose for picking an awful candidate that's a Tory-lite and bite the bullet. It's not like the Tories would have kept winning for decades on end with the way things were going.
If you agree that Brexit happened under the Tories and not Labour, then we can also agree that THIS order is happening under the newly elected "Labour Party" and not the "Tories", or so-called "Tory-lite" names.
It's completely pointless trying to remove accountability of this government's illogical actions and then to immediately resort to blaming the previous government for bad decisions like this one.
Just admit that this is under the Labour government.
Huh? You completely misunderstood what I meant by that moniker. In no way at all does it absolve them of blame - quite the opposite, it's calling them nearly as bad, so close that the difference doesn't really matter.
The government is a reflection of the people. It might not be perfect, but if 80% of the country didn’t want this type of surveillance we wouldn’t see any government pushing it.
You have to change the view of the country as a whole, and for generations the U.K. has been a country of curtain twitchers.
In my mind, the only way to beat these efforts for good is to win hearts and minds of the larger public. Currently because only weirdos like us care about this stuff, we have to constantly be on top of these things and writing letters making posts etc.
Overall i agree with you, it is really disheartening. That being said, i've made progress with my family on valuing privacy and the dangers of surveillance. I think people might be changing their minds slowly but still lots of work to do.
A breakthrough with my sisters was when abortion was threatened here in the states. Mentioned to them that it would be easy for authorities to enforce abortion punishments by subpoenaing data from menstruation cycle tracker apps. This kind of "clicked" for them and they became more open to the other parts (not given ratukan or whatever their purchase history, etc. etc.)
Thought experiment: let’s say that Trump said that he thinks Apple is helping hide illegal immigrants because they are communicating with each other over channels that ICE can’t decrypt, how much pressure do you think he could put on legislatures to pass a law here?
Now let’s say that some Republican Senators and Representatives were ethically opposed to but then threatened to be primaried and President Musk said he would throw all of his money behind a potential opponent, how long do you think it would take a law to be passed?
Even without a law, we already see that Cook will willingly bend a knee to Trump as will Google.
Right now in my home state the governor was trying to get a law passed banning Western Union from allowing illegal immigrants from sending money overseas.
That all it takes is the co-presidents to say that by giving up your freedom we can get rid of those “evil illegal immigrants” and enough people will give up their rights.
He will just do an executive order. He is an authoritarian, basically a king. "But but but it's illegal". The system can't keep up with speed he is dismantling it.
> I thought we were making progress in the anti-surveillance privacy narrative, but this says otherwise.
I think we are perhaps the lowest point ever in terms of anti-surveillance efforts. There seems to be bipartisan effort among many (most?) western governments that the government should have unfettered access to all data, regardless of any reasonable expectation of privacy.
Encryption seems barely tolerated these days. Governments are insisting on backdoors, they are making it illegal in some cases for companies to even discuss what is going on or that monitoring is happening.
We barely know what is going on with the programs and efforts that get leaked to the media, much less the programs that operate in total secret.
Let's start supporting parties that have principles.
And stop making excuses for parties that don't (i.e. Labour, Lib Dems and Conservatives).
At the moment, the UK public (and media) considers it a sport to disparage and smear parties like Reform, whose leaders want to shrink the power and over-reach of the state.
We are so concerned with appearing virtuous and internationally generous, we cannot be seen to align with a party that wants to put UK citizens first (border security? deporting dangerous criminals back to their home nation? gasp, how could we be so ghastly!)
This self-defeating attitude needs to change if we want a better future for our children.
> Let's start supporting parties that have principles.
The problem is that there are none.
The correct assessment of all these political parties is that by default, they all cannot be trusted. Especially both labour and the conservatives.
> This self-defeating attitude needs to change if we want a better future for our children.
Yes. The second problem is that the United Kingdom is incapable to changing itself historically and is fundamentally destined to never be open to change.
Probably helps if the next time they try to remove the rights of large segments of the populace based on medical choices, lock people down, track them and propose vaccine passports, that you realize where everything is headed and oppose it vocally.
It's always through the appearance of good intentions and a public that pushes for whatever narrative they're fed that they normalize this.
> So much for personal liberties. I'd like to give Labour the benefit of the doubt and assume this is a holdover from the last government knowing how fast the civil service actually works but given the Tory 3.0 plan they are going with I wouldn't put it passed them.
>We didn't vote for this.
You very much did vote for this, you voted for Labour under Keir Starmer and he did not particularly hide his being tory-lite. If one is surprised by this they must not have paid any attention before voting.
quite why Labour deserve the benefit of the doubt on anything authoritarian I don't know
Labour was behind:
- forced key disclosure (Regulation of Investigatory Powers Act 2000), still in force
- 72 day detention without charge (Terrorism Act 2006), defeated before it became an Act
- national identity register and mandatory id cards (Identity Cards Act 2006), ripped up by the next Tory government
- various attempts at removal of ancient right to trial by jury (partially successful)
Its crazy how people still think one political party will be 'better' than another! I guess they must be young. After you have seen 10 or so government terms play out you soon learn.
My gf doesn't have iCloud. She makes a backup from time to time by connecting her iphone to her macbook, encrypts the backup folder with 7z, and then I store the resulting file in my dropbox.
I follow the same procedure with my Android phone, no google cloud.
BTW anything I upload to Dropbox is encrypted first.
In case you don't already know, if you don't encrypt an iPhone backup with macOS first the backup won't contain _all_ of your data.
Apple says "Encrypted backups can include information that unencrypted backups don't" however the list they give is non-exhaustive. You might find yourself disappointed when trying to restore a non-encrypted backup that you've encrypted yourself in a disaster scenario.
Because I dont own anything Apple, nor anything that doesnt give me full control over my stuff.
I assume that instead of educating me on how the backups are in a user unreadable format, you chose to make a snide remark and leave me to guess the truth.
Why would anyone trust a backup they cannot read themselves in an emergency?
Apple basically already has this built into macos - you can create an encrypted disk image and mount it to access the files. I'm not sure if it is possible to open these on ios.
Sadly, the EU is trying very hard and very persistently to pass the Chat Control bill. So far the EU hasn't succeeded, but I would be surprised if EU politicians didn't keep trying until it is finally codified into law.
I looked them up and they are not terribly old but did Ancient and Modern History at Oxford - the guy who did the law and philosophy, politics and economics at Oxford - Home Secretary. I doubt they are very up on tech.
Successive UK governments consistently fail to understand the UK's place in the modern world. Insisting on access to encrypted data in all jurisdictions globally is just another example of them thinking small and acting big. Its the digital equivalent of sending a gunboat to put-down the troublesome "natives". Meanwhile its 2025, not 1925.
I'd like to think that we've reached the point now that there will be mass resistance to threats to privacy and freedom of speech in the UK, but Britons are such a docile, accepting, and pliant people when it comes to standing up to Big Brother.
Why now? I gave up on this at least 10 years ago. If you can't even get techy people to think about the ethical ramifications of encryption etc then it's a lost cause. What makes you think now it's different? They said it couldn't get much worse 10 years ago, as did they 20. Do you really think the UK population has a breaking point where they will suddenly understand privacy and why it's important?
The UK population generally wants to put their fingers in their ears and pretend everything is ok. Remember we're all descended from people who didn't go to the colonies to try to get a better life.
Why now? Well FWIW I also don't have much hope it will happen. But maybe the needle will be moved if Apple doesn't back down and it affects UK iPhone users.
What are you talking about? I'm a german and the surveillance here is crazy. The EU is pushing for more surveillance.
I always love the left wing echo chambers like reddit/HN who pretend like the EU is some kind of utopia.
Given recent polling, we have to assume that what is MI5's today will be Reform's tomorrow. We have to ask what our government and judiciary are doing putting our privacy in the hands of the far-right.
I never understood this kinds of arguments... both sides want to read your private data, but it's bad if 'the other side' does it? It's your current MI5/government that wants access to apples data.
One side wants to purge large parts of the population and the other one doesn't. Yes, all parties can abuse data, but their policies do actually matter.
I think if you value privacy this isn't the right place to be making distinctions between parties. This only serves to alienate people and isn't the core argument.
I think it's more likely to get broad support when framed as us vs. them where "us" is normal working people regardless of political affiliation and "them" is our government elites trying to spy on us.
No, sorry, I've read too much history to buy into this line of reasoning. Authoritarians are a concrete threat to people's safety and they have a long history of abusing sensitive information about people to do so.
I think maybe we're talking past each other. I'm saying that when advocating for privacy, an effective framing (if winning privacy rights battles is the goal) is to make it "us" vs. "them" instead of some kind of party based push.
If it's associated too strongly with a specific party it alienates too many people to ever get mass support and become a fundamental value that "everyone" agrees on
I do see what you're trying to say. It's just that authoritarian supporters of privacy are a bit of an internal contradiction. Either they're fooled or are being disingenuous.
It's no good having people arguing for "privacy for me but not for thee", which is what it will boil down to. Ultimately authoritarians will use anything which gives them influence and control, with digital privacy violations being one of the easiest to rationalise (no violence, no physical theft).
So I don't see it as worthwhile trying to include such individuals in such a consensus. It's like trying to include foxes in a discussion about how we should best secure hen houses.
Yeah that makes sense, can't really disagree. i'm just always wary of othering large swaths of the population as beyond hope. I think so many powerful groups are invested in making us all hate eachother and in my experience we're all a lot more similar than we think
Yeah I do actually relate a lot to what you're saying. I should emphasise though that such individuals may still be worth reaching. I don't think most people stay lost causes indefinitely. But you have to break down the desire to support authoritarianism first before it makes sense to tackle digital privacy.
Unfortunately that just means there's a lot more sticky work untangling the kind of tribalistic politics we find ourselves in today.
The other one isn't even voted in yet, hasn't done anything yet, and the current one already wants the data, that they shouldn't get.
The current ones are already abusing their power, and the other one might hypothetically do something, if and when and if at all.
This is like Alice making it legal and then punching you in the face and instead of you "punching back", you say "this is fine, but Bob is bad, because if he gets voted in, he'll punch harder".
My interpretation is that it is an argument against trust in authority in privacy discussions.
A: Privacy matters!
B: Why should you care if you have nothing to hide?
A: If you have nothing to hide, then give me the password to your Facebook.
B: I don't trust you with that, but I trust my governments and relevant authorities.
The point is that B's faith in authority is flawed as the "powers that be" are an eternally shifting target. By agreeing to government surveillance, you place trust in every subsequent government, even the ones you would rather not.
Side A abuses (legal, governmental) power, and instead of "lynching" them for that, we turn the issue into "this will become bad only because of side B will do the same". To me it looks like someone supports side A, and wants to limit the "badness" of whatever they did, but still can't support the thing, so they find the way out by claiming that the other side will do something bad with that data, as if the collecting the data (chats,...) isn't bad enough by itself.
I understand your analogy with friends and facebook, and explaining that stuff to your grandma in this way would probably work... maybe even better if you used "your neighbor Sally works for the government, she could read your chats too, do you really want that?"... but on a technical "forum", it (to me) gives off very politically biased vibes.
For what it's worth I don't support this Labour government one iota. I fully admit to being extremely biased against the Reform party, much in the same way that I'm biased against standing in front of a fully loaded 16 wheeler moving at 60mph.
If there were a way to magically ensure that only the good guys had access to the information, I'd be way less concerned about these measures. (There are only a few things that I care about being secret for the sake of secrecy, and I can easily keep those off of computers.)
Every encryption backdoor is a huge vulnerability. Even if we somehow ensure that the powers-that-be remain entirely trustworthy (something that, historically, we can't even manage for a century), they're not the only people who'll have access to the backdoor. It's not possible to make an encryption backdoor that only authorised parties can use: as they say, the laws of mathematics do not respect the laws of Australia.
I see from your history you may have knee jerked this one. I am referencing the far-right Reform party's current polling success and how this may be reflected in our government in the future.
1,096 comments
[ 3.1 ms ] story [ 359 ms ] threadAlso the wider part of this order is that Apple would access to the international users data, including US customers, if I understand the article correctly.
If he's antagonising Trump it's for a reason. Perhaps to avoid showing weakness by being too keen.
I'd probably categorize that more as "declining to halt" rather than "refusing to halt", AFAIK the US government doesn't have an actual law/mandate/whatever for non-governmental organizations on that front.
The Investigatory Powers Act 2016 was one of the big things (before Brexit) that made me realise the UK wasn't a suitable place to run a tech business.
It hasn't noticeably improved.
"Full endorsement" of the electorate isn't how representative democracy works. Given FPTP, the government got a huge majority of seats with 33.7% of the votes, but as there's not universal voting that's only 14% of the actual population, and even with those who did vote it's not clear how many people were voting "not the other lot".
I wonder if a future King William might try something like this, though.
* Come to think of it, Hitler liked three or four of those things too, so this is less demonstrative of character than I imagine.
/j
You could probably make an ECHR argument about it, but even Germany who are most paranoid about Stasi-like behavior have some sort of rights carveout for law enforcement purposes.
Yes, German law enforcement does have a rights carveout, but not nearly as big of one as in the UK (or the US).
(Although I was able to access the article in full on the original URL)
"If you want to sell phones in our country, you have to give us access to anyone we say is a criminal using your phones in any country".
"You are asking us to break the law in those other countries."
"Do you want to sell phones in our country, or not? We know you'll blink first."
(Will Apple blink? I don't know. But I am confident that the UK government is filled with people who assume they will).
And Apple argued to the UK Parliament when the relevant law was being enacted that it violates the right to privacy confirmed by the European Court of Human Rights, which other countries will still be bound by even if the UK follows through on its occasional threat to withdraw from the European Convention on Human Rights.
The UK doesn't have the geopolitical clout it once did, especially not after Brexit.
Aye.
But (1) I don't think the UK government really understands that, and (2) for intelligence operations, they might still have enough.
Everyone else has the exact same dichotomy of simultaneously wanting all the computers safe from other hackers while also hacking everything themselves, and many also want the added extra of guaranteed citizen's right to privacy, so legal fights like this are advantageous to most nations: all the other countries watching this get to have their cake (they can spy on encrypted comms) while eating it too (in this metaphor, when Apple is found out, they get to punish Apple and pretend to be above such things).
I also don't know which way this will go, and indeed this is a big part of Apple's brand.
This is a well worn path for the CIA gather dirt without needing to break any rules on monitoring US citizens.
Therefore you know this is not about chasing the bad guys. It's about keeping the Average Joe under the thumb.
That's a very bold assumption after EncroChat and SkyECC.
There absolutely is a balance between Average Joe's right to privacy and privacy restrictions for fighting crime. Without undermining the former, I'm astounded how HN discounts the latter 100%. It is real.
I hold neither of the extreme views, and frankly I am baffled by anyone in either of them.
Even in situations where citizen rights do “get in the way” of convicting the guilt, that is the price we pay to not be thrown in jail for crimes we didn’t commit. Former Supreme Court Justice William O. Douglas said “It is better, so the Fourth Amendment teaches us, that the guilty sometimes go free than the citizens be subject to easy arrest.” He also said “Big Brother in the form of an increasingly powerful government and in an increasingly powerful private sector will pile the records high with reasons why privacy should give way to national security, to law and order... and the like.”
I'm not saying, based on that, you throw away privacy rules. But to not even acknowledge that there is a conflict is IMO insane.
Reading through this thread, I get the sense that the desire for absolute privacy stems from a perception of the government as basically another mafia - a ruthless, unprincipled organisation that will exploit any weakness in you, just because. Maybe that's the root of the difference. I'm lucky enough to have never lived in such a country. Sure, I care about government accountability, there will always be bad actors, and governments in general aren't always super-competent, but I believe fundamentally, governments in places I have lived are not evil. They aren't another mafia I need a firewall against.
If you have evidence that he was doing something bad, prosecute him. You must have evidence, because you couldn’t know he was doing something bad based off these chats you can’t read.
>You know he's a part of a big organized crime organisation, because you already caught some of the other conspirators.
So charge them with conspiracy or RICO (Racketeer Influenced and Corrupt Organizations).
>you could bring the whole thing down based on documents / chats etc which are encrypted.
How can you possibly know that? If you have evidence of crimes, use that to prosecute. If you don’t have evidence, then you don’t know crimes were committed. Regardless, you don’t even know if these encrypted chats contain anything incriminating.
Government is not another mafia, they are a group of people who are flawed. “Good” governments have laws protecting the rights of citizens against individuals within government. That is like saying that we don’t need defense attorneys because prosecutors are good people and wouldn’t bring a case against an innocent person, or would never bend/break the rules to get a conviction. We have them to protect the rights of the innocent and the guilty.
Perhaps part of the difference is that the public acknowledge this as a necessary _evil_ and get rightly outraged when they hear of people being detained without good cause. But with privacy, especially electronic privacy, almost nobody cares when "we will only allow a small number of agents to use this for imminent terrorist danger" inevitably turns to "we will let any random council worker casually pull up every website you've been to with no warrant"
Someone's encrypted files should be regarded to be in the same category as material they memorized in their brain. Off limits.
Find some other way to get evidence about their wrongdoing to convict them.
That's very clearly not what I wrote. You can demand information this way, not a confession... People in the UK generally have a legal obligation to answer any questions the court has, unless they are themselves the accused. There are a small few other exceptions.
Just because UK law allows compelled disclosure doesn’t make it right—it makes it a bad law. It creates a self-incrimination loophole, shifting the burden of proof onto individuals instead of the state. Leading to erosion of due process and a presumption of guilt, forcing people to either comply or face punishment, even when no crime has been proven. Civil rights advocates have lambasted this law.
So I ask: Do you believe it to be balanced?
Using flawed laws to justify more erosion of privacy only deepens the problem.
I don't know where the belief that all criminals are tech experts comes from; the popularity of cool-looking "encrypted" phones as opposed to actually encrypted apps like Signal should have long dispelled that myth.
I'd argue that the opposite is probably true, people who think that crime pays are less smart and more impulsive than the average person, and hence less likely to think about things like this.
I think it's a case of this: https://xkcd.com/2501/
People here work at the level of things like RowHammer, normal people don't think past the idea that a padlock icon on the screen makes them safe.
From forums of tech experts.
I do not think this attempt by the authorities will be any useful, while it would initially work... well these guys may not be hackers but are not idiots and over time you will get your average baddies become tech-savvy enough to circumvent this.
Which is not to say I approve of more surveillance. Just that surveillance of convenient modes of communication (iMessage) is useful to serious crime fighting.
iMessage is barely used in the UK, WhatsApp is the default messaging platform here
I had a look at the stats though and you're probably correct about WhatsApp being default, although we do have a surprisingly diverse and competitive messenger market:
https://www.statista.com/forecasts/997945/most-used-messenge...
I also suspect international social structures could play a big role. In the UK many people have friends & family that emigrated to iMessage counties like the US & Australia. But many have links to WhatsApp countries like India or even Telegram countries in Eastern Europe.
Blue bubble is messages you sent via iMessage.
All incoming messages are grey, regardless of whether they were sent to you via SMS or iMessage.
I don't know of any UK plan that charges.
My father doesn't and so pays PAYG rates when he uses his. Which probably makes sense for him, given his infrequent use pattern.
I was wondering whether this is about Advanced Data Protection, which encrypts almost all data end-to-end on iCloud. It’s only later in this report that it gets into this key detail:
> At issue is cloud storage that only the user, not Apple, can unlock. Apple started rolling out the option, which it calls Advanced Data Protection, in 2022.
Before stating this, the article says:
> Rather than break the security promises it made to its users everywhere, Apple is likely to stop offering encrypted storage in the U.K., the people said.
This means Apple would be prevented from providing Advanced Data Protection to users in the U.K.
Not making Advanced Data Protection available is made worse by this requirement:
> One of the people briefed on the situation, a consultant advising the United States on encryption matters, said Apple would be barred from warning its users that its most advanced encryption no longer provided full security.
Apple can appeal, but is forced to comply meanwhile (until the appeal is heard) anyway:
> Apple can appeal the U.K. capability notice to a secret technical panel, which would consider arguments about the expense of the requirement, and to a judge who would weigh whether the request was in proportion to the government’s needs. But the law does not permit Apple to delay complying during an appeal.
If your MP has an office in their constituency? They rent the office and buy all the computers and desks and printers and whatnot out of their own pocket, and get the expenses reimbursed later on.
The separation between work life and professional life is also extremely blurry. After all, you have to build up a network of supporters and donors and people in the party who like you before you can get elected. So hundreds of your best supporters and closest allies already have your personal number saved against your name in their phone.
I think they do not have MDM.
Here in Spain no person has even tried to SMS me (which is the fallback for iMessage which I don't have) for 6 years or so :). I also don't have RCS enabled. It's all WhatsApp and Telegram.
The SE is also relatively expensive in Europe. And in Spain Apple seems to have completely removed all trace of the SE from their website. Strange enough. Didn't check other EU sites.
Seems absurdist. They have to implement the backdoor, appeal, and only if the appeal is successful can they disable it.
I think they could do something like what Tik Tok did, by letting users know why they can no longer provide the service.
I would personally give Apple money to see them actually stand-up to this. What's probably more concerning is the number of companies not complaining about this at all.
Governments are extremely powerful. They may issue a gag order (https://en.wikipedia.org/wiki/Gag_order) that makes it illegal for Apple to do that.
If push comes to shove and apple actually called their bluff and withdrew completely from the UK market, I'd bet that that government would become so unpopular that they would not be elected again for quite some time.
This headline comes to mind: https://en.wikipedia.org/wiki/Enemies_of_the_People_(headlin...
I don't see UK judges getting motivated to rule in favour of a foreign company because they took their ball and went home, not even in cases where the ball happens to be very popular.
Unlikely. That's illegal.
We have had a number of bad laws over the last ten years that have entrenched state surveillance and presumption of guilt.
The only party I can see taking a principled stance on civil liberties is Reform UK, whose policy document states:
> A British Bill of Rights
> Our freedoms must be codified and guaranteed. Never again can our entire country be locked down on shoddy evidence and lies. Our data and privacy must be protected. Surveillance of the public must be limited and those monitoring us held to account.
https://assets.nationbuilder.com/reformuk/pages/253/attachme...
Recent polls show Reform is currently the most popular party. So there is hope.
What’s this about? Is it some mad “covid was a hoax” thing?
Could you name an extremist policy that Reform have proposed?
- Leaving the European Convention on Human Rights (joining the hallowed company of Russia and Belarus!)
- leaving the World Health Organisation
- get rid of net-zero climate targets, replacing them with fast-tracked approval for more North Sea oil & gas licenses and fracking
- public enquiry on “Vaccine Harms”
2. The WHO is notorious for failures in policy e.g. Covid response, bends to political pressure from China (e.g. not respecting Taiwan as an independent entity), and is dependent on private donors like Bill Gates which means they have undue influence. A 2021 probe into the WHO found its staff were involved in sexual abuse during an Ebola outbreak in Congo. There are plenty of reasons for leaving it. There's nothing extreme about leaving the WHO.
3. We absolutely should get the oil and gas we need from our own reserves, rather than buying it from despotic regimes and shipping it half way round the world at great ecological expense. There's nothing "extreme" about using our own natural resources.
4. We know now that there were many serious side effects from the mRNA injections and that the contracts granting lifetime immunity to the manufacturers for harm were extremely suspicious. This is a totally novel form of medical intervention, administered to a large population in a hurry, under intense political pressure. There's nothing "extreme" about an enquiry on mRNA injection harms. What are we afraid of? Uncovering the truth?
https://pmc.ncbi.nlm.nih.gov/articles/PMC10022421/
"CV events such as thrombosis, thrombocytopenia, stroke, and myocarditis frequently occur with the mRNA vaccines studied. A significant number of studies included in our review reported BNT162b2 events, which presses the need to conduct more research into the CV implications of mRNA‐1273 (Moderna) vaccine."
Reform UK believe that the purported efficacy of the mRNA vaccines at preventing transmission was massively exaggerated (we now know it was).
https://www.thelancet.com/journals/laninf/article/PIIS1473-3...
Reform UK believe that the detrimental side effects of lockdown policy outweighed the benefits of lockdown policy (again, there's evidence to support this view)
https://sites.krieger.jhu.edu/iae/files/2022/01/A-Literature...
"While this meta-analysis concludes that lockdowns have had little to no public health effects, they have imposed enormous economic and social costs where they have been adopted. In consequence, lockdown policies are ill-founded and should be rejected as a pandemic policy instrument."
We need more voices that are willing to state these truths in Parliament IMO.
Your comment makes it sound like they're all about research, but they also want to ditch human rights and the world health organisation? This conflict of logic makes me think there's probably more to it than just research and doing good in the world. Can it be that they speak of e.g. lockdowns having been bad based on that ReformUK voters were particularly badly affected by that policy and that this study after the fact found that, indeed, they did more harm than good? Ignoring that this wasn't necessarily knowable at the time, but it reflects badly on the government to have made a mistake with hindsight and so they can gain votes since they weren't in power back then and thus the fallacy is to think they'd have known better?
It is disingenous at best to claim that leaving the ECHR means that the UK will abandon or downgrade human rights, unless you have detailed insider information on the proposed British Bill of Rights, and if you're in a position to analyse the relative strength of the ECHR vs the BBR.
I am confident that a new-found ability to send rapists and murderers out of the UK and back to their home country will IMPROVE the human rights of UK citizens.
Okay, let's check the paper.
> Thus, the current evidence suggests that current mandatory vaccination policies might need to be reconsidered, and that vaccination status should not replace mitigation practices such as mask wearing, physical distancing, and contact-tracing investigations, even within highly vaccinated populations.
I must conclude, as a party dedicated to the science, that Reform UK therefore would be on board with the above mitigations, if they are genuinely interested in pursuing at least the simplest / cheapest effective mitigations for Covid.
Was that the case?
However, since 2016 the party almost exclusively shifted focus to opposing Brexit... which is ironic for a party that describes itself as "Liberal Democrats," trying to overthrow a public referendum (the strongest form of democracy)
The party seems to have lost its way, sadly.
From the article, discussing the idea of Apple stopping offering encryption in the U.K.
“Yet that concession would not fulfill the U.K. demand for backdoor access to the service in other countries, including the United States”
> The law, known by critics as the Snoopers’ Charter, makes it a criminal offense to reveal that the government has even made such a demand. An Apple spokesman declined to comment.
* https://www.washingtonpost.com/technology/2025/02/07/apple-e...
* https://archive.is/https://www.washingtonpost.com/technology...
> The Investigatory Powers Act 2016 (c. 25) (nicknamed the Snoopers' Charter)[1] is an Act of the Parliament of the United Kingdom which received royal assent on 29 November 2016.[2][3] Its different parts came into force on various dates from 30 December 2016.[4] The Act comprehensively sets out and in limited respects expands the electronic surveillance powers of the British intelligence agencies and police.[4] It also claims to improve the safeguards on the exercise of those powers.[5]
* https://en.wikipedia.org/wiki/Investigatory_Powers_Act_2016
Not just "see also." Your link is the original reporting.
Without journalists and organizations like these doing hard, expensive work like this no one -- not even on HN -- would know about it.
It's a shame that the link being used for the HN entry is to a blog re-writing other people's work, and not doing any of that work or sharing any of that expense themselves.
Correct link:
https://www.washingtonpost.com/technology/2025/02/07/apple-e...
No, I don't care if there's a paywall. Credit where credit is due is something your mom should have taught you when you were five.
Anyone with a fundamental understanding of online privacy and security would encrypt any files prior to uploading them to the cloud rendering any back doors and access to those files useless and toothless.
I dont use any of these services. I have never understood the thinking around uploading your private life to some server in the cloud when they are more secure on an external hard drive at home.
I learned only much later that her husband was prosecuted for fraud related to government funds. So she had a good reason to have a dumbphone.
It's anecdotal evidence, but still.
You are of very low opinion of people, probably assuming that you are smarter because you are some kind of IT guy.
And you are likely wrong.
Does she? Law enforcement can wiretap and track dumbphones just as easily as smart phones. The lack of encrypted calling/texting options even make it easier for law enforcement. If she's trying to hide more fraud, the dumbphone isn't helping her. And of course if she is trying to hide fraud from law enforcement, she probably shouldn't be doing the fraud in the first place.
There are good reasons for using dumbphones (smartphones distract, and it's having a serious impact on everyone these days) but avoiding being prosecuted isn't one.
Meanwhile, the amount of local news arrests for people getting busted for uploading CSAM to online platforms like Google and Apple is exponentially increasing.
The average "criminal" is an idiot.
So if you ever wonder how they access those WhatsApp messages, when you think that they would be end-to-end encrypted, reality is something else.
I use online services and sync, but my life is so boring (and data breaches have exposed so much) that a disaster that destroys my house and all backups is far more likely that harm from government or private snooping on my cloud files.
I know we’re supposed to stand on principle and make data storage choices as if today’s cat photo were evidence of being the real JFK assassin, but I don’t have the energy.
Most of the time, people become terrorists, criminals or child abusers because they're stupid, not because they're smart.
Even people concerned with security who know a little seem to be terrible at it.
A local protest group in my area was passing around an image with security tips. They were hilariously bad, suggestions based on very confused understandings of risk. These people weren’t criminals necessarily, but they were motivated and concerned and somehow just terrible at basic security.
What's the inverse of survivor bias?
There is the possibility that there is a great deal more crime being commuted by capable super criminals who understand the nuances of security .... but I'm more of a subscriber to the theory that for "most" crime, it's a lot of stupid people.
I agree that cloud services cannot be trusted to do encryption within their clients, but on platforms like iOS it's difficult to do automated backups using independent encryption. It's also quite difficult not to accidentally enable backups to these services because the setup flow for every phone guides you to hitting the "upload everything I do to Apple/Google".
To Apple's credit, while they normally store a copy of the encryption key, making most cloud encryption entirely useless, they do offer setting a custom key at least. GDrive and OneDrive sure don't.
psychopathy is a mental disease who impair people to control their impulses/defected judgment; often these are permanent personality traits, which either will let them sit in a prison for the rest of their lives depending on what they did or they will be liberated if they get caught with a high chance of another incidence... search for papers/work from Kent Kiehl if you are interested in this type of stuff
[0] https://www.globalissues.org/news/2009/10/30/3330
iOS allows you to perform encrypted backups to your local PC or Mac out of the box.
https://support.apple.com/guide/iphone/back-up-iphone-iph3ec...
A phone has to at least tell the nearest tower that it's within range so that the tower can know to send it messages. After that, when it get's a message it sends some sort of acknowledgement. In theory anyone can pick up those messages with a phased array or set of directional antennas and get a directional fix on the phone.
Depends on your threat model. If someone unofficial wanted at what you're doing, they'd likely find it easier to go after your home data than what you have in iCloud -- particularly if using Advanced Data Protection for iCloud.
https://support.apple.com/en-us/108756
Also, ask the folks in Los Angeles how those external hard drives at home are working out for them in the fires. There are many types of threats.
As mentioned in the article, Salt Typhoon and the recency of this request by the UK. At this point they should know better.
My pet theory is anytime the US wants to do something illegal under US law, they simply ask the UK to do it and vice versa. That's why Salt Typhoon isn't and never will be a lesson learned.
[1] Susan Landau and Alan Rozenshtein Debate End-to-End Encryption (Again!) https://www.lawfaremedia.org/article/lawfare-daily--susan-la...!)
As such you demonstrate that you will not be an ally in case of a surge of unethical behavior.
The point isn’t for nazis to defend themselves - it is to defeat them while you can.
> The point ... is to defeat them while you can.
That can be your point, and with that framing almost anything is permissible! My point is generally to let free, open democracy run its course without putting our fingers on the scale too much.
I'm not scared of people doing a salute in the style of a movement that's been dead for almost a century. I'm not scared of communists flags or chants, or people chanting from the river to the sea. I think it's all healthy as long as it's non violent. The argument that it leads to violence is not logically sound and very minority reportesque.
That a nazi salute, corroborated with converging political views…? You obviously don’t understand, don’t see how things happen.
Or you do, and you know downplaying “nazi wannabees” is part of the game.
It’s not about being scared but principled: an open democracy does not tolerate ideas going against its very foundations: it makes sure these are, expressed maybe, but kept in a very strict perimeter which they ought no get out from.
After WW2 there was a period of strong Jewish support for nazi rights. Were they not an open democracy? Is the risk in 2025 stronger than what they faced?
I don't know really, is it that every era needs a boogeyman or is it just that we are on a grand cycle away from liberality? Both maybe?
But as soon as they associate their "thing" to a violent/segregationist personality/behaviour, you can be certain that they are banned, and in no gentle manners.
Wow, I don't know either. Saying nazis could be sort of boogeyman or victims?... that tolerating nazis would be liberal? Wow. Sounds like a line from "OSS 117: Cairo, Nest of Spies".
You seem not to understand how a society works or what liberal even means... A liberal cannot tolerate ideas that are explicitly against tolerance, as those lead to illiberal behaviours. The best illustration of it is the actual suppression of speech that is happening in the USA, by the very people that reclaimed freedom of speech.
Or again, you do know.
Either way, you're certainly not in the middle, you're actually supporting the violent ones to be violent, asking the ones reacting to that violence to accept it as it is. Not too good looking.
Thanks I'll check it out.
> Either way, you're certainly not in the middle, you're actually supporting the violent ones to be violent
I think I understand where you're coming from but I would instead state it as supporting first amendment style laws for my country, warts and all.
Would you argue that the first amendment should be annulled?
because you have an absolute free speech, you also expose yourself to the absolute consequences of what you say, or do.
Exposing oneself as a nazi exposes one to consequences.
Once, not that long ago, your country was proud of kicking nazis dead, for good reasons (albeit a bit hypocritical too when one reads history).
Black CIA sites weren't legal either, nor was torture.
What proof? You would think after all the leaks there have been, some proof would exist. Instead, you cling to a conspiracy theory based on a misunderstanding of an agreement.
They're all conspiracy theorists when the government is accused of wrongdoing and the "proof" demands and moving goalposts happen all the time. Helped by the lack of transparency and all encompassing powers of agencies and governments.
Your arguments boil down to repeating narratives and things like "X is illegal so it doesn't happen" which just shows how naivety is part of your bad argument repertoire. I'm sure black CIA sites and coup d'etats didn't happen if I can't prove them to your liking... And if I somehow satisfied you, there's some justification that make them lawful and correct.
Give me a break.
If the Five Eyes participants worked as you have stated instead of as the leaked agreement documents say they work, you would expect Snowden to leak that first because it is obviously illegal. He did not. Why not reduce the number of people required to keep quiet in the conspiracy by having the US spy directly on its citizens? Every question you might ask about your conspiracy theory makes it sound even more ridiculous if you bother to ask it.
Participants spy on each other's citizens on the other's behalf and share data, to avoid the legality of doing so to their own citizens.
How could this even be enforced if Apple pulls out cloud services of the UK ?
It's such a ridiculous request, the British Intelligence agencies must be bored coming up with new ways to make Apple look good.
I'm still missing how this could be enforced ? To my layman understanding, this reads the same as if China said : "Meta, Tesla, Valve etc has entities in China therefore we get to see all data they store in the EU and the US.
The UK has Zero jurisdiction in Ireland for example where a lot of EU data may be stored.
Note that this is not China apologia: they do the same brazen shit locally, but they're an authoritarian regime. I have lower expectations for human rights there.
George C. Parker was a conman in NYC who multiples times sold the ownership of the Brooklyn Bridge to his victims. Among other cons.
https://en.wikipedia.org/wiki/Victor_Lustig
Those who are charged with stopping cyber crime are very must against this. End to End encryption is one of the better protections they can give you against foreign hackers and they want you to use it.
Meanwhile down the hall are people who are charged with investigating crimes someone in the country commits and they are want this. It is a lot easier to prove someone is involved in some crime if a warrant can get their data, but end to end encryption means they can only get random bytes. (of course they don't want warrants either, but that is a different issue not relevant here so they will specify warrants in this debate)
https://support.apple.com/en-us/111754
The insane overreach was the UK wanting data on people not in the UK
Our noble "we can't have American data in the hands of our enemies," their savage "forcing American companies to turn over user data."
I agree that the TikTok demands are pretty similar, though I might quibble over whether they're literally the same, since arrangements like that are the status quo in China but not in the US
Original comment below:
How is "remove foreign control of data on our nation's users" remotely the same as "give us access to foreign users' data"?
They're not even figuratively the same, despite you literally misusing that word
If by "give us access to foreign users' data", you mean TikTok, then ByteDance is only required to sell the US portion of TikTok to American buyers. If you mean iCloud, then Apple is only required to keep Chinese users' data on local servers.
"give us access to foreign users' data" referred to what the UK is asking for, I thought the post i was replying to was equating the UK's request to the US'
in other words, you store much more data on a phone versus a doomscrolling app[*]
*: unless you make videos and publish PII in them :)
As a child of Portuguese revolution, I am aware of plenty of stories, apparently many folks nowadays think those are stories to scare misbehaved kids.
By the way, this is similar to why for true GDPR compliance, data centers should be operated by EU companies that aren't subsidiaries of US companies, because even if the latter operate data centers located in the EU, they would still be bound to secret orders by the US government.
Of course it wouldn’t be very profitable. So unfortunately you really can’t expect a major public company to take a stand like in a case like this.
This is interesting, I know GDPR does not mandate data localization but I was under the impression that the requirements are a bit more difficult/stringent for transferring data out of the EU region ? While not perfect, it's a bit less 'open door' than it would be if it was hosted in the US.
The US has a law saying "If our spies tell American sysadmins to SSH into a server in the EU and copy data off it, they must do it and they must keep it secret"
You’d have to get a surprising number of people to go along with it.
If you think a SOC2 auditor would spot something like this, in a company the size of Apple or Google - you've probably never been through a SOC2 audit :)
And a heuristic anomaly detection system that generates masses of false alarms, and enough different teams and documents and policies to bury an army of SOC2 auditors. And so many log lines almost anything can get lost in the noise.
The janitors always have keys to everything. Especially when it’s required by law.
Not so much because British people love their iPhones to such a extreme degree but because they willing to waste money and resources over something this stupid.
IMHO Apple could bring down the government that tried this if they really wanted to.
Basically by saying that if they don't comply, they can't do business in the UK.
Imagine Russian Oligarchs on android devices! Polonium will roll, I tell you!
So it's still a problem. This seems like a looming PR battle.
How so?
By banning Apple from doing business in the UK.
The US used a similar strategy decades ago to break Swiss Bank Secrecy laws (either Swiss banks had to give up the info or they were going to be kicked out of the US).
To use poker terminology: I think that if the UK made this bet that Apple would call.
Then they can vote in a board of directors that agrees with them, and have that board fire Tim Cook.
I would hazard to guess that you'll see an exodus of a lot of folks leaving Apple either because (a) they won't follow that order, or (b) in solidarity with those that are fired.
Reminder that privacy is feature that Apple touts (how much you believe them is up to you):
> On January 28, 2021, Apple CEO Tim Cook delivered remarks at Computers, Privacy & Data Protection Conference: Enforcing Rights in a Changing World. The virtual conference — hosted annually in Brussels, Belgium — is one of the foremost international privacy and technology conferences bringing together leaders from academia, government, civil society and the private sector. Learn more about the features and controls Apple provides users to safeguard their privacy at http://www.apple.com/privacy
* https://www.youtube.com/watch?v=OaLxTz1Yw7M
* https://www.youtube.com/watch?v=0HjDpPnxcP0
* https://www.youtube.com/watch?v=1YOi0r3vptQ
Where does your thinking that they'll suddenly forget about revenue from UK over this come from?
* https://www.google.com/search?q=apple+china+revenues
* https://www.google.com/search?q=apple+uk+revenues
As someone else here said, Apple would 100% call this bluff. And you can be certain the UK won't have the US to put pressure on Apple for them. All the would happen is the UK Apple users would be with an expensive paperweight.
All evidence that I have seen suggests that consumers by and large do not care about this kind of privacy. They do not buy iPhones instead of other phones due to the privacy properties.
Therefore Apple's shareholders could order Apple to stay in the UK market.
And if not, then Apple's customers could be compensated with money and other UK-held assets that the government could confiscate.
[1] https://www.nasdaq.com/market-activity/stocks/aapl/instituti...
You may be right, of course. But if there's one tech company who _might_ say "no", it's Apple.
Counterpoint: Apple in China.
https://www.irishtimes.com/business/technology/uk-spy-base-g...
This is not just a case of the British intelligence services secretly “tapping into” Irish telephonic and internet traffic via land and maritime cables. Rather in most cases they are being provided free (or commercial) access to the information by companies associated with the use, ownership or maintenance of these cables.
Post-Snowden the Irish government retroactively legalised it...
The only way to prevent that is not having any local office, no employees, nothing. Sell physical objects only by the means of local 3rd party resellers which will import goods. Same thing for services. Of course they can ban imports and services or go after those 3rd parties. It depends how nasty they want to be.
https://en.wikipedia.org/wiki/CLOUD_Act
Note that it the bar is having the ability to access the server, so this law is completely incompatible with most GPDR solutions: It's illegal to store European user data and then refuse to hand it over to US law enforcement, regardless of whether the data is stored in Europe or the request breaks European law.
This all seems very similar to RIM and the aftermath of the riots in the UK. The backdoors became too obvious for customers to ignore. Did not go well for RIM in the market afterwards.
I mean this would be even more stupid than Partygate and the whole Truss debacle put together.
Is it though? I wonder how much of Apple's revenue is from the UK, probably around 5-6%? Apple isn't exactly as popular in the rest of the world as they are in the US.
Would damaging their privacy reputation globally be more valuable than the UK market? I honestly don't know, but my hunch says no - they are likely to want to keep their reputation and dump the UK market. I think more likely is Apple is going to be able to get the UK to cave in. Apple is extremely competent with PR, and would be able to spin any kind of pull-out or degraded service in the UK as the government's choice and fault, to the ire of UK citizens.
I am not a lawyer, but I think that this would be illegal under EU privacy law.
As far as I can tell, China is asking to keep Chinese data in China and have access to it, but it is not asking to access data of American or European citizen and if it did we would be pissed off.
We know they collude with US intelligence serviceUS
It’s been publicly used in a bunch of prosecutions at this point.
You're including end-to-end encrypted content in that as well, like from Advanced Data Protection?
> If you choose to enable Advanced Data Protection, the majority of your iCloud data – including iCloud Backup, Photos, Notes and more – is protected using end-to-end encryption. No one else can access your end-to-end encrypted data, not even Apple, and this data remains secure even in the case of a data breach in the cloud.
https://support.apple.com/en-gb/108756
I have no opinion on whether US intel has a backdoor into this e2e encryption or not. It seems like the sort of thing where people non-chalantly state that it must happen, but of course no one ever has actual proof or a source.
Can you give an example then? It would be major hacker news news if supposedly E2EE iCloud data were used in a prosecution.
Apple has no leg to stand on at all. When the NSA comes to your door and demands access to everything you have you don't get to say no. There is no court you can appeal to, and they'll take whatever they want and order you to keep your mouth shut about it. They'll walk right into your headquarters and data centers, force you to move your employees so they can set up an office for themselves on your property, insert their equipment into your network directly and take everything just like they did with AT&T decades ago (https://en.wikipedia.org/wiki/Room_641A)
Your only options are to comply or shut down (https://en.wikipedia.org/wiki/Lavabit) and I'm not even sure the US government would allow "shut down" as an option in some cases. It seems likely that they'd keep a massive target like Apple running even if the owners of the company wanted to cease operations, but lets be honest, Apple makes a lot of people very very rich so they'd never walk away from that. They'll keep making their money and just try to convince themselves that the US are the "good guys" and so it must be okay.
Obviously, Apple is going to comply with US federal law, given that their headquarters and employees are there, as well as their most profitable market. But when possible, they have shown themselves willing to fight against intrusion.
First, that's notably the FBI and not NSA. As gp says, NSA has greater powers with less legal oversight on national security grounds.
Second, a cynic might argue that Apple put up a noisy, principled fight that one time precisely to create the perception that you have here. It could be the FBI learned data requests to Apple are a dead end!
Or the two came to a mutually beneficial understanding: "don't come in the front door waving a court order for the cameras and we'll see what we can do when our reputation isn't on the line, see? And maybe if we help out, that antitrust investigation isn't necessary after all!"
A proposed law, or bill, like the one in the OP’s article, can be fought against.
Anything else is highly illogical or outright stupid, imagine CIA or NSA having meeting on this decade and a half ago and deciding 'well if they won't give us full access when we asked nicely I guess that's it, we have to respect the law and their wish'. LOL. They don't respect basic human rights at all if you don't hold US passport, and even then the list of cases breaking laws and constitution is endless.
Apple is good with their PR, but why do folks accept their every word literally and not as part of marketing spin to sell more services is beyond me. Rest of the market is not even trying to spin it that way which is actually more respectable behavior.
Snowden left an example of what kind of lifestyle is possible after leaking, and I doubt snowflakes at FAANG would be down for that. Or how about other examples of leakers that have turned up dead? That's a cheery thought to consider.
So yeah, at this point in time, I do believe there's a lot of people that might not agree, but are not up for the task.
I am actually surprised she survived this and wasnt suicided or sent to Guantanamo for water boarding till heart stops, I guess thats only for those without US passports.
Being willing to sacrifice everything you have, including your career, your freedom, and potentially your life, just to let the public know the truth is not something you should expect people to do. It's a huge amount of risk and sacrifice while the only reward is knowing that you've done the right thing even though you'll be vilified and punished for it. That's what makes whistleblowers heroes.
https://youtu.be/eW-OMR-iWOE
Honest question, how Apple is doing it in China? Maybe the exact same scheme will work for UK.
I suppose this is _good_ but more competent and well funded groups out of Israel, Israeli military complex, Cyprus don’t need to “ask” for a back door.
Looking at the market size that might be a decision that Apple is willing to make as it would most likely be a temporary stick. The government can spin it anyway they want, but Apple devices do not work basically at all without the deep integration of their services. A geoblock would effectively mean UK citizens would be left with unusable devices and I can't see the resulting outrage being directed exclusively at Apple.
It'll be interesting to see how this plays out for sure.
I wonder if this means that Apple would ultimately take the same approach that they have in China, where the iCloud data and services are entirely localized within China and allows the Chinese government unrestricted access.
china had leverage because of the manufacturing happening over there and the incredible market opportunity, UK doesn't have much.
technically i believe apple could get out of the UK market to provoke a backslash on the government.
If they concede, other government will use the exact same blackmailing technique and one can say it will be the absolute end of their "privacy" marketing campaign they spent so much money into.
Someone else here said something spot on for me, we’re all focusing on how bat sh*t this is because it’s global without even considering how human privacy obligations are just ignored.
Humans have a right to privacy, feels unbelievably pretentious and privileged to even say that. But it’s still true
Frankly, the arrogance is appalling.
No, that does not suggest none exists, it only says they don’t have access to it. They could have chosen or have been ordered to give the keys to the government agency but not keep one themselves. I’m not saying that’s likely, just that it’s important to not take these statements as saying more than they do. They wouldn’t hesitate to use “technically correct” as a defence and you have to take that into account.
And when their key leaks, it’s as good as no encryption, but still end-to-end encrypted.
It doesn't stop being end-to-end when you add another end. We often do group chats that way.
Or you can create a side-channel and send al the data there. That would stop it from being end-to-end.
The UK has reportedly served Apple a document called a technical capability notice. It’s a criminal offense to even reveal that the government has made a demand. Similarly, if Apple did cede to the UK’s demands then it apparently would not be allowed to warn users that its encrypted service is no longer fully secure.
If the backdoor was exploited by a criminal though?
https://en.wikipedia.org/wiki/Warrant_canary
So I think a journalist asking an organization like Google if they've been asked isn't really informative, because they almost certainly have been.
I'm not sure how it's relevant other than to say an answer from Google's response might seem oblique, but they're also being asked obliquely and that colors how you might interpret their response.
It’s like if you conspired with your brother to steal from the cookie jar. He stole the cookies while you distracted your parents. Later on your mother reports to your father:
> When asked whether they stole from the cookie jar, derbOac did not provide a direct answer but suggested they didn’t didn’t know who did it: "I did not see anyone removing cookies from the jar," they stated.
Your statement is factually correct, but it doesn’t say what your mother concluded.
Bruce Schneier wrote in a blog post that "[p]ersonally, I have never believed [warrant canaries] would work. It relies on the fact that a prohibition against speaking doesn't prevent someone from not speaking. But courts generally aren't impressed by this sort of thing, and I can easily imagine a secret warrant that includes a prohibition against triggering the warrant canary.
Lots of similar discussion on HN already, e.g. in https://news.ycombinator.com/item?id=5871541.
Kinda depends on judicial interpretations of free speech, but that's how warrant canaries work. Are warrant canaries legal in the UK? They seem to be in the US but idk how well established that is.
For example (a simplistic one), you can have a statement like "we do not have any backdoors in our software" added to your legal documents (TOS, etc). But once a backdoor is added, you are compelled by your lawyers to remove that statement. So you aren't disclosing that you have added a backdoor. You're just updating your legal documents to make accurate claims.
By putting statements like what you're proposing in your TOS or marketing material you are potentially setting yourself up for a situation where it's now impossible to comply with all applicable laws. As others have mentioned, Australia passed legislation preventing you from disclosing the existence or non-existence of specific legal documents; they're at least warning you up front that the canary itself is illegal. The solution is to not make marketing statements that would become fraudulent in a situation where you can't legally retract them, unfortunately.
Edit: since lawyers are mentioned here... if the lawyer who is telling you that you need to remove the line from the TOS is the same lawyer who told you it was ok to put the line in the TOS... you should probably find a new lawyer because they didn't think through the consequences of approving it in the first place.
One would think this runs afoul of other laws though, truth in advertising and similar.
Its such a legal minefield, and the UKs request borders on violating the sovereignty of other nations I can't see Apple complying, but maybe that's hopium talking.
No, they would have had custody of the keys. Meaning it would still be true they cannot (now) access the data.
The whole definition of "end-to-end encrypted" is that only the two ends have the keys. If anyone or anything other than the two ends (the one sending and the one receiving) has access to the keys, it's not end-to-end encrypted.
edit: typo
What lead to to believe that? The Conservatives and Conservative-Continuity governments both agree that our data simply must be in the hands of the police, DEFRA, and your local council.
RIPA will never be repealed and only strengthened.
Change what you can, I say, VPN on the network device.
https://www.wired.com/2015/04/john-oliver-edward-snowden-dic...
> When Oliver shows Snowden evidence that all typical Americans care about is whether the government can see our "dick pics," he encourages Snowden to go through a list of every government surveillance program and explain its capabilities in terms of access to "dick pics."
https://news.ycombinator.com/item?id=40228359
If you voted for this Tory-lite government, then you can stop voting for any future Tory-lite governments. If you did not, there's not much you can do in practice without devoting your life to it.
I hope it never reaches the above level, but always remember that remains an option.
Weren’t the few JSO protestors who were jailed convicted of doing things that would be objectively illegal in more or less any country? Where are the countries that allow me to deface priceless works of art or block public highways without any legal consequences? I am not saying that these are necessarily illegitimate forms of protest, but they come under the heading of ‘civil disobedience’. The whole point of civil disobedience is that you get punished and thereby draw attention to your cause. Even in the US you can easily be jailed for protests involving blockading or trespassing: https://www.bbc.com/news/world-us-canada-69003240.amp, https://www.vpm.org/news/2024-06-24/gaza-protest-interstate-...
It may well be that the new legislation is overly broad, but I don’t think the JSO protests are a great example of this.
This is what the parent comment is getting at when they say "Tory-lite".
(I very much agree with the sentiment...)
(Hint: It certainly isn't Tory.)
It's also one of the reasons why I will never vote Labour as long as I live.
Same thing happens in many other countries no matter how strongly HN users want to tell you A is literally hitler and B is great.
The director of public prosecutions of England and Wales, Stephen Parkinson (appointed by the Labour Attorney General), warned against "publishing or distributing material which is insulting or abusive which is intended to or likely to start racial hatred. So, if you retweet that, then you’re republishing that and then potentially you're committing that offense [incitement to racial hatred]."
He added further, "We do have dedicated police officers who are scouring social media. Their job is to look for this material, and then follow up with identification, arrests, and so forth."
This isn’t “Tory-lite,” this is Labour.
Sources: https://freespeechunion.org/labours-war-on-free-speech/
https://x.com/skynews/status/1821178852397477984?s=46
I'm a bit confused though, surely if I call someone "Hitler-lite" this couldn't possibly be inteprered as something positive, haha. Maybe it's just tribalist reflexes, or maybe I did word things strangely.
For some reason Americans, including Musk, go all partisan and feel the need to blame speech restriction on the lefty party but it's not what happened.
I'll skip the same extreme partisan rant, but replacing Musk with Soros or whoever.
This is Hobson's choice as far as I can see.
I don't think there's anyone you could currently vote for that wouldn't do this.
He was unelectable for a variety of reasons.
Here’s three:
Wanting to pull out of NATO and instead appease Putin.
Lying about being forced to sit on the floor of what was later shown to be an empty train.
Basically doing nothing during the Brexit fiasco.
He was just gaff after gaff.
If you agree that Brexit happened under the Tories and not Labour, then we can also agree that THIS order is happening under the newly elected "Labour Party" and not the "Tories", or so-called "Tory-lite" names.
It's completely pointless trying to remove accountability of this government's illogical actions and then to immediately resort to blaming the previous government for bad decisions like this one.
Just admit that this is under the Labour government.
You have to change the view of the country as a whole, and for generations the U.K. has been a country of curtain twitchers.
Overall i agree with you, it is really disheartening. That being said, i've made progress with my family on valuing privacy and the dangers of surveillance. I think people might be changing their minds slowly but still lots of work to do.
A breakthrough with my sisters was when abortion was threatened here in the states. Mentioned to them that it would be easy for authorities to enforce abortion punishments by subpoenaing data from menstruation cycle tracker apps. This kind of "clicked" for them and they became more open to the other parts (not given ratukan or whatever their purchase history, etc. etc.)
Now let’s say that some Republican Senators and Representatives were ethically opposed to but then threatened to be primaried and President Musk said he would throw all of his money behind a potential opponent, how long do you think it would take a law to be passed?
Even without a law, we already see that Cook will willingly bend a knee to Trump as will Google.
Right now in my home state the governor was trying to get a law passed banning Western Union from allowing illegal immigrants from sending money overseas.
And the only implication that they exist is about them seeing publicity campaigns of senators.
He will just do an executive order. He is an authoritarian, basically a king. "But but but it's illegal". The system can't keep up with speed he is dismantling it.
I think we are perhaps the lowest point ever in terms of anti-surveillance efforts. There seems to be bipartisan effort among many (most?) western governments that the government should have unfettered access to all data, regardless of any reasonable expectation of privacy.
Encryption seems barely tolerated these days. Governments are insisting on backdoors, they are making it illegal in some cases for companies to even discuss what is going on or that monitoring is happening.
We barely know what is going on with the programs and efforts that get leaked to the media, much less the programs that operate in total secret.
And stop making excuses for parties that don't (i.e. Labour, Lib Dems and Conservatives).
At the moment, the UK public (and media) considers it a sport to disparage and smear parties like Reform, whose leaders want to shrink the power and over-reach of the state.
We are so concerned with appearing virtuous and internationally generous, we cannot be seen to align with a party that wants to put UK citizens first (border security? deporting dangerous criminals back to their home nation? gasp, how could we be so ghastly!)
This self-defeating attitude needs to change if we want a better future for our children.
The problem is that there are none.
The correct assessment of all these political parties is that by default, they all cannot be trusted. Especially both labour and the conservatives.
> This self-defeating attitude needs to change if we want a better future for our children.
Yes. The second problem is that the United Kingdom is incapable to changing itself historically and is fundamentally destined to never be open to change.
It's always through the appearance of good intentions and a public that pushes for whatever narrative they're fed that they normalize this.
People love and want more of this, not less.
> So much for personal liberties. I'd like to give Labour the benefit of the doubt and assume this is a holdover from the last government knowing how fast the civil service actually works but given the Tory 3.0 plan they are going with I wouldn't put it passed them.
>We didn't vote for this.
You very much did vote for this, you voted for Labour under Keir Starmer and he did not particularly hide his being tory-lite. If one is surprised by this they must not have paid any attention before voting.
Labour was behind:
they are as bad, if not worse than the toriesAs a solution to never have unencrypted files in iCloud.
I follow the same procedure with my Android phone, no google cloud.
BTW anything I upload to Dropbox is encrypted first.
Apple says "Encrypted backups can include information that unencrypted backups don't" however the list they give is non-exhaustive. You might find yourself disappointed when trying to restore a non-encrypted backup that you've encrypted yourself in a disaster scenario.
I assume that instead of educating me on how the backups are in a user unreadable format, you chose to make a snide remark and leave me to guess the truth.
Why would anyone trust a backup they cannot read themselves in an emergency?
Just old people making bad laws about stuff they don't understand - or are straight up citizen hostile, sometimes hard to tell which it is.
Sadly, the EU is trying very hard and very persistently to pass the Chat Control bill. So far the EU hasn't succeeded, but I would be surprised if EU politicians didn't keep trying until it is finally codified into law.
(disclosure: brit)
The UK population generally wants to put their fingers in their ears and pretend everything is ok. Remember we're all descended from people who didn't go to the colonies to try to get a better life.
I think it's more likely to get broad support when framed as us vs. them where "us" is normal working people regardless of political affiliation and "them" is our government elites trying to spy on us.
If it's associated too strongly with a specific party it alienates too many people to ever get mass support and become a fundamental value that "everyone" agrees on
It's no good having people arguing for "privacy for me but not for thee", which is what it will boil down to. Ultimately authoritarians will use anything which gives them influence and control, with digital privacy violations being one of the easiest to rationalise (no violence, no physical theft).
So I don't see it as worthwhile trying to include such individuals in such a consensus. It's like trying to include foxes in a discussion about how we should best secure hen houses.
Unfortunately that just means there's a lot more sticky work untangling the kind of tribalistic politics we find ourselves in today.
The current ones are already abusing their power, and the other one might hypothetically do something, if and when and if at all.
This is like Alice making it legal and then punching you in the face and instead of you "punching back", you say "this is fine, but Bob is bad, because if he gets voted in, he'll punch harder".
A: Privacy matters! B: Why should you care if you have nothing to hide? A: If you have nothing to hide, then give me the password to your Facebook. B: I don't trust you with that, but I trust my governments and relevant authorities.
The point is that B's faith in authority is flawed as the "powers that be" are an eternally shifting target. By agreeing to government surveillance, you place trust in every subsequent government, even the ones you would rather not.
Side A abuses (legal, governmental) power, and instead of "lynching" them for that, we turn the issue into "this will become bad only because of side B will do the same". To me it looks like someone supports side A, and wants to limit the "badness" of whatever they did, but still can't support the thing, so they find the way out by claiming that the other side will do something bad with that data, as if the collecting the data (chats,...) isn't bad enough by itself.
I understand your analogy with friends and facebook, and explaining that stuff to your grandma in this way would probably work... maybe even better if you used "your neighbor Sally works for the government, she could read your chats too, do you really want that?"... but on a technical "forum", it (to me) gives off very politically biased vibes.
Every encryption backdoor is a huge vulnerability. Even if we somehow ensure that the powers-that-be remain entirely trustworthy (something that, historically, we can't even manage for a century), they're not the only people who'll have access to the backdoor. It's not possible to make an encryption backdoor that only authorised parties can use: as they say, the laws of mathematics do not respect the laws of Australia.
In my honest opinion, in this specific context UK should be treated with the same scrutiny we treat China.