1,096 comments

[ 3.1 ms ] story [ 359 ms ] thread
US tech needs to obey the laws of the country in which it operates. I am sure the demands of UK government are more than reasonable - and, as it is a democracy - as full endorsement of the people / users
It doesn't. Apple could play hardball and threaten to withdraw from the UK market, with a propaganda notification like TikTok did. They could also appeal to Trump/Elon for help.

Also the wider part of this order is that Apple would access to the international users data, including US customers, if I understand the article correctly.

They're currently antagonizing Trumpelon by refusing to halt DEI stuff, so they might not get any help.
I'm glad at least some companies stick to their values.
Tim Cook is a master of negotiating with governments. See how he played off China and the US during Trump's first term to avoid both American tariffs and Nike-style Chinese boycotts.

If he's antagonising Trump it's for a reason. Perhaps to avoid showing weakness by being too keen.

> They're currently antagonizing Trumpelon by refusing to halt DEI stuff, so they might not get any help.

I'd probably categorize that more as "declining to halt" rather than "refusing to halt", AFAIK the US government doesn't have an actual law/mandate/whatever for non-governmental organizations on that front.

I’m from the U.K. and I consider the government’s actions around digital privacy to be somewhere between incompetent and malicious.
Anyone who watched Monkey Dust in the 90's will suspect that the government is under the thrall of the Paedofinder General.
Indeed.

The Investigatory Powers Act 2016 was one of the big things (before Brexit) that made me realise the UK wasn't a suitable place to run a tech business.

It hasn't noticeably improved.

> I am sure the demands of UK government are more than reasonable - and, as it is a democracy - as full endorsement of the people / users

"Full endorsement" of the electorate isn't how representative democracy works. Given FPTP, the government got a huge majority of seats with 33.7% of the votes, but as there's not universal voting that's only 14% of the actual population, and even with those who did vote it's not clear how many people were voting "not the other lot".

The government did get more than third of the votes. So this is the choice of democratically elected government and the voters and as such should be followed.
I have to give you a full up vote since they don't come in thirds.
[flagged]
Of course, the U.K. is rather famously not a republic, but rather a democratic monarchy. Now, if only the King would do his job and refuse assent to the Parliament when it does something wrong.
The King is only two years younger than Trump, and has cancer. His main interests are watercolor painting, traditional architecture, homeopathy, the Goon Show, and vegetables. He was never likely to do anything confrontational.*

I wonder if a future King William might try something like this, though.

* Come to think of it, Hitler liked three or four of those things too, so this is less demonstrative of character than I imagine.

This sort of policy comes from the Home Office regardless of who gets elected. The spooks always want everything.

You could probably make an ECHR argument about it, but even Germany who are most paranoid about Stasi-like behavior have some sort of rights carveout for law enforcement purposes.

Germany hasn't imposed any similar ban on end-to-end encryption without a law enforcement backdoor. My configured iPhone region, configured Apple ID region, and physical location are all in Germany right now, and I was able to enable Apple's Advanced Data Protection here without a problem.

Yes, German law enforcement does have a rights carveout, but not nearly as big of one as in the UK (or the US).

Yes. Unfortunately those who thought a Labour government would be any less likely to deploy surveillance law than the Conservatives clearly do not have a very long memory. A pervasive obsession with snooping and controlling people's private affairs is one thing the two parties are quite united on
This was before the current government.
Rather than break the security promises it made to its users everywhere, Apple is likely to stop offering encrypted storage in the U.K., the people said. Yet that concession would not fulfill the U.K. demand for backdoor access to the service in other countries, including the United States.
Jurisdiction, schmurisdiction. What's that, you know?
And that conversation will look something like this:

"If you want to sell phones in our country, you have to give us access to anyone we say is a criminal using your phones in any country".

"You are asking us to break the law in those other countries."

"Do you want to sell phones in our country, or not? We know you'll blink first."

(Will Apple blink? I don't know. But I am confident that the UK government is filled with people who assume they will).

It depends on whether other countries make or enforce conflicting laws. The UK order says they can't tell people after implementing the backdoor that Advanced Data Protection no longer provides the claimed level of security, which is a form of dishonesty that probably violates consumer protection laws in many countries.

And Apple argued to the UK Parliament when the relevant law was being enacted that it violates the right to privacy confirmed by the European Court of Human Rights, which other countries will still be bound by even if the UK follows through on its occasional threat to withdraw from the European Convention on Human Rights.

The UK doesn't have the geopolitical clout it once did, especially not after Brexit.

> The UK doesn't have the geopolitical clout it once did, especially not after Brexit.

Aye.

But (1) I don't think the UK government really understands that, and (2) for intelligence operations, they might still have enough.

Everyone else has the exact same dichotomy of simultaneously wanting all the computers safe from other hackers while also hacking everything themselves, and many also want the added extra of guaranteed citizen's right to privacy, so legal fights like this are advantageous to most nations: all the other countries watching this get to have their cake (they can spy on encrypted comms) while eating it too (in this metaphor, when Apple is found out, they get to punish Apple and pretend to be above such things).

Sure. But if one country (or one group of countries) legally requires Apple to do this worldwide and another country (or group of countries) legally forbids Apple to do this even within their own national borders, then Apple has to decide which country (or group of countries) it cares more about. It's not obvious to me how that would shake out, but the UK certainly can't assume it would like Apple's decision there, especially since seeming to care about privacy is an important part of Apple's marketing brand.
I agree.

I also don't know which way this will go, and indeed this is a big part of Apple's brand.

Considering that the UK and Aus are both countries that share all their data with the US, I'm surprised at the naivety of the comments here about this.

This is a well worn path for the CIA gather dirt without needing to break any rules on monitoring US citizens.

Presumably the US government will have no compunction in using this to view US citizens private materials under UK government access rights, irrespective of US privacy law.
The bad guys know where to find solid open source crypto for their cloud backups and whatnot.

Therefore you know this is not about chasing the bad guys. It's about keeping the Average Joe under the thumb.

> The bad guys know where to find solid open source crypto for their cloud backups and whatnot.

That's a very bold assumption after EncroChat and SkyECC.

I don't know to what extent this is true. A lot of criminals strike me as good at chopping off fingers etc but not computer stuff.

There absolutely is a balance between Average Joe's right to privacy and privacy restrictions for fighting crime. Without undermining the former, I'm astounded how HN discounts the latter 100%. It is real.

Because the latter are fucking pathological liars who maintain a rachet stealing away rights. They earned their reflexsive distrust.
I disagree. There should no compromise on my privacy ever. We are not (yet) in a dictatorship and I’m not a criminal. Why should I suffer because governments are incompetent?
In a situation where a criminal used Whatsapp and decrypting it is needed for the conviction, why should I suffer because of your absolute views on privacy?

I hold neither of the extreme views, and frankly I am baffled by anyone in either of them.

In a situation where an accused criminal used Whatsapp and decrypting it is needed to view the content which may or not lead to a conviction. This ridiculous idea that law enforcement knows people are guilty and it is these pesky rights that keep getting in the way is just false. Police regularly and consistently abuse their power to railroad people and take the easiest path to convicting someone.

Even in situations where citizen rights do “get in the way” of convicting the guilt, that is the price we pay to not be thrown in jail for crimes we didn’t commit. Former Supreme Court Justice William O. Douglas said “It is better, so the Fourth Amendment teaches us, that the guilty sometimes go free than the citizens be subject to easy arrest.” He also said “Big Brother in the form of an increasingly powerful government and in an increasingly powerful private sector will pile the records high with reasons why privacy should give way to national security, to law and order... and the like.”

This seems so obvious and logical. Why cant we live in a world where everyone understands this.
It's easy to construct a reasonable scenario. You catch a guy doing something bad. You know he's a part of a big organized crime organisation, because you already caught some of the other conspirators. And you could bring the whole thing down based on documents / chats etc which are encrypted.

I'm not saying, based on that, you throw away privacy rules. But to not even acknowledge that there is a conflict is IMO insane.

Reading through this thread, I get the sense that the desire for absolute privacy stems from a perception of the government as basically another mafia - a ruthless, unprincipled organisation that will exploit any weakness in you, just because. Maybe that's the root of the difference. I'm lucky enough to have never lived in such a country. Sure, I care about government accountability, there will always be bad actors, and governments in general aren't always super-competent, but I believe fundamentally, governments in places I have lived are not evil. They aren't another mafia I need a firewall against.

>You catch a guy doing something bad

If you have evidence that he was doing something bad, prosecute him. You must have evidence, because you couldn’t know he was doing something bad based off these chats you can’t read.

>You know he's a part of a big organized crime organisation, because you already caught some of the other conspirators.

So charge them with conspiracy or RICO (Racketeer Influenced and Corrupt Organizations).

>you could bring the whole thing down based on documents / chats etc which are encrypted.

How can you possibly know that? If you have evidence of crimes, use that to prosecute. If you don’t have evidence, then you don’t know crimes were committed. Regardless, you don’t even know if these encrypted chats contain anything incriminating.

Government is not another mafia, they are a group of people who are flawed. “Good” governments have laws protecting the rights of citizens against individuals within government. That is like saying that we don’t need defense attorneys because prosecutors are good people and wouldn’t bring a case against an innocent person, or would never bend/break the rules to get a conviction. We have them to protect the rights of the innocent and the guilty.

Devil's advocate: we accept compromise of people's basic freedom of movement (via arrest) when under investigation. Even though we know a non-negligible amount are innocent, virtually everyone considers it a necessary compromise

Perhaps part of the difference is that the public acknowledge this as a necessary _evil_ and get rightly outraged when they hear of people being detained without good cause. But with privacy, especially electronic privacy, almost nobody cares when "we will only allow a small number of agents to use this for imminent terrorist danger" inevitably turns to "we will let any random council worker casually pull up every website you've been to with no warrant"

A compromise here is not technically possible. There is no half crypto. Crypto with a backdoor is not crypto.

Someone's encrypted files should be regarded to be in the same category as material they memorized in their brain. Off limits.

Find some other way to get evidence about their wrongdoing to convict them.

So, strictly speaking, that's not how UK law, at least, works. The court can absolutely compel you to say things you memorized - in fact, including encryption passwords. You can of course, physically, refuse, but you can be held in contempt of court, and jailed until you reveal the information, indefinitely. So not at all off limits.
Indefinitely jailing people to get a confession sounds like a midevil torture tactic. Is that a good balance of the Average Joe's right to privacy and privacy restrictions for fighting crime you speak of?
> Indefinitely jailing people to get a confession sounds like a midevil torture tactic.

That's very clearly not what I wrote. You can demand information this way, not a confession... People in the UK generally have a legal obligation to answer any questions the court has, unless they are themselves the accused. There are a small few other exceptions.

To get back to the point.

Just because UK law allows compelled disclosure doesn’t make it right—it makes it a bad law. It creates a self-incrimination loophole, shifting the burden of proof onto individuals instead of the state. Leading to erosion of due process and a presumption of guilt, forcing people to either comply or face punishment, even when no crime has been proven. Civil rights advocates have lambasted this law.

So I ask: Do you believe it to be balanced?

Using flawed laws to justify more erosion of privacy only deepens the problem.

Something something ounce of freedom something something safety something something deserves neither
It'll catch the bad guys who don't know what they're doing, which is a pretty big percentage of them.
Yeah, this is likely not intended to catch the most sophisticated of hackers, but your average drug dealer / murderer / thief / paedophile.

I don't know where the belief that all criminals are tech experts comes from; the popularity of cool-looking "encrypted" phones as opposed to actually encrypted apps like Signal should have long dispelled that myth.

I'd argue that the opposite is probably true, people who think that crime pays are less smart and more impulsive than the average person, and hence less likely to think about things like this.

> I don't know where the belief that all criminals are tech experts comes from; the popularity of cool-looking "encrypted" phones as opposed to actually encrypted apps like Signal should have long dispelled that myth.

I think it's a case of this: https://xkcd.com/2501/

People here work at the level of things like RowHammer, normal people don't think past the idea that a padlock icon on the screen makes them safe.

> I don't know where the belief that all criminals are tech experts comes from;

From forums of tech experts.

I do not think this attempt by the authorities will be any useful, while it would initially work... well these guys may not be hackers but are not idiots and over time you will get your average baddies become tech-savvy enough to circumvent this.

last time I checked, our prisons are full of people dumb enough to get caught.
What is the correlation with full prisons and crime outside of them?
That's true at a point in time, but bad guys start out as clueless noobs with poor opsec. The Silk Road guy, for example, was identified by forum posts he made before becoming a drug lord. The sort of people who become radicalized through online videos aren't using strong crypto until after they've committed to becoming terrorists. So a database of texts going back several years is quite useful in catching actual bad guys.

Which is not to say I approve of more surveillance. Just that surveillance of convenient modes of communication (iMessage) is useful to serious crime fighting.

Apple should green bubble all UK text messages and explain that it is the law.
Is green bubble iMessage or SMS?

iMessage is barely used in the UK, WhatsApp is the default messaging platform here

I'm in the UK pretty much only use iMessage/Snapchat.

I had a look at the stats though and you're probably correct about WhatsApp being default, although we do have a surprisingly diverse and competitive messenger market:

https://www.statista.com/forecasts/997945/most-used-messenge...

Id be very interested to break that data down by age. I'd hypothesise people who grew up during the dawn of social media (late 00s, early 2010s), will be strongly aligned with whatsapp whereas younger generations might be more iMessage/snapchat whatever else is out there these days. The most interesting generation would be gen X'ers. I guess theyll be a jumble of all solutions, including SMS
Yeah it would be fascinating.

I also suspect international social structures could play a big role. In the UK many people have friends & family that emigrated to iMessage counties like the US & Australia. But many have links to WhatsApp countries like India or even Telegram countries in Eastern Europe.

Green bubble is messages you sent via SMS (and so may have been charged by your carrier depending on your cellular plan)

Blue bubble is messages you sent via iMessage.

All incoming messages are grey, regardless of whether they were sent to you via SMS or iMessage.

> and so may have been charged by your carrier depending on your cellular plan

I don't know of any UK plan that charges.

Must be a couple of decades since I was last charged for SMS
PAYG plans do.
Don't they almost all work on a "goodybag" model now where you top-up £x for the next month of tens of GB of data, hundreds or unlimited minutes, and unlimited texts? Using "real" balance is uncommon in my experience
Only if one buys such a "goodybag".

My father doesn't and so pays PAYG rates when he uses his. Which probably makes sense for him, given his infrequent use pattern.

Try sending an image on green.
Archive link: https://archive.is/3Pp0U

I was wondering whether this is about Advanced Data Protection, which encrypts almost all data end-to-end on iCloud. It’s only later in this report that it gets into this key detail:

> At issue is cloud storage that only the user, not Apple, can unlock. Apple started rolling out the option, which it calls Advanced Data Protection, in 2022.

Before stating this, the article says:

> Rather than break the security promises it made to its users everywhere, Apple is likely to stop offering encrypted storage in the U.K., the people said.

This means Apple would be prevented from providing Advanced Data Protection to users in the U.K.

Not making Advanced Data Protection available is made worse by this requirement:

> One of the people briefed on the situation, a consultant advising the United States on encryption matters, said Apple would be barred from warning its users that its most advanced encryption no longer provided full security.

Apple can appeal, but is forced to comply meanwhile (until the appeal is heard) anyway:

> Apple can appeal the U.K. capability notice to a secret technical panel, which would consider arguments about the expense of the requirement, and to a judge who would weigh whether the request was in proportion to the government’s needs. But the law does not permit Apple to delay complying during an appeal.

If they had some balls, they would just stop offering icloud altogether in the UK until they have appealed. Let's see how the judge feels when half the country can't access their files anymore and Apple points to this decision as the reason.
Apple doesn't have the same dominance in the UK than it does in the US, so the UK would probably just tough that one out.
Then it sounds like they don’t have much to lose ¯\_(ツ)_/¯
I have zero clue where you’re getting this from. iPhone is incredibly popular and every politician has one.
It's very likely that iCloud is outright disabled via MDM on those politician iPhones anyway, so they probably wouldn't even notice.
The phones tend to be personal phones. We found that out when there was a big investigation trying to retrieve Whatsapp messages.
In the UK the employment arrangements of politicians are very unconventional. In some ways, they're more like independent contractors than salaried employees.

If your MP has an office in their constituency? They rent the office and buy all the computers and desks and printers and whatnot out of their own pocket, and get the expenses reimbursed later on.

The separation between work life and professional life is also extremely blurry. After all, you have to build up a network of supporters and donors and people in the party who like you before you can get elected. So hundreds of your best supporters and closest allies already have your personal number saved against your name in their phone.

I think they do not have MDM.

True, the UK is one of the few European countries where iOS is bigger than android just like in the US. I work in mobile management and we see those a lot in northern Europe. Where they're scarce is in South and East Europe.

Here in Spain no person has even tried to SMS me (which is the fallback for iMessage which I don't have) for 6 years or so :). I also don't have RCS enabled. It's all WhatsApp and Telegram.

Yes. Due to higher prices, iPhones are more popular in richer countries.
Yeah indeed.

The SE is also relatively expensive in Europe. And in Spain Apple seems to have completely removed all trace of the SE from their website. Strange enough. Didn't check other EU sites.

They don't sell the SE in the EU anymore since this year, because it's not compliant with the new regulations that mandate USB-C charging.
The new iPhone SE will likely ship later this month with USB-C support.
> the law does not permit Apple to delay complying during an appeal.

Seems absurdist. They have to implement the backdoor, appeal, and only if the appeal is successful can they disable it.

Apple can't offer icloud with encryption. It doesn't force them to offer the service at all afaict? Forcing a company to offer service at all seems like a gigantic judicial overstep IMO.
Not just most of the judges, but most of the MPs who voted on this. Let them eat their own cake.

I think they could do something like what Tik Tok did, by letting users know why they can no longer provide the service.

I would personally give Apple money to see them actually stand-up to this. What's probably more concerning is the number of companies not complaining about this at all.

> when half the country can't access their files anymore and Apple points to this decision as the reason.

Governments are extremely powerful. They may issue a gag order (https://en.wikipedia.org/wiki/Gag_order) that makes it illegal for Apple to do that.

Gag orders affect information, not whether they continue to provide a service or not.
Even in that case, Apple could withdraw from the market.

If push comes to shove and apple actually called their bluff and withdrew completely from the UK market, I'd bet that that government would become so unpopular that they would not be elected again for quite some time.

I expect everyone would read between the lines if Apple simply offered "no comment".
UK judges are not elected, and don't do things on the basis of what the public thinks.

This headline comes to mind: https://en.wikipedia.org/wiki/Enemies_of_the_People_(headlin...

Judges only interpret the law as laid down by parliament. And, in theory at least, parliament cares about public opinion.
Even to the extent that parliament does care — and both this lot and their predecessors have ignored a lot of criticism about this specific law — turning public disfavour into a change to the law is often a slow process.

I don't see UK judges getting motivated to rule in favour of a foreign company because they took their ball and went home, not even in cases where the ball happens to be very popular.

> Apple points to this decision as the reason.

Unlikely. That's illegal.

Roll out the change in the city of London first and watch the finance sector crash :D The rest of the UK probably won't have to follow suit.
(comment deleted)
Just make TimeCapsule for iOS and iPadOS. With option to store it fully encrypted in AWS cold storage as Apple subscription. I want my data to stay at home.
Are iTunes backups not a thing anymore?
iTunes backup requires a computer. Time capsule for iOS should be an appliance.
I’m so ashamed to be a U.K. citizen and to have both legacy parties (Tories and Labour) staunchly supporting these horrendous breaches of privacy.

We have had a number of bad laws over the last ten years that have entrenched state surveillance and presumption of guilt.

The only party I can see taking a principled stance on civil liberties is Reform UK, whose policy document states:

> A British Bill of Rights

> Our freedoms must be codified and guaranteed. Never again can our entire country be locked down on shoddy evidence and lies. Our data and privacy must be protected. Surveillance of the public must be limited and those monitoring us held to account.

https://assets.nationbuilder.com/reformuk/pages/253/attachme...

Recent polls show Reform is currently the most popular party. So there is hope.

> Never again can our entire country be locked down on shoddy evidence and lies

What’s this about? Is it some mad “covid was a hoax” thing?

Yes - Reform UK is a far right populist party. They currently have 5 out of 650 MPs and are steadily gaining popularity - similar to the rise of other parties like AfD across Europe.
"Far right" suggests extremism.

Could you name an extremist policy that Reform have proposed?

Several specific ones:

- Leaving the European Convention on Human Rights (joining the hallowed company of Russia and Belarus!)

- leaving the World Health Organisation

- get rid of net-zero climate targets, replacing them with fast-tracked approval for more North Sea oil & gas licenses and fracking

- public enquiry on “Vaccine Harms”

1. Nice cherry-picking. The US and Canada (and, in fact, a majority of world nations) are not signatories of the ECHR. Those countries seem to get on just fine without it. In particular they are able to deport dangerous foreign criminals without issue - meaning their citizens are safer. There's nothing extreme about leaving the ECHR.

2. The WHO is notorious for failures in policy e.g. Covid response, bends to political pressure from China (e.g. not respecting Taiwan as an independent entity), and is dependent on private donors like Bill Gates which means they have undue influence. A 2021 probe into the WHO found its staff were involved in sexual abuse during an Ebola outbreak in Congo. There are plenty of reasons for leaving it. There's nothing extreme about leaving the WHO.

3. We absolutely should get the oil and gas we need from our own reserves, rather than buying it from despotic regimes and shipping it half way round the world at great ecological expense. There's nothing "extreme" about using our own natural resources.

4. We know now that there were many serious side effects from the mRNA injections and that the contracts granting lifetime immunity to the manufacturers for harm were extremely suspicious. This is a totally novel form of medical intervention, administered to a large population in a hurry, under intense political pressure. There's nothing "extreme" about an enquiry on mRNA injection harms. What are we afraid of? Uncovering the truth?

https://pmc.ncbi.nlm.nih.gov/articles/PMC10022421/

"CV events such as thrombosis, thrombocytopenia, stroke, and myocarditis frequently occur with the mRNA vaccines studied. A significant number of studies included in our review reported BNT162b2 events, which presses the need to conduct more research into the CV implications of mRNA‐1273 (Moderna) vaccine."

Reform UK don't believe Covid was a hoax.

Reform UK believe that the purported efficacy of the mRNA vaccines at preventing transmission was massively exaggerated (we now know it was).

https://www.thelancet.com/journals/laninf/article/PIIS1473-3...

Reform UK believe that the detrimental side effects of lockdown policy outweighed the benefits of lockdown policy (again, there's evidence to support this view)

https://sites.krieger.jhu.edu/iae/files/2022/01/A-Literature...

"While this meta-analysis concludes that lockdowns have had little to no public health effects, they have imposed enormous economic and social costs where they have been adopted. In consequence, lockdown policies are ill-founded and should be rejected as a pandemic policy instrument."

We need more voices that are willing to state these truths in Parliament IMO.

In this other comment I read a rather different story about what ReformUK wants https://news.ycombinator.com/item?id=42971836

Your comment makes it sound like they're all about research, but they also want to ditch human rights and the world health organisation? This conflict of logic makes me think there's probably more to it than just research and doing good in the world. Can it be that they speak of e.g. lockdowns having been bad based on that ReformUK voters were particularly badly affected by that policy and that this study after the fact found that, indeed, they did more harm than good? Ignoring that this wasn't necessarily knowable at the time, but it reflects badly on the government to have made a mistake with hindsight and so they can gain votes since they weren't in power back then and thus the fallacy is to think they'd have known better?

Thanks for confirming that they're indeed extremist, right in point#1 of that link. "Nothing extreme about disavowing a human rights convention" my ass, lol
Replacing one human rights convention with another human rights convention is not "extremist" any more than it was extreme for the UK to enter the ECHR in the first place (which necessarily meant changing our existing human rights laws).

It is disingenous at best to claim that leaving the ECHR means that the UK will abandon or downgrade human rights, unless you have detailed insider information on the proposed British Bill of Rights, and if you're in a position to analyse the relative strength of the ECHR vs the BBR.

I am confident that a new-found ability to send rapists and murderers out of the UK and back to their home country will IMPROVE the human rights of UK citizens.

> Reform UK believe that the purported efficacy of the mRNA vaccines at preventing transmission was massively exaggerated (we now know it was).

Okay, let's check the paper.

> Thus, the current evidence suggests that current mandatory vaccination policies might need to be reconsidered, and that vaccination status should not replace mitigation practices such as mask wearing, physical distancing, and contact-tracing investigations, even within highly vaccinated populations.

I must conclude, as a party dedicated to the science, that Reform UK therefore would be on board with the above mitigations, if they are genuinely interested in pursuing at least the simplest / cheapest effective mitigations for Covid.

Was that the case?

In the past the Lib Dems were quite good at standing up for privacy and liberties when Lab and Con were both agreeing on more intrusion, but I'm not sure if that's still the case
Lib Dems did vote against the Investigatory Powers Bill (2016), and Nick Clegg blocked the original Snoopers Charter (Draft Communications Data Bill). So they have good form on this.

However, since 2016 the party almost exclusively shifted focus to opposing Brexit... which is ironic for a party that describes itself as "Liberal Democrats," trying to overthrow a public referendum (the strongest form of democracy)

The party seems to have lost its way, sadly.

The order does not seem to apply only to users in the U.K.

From the article, discussing the idea of Apple stopping offering encryption in the U.K.

“Yet that concession would not fulfill the U.K. demand for backdoor access to the service in other countries, including the United States”

See also "U.K. orders Apple to let it spy on users’ encrypted accounts":

> The law, known by critics as the Snoopers’ Charter, makes it a criminal offense to reveal that the government has even made such a demand. An Apple spokesman declined to comment.

* https://www.washingtonpost.com/technology/2025/02/07/apple-e...

* https://archive.is/https://www.washingtonpost.com/technology...

> The Investigatory Powers Act 2016 (c. 25) (nicknamed the Snoopers' Charter)[1] is an Act of the Parliament of the United Kingdom which received royal assent on 29 November 2016.[2][3] Its different parts came into force on various dates from 30 December 2016.[4] The Act comprehensively sets out and in limited respects expands the electronic surveillance powers of the British intelligence agencies and police.[4] It also claims to improve the safeguards on the exercise of those powers.[5]

* https://en.wikipedia.org/wiki/Investigatory_Powers_Act_2016

See also "U.K. orders Apple to let it spy on users’ encrypted accounts"

Not just "see also." Your link is the original reporting.

Without journalists and organizations like these doing hard, expensive work like this no one -- not even on HN -- would know about it.

It's a shame that the link being used for the HN entry is to a blog re-writing other people's work, and not doing any of that work or sharing any of that expense themselves.

Correct link:

https://www.washingtonpost.com/technology/2025/02/07/apple-e...

No, I don't care if there's a paywall. Credit where credit is due is something your mom should have taught you when you were five.

I doubt very much if any terrorist, criminal or child abuser is going to use any google or apple cloud service to back up their files.

Anyone with a fundamental understanding of online privacy and security would encrypt any files prior to uploading them to the cloud rendering any back doors and access to those files useless and toothless.

I dont use any of these services. I have never understood the thinking around uploading your private life to some server in the cloud when they are more secure on an external hard drive at home.

I think you have a very high opinion of the millions of people around the globe, with varying levels of computer literacy, who are terrorists, criminals, and/or child abusers.
I once worked with a business lady who used her dumbphone as an argument in a discussion where we were deciding whether all our users have smartphones. She proudly displayed the dumbphone and said that if she has one, others probably have too.

I learned only much later that her husband was prosecuted for fraud related to government funds. So she had a good reason to have a dumbphone.

It's anecdotal evidence, but still.

You are of very low opinion of people, probably assuming that you are smarter because you are some kind of IT guy.

And you are likely wrong.

> I learned only much later that her husband was prosecuted for fraud related to government funds. So she had a good reason to have a dumbphone.

Does she? Law enforcement can wiretap and track dumbphones just as easily as smart phones. The lack of encrypted calling/texting options even make it easier for law enforcement. If she's trying to hide more fraud, the dumbphone isn't helping her. And of course if she is trying to hide fraud from law enforcement, she probably shouldn't be doing the fraud in the first place.

There are good reasons for using dumbphones (smartphones distract, and it's having a serious impact on everyone these days) but avoiding being prosecuted isn't one.

It's about reducing the attack surface, dude.
(comment deleted)
Don't iPhone photos automatically sync to your iCloud?
You can turn it off, and it is E2EE.
You need to enable an additional iCloud secure mode for true E2E to be enabled.
> I doubt very much if any terrorist, criminal or child abuser is going to use any google or apple cloud service to back up their files.

Meanwhile, the amount of local news arrests for people getting busted for uploading CSAM to online platforms like Google and Apple is exponentially increasing.

The average "criminal" is an idiot.

The real goldmine is WhatsApp. In most cases, WhatsApp backups are enabled and uploaded by default, including when the whole iPhone backup is created. And by default, backups are unencrypted.

So if you ever wonder how they access those WhatsApp messages, when you think that they would be end-to-end encrypted, reality is something else.

I've got backups disabled on WhatsApp and the app reminds me like once every few weeks "You should turn on your backups!". Easier to click yes.
The overlap between “criminal” and “fundamental understanding of online security” is fairly small.

I use online services and sync, but my life is so boring (and data breaches have exposed so much) that a disaster that destroys my house and all backups is far more likely that harm from government or private snooping on my cloud files.

I know we’re supposed to stand on principle and make data storage choices as if today’s cat photo were evidence of being the real JFK assassin, but I don’t have the energy.

> I doubt very much if any terrorist, criminal or child abuser is going to use any google or apple cloud service to back up their files.

Most of the time, people become terrorists, criminals or child abusers because they're stupid, not because they're smart.

News stories seem to indicate that many criminals use computers just like any given person does.

Even people concerned with security who know a little seem to be terrible at it.

A local protest group in my area was passing around an image with security tips. They were hilariously bad, suggestions based on very confused understandings of risk. These people weren’t criminals necessarily, but they were motivated and concerned and somehow just terrible at basic security.

> News stories seem to indicate

What's the inverse of survivor bias?

They are still people committing crimes. I don't think that's quite the same as the prototypical survivorship bias would imply.

There is the possibility that there is a great deal more crime being commuted by capable super criminals who understand the nuances of security .... but I'm more of a subscriber to the theory that for "most" crime, it's a lot of stupid people.

Hamas switched from smartphones, with encrypted messengers to pagers, a communication device with encryption so weak it may as well not be there. Criminals get caught because they used plain phone calls and texts _all the time_. Hell, child abusers are regularly reported to the police because someone saw a suspicious picture on their phone when scrolling through the gallery. Crime and an understanding of cybersecurity don't necessarily overlap.

I agree that cloud services cannot be trusted to do encryption within their clients, but on platforms like iOS it's difficult to do automated backups using independent encryption. It's also quite difficult not to accidentally enable backups to these services because the setup flow for every phone guides you to hitting the "upload everything I do to Apple/Google".

To Apple's credit, while they normally store a copy of the encryption key, making most cloud encryption entirely useless, they do offer setting a custom key at least. GDrive and OneDrive sure don't.

there are dumb people out there but can you sum up (just talking about illegal drugs) an industry that makes $360 billion per year? Brazilian ghettos have army grade weapons like anti-aircraft missiles [0]

psychopathy is a mental disease who impair people to control their impulses/defected judgment; often these are permanent personality traits, which either will let them sit in a prison for the rest of their lives depending on what they did or they will be liberated if they get caught with a high chance of another incidence... search for papers/work from Kent Kiehl if you are interested in this type of stuff

[0] https://www.globalissues.org/news/2009/10/30/3330

I believe they switched to pagers because their location can't be tracked. Every pager message is broadcast across the whole country and the pagers just listen to all of them and only tell the owner about the ones meant for them.

A phone has to at least tell the nearest tower that it's within range so that the tower can know to send it messages. After that, when it get's a message it sends some sort of acknowledgement. In theory anyone can pick up those messages with a phased array or set of directional antennas and get a directional fix on the phone.

> I have never understood the thinking around uploading your private life to some server in the cloud when they are more secure on an external hard drive at home.

Depends on your threat model. If someone unofficial wanted at what you're doing, they'd likely find it easier to go after your home data than what you have in iCloud -- particularly if using Advanced Data Protection for iCloud.

https://support.apple.com/en-us/108756

Also, ask the folks in Los Angeles how those external hard drives at home are working out for them in the fires. There are many types of threats.

The average people have zero idea about these things. They just use phones, and do not care how they function, what they do in the background.
What's new here?

As mentioned in the article, Salt Typhoon and the recency of this request by the UK. At this point they should know better.

My pet theory is anytime the US wants to do something illegal under US law, they simply ask the UK to do it and vice versa. That's why Salt Typhoon isn't and never will be a lesson learned.

I recommend Susan Landau as the goto person on this. She recently spoke with Lawfare on the current state of play.

[1] Susan Landau and Alan Rozenshtein Debate End-to-End Encryption (Again!) https://www.lawfaremedia.org/article/lawfare-daily--susan-la...!)

It is actually Australia where the US goes to test out far-out legislative ideas before implementing them at home.
Australia does a great job of enacting wacky authoritarian policies in the last 5 years; It would make sense to use them as a staging ground. Does any specific legislation come to mind?
Social media ban for under 16s is the latest half witted idea enacted by the government here.
This week we've had the federal laws strengthend to a one year minimum jail time for nazi salutes. I think saying "punch a nazi" unironically could now also get you a year in jail, but I'm not sure about that one.
Oh, you feel the need to defend nazis?
No, the neo-nazis can defend themselves. I just support personal freedoms.
You’re deflecting.

As such you demonstrate that you will not be an ally in case of a surge of unethical behavior.

The point isn’t for nazis to defend themselves - it is to defeat them while you can.

I'm not deflecting I think we just have different points of view.

> The point ... is to defeat them while you can.

That can be your point, and with that framing almost anything is permissible! My point is generally to let free, open democracy run its course without putting our fingers on the scale too much.

I'm not scared of people doing a salute in the style of a movement that's been dead for almost a century. I'm not scared of communists flags or chants, or people chanting from the river to the sea. I think it's all healthy as long as it's non violent. The argument that it leads to violence is not logically sound and very minority reportesque.

> The argument that it leads to violence is not logically sound and very minority reportesque.

That a nazi salute, corroborated with converging political views…? You obviously don’t understand, don’t see how things happen.

Or you do, and you know downplaying “nazi wannabees” is part of the game.

It’s not about being scared but principled: an open democracy does not tolerate ideas going against its very foundations: it makes sure these are, expressed maybe, but kept in a very strict perimeter which they ought no get out from.

We don't ban Maoists or Stalinists or Mussolini style facists. We don't ban Napoleonics or Confederates.

After WW2 there was a period of strong Jewish support for nazi rights. Were they not an open democracy? Is the risk in 2025 stronger than what they faced?

I don't know really, is it that every era needs a boogeyman or is it just that we are on a grand cycle away from liberality? Both maybe?

We don't? Maybe you don't. From where I am (France), maoists, stalinists, mussolinists, napoleonics or confederates are pretty badly considered, maybe only considered weird and silly as long as they are just spouting vague theory stuff or giving some substance to the conversation.

But as soon as they associate their "thing" to a violent/segregationist personality/behaviour, you can be certain that they are banned, and in no gentle manners.

Wow, I don't know either. Saying nazis could be sort of boogeyman or victims?... that tolerating nazis would be liberal? Wow. Sounds like a line from "OSS 117: Cairo, Nest of Spies".

You seem not to understand how a society works or what liberal even means... A liberal cannot tolerate ideas that are explicitly against tolerance, as those lead to illiberal behaviours. The best illustration of it is the actual suppression of speech that is happening in the USA, by the very people that reclaimed freedom of speech.

Or again, you do know.

Either way, you're certainly not in the middle, you're actually supporting the violent ones to be violent, asking the ones reacting to that violence to accept it as it is. Not too good looking.

> Sounds like a line from "OSS 117: Cairo, Nest of Spies".

Thanks I'll check it out.

> Either way, you're certainly not in the middle, you're actually supporting the violent ones to be violent

I think I understand where you're coming from but I would instead state it as supporting first amendment style laws for my country, warts and all.

Would you argue that the first amendment should be annulled?

No, I’d argue that you do not understand the implications of your first amendment:

because you have an absolute free speech, you also expose yourself to the absolute consequences of what you say, or do.

Exposing oneself as a nazi exposes one to consequences.

Once, not that long ago, your country was proud of kicking nazis dead, for good reasons (albeit a bit hypocritical too when one reads history).

Banning Social Media for under 16s is a great idea. Hopefully other countries follow soon.
It's not a pet theory, it's exactly how the Five-Eyes system is meant to work. I remember when Total Information Awareness was announced and they even had a cool badge designed for the new govt department. It wasn't a popular idea.
It is a pet theory. It is illegal for the US to access its citizens' and residents' data without a warrant, and asking somebody else to do it doesn't magically make it legal.
It’s illegal but they do it anyways. Recall there was a man named Snowden who revealed the NSA does collect USA citizens’ data.
Why would they "access [their] data", instead of a report from a foreign intelligence agency?
It's not a pet theory when there's proof they have engaged in it through five eyes. We're not saying it respects the constitution or its intent. We're saying it's what happens.

Black CIA sites weren't legal either, nor was torture.

> It's not a pet theory when there's proof they have engaged in it through five eyes

What proof? You would think after all the leaks there have been, some proof would exist. Instead, you cling to a conspiracy theory based on a misunderstanding of an agreement.

The fact that you immediately went for "conspiracy theory" discredits you more than you think it discredits me.

They're all conspiracy theorists when the government is accused of wrongdoing and the "proof" demands and moving goalposts happen all the time. Helped by the lack of transparency and all encompassing powers of agencies and governments.

Your arguments boil down to repeating narratives and things like "X is illegal so it doesn't happen" which just shows how naivety is part of your bad argument repertoire. I'm sure black CIA sites and coup d'etats didn't happen if I can't prove them to your liking... And if I somehow satisfied you, there's some justification that make them lawful and correct.

Give me a break.

The fact that you fixated on "conspiracy theory" means you don't know what the term means. It means that a large group of people must be working together to make something happen, yet none of them have said anything.

If the Five Eyes participants worked as you have stated instead of as the leaked agreement documents say they work, you would expect Snowden to leak that first because it is obviously illegal. He did not. Why not reduce the number of people required to keep quiet in the conspiracy by having the US spy directly on its citizens? Every question you might ask about your conspiracy theory makes it sound even more ridiculous if you bother to ask it.

It's exactly how the five-eyes information sharing works.

Participants spy on each other's citizens on the other's behalf and share data, to avoid the legality of doing so to their own citizens.

That is exactly what this is.
> requires that Apple creates a back door that allows UK security officials unencumbered access to encrypted user data worldwide

How could this even be enforced if Apple pulls out cloud services of the UK ?

It's such a ridiculous request, the British Intelligence agencies must be bored coming up with new ways to make Apple look good.

Apple still has legal entities in the UK. Pulling out cloud services would be insufficient to prevent the UK authorities from interfering with their activities.
> prevent the UK authorities from interfering with their activities

I'm still missing how this could be enforced ? To my layman understanding, this reads the same as if China said : "Meta, Tesla, Valve etc has entities in China therefore we get to see all data they store in the EU and the US.

The UK has Zero jurisdiction in Ireland for example where a lot of EU data may be stored.

I have lived to the day that we give an example on china not doing something stupid a western democracy does about rights and freedom. Wild times to be alive. I am also surprised that they demand worldwide access and not just UK users data or all the data stored in UK jurisdiction. But this is going too far.
And if you think China and the USA and Russia wouldn't want it... hey I've got this bridge for sale.
The difference is that China and Russia have the sense to spy on foreign citizens with hackers, trackers, and other covert means. Somehow the UK feels entitled to Apple doing their espionage for them, and has the gall to ask publicly.

Note that this is not China apologia: they do the same brazen shit locally, but they're an authoritarian regime. I have lower expectations for human rights there.

If you, like me, didn't know where the idiom "I've got a bridge to sell you" comes from, here you go: https://en.wikipedia.org/wiki/George_C._Parker

George C. Parker was a conman in NYC who multiples times sold the ownership of the Brooklyn Bridge to his victims. Among other cons.

I know we're going off topic but I remember hearing about this, and reminded me then a similar case in Paris where the Eifel Tower was being sold too.

https://en.wikipedia.org/wiki/Victor_Lustig

Ah, the good ol' days of conman. No, all we've got are crypto scammer =D
There are tensions in the US.

Those who are charged with stopping cyber crime are very must against this. End to End encryption is one of the better protections they can give you against foreign hackers and they want you to use it.

Meanwhile down the hall are people who are charged with investigating crimes someone in the country commits and they are want this. It is a lot easier to prove someone is involved in some crime if a warrant can get their data, but end to end encryption means they can only get random bytes. (of course they don't want warrants either, but that is a different issue not relevant here so they will specify warrants in this debate)

China has forced Apple to outsource iCloud in China to a state run company, so all data is just directly controlled by the government there. It’s an even worse situation.

https://support.apple.com/en-us/111754

That is just China's general rules around tech. Awful? Yes. But not a global issue. Most non-chinese companies are forced to have their chinese properties ran by a chinese company. This is shown by companies like VW having cars made in china with effectively a license model, these cars are designed and built by a third party with a few interesting exceptions (VW actually licensed a design, the Taos, back and shipped it worldwide)

The insane overreach was the UK wanting data on people not in the UK

At least the CIA doesn't get it… dunno which is worse.
How is this worse? This only affects users in China.
And users who communicate with users in China using Apple services.
They can send encrypted PGP messages, e2e was figured out in 1991.
We literally tried to do this with TikTok. We can't exactly stand on a high-horse when the highest level of government in the US was totally fine with it.

Our noble "we can't have American data in the hands of our enemies," their savage "forcing American companies to turn over user data."

Edit: I misread the comment tree, I thought this comment was equating the TikTok situation to the UK's request.

I agree that the TikTok demands are pretty similar, though I might quibble over whether they're literally the same, since arrangements like that are the status quo in China but not in the US

Original comment below:

How is "remove foreign control of data on our nation's users" remotely the same as "give us access to foreign users' data"?

They're not even figuratively the same, despite you literally misusing that word

It's not clear which scenario you are referring to.

If by "give us access to foreign users' data", you mean TikTok, then ByteDance is only required to sell the US portion of TikTok to American buyers. If you mean iCloud, then Apple is only required to keep Chinese users' data on local servers.

Oh my bad, I misread the comment tree and thought this comment was a response to the grandparent.

"give us access to foreign users' data" referred to what the UK is asking for, I thought the post i was replying to was equating the UK's request to the US'

I disagree. Apple is a hardware company but TT is a shithole social media

in other words, you store much more data on a phone versus a doomscrolling app[*]

*: unless you make videos and publish PII in them :)

It is worse than that, I never expected that most democracies would go back to foregone days, because people get sold out on populism and decided to ignore history lessons.

As a child of Portuguese revolution, I am aware of plenty of stories, apparently many folks nowadays think those are stories to scare misbehaved kids.

It would be enforced by fining the UK legal entities (or worse, like charging their legal representatives) if they don't comply. If the UK is serious about this, the only alternative for Apple would eventually be to completely cease operations in the UK.

By the way, this is similar to why for true GDPR compliance, data centers should be operated by EU companies that aren't subsidiaries of US companies, because even if the latter operate data centers located in the EU, they would still be bound to secret orders by the US government.

That's actually the only thing that would keep Apple services usable to everyone else around the world.
The most horrible part of the discussion we're making is that we're arguing that UK intelligence should be able to access only UK related data, and not that UK intelligence should not undermine privacy of people
The Overton Window has shifted.
PSA:

    The Overton window is the range of subjects and arguments politically acceptable to the mainstream population at a given time.[1] It is also known as the window of discourse.

    […]

    The political commentator Joshua Treviño has postulated that the six degrees of acceptance of public ideas are roughly:[7]
    
    unthinkable
    radical
    acceptable
    sensible
    popular
    policy

* https://en.wikipedia.org/wiki/Overton_window
The Clipper Chip died a quick death back when the Clinton administration wanted it, as the push back against it was pretty strong. Now? Seems like a matter of time before every form of electronic communication has a dozen different back, side, and front doors into it.
I don't think that was mandated to be used for every device though. It was also shown to perform key escrow in secret and had its security defeated before it launched.
Has it? UK has a long-standing reputation as one of the most persistent surveillance nanny states in the West.
What we're discussing here is whether a private company should obey laws of the country they operate in or not.
The moral thing to do would be to resist obeying such laws as much as is feasible. If that fails close all your legal entities and continue offering services to the citizens of that country to the extent that is feasible.

Of course it wouldn’t be very profitable. So unfortunately you really can’t expect a major public company to take a stand like in a case like this.

Fully agree. Imagine giving your data to company XYZ which promises you full encryption privacy. The company XYZ opens a subdivision in country CBA and all's okay unless CBA's law is changed to mandate all companies to give all their data. Now your data is lost to CBA's agents.
> By the way, this is similar to why for true GDPR compliance, data centers should be operated by EU companies that aren't subsidiaries of US companies, because even if the latter operate data centers located in the EU, they would still be bound to secret orders by the US government.

This is interesting, I know GDPR does not mandate data localization but I was under the impression that the requirements are a bit more difficult/stringent for transferring data out of the EU region ? While not perfect, it's a bit less 'open door' than it would be if it was hosted in the US.

The EU has a law saying "don't transfer data out of the EU without the right paperwork, but of course if your American sysadmins have SSH access to servers in the EU to do maintenance that's no problem, just tell them not to copy the data off it"

The US has a law saying "If our spies tell American sysadmins to SSH into a server in the EU and copy data off it, they must do it and they must keep it secret"

I’ve never worked in a company with data the gov’t cared about that wouldn’t have sirens going off. Why is Joe SSHing into the EU data center? And now why’s he trying to turn off the GuardDuty rule that caught him? And why is he trying to delete that from CloudTrail? And why is the SOC 2 auditor asking why he has access to delete things from CloudTrail in the first place?”

You’d have to get a surprising number of people to go along with it.

That's why it's important to choose a sysadmin who has the authority to SSH to servers. Joe SSHes in all the time, it's not an anomaly.

If you think a SOC2 auditor would spot something like this, in a company the size of Apple or Google - you've probably never been through a SOC2 audit :)

I wish that I had not been through many SOC 2 audits. But the point was just that in a sufficiently large org that might have cross-continent data centers, it’s not common to have one person who can access remote data and cover their trail and turn off the alarms and all the other things required to do it surreptitiously. Possible? Maybe. Likely? Probably not.
In my experience, every sufficiently large org with data centres on multiple continents has an accretion of legacy systems and special exceptions.

And a heuristic anomaly detection system that generates masses of false alarms, and enough different teams and documents and policies to bury an army of SOC2 auditors. And so many log lines almost anything can get lost in the noise.

The janitors always have keys to everything. Especially when it’s required by law.

Surely if the current government were dumb enough to try and ban Apple from the UK over something like this it would it would make even Truss look competent in comparison.

Not so much because British people love their iPhones to such a extreme degree but because they willing to waste money and resources over something this stupid.

IMHO Apple could bring down the government that tried this if they really wanted to.

> I'm still missing how this could be enforced ?

Basically by saying that if they don't comply, they can't do business in the UK.

It is a relatively small market, and if Apple decides to shut down while flooding the streets of London with posters saying “We are forced by your government to shut down in order to uphold your privacy”, the UK Government would take a massive blow.

Imagine Russian Oligarchs on android devices! Polonium will roll, I tell you!

There are lots of different ways to do business. UK is unlikely to be able to ban the iphone, and I doubt Apple has much business in the UK. As such they can lay off all workers in the UK "because of legal issues" and the workers feel the pain. They can still sell in the UK through third parties, and go to the EU if you need warranty work
The phone itself is only a piece. Apple sells multiple services, without them the phone is useless. If you can't access the appstore, the backups, etc. what good is an iPhone? Now, the UK can say that UK citizens' data can't travel outside of the UK without the UK government permission.

So it's still a problem. This seems like a looming PR battle.

> Now, the UK can say that UK citizens' data can't travel outside of the UK without the UK government permission.

How so?

Same as GDPR forbids the same thing from EU.
So if British voters get to chose between having access to iPhones or voting for a government that wants to spy on them at whatever the cost surely the choice must be clear?
> I'm still missing how this could be enforced ?

By banning Apple from doing business in the UK.

The US used a similar strategy decades ago to break Swiss Bank Secrecy laws (either Swiss banks had to give up the info or they were going to be kicked out of the US).

Yep, and the US had a lot more leverage; out of the US translates into no access to US dollars either directly or via a correspondent bank, which essentially means bankruptcy.
> By banning Apple from doing business in the UK.

To use poker terminology: I think that if the UK made this bet that Apple would call.

I really hope so. I would love to see that showdown. Hopefully, "can't buy an iPhone in the UK and everyone knows why" makes the Snooper's Charter a radioactive mess that legislators fall all over themselves to repeal.
Exactly, imagine the legislatures facing their irate teen daughters for bricking Apple devices.
I don't see how closing Apple UK would mean "can't buy an iPhone in the UK". Importing is a thing.
In which case, Apple still wins by not having to put in a backdoor.
Apple stockholders would never allow that.
> Apple stockholders would never allow that.

Then they can vote in a board of directors that agrees with them, and have that board fire Tim Cook.

I would hazard to guess that you'll see an exodus of a lot of folks leaving Apple either because (a) they won't follow that order, or (b) in solidarity with those that are fired.

Reminder that privacy is feature that Apple touts (how much you believe them is up to you):

> On January 28, 2021, Apple CEO Tim Cook delivered remarks at Computers, Privacy & Data Protection Conference: Enforcing Rights in a Changing World. The virtual conference — hosted annually in Brussels, Belgium — is one of the foremost international privacy and technology conferences bringing together leaders from academia, government, civil society and the private sector. Learn more about the features and controls Apple provides users to safeguard their privacy at http://www.apple.com/privacy

* https://www.youtube.com/watch?v=OaLxTz1Yw7M

* https://www.youtube.com/watch?v=0HjDpPnxcP0

* https://www.youtube.com/watch?v=1YOi0r3vptQ

I don't know where your ideas are coming from - Apple easily folded and gave all data to Chinese government when commanded to do so under leadership of Tim Cook.

Where does your thinking that they'll suddenly forget about revenue from UK over this come from?

Probably the belief that the CCP would survive Apple withdrawing from China, but the UK government would not survive Apple withdrawing from the UK.
Shutdown by voluntary liquidation requires shareholder approval, cannot be done by the board alone.
(comment deleted)
Swiss banks didn't care - they didn't have a large Us presence anyway. Until the US started enforcing this by proxy, other banks couldn't do business with you and the US and overall the US is more important to the world than Swiss banks.
Not so sure. Yeah, they didn't have a large US presence but they did a lot of business with US banks and securities markets -- that's what was threatened. It's wasn't the ability to have branches in the US but the ability to conduct business in US markets.
They ban Apple from doing business and watch as the uk stock market goes into the toilet as companies scramble to get out.
> By banning Apple from doing business in the UK.

As someone else here said, Apple would 100% call this bluff. And you can be certain the UK won't have the US to put pressure on Apple for them. All the would happen is the UK Apple users would be with an expensive paperweight.

That assumes that Apple's shareholders believe that Apple's privacy reputation (relative to other companies) is more valuable than access to the UK market.

All evidence that I have seen suggests that consumers by and large do not care about this kind of privacy. They do not buy iPhones instead of other phones due to the privacy properties.

Therefore Apple's shareholders could order Apple to stay in the UK market.

And if not, then Apple's customers could be compensated with money and other UK-held assets that the government could confiscate.

According to NASDAQ [1] the two main investors are Vanguard and Blackrock, but the two of them together are far away from 50%. There are a number of other large investors. I didn't do the sums but there must be probably 30 of them to get to 50%. Do some of them care about privacy of common people? Probably not. About the people in their boards? Probably yes.

[1] https://www.nasdaq.com/market-activity/stocks/aapl/instituti...

This is usually true of any corp. However, Apple is the one big tech company that has built its reputation on privacy more than any other, and Cook in particular is very strong on that -- and he's not prone to Zuck-like flip/flopping, at least not so far.

You may be right, of course. But if there's one tech company who _might_ say "no", it's Apple.

Counterpoint: Apple in China.

Most users don't care about that stuff, but I think a small but significant percentage do. I have never been an Apple fan but I am aware that they are significantly better than Windows and Andorid for security and privacy.
UK can just start fining apple billions of dollars if they dont want to fully kick them out of the country.
Actually, maybe this is what the government's end goal is. Free money!
Sadly jurisdiction has nothing to do with it.

https://www.irishtimes.com/business/technology/uk-spy-base-g...

This is not just a case of the British intelligence services secretly “tapping into” Irish telephonic and internet traffic via land and maritime cables. Rather in most cases they are being provided free (or commercial) access to the information by companies associated with the use, ownership or maintenance of these cables.

Post-Snowden the Irish government retroactively legalised it...

(comment deleted)
It can be enforced in this way: police raids the local headquarters and jail a bunch of people because their company didn't comply with the law.

The only way to prevent that is not having any local office, no employees, nothing. Sell physical objects only by the means of local 3rd party resellers which will import goods. Same thing for services. Of course they can ban imports and services or go after those 3rd parties. It depends how nasty they want to be.

I suspect the UK government would back down way before Apple. People aren’t politically active as those of years pass, but brick their iPhones you’d have a riot.
The US CLOUD act says something similar to your straw man (though it doesn't ban E2E encryption like the UK is attempting to do):

https://en.wikipedia.org/wiki/CLOUD_Act

Note that it the bar is having the ability to access the server, so this law is completely incompatible with most GPDR solutions: It's illegal to store European user data and then refuse to hand it over to US law enforcement, regardless of whether the data is stored in Europe or the request breaks European law.

I imagine they would fine apple a large sum of money. If apple refuse to pay they send high court sheriffs to confiscate any property they have in the UK to pay the debt.
The opposite is happening all the time - i.e. US demanding access to European data from Facebook and Google et al. It is not one-sided.
More importantly, apple has customers in the UK. The business from captured apple users is more valuable than apple's privacy reputation.

This all seems very similar to RIM and the aftermath of the riots in the UK. The backdoors became too obvious for customers to ignore. Did not go well for RIM in the market afterwards.

Who has more to lose though? I mean any government that would do something as stupid as banning Apple because Apple didn’t allow it to spy on its citizens wouldn’t be very popular or last that long..

I mean this would be even more stupid than Partygate and the whole Truss debacle put together.

> More importantly, apple has customers in the UK. The business from captured apple users is more valuable than apple's privacy reputation.

Is it though? I wonder how much of Apple's revenue is from the UK, probably around 5-6%? Apple isn't exactly as popular in the rest of the world as they are in the US.

Would damaging their privacy reputation globally be more valuable than the UK market? I honestly don't know, but my hunch says no - they are likely to want to keep their reputation and dump the UK market. I think more likely is Apple is going to be able to get the UK to cave in. Apple is extremely competent with PR, and would be able to spin any kind of pull-out or degraded service in the UK as the government's choice and fault, to the ire of UK citizens.

That's not even the main issue in my opinion: how can Apple do this without breaking laws in other countries ?

I am not a lawyer, but I think that this would be illegal under EU privacy law.

The same way it operates in China? I guess, China is much bigger market, so it’s worth the effort. Not sure how it’ll go in the UK.
> a back door that allows UK security officials unencumbered access to encrypted user data worldwide

As far as I can tell, China is asking to keep Chinese data in China and have access to it, but it is not asking to access data of American or European citizen and if it did we would be pissed off.

Probably a manouver to make them look good but also privately complying anyway.
> the British Intelligence agencies must be bored coming up with new ways to make Apple look good.

We know they collude with US intelligence serviceUS

But as far as we know there is no encryption back door
"As far as we know" is the most important part.
It seems apparent to me that Apple leaked this information to US press in an attempt to get the UK to back off. Wouldn't Apple also try to subvert the attempt for US intelligence to get a backdoor? Or do we think Apple has less of a leg to stand on with US and would be more likely to roll over?
You are out of your mind if you think files in iCloud are somehow outside the reach of US intel.

It’s been publicly used in a bunch of prosecutions at this point.

We all know Apple (and everyone else) gives data to law enforcement all over the world https://www.apple.com/legal/transparency/

You're including end-to-end encrypted content in that as well, like from Advanced Data Protection?

> If you choose to enable Advanced Data Protection, the majority of your iCloud data – including iCloud Backup, Photos, Notes and more – is protected using end-to-end encryption. No one else can access your end-to-end encrypted data, not even Apple, and this data remains secure even in the case of a data breach in the cloud.

https://support.apple.com/en-gb/108756

I have no opinion on whether US intel has a backdoor into this e2e encryption or not. It seems like the sort of thing where people non-chalantly state that it must happen, but of course no one ever has actual proof or a source.

We're specifically talking about files encrypted E2E using ADP. Can you point to any such files being used in prosecutions?
> It’s been publicly used in a bunch of prosecutions at this point

Can you give an example then? It would be major hacker news news if supposedly E2EE iCloud data were used in a prosecution.

Got any sources to back that up?
I mean, you're right. People think "end to end" encryption helps them, but they forget that Apple controls both the server and client more than the user does.
> Or do we think Apple has less of a leg to stand on with US and would be more likely to roll over?

Apple has no leg to stand on at all. When the NSA comes to your door and demands access to everything you have you don't get to say no. There is no court you can appeal to, and they'll take whatever they want and order you to keep your mouth shut about it. They'll walk right into your headquarters and data centers, force you to move your employees so they can set up an office for themselves on your property, insert their equipment into your network directly and take everything just like they did with AT&T decades ago (https://en.wikipedia.org/wiki/Room_641A)

Your only options are to comply or shut down (https://en.wikipedia.org/wiki/Lavabit) and I'm not even sure the US government would allow "shut down" as an option in some cases. It seems likely that they'd keep a massive target like Apple running even if the owners of the company wanted to cease operations, but lets be honest, Apple makes a lot of people very very rich so they'd never walk away from that. They'll keep making their money and just try to convince themselves that the US are the "good guys" and so it must be okay.

https://en.wikipedia.org/wiki/Apple%E2%80%93FBI_encryption_d...

Obviously, Apple is going to comply with US federal law, given that their headquarters and employees are there, as well as their most profitable market. But when possible, they have shown themselves willing to fight against intrusion.

Two things,

First, that's notably the FBI and not NSA. As gp says, NSA has greater powers with less legal oversight on national security grounds.

Second, a cynic might argue that Apple put up a noisy, principled fight that one time precisely to create the perception that you have here. It could be the FBI learned data requests to Apple are a dead end!

Or the two came to a mutually beneficial understanding: "don't come in the front door waving a court order for the cameras and we'll see what we can do when our reputation isn't on the line, see? And maybe if we help out, that antitrust investigation isn't necessary after all!"

FISA courts and patriot act came way before iPhone, how is Apple going to fight a law that is already on the books?

A proposed law, or bill, like the one in the OP’s article, can be fought against.

You've never heard of courts? The world does not work the way you think it does at all.
I can't imagine all cloud providers weren't leaned on heavily to provide this access long time ago. Its a treasure trove too juicy to be ignored. Pro quid pro of course.

Anything else is highly illogical or outright stupid, imagine CIA or NSA having meeting on this decade and a half ago and deciding 'well if they won't give us full access when we asked nicely I guess that's it, we have to respect the law and their wish'. LOL. They don't respect basic human rights at all if you don't hold US passport, and even then the list of cases breaking laws and constitution is endless.

Apple is good with their PR, but why do folks accept their every word literally and not as part of marketing spin to sell more services is beyond me. Rest of the market is not even trying to spin it that way which is actually more respectable behavior.

Don’t you think out of the thousands of Apple employees that someone would leak it?
(comment deleted)
Apple is famous for keeping projects secret from its own employees. To be clear, I think it's unlikely that this has already been set up for the US, but it would be easiest to do at Apple.
Not necessarily. There's a lot of people absolutely unwilling to risk loosing their salary and career. If you are doxxed as the leaker, what other company would hire you? I'm not even considering if there could be criminal charges involved as well.

Snowden left an example of what kind of lifestyle is possible after leaking, and I doubt snowflakes at FAANG would be down for that. Or how about other examples of leakers that have turned up dead? That's a cheery thought to consider.

So yeah, at this point in time, I do believe there's a lot of people that might not agree, but are not up for the task.

Snowden chose that lifestyle. If he had stayed in the US, he would be out of prison already, just without a security clearance. The longest sentence anyone ever got for leaking government information to the media is 63 months, with a release after 50 months on good behavior.
It's all speculation, but perhaps he was also thinking about how high his risk of 'suicide' would be.
Manning was released early from her 35 years prison sentence only because there was Obama who had balls to do it and go against extreme far right part of society and government employees. Not going to happen again anytime soon in US.

I am actually surprised she survived this and wasnt suicided or sent to Guantanamo for water boarding till heart stops, I guess thats only for those without US passports.

Manning did not leak to media, who would vet the data before releasing it. She effectively directly dumped diplomatic cables on WikiLeaks.
No. Whistleblowers are extremely rare. Snowden did it, but he also worked with thousands of other employees who had knowledge of some, if not all, of the abuses Snowden told us about, but not one of them came forward. This is pretty much always the case when it comes to whistleblowers. For every one who came forward there were many many more who knew and stayed silent and it's hard to blame them. Whistleblowers are harshly punished, and sometimes killed in retaliation.

Being willing to sacrifice everything you have, including your career, your freedom, and potentially your life, just to let the public know the truth is not something you should expect people to do. It's a huge amount of risk and sacrifice while the only reward is knowing that you've done the right thing even though you'll be vilified and punished for it. That's what makes whistleblowers heroes.

By collude, you mean responding to subpoenas they are legally obliged to respond to?
Of course that's a thing. However, anyone who's ever read a history book has a pretty good reason to be suspicious it ends there.
(comment deleted)
Collude is such a fucking weird word to describe an alliance.
Collude seems like a pretty good word for an alliance formed for the purpose of subverting the law.
Yes “collude” contains exactly the right connotations. Slimy, sneaky, against the interests of the public.
>How could this even be enforced if Apple pulls out cloud services of the UK ?

Honest question, how Apple is doing it in China? Maybe the exact same scheme will work for UK.

MI6 probably gutted the cybersec division. Probably don’t have many viable sploits in their cache against Apple.

I suppose this is _good_ but more competent and well funded groups out of Israel, Israeli military complex, Cyprus don’t need to “ask” for a back door.

Cyber-related stuff is GCHQ (black/greyhat) or NCSC (whitehat)
As long as Apple has a business presence in the UK, they are subject to the laws the UK imposes on them even if they're vastly overreaching and impose on other government's citizens. Not supporting cloud services wouldn't be sufficient to avoid the compliance requirement, they would have to formerly stop doing business in the UK.

Looking at the market size that might be a decision that Apple is willing to make as it would most likely be a temporary stick. The government can spin it anyway they want, but Apple devices do not work basically at all without the deep integration of their services. A geoblock would effectively mean UK citizens would be left with unusable devices and I can't see the resulting outrage being directed exclusively at Apple.

It'll be interesting to see how this plays out for sure.

> As long as Apple has a business presence in the UK, they are subject to the laws the UK imposes on them even if they're vastly overreaching and impose on other government's citizens.

I wonder if this means that Apple would ultimately take the same approach that they have in China, where the iCloud data and services are entirely localized within China and allows the Chinese government unrestricted access.

one can't compare china and the uk.

china had leverage because of the manufacturing happening over there and the incredible market opportunity, UK doesn't have much.

technically i believe apple could get out of the UK market to provoke a backslash on the government.

If they concede, other government will use the exact same blackmailing technique and one can say it will be the absolute end of their "privacy" marketing campaign they spent so much money into.

Apple offers the same escrowed key and non-escrowed key (advanced data protection) features in China as far as I'm aware. The extra capability GCBD has would be access to protected at rest data like iCloud email.
The decision wouldn't involve just market size, but their Irish tax haven as well. They're not going to pull out of the UK entirely.
Their Irish tax haven is rather specifically _not_ in the UK.
yeah isn't it in... you know... Ireland?
There is the Republic of Ireland, not in UK, and Northern Ireland, in UK.
And Apple's "haven" is in Republic of Ireland, so no, not UK.
(comment deleted)
fyi, if you see Ireland or Irish mentioned it nearly always refers to the Republic of Ireland.
Oh American education system please never change
I’ve met a few fellow brits who don’t know the difference.
Apologies for any offense given. Total brain fart moment. If I could delete this comment I would
Ireland is in EU. UK is not in EU anymore
I think this is the most solid answer I’ve seen so far that makes any sense. Could they still go through with it , I’m not sure, they want to project some influence but I still feel this is like haggling for half price to get cost.

Someone else here said something spot on for me, we’re all focusing on how bat sh*t this is because it’s global without even considering how human privacy obligations are just ignored.

Humans have a right to privacy, feels unbelievably pretentious and privileged to even say that. But it’s still true

Imagine weighing the right of privacy of everyone in the world against the right of safety of 0.8% of the world population.
I think it’s a cultural issue. The British have an inflated sense of national self worth as a result of being the world’s largest power during the British empire. While this has not been the case for some time now (since Suez in 1948? Longer?) the people still carry the memory and national myth of great importance. This is likely what drives a sense of entitlement that British demands should bypass the laws of every other country in the world and give them unfettered access to everyone’s data. Think about that, literally everyone who has an Apple device!

Frankly, the arrogance is appalling.

> When asked by The Post whether any government had requested a backdoor, Google spokesman Ed Fernandez did not provide a direct answer but suggested none exist: "Google cannot access Android end-to-end encrypted backup data, even with a legal order," he stated.

No, that does not suggest none exists, it only says they don’t have access to it. They could have chosen or have been ordered to give the keys to the government agency but not keep one themselves. I’m not saying that’s likely, just that it’s important to not take these statements as saying more than they do. They wouldn’t hesitate to use “technically correct” as a defence and you have to take that into account.

But if they could give a key to the government agency, it wouldn't be end-to-end encrypted, right? Or are you thinking they would have a copy of users' keys that they gave out? (Which I guess is technically possible.)
They could also cripple user key-generation. E.g. they choose random primes from a known subset. It would make communication crackable while also being difficult to detect.
It would be no different from how multiple devices and users access the same content (chat, shared data, etc.). The government’s keys would always be included in set which encrypts the real key. They don’t need the users’ key, Apple doesn’t need their private keys. So technically still end to end encrypted, just with a hidden party involved. Users have no way of knowing this doesn’t already happen.

And when their key leaks, it’s as good as no encryption, but still end-to-end encrypted.

(comment deleted)
If the other end is the government, then it's kinda valid? =)
You can not use a DH key exchange, and create the symmetric key by some procedure that is predictable, or encode the symmetric key with the government's public key and send it to them.

It doesn't stop being end-to-end when you add another end. We often do group chats that way.

Or you can create a side-channel and send al the data there. That would stop it from being end-to-end.

Before people immediately think the worst of Google or other corporate representatives, be aware that people working in these companies need to weight their words carefully. From The Verge's article on the issue:

The UK has reportedly served Apple a document called a technical capability notice. It’s a criminal offense to even reveal that the government has made a demand. Similarly, if Apple did cede to the UK’s demands then it apparently would not be allowed to warn users that its encrypted service is no longer fully secure.

How does this work wrt false advertising laws? If I relied upon their end to end encryption and it turns out to be false advertising because there's a secret backdoor, who do I sue?
no one, you'll be in secret prison before you somehow gain standing
If the back door was used the a three letter agency sure.

If the backdoor was exploited by a criminal though?

so in this hypothetical, some blackhat is able to download data in mass from apple servers? And you're worried that the only thing stopping that, or creating a duty to protect the data is encryption?
Which is exactly why I’m making this point. If no government had requested a backdoor, they could’ve simply answered “no”. When you have to weight your words, it means you’re not at liberty to say whatever you want. That is itself a signal, and why warrant canaries are a thing.

https://en.wikipedia.org/wiki/Warrant_canary

You're right to point out how carefully worded these statements are. But I suspect it's rare for companies of Google's status to not have been asked for a backdoor. It's not really an informative question to ask Google.
Can you elaborate on why you say it is not informative?
My guess is Google, Microsoft, Signal, Apple, Cloudfare, etc etc etc have all been asked if they could make backdoors. I expect they have all been asked. It's not the same as asking if they have made a backdoor.

So I think a journalist asking an organization like Google if they've been asked isn't really informative, because they almost certainly have been.

I'm not sure how it's relevant other than to say an answer from Google's response might seem oblique, but they're also being asked obliquely and that colors how you might interpret their response.

Presumably because the answer is "of course yes".
Of course they were asked. That doesn’t matter, my point is the author is assuming more from the reply than what was said.

It’s like if you conspired with your brother to steal from the cookie jar. He stole the cookies while you distracted your parents. Later on your mother reports to your father:

> When asked whether they stole from the cookie jar, derbOac did not provide a direct answer but suggested they didn’t didn’t know who did it: "I did not see anyone removing cookies from the jar," they stated.

Your statement is factually correct, but it doesn’t say what your mother concluded.

That concept has always sounded like tech people trying to hack the law without the proper real-world legal knowledge, IMO.

Bruce Schneier wrote in a blog post that "[p]ersonally, I have never believed [warrant canaries] would work. It relies on the fact that a prohibition against speaking doesn't prevent someone from not speaking. But courts generally aren't impressed by this sort of thing, and I can easily imagine a secret warrant that includes a prohibition against triggering the warrant canary.

Lots of similar discussion on HN already, e.g. in https://news.ycombinator.com/item?id=5871541.

Simply answering "no" when that's the truth could be illegal too. The ability to say no creates the ability to say yes as well. If I ask Apple whether they got an order and they say "no", then a year later they say "we cannot confirm nor deny", well then that's a yes.

Kinda depends on judicial interpretations of free speech, but that's how warrant canaries work. Are warrant canaries legal in the UK? They seem to be in the US but idk how well established that is.

But they can still notify the public, through those canary statements. (I forgot the name commonly used).

For example (a simplistic one), you can have a statement like "we do not have any backdoors in our software" added to your legal documents (TOS, etc). But once a backdoor is added, you are compelled by your lawyers to remove that statement. So you aren't disclosing that you have added a backdoor. You're just updating your legal documents to make accurate claims.

(comment deleted)
Such actions, even just the act of deleting text, conveys a message you were ordered to not convey and the government is not likely to take too kindly to that.
That is a fraudulent TOS if you're lying to the customer though
Not exactly the same but I've had a discussion around a similar topic with a Canadian immigration lawyer. We were put in contact by a mutual friend and the lawyer was looking for an email provider that was hosted in Canada and didn't rely on any US-based services (e.g. spam filtering). I asked him about the requirement and he pointed out that it was legally impossible for him to simultaneously comply with the USA PATRIOT Act and Canadian data protection/privacy laws. The US Gov't could compel his email provider to disclose solicitor-client privileged data with a gag order, and by not telling his client he would be breaking Canadian law.

By putting statements like what you're proposing in your TOS or marketing material you are potentially setting yourself up for a situation where it's now impossible to comply with all applicable laws. As others have mentioned, Australia passed legislation preventing you from disclosing the existence or non-existence of specific legal documents; they're at least warning you up front that the canary itself is illegal. The solution is to not make marketing statements that would become fraudulent in a situation where you can't legally retract them, unfortunately.

Edit: since lawyers are mentioned here... if the lawyer who is telling you that you need to remove the line from the TOS is the same lawyer who told you it was ok to put the line in the TOS... you should probably find a new lawyer because they didn't think through the consequences of approving it in the first place.

> if Apple did cede to the UK’s demands then it apparently would not be allowed to warn users that its encrypted service is no longer fully secure.

One would think this runs afoul of other laws though, truth in advertising and similar.

Its such a legal minefield, and the UKs request borders on violating the sovereignty of other nations I can't see Apple complying, but maybe that's hopium talking.

if google were to transfer the keys elsewhere, they would have (temporary) custody of the keys, granting them access, and invalidating the statement.
My layman’s understanding is that a user’s private key is used to decrypt a random key, which is then used to protect data. Shared files then only require adding key access to that small secret by someone who knows the original key. If one of the original public keys is always one held by authorities, Google never needs to have custody of the private key and can’t access the data themselves making the statement true, but misleading.
> they would have (temporary) custody of the keys

No, they would have had custody of the keys. Meaning it would still be true they cannot (now) access the data.

(comment deleted)
> No, that does not suggest none exists, it only says they don’t have access to it. They could have chosen or have been ordered to give the keys to the government agency but not keep one themselves.

The whole definition of "end-to-end encrypted" is that only the two ends have the keys. If anyone or anything other than the two ends (the one sending and the one receiving) has access to the keys, it's not end-to-end encrypted.

(comment deleted)
Whatsapp has had end-to-end encryption since 2016. But it only added encryption to cloud backups in 2021. They didn't share any key material with Google, just backed up the messages and media without any encryption to begin with.
Yes exactly. Google is very careful to say that "Google cannot access Android end-to-end encrypted backup data" and notice it doesn't say that all Android backups are end-to-end encrypted. For what we know, Google could have decided to use non-end-to-end backups in the UK and end-to-end backups everywhere else.
I think that's the implication, not the definition. Data remains encrypted even when a third party gets access a key.
This is so disheartening. I thought we were making progress in the anti-surveillance privacy narrative, but this says otherwise. As a UK citizen, is there anything I can do to dissuade this?

edit: typo

> I thought we were making progress in the anti-surveillance privacy na[rra]tive

What lead to to believe that? The Conservatives and Conservative-Continuity governments both agree that our data simply must be in the hands of the police, DEFRA, and your local council.

RIPA will never be repealed and only strengthened.

I don't disagree with your analysis but i wouldn't be so fatalistic. This stuff _isn't_ inevitable and i think it's possible to win people over to our side. Things can change for the better, but they won't unless people who care don't give up
Ahh, I used to have that opinion, but I've encountered too many "It's fine if they want it, I've got nothing to hide" people. (They never give you their Facebook password if you ask, though. Funny, that.)

Change what you can, I say, VPN on the network device.

focus on the John Oliver dick pic argument.

https://www.wired.com/2015/04/john-oliver-edward-snowden-dic...

> When Oliver shows Snowden evidence that all typical Americans care about is whether the government can see our "dick pics," he encourages Snowden to go through a list of every government surveillance program and explain its capabilities in terms of access to "dick pics."

Yeah totally see your point, i'm just not ready to give up yet
> As a UK citizen, is there anything I can do to dissuade this?

If you voted for this Tory-lite government, then you can stop voting for any future Tory-lite governments. If you did not, there's not much you can do in practice without devoting your life to it.

Coupd protest on weekends and holidays as a hobby, bring a Bluetooth speaker and blast the kinks.
Well, in the UK just planning a non-violent protest can get you 5 years in prison as many people have already discovered. Protesting has been pretty much made illegal by a very broad legislation that defines any protest that causes "disruption" as illegal - what "disruption" means is up to interpretation of course.
Which just means you need a large group to protest. They can arrest 10,000 people no problem, but get several million together and you have an army. Best is to get some of the actually army/police with you so that when (not if!) they try to get violent you can make it clear this is a revolution they won't win.

I hope it never reaches the above level, but always remember that remains an option.

Yeah but to get a million people together you need to plan for it first, and that's where they get you :P It's honestly shocking the state of things in the UK in that regard. I'm surprised there isn't more outrage around it, even the people I know who used to say they hate the Just Stop Oil protesters expressed shock that they've been given 5 years for just talking about a protest, not actually doing it.
I don't support the legislation you're referring to, but I think you're painting an exaggerated picture (unfortunately a common theme of these threads on HN about the UK). You can easily find examples of recent protests in London: https://news.google.com/search?q=protests%20london&hl=en-GB&...
Note how I didn't say that protests don't happen in the UK. They obviously do. But the problem is that now that effectively every protest has been made illegal due to the fluid definition of what "disruptive" means, the enforcement is arbitrary. Just stop oil protesters? Thrown in jail. Protesting in front of the Chinese embassy? Carry on. That's the problem with the broad legislation in the UK - government wants to have the power to spy on everyone, but obviously it doesn't mean everyone will be spied on. Just people who do something the government doesn't like.
I understand. However, I think your original post was very much open to being misinterpreted by people who don’t live in the UK or follow UK news. It’s obvious to us that protests still happen in the UK. But many people here only read negative news stories about the UK and would just assume from your post that protest in general was now effectively banned.

Weren’t the few JSO protestors who were jailed convicted of doing things that would be objectively illegal in more or less any country? Where are the countries that allow me to deface priceless works of art or block public highways without any legal consequences? I am not saying that these are necessarily illegitimate forms of protest, but they come under the heading of ‘civil disobedience’. The whole point of civil disobedience is that you get punished and thereby draw attention to your cause. Even in the US you can easily be jailed for protests involving blockading or trespassing: https://www.bbc.com/news/world-us-canada-69003240.amp, https://www.vpm.org/news/2024-06-24/gaza-protest-interstate-...

It may well be that the new legislation is overly broad, but I don’t think the JSO protests are a great example of this.

Yeah know, at some point a historical review would suggest that the constant stream of labour led initiatives to end privacy might indicate that the problem is not just the tories.
But the Tories are not in power. Can't labour just repeal it?
Labour have no problem with it, just the same as the Online Safety Act which is causing chaos right now. They're fine with the legislation and have never expressed a desire to see it repealed. They didn't even do much to prevent it in the first place.

This is what the parent comment is getting at when they say "Tory-lite".

What they're not getting at is that this isn't particularly a Tory thing.
"Tory-lite" is a pejorative for Labour, the implication being that they are almost identical in behaviour.

(I very much agree with the sentiment...)

Labour caused it. Why would they repeal what they want?
Which party do you think passed the "Tell us your password or go to prison law" to begin with?

(Hint: It certainly isn't Tory.)

It's also one of the reasons why I will never vote Labour as long as I live.

Are there any parties in UK that are anti-surveillance and have ever had even one seat?
My sweet summer child. It's a false dichotomy, like most of these types of issues, it has actual bipartisan support.

Same thing happens in many other countries no matter how strongly HN users want to tell you A is literally hitler and B is great.

Are you still under the impression that different political parties will actually do diffrent things? It even sounds like you think Labor are 'good' and the Tories are 'bad'. I think you may change this opinion after the next 4 years.
Wait. The Tories aren’t in power yet you want to attribute this to “Tory-lite?” It’s the Labour Party that is in charge, so why not put the blame on the actual perpetrators? Is it because you don’t want Labour getting blamed? I am confused. The Labour Party is the one jailing people for speech, so it follows that they would want backdoors into iCloud so they can better investigate ThoughtCrime.

The director of public prosecutions of England and Wales, Stephen Parkinson (appointed by the Labour Attorney General), warned against "publishing or distributing material which is insulting or abusive which is intended to or likely to start racial hatred. So, if you retweet that, then you’re republishing that and then potentially you're committing that offense [incitement to racial hatred]."

He added further, "We do have dedicated police officers who are scouring social media. Their job is to look for this material, and then follow up with identification, arrests, and so forth."

This isn’t “Tory-lite,” this is Labour.

Sources: https://freespeechunion.org/labours-war-on-free-speech/

https://x.com/skynews/status/1821178852397477984?s=46

Parent seems to be attempting to discredit, not protect, Labour by calling them "Tory-lite".
I'm very surprised that I got as many as three replies by people who interpred my comment this way! You got it right indeed.

I'm a bit confused though, surely if I call someone "Hitler-lite" this couldn't possibly be inteprered as something positive, haha. Maybe it's just tribalist reflexes, or maybe I did word things strangely.

This stuff started from the Online Safety Act 2023 passed under Rishi Sunak's Tory government.

For some reason Americans, including Musk, go all partisan and feel the need to blame speech restriction on the lefty party but it's not what happened.

No, it started with the Regulation of Investigatory Powers Act 2000 (RIPA), passed under Tony Blair's Labour government.

I'll skip the same extreme partisan rant, but replacing Musk with Soros or whoever.

(comment deleted)
Which party, with a realistic chance of being first past the post, could you vote for that wouldn't bring this in?

This is Hobson's choice as far as I can see.

I don't think there's anyone you could currently vote for that wouldn't do this.

You know the answer, of course with FPTP there's only two parties with a realistic chance. But why do they? Because you keep voting on them. Your votes made e.g. Corbyn lose but Starmer win. What signal does this give off? A very different signal than if both would've lost. Would another Tory government would have been even worse? In the short term, maybe. But this kind of short-termism is what has got Labour (and all of the other similar parties all over Europe) in this exact predicament. Better to make them lose for picking an awful candidate that's a Tory-lite and bite the bullet. It's not like the Tories would have kept winning for decades on end with the way things were going.
I’m sorry but Corbyn was a terrible choice as Labour leader, and I vote Labour in that election!

He was unelectable for a variety of reasons.

Here’s three:

Wanting to pull out of NATO and instead appease Putin.

Lying about being forced to sit on the floor of what was later shown to be an empty train.

Basically doing nothing during the Brexit fiasco.

He was just gaff after gaff.

> If you voted for this Tory-lite government

If you agree that Brexit happened under the Tories and not Labour, then we can also agree that THIS order is happening under the newly elected "Labour Party" and not the "Tories", or so-called "Tory-lite" names.

It's completely pointless trying to remove accountability of this government's illogical actions and then to immediately resort to blaming the previous government for bad decisions like this one.

Just admit that this is under the Labour government.

Huh? You completely misunderstood what I meant by that moniker. In no way at all does it absolve them of blame - quite the opposite, it's calling them nearly as bad, so close that the difference doesn't really matter.
The government is a reflection of the people. It might not be perfect, but if 80% of the country didn’t want this type of surveillance we wouldn’t see any government pushing it.

You have to change the view of the country as a whole, and for generations the U.K. has been a country of curtain twitchers.

In my mind, the only way to beat these efforts for good is to win hearts and minds of the larger public. Currently because only weirdos like us care about this stuff, we have to constantly be on top of these things and writing letters making posts etc.

Overall i agree with you, it is really disheartening. That being said, i've made progress with my family on valuing privacy and the dangers of surveillance. I think people might be changing their minds slowly but still lots of work to do.

A breakthrough with my sisters was when abortion was threatened here in the states. Mentioned to them that it would be easy for authorities to enforce abortion punishments by subpoenaing data from menstruation cycle tracker apps. This kind of "clicked" for them and they became more open to the other parts (not given ratukan or whatever their purchase history, etc. etc.)

Thought experiment: let’s say that Trump said that he thinks Apple is helping hide illegal immigrants because they are communicating with each other over channels that ICE can’t decrypt, how much pressure do you think he could put on legislatures to pass a law here?

Now let’s say that some Republican Senators and Representatives were ethically opposed to but then threatened to be primaried and President Musk said he would throw all of his money behind a potential opponent, how long do you think it would take a law to be passed?

Even without a law, we already see that Cook will willingly bend a knee to Trump as will Google.

Right now in my home state the governor was trying to get a law passed banning Western Union from allowing illegal immigrants from sending money overseas.

I'm not sure what the hypothesis is in your experiment, i agree that all that stuff is really bad
That all it takes is the co-presidents to say that by giving up your freedom we can get rid of those “evil illegal immigrants” and enough people will give up their rights.
Well, your example doesn't even mention common people.

And the only implication that they exist is about them seeing publicity campaigns of senators.

> legislatures

He will just do an executive order. He is an authoritarian, basically a king. "But but but it's illegal". The system can't keep up with speed he is dismantling it.

> I thought we were making progress in the anti-surveillance privacy narrative, but this says otherwise.

I think we are perhaps the lowest point ever in terms of anti-surveillance efforts. There seems to be bipartisan effort among many (most?) western governments that the government should have unfettered access to all data, regardless of any reasonable expectation of privacy.

Encryption seems barely tolerated these days. Governments are insisting on backdoors, they are making it illegal in some cases for companies to even discuss what is going on or that monitoring is happening.

We barely know what is going on with the programs and efforts that get leaked to the media, much less the programs that operate in total secret.

Let's start supporting parties that have principles.

And stop making excuses for parties that don't (i.e. Labour, Lib Dems and Conservatives).

At the moment, the UK public (and media) considers it a sport to disparage and smear parties like Reform, whose leaders want to shrink the power and over-reach of the state.

We are so concerned with appearing virtuous and internationally generous, we cannot be seen to align with a party that wants to put UK citizens first (border security? deporting dangerous criminals back to their home nation? gasp, how could we be so ghastly!)

This self-defeating attitude needs to change if we want a better future for our children.

> Let's start supporting parties that have principles.

The problem is that there are none.

The correct assessment of all these political parties is that by default, they all cannot be trusted. Especially both labour and the conservatives.

> This self-defeating attitude needs to change if we want a better future for our children.

Yes. The second problem is that the United Kingdom is incapable to changing itself historically and is fundamentally destined to never be open to change.

Probably helps if the next time they try to remove the rights of large segments of the populace based on medical choices, lock people down, track them and propose vaccine passports, that you realize where everything is headed and oppose it vocally.

It's always through the appearance of good intentions and a public that pushes for whatever narrative they're fed that they normalize this.

People love and want more of this, not less.

vote for people who are anti surveillance.
so right wing?
no idea, UK is not important enough to follow their politics. vote for whoever supports privacy.
From the macrumors thread:

> So much for personal liberties. I'd like to give Labour the benefit of the doubt and assume this is a holdover from the last government knowing how fast the civil service actually works but given the Tory 3.0 plan they are going with I wouldn't put it passed them.

>We didn't vote for this.

You very much did vote for this, you voted for Labour under Keir Starmer and he did not particularly hide his being tory-lite. If one is surprised by this they must not have paid any attention before voting.

Have people forgotten the authoritarian tendencies of the 1997–2010 Labour governments? This is nothing new.
quite why Labour deserve the benefit of the doubt on anything authoritarian I don't know

Labour was behind:

    - forced key disclosure (Regulation of Investigatory Powers Act 2000), still in force
    - 72 day detention without charge (Terrorism Act 2006), defeated before it became an Act
    - national identity register and mandatory id cards (Identity Cards Act 2006), ripped up by the next Tory government
    - various attempts at removal of ancient right to trial by jury (partially successful)
they are as bad, if not worse than the tories
Didn't they abolish double jeopardy and introduce secret trials as well?
yes, more Jack Straw specials
Labour are social democrats, not classical liberals…
Yeah yeah vote for the other clowns next time, they'll definitely roll back these totalitarian policies :)
Its crazy how people still think one political party will be 'better' than another! I guess they must be young. After you have seen 10 or so government terms play out you soon learn.
Question: Would it be technically feasible to make an Apple app which encrypts/decrypts the files used in iCloud and is able to use iCloud itself?

As a solution to never have unencrypted files in iCloud.

That's only possible for the files owned by the app. Apps have no access to other unrelated apps' iCloud data.
My gf doesn't have iCloud. She makes a backup from time to time by connecting her iphone to her macbook, encrypts the backup folder with 7z, and then I store the resulting file in my dropbox.

I follow the same procedure with my Android phone, no google cloud.

BTW anything I upload to Dropbox is encrypted first.

In case you don't already know, if you don't encrypt an iPhone backup with macOS first the backup won't contain _all_ of your data.

Apple says "Encrypted backups can include information that unencrypted backups don't" however the list they give is non-exhaustive. You might find yourself disappointed when trying to restore a non-encrypted backup that you've encrypted yourself in a disaster scenario.

Thanks, will tell her to encrypt twice. Anyway, there is no critical info there, mainly photos.
Surely you can just open the archive and check whats in the backup yourself to satisfy that?
If it was that easy I wouldn't have bothered replying. Why don't you check in the backup and get back to me.
Because I dont own anything Apple, nor anything that doesnt give me full control over my stuff.

I assume that instead of educating me on how the backups are in a user unreadable format, you chose to make a snide remark and leave me to guess the truth.

Why would anyone trust a backup they cannot read themselves in an emergency?

Why are you commenting if you don't own an Apple device apart from to give yourself an opportunity to preach?
Apple basically already has this built into macos - you can create an encrypted disk image and mount it to access the files. I'm not sure if it is possible to open these on ios.
iOS cannot mount .dmg files (at least, not without jailbreaking).
UK tech laws seem to consistently be the worst of both worlds. Not rights centric like the EU and not business supportive like the US.

Just old people making bad laws about stuff they don't understand - or are straight up citizen hostile, sometimes hard to tell which it is.

> Not rights centric like the EU

Sadly, the EU is trying very hard and very persistently to pass the Chat Control bill. So far the EU hasn't succeeded, but I would be surprised if EU politicians didn't keep trying until it is finally codified into law.

There's always competing interests, but I like to look at it as a glass half full. It's the focus on rights that has ensured it's still not passed.
The EU has one extremely corrupt legislative body, yes. But they are usually not a problem due to them not having any formal power.
Ignorant rather than old. Alan Turing was born more than 100 years ago.
I looked them up and they are not terribly old but did Ancient and Modern History at Oxford - the guy who did the law and philosophy, politics and economics at Oxford - Home Secretary. I doubt they are very up on tech.
It's pretty standard for the UK gov to take a "worst of both worlds" approach.
Successive UK governments consistently fail to understand the UK's place in the modern world. Insisting on access to encrypted data in all jurisdictions globally is just another example of them thinking small and acting big. Its the digital equivalent of sending a gunboat to put-down the troublesome "natives". Meanwhile its 2025, not 1925.

(disclosure: brit)

This was even warranted in 1925, more like 1875.
It would be like demanding a lock up in NYC open a locker in your name and seize all contents.
I'd like to think that we've reached the point now that there will be mass resistance to threats to privacy and freedom of speech in the UK, but Britons are such a docile, accepting, and pliant people when it comes to standing up to Big Brother.
Why now? I gave up on this at least 10 years ago. If you can't even get techy people to think about the ethical ramifications of encryption etc then it's a lost cause. What makes you think now it's different? They said it couldn't get much worse 10 years ago, as did they 20. Do you really think the UK population has a breaking point where they will suddenly understand privacy and why it's important?

The UK population generally wants to put their fingers in their ears and pretend everything is ok. Remember we're all descended from people who didn't go to the colonies to try to get a better life.

Why now? Well FWIW I also don't have much hope it will happen. But maybe the needle will be moved if Apple doesn't back down and it affects UK iPhone users.
What are you talking about? I'm a german and the surveillance here is crazy. The EU is pushing for more surveillance. I always love the left wing echo chambers like reddit/HN who pretend like the EU is some kind of utopia.
Given recent polling, we have to assume that what is MI5's today will be Reform's tomorrow. We have to ask what our government and judiciary are doing putting our privacy in the hands of the far-right.
I never understood this kinds of arguments... both sides want to read your private data, but it's bad if 'the other side' does it? It's your current MI5/government that wants access to apples data.
One side wants to purge large parts of the population and the other one doesn't. Yes, all parties can abuse data, but their policies do actually matter.
I think if you value privacy this isn't the right place to be making distinctions between parties. This only serves to alienate people and isn't the core argument.

I think it's more likely to get broad support when framed as us vs. them where "us" is normal working people regardless of political affiliation and "them" is our government elites trying to spy on us.

No, sorry, I've read too much history to buy into this line of reasoning. Authoritarians are a concrete threat to people's safety and they have a long history of abusing sensitive information about people to do so.
I think maybe we're talking past each other. I'm saying that when advocating for privacy, an effective framing (if winning privacy rights battles is the goal) is to make it "us" vs. "them" instead of some kind of party based push.

If it's associated too strongly with a specific party it alienates too many people to ever get mass support and become a fundamental value that "everyone" agrees on

I do see what you're trying to say. It's just that authoritarian supporters of privacy are a bit of an internal contradiction. Either they're fooled or are being disingenuous.

It's no good having people arguing for "privacy for me but not for thee", which is what it will boil down to. Ultimately authoritarians will use anything which gives them influence and control, with digital privacy violations being one of the easiest to rationalise (no violence, no physical theft).

So I don't see it as worthwhile trying to include such individuals in such a consensus. It's like trying to include foxes in a discussion about how we should best secure hen houses.

Yeah that makes sense, can't really disagree. i'm just always wary of othering large swaths of the population as beyond hope. I think so many powerful groups are invested in making us all hate eachother and in my experience we're all a lot more similar than we think
Yeah I do actually relate a lot to what you're saying. I should emphasise though that such individuals may still be worth reaching. I don't think most people stay lost causes indefinitely. But you have to break down the desire to support authoritarianism first before it makes sense to tackle digital privacy.

Unfortunately that just means there's a lot more sticky work untangling the kind of tribalistic politics we find ourselves in today.

100%. It's an uphill battle for sure
The other one isn't even voted in yet, hasn't done anything yet, and the current one already wants the data, that they shouldn't get.

The current ones are already abusing their power, and the other one might hypothetically do something, if and when and if at all.

This is like Alice making it legal and then punching you in the face and instead of you "punching back", you say "this is fine, but Bob is bad, because if he gets voted in, he'll punch harder".

Generally speaking it is worse if a party who is ideologically inclined to do something bad to you reads it, yes.
One is bad in principle and the other is also bad in practice. Both are very bad but the latter is more likely to move people to action.
My interpretation is that it is an argument against trust in authority in privacy discussions.

A: Privacy matters! B: Why should you care if you have nothing to hide? A: If you have nothing to hide, then give me the password to your Facebook. B: I don't trust you with that, but I trust my governments and relevant authorities.

The point is that B's faith in authority is flawed as the "powers that be" are an eternally shifting target. By agreeing to government surveillance, you place trust in every subsequent government, even the ones you would rather not.

Exactly this. What I'm talking about is just a specific instance of the generalised rule you've stated.
I always look at this from the other side...

Side A abuses (legal, governmental) power, and instead of "lynching" them for that, we turn the issue into "this will become bad only because of side B will do the same". To me it looks like someone supports side A, and wants to limit the "badness" of whatever they did, but still can't support the thing, so they find the way out by claiming that the other side will do something bad with that data, as if the collecting the data (chats,...) isn't bad enough by itself.

I understand your analogy with friends and facebook, and explaining that stuff to your grandma in this way would probably work... maybe even better if you used "your neighbor Sally works for the government, she could read your chats too, do you really want that?"... but on a technical "forum", it (to me) gives off very politically biased vibes.

For what it's worth I don't support this Labour government one iota. I fully admit to being extremely biased against the Reform party, much in the same way that I'm biased against standing in front of a fully loaded 16 wheeler moving at 60mph.
That shifting target can also shift immediately it doesnt need an election.
(comment deleted)
Does it matter who has access to the data? It’s the principal not the actor
If there were a way to magically ensure that only the good guys had access to the information, I'd be way less concerned about these measures. (There are only a few things that I care about being secret for the sake of secrecy, and I can easily keep those off of computers.)

Every encryption backdoor is a huge vulnerability. Even if we somehow ensure that the powers-that-be remain entirely trustworthy (something that, historically, we can't even manage for a century), they're not the only people who'll have access to the backdoor. It's not possible to make an encryption backdoor that only authorised parties can use: as they say, the laws of mathematics do not respect the laws of Australia.

It’s a Labour government, not a “far right” government.
I see from your history you may have knee jerked this one. I am referencing the far-right Reform party's current polling success and how this may be reflected in our government in the future.
Gross behavior. But not surprised. UK is a real surveillance state.

In my honest opinion, in this specific context UK should be treated with the same scrutiny we treat China.