1,129 comments

[ 8.4 ms ] story [ 426 ms ] thread
malicious compliance.

Providing access when ordered by a court is not as secure so we're removing all encryption?

End-to-end-encryption-except-when-the-UK-government-is-interested doesn't have the same ring to it, liable to damage the brand ....
FWIW people always put too much trust in E2EE where they didn't control either end. This was a loooong time coming.
It’s not really end to end in that sense. They don’t get the key, they just store opaque data for you.

The only way apple could get your data is to push code to your device to steal the key.

I think their point was that you don't control your device. If Apple did push code to your device to steal the key, how would you be able to tell?
People aren't going to use your self-hosted E2E tools on a wide scale. We've been down that road. Best to secure the systems people already use.
the whole point of ADP is that they cannot provide access
Yes, the parent commenter missed the part where Apple cannot see the encrypted content when ADP is used.
But Apple could say, you have 45 days to remove it or we will delete it, then you have to resync your data.
Why would they? What priorities are better served by that approach?
Why would they say to all new users, that they cannot have Advanced Data Protection, whereas older customers can?

Now you have a certain percentage of users with encrypted data, and a certain percentage of users that do not. The UK government will not like that. And now Apple has shown that it will not take a stand for privacy it might have to do it to comply.

Ah, you missed the part where Apple also said existing users will have to turn it off at an unspecified date.
No! That's not ... the comfy chair is it?
I'm not suggesting Apple should be able to see the content, I'm saying the Police should be able to, when they have a valid court order issued in accordance with the legislation.

For example, A 'Personal Recovery Key' could be recorded in a police database. To gain access to 'encrypted' data from Apple, a court order is needed, once they have the encrypted data, they can unencrypt it using the key only they hold.

There's lots of ways to skin a cat.

Leaving aside the fact that RIPA was drafted by deranged lunatics and deserves zero compliance from anyone, who the hell would you trust to run this database?
> A 'Personal Recovery Key' could be recorded in a police database.

That's about as secure as not having ADP at all, or worse. If that police database gets compromised, not only my data is accessible to the attackers, but I will be none the wiser about it.

An attacker would have to both compromise the police database AND Apple to retrieve the data.

The Key could even be split, say 3 ways. Apple holds 1 piece, the police hold another, and the Courts hold the third, all three would be needed to decrypt the data.

This is too far in to the weeds though.

It is not beyond humanities ability to have a system as secure as ADP while still providing a mechanism to access terrorists phones for example.

We have a 5th amendment. You shouldn't have to do all the police work for them.
>Providing access when ordered by a court is not as secure so we're removing all encryption?

Providing a back door for one government reduces the security and privacy of the service worldwide.

This decision keeps the security and privacy for the rest of the world. Sucks for the UK that your politicians decided to go this route.

"If we can't provide this product legally, we're not going to provide it at all" ends up being the only reasonable position in situations like this.

At least this way doesn't compromise users in other countries.

As someone currently a citizen of the UK, what are my best emigration opportunities?
If you abhor surveillance, don't pick a Five-Eyes nation.
Don't forget the 14-Eyes, which includes most of Western Europe.
Depends on what you’re after * Australia * United States * Singapore * Dubai * Europe (Belgium/Switzerland/Netherlands)
If you're after freedom, you absolutely do not want Singapore or Dubai.
Australia is the worst of all
The United States has the strongest laws for freedom of speech. You can't get arrested and face years of criminal legal trials, ending in an £800 fine for making a joke with your dog in America. Police won't show up at your house for Facebook posts like they do in Aussiestan. American courts probably won't take your infant away from you and force a medical procedure on it like in Kiwistan just because you wanted to use your own blood donors for the operation.

It's been degrading in the US too. Xitter is not at all a free speech platform and that technocrat says whatever he has to for popularity until he can chip your brain. Cutting a few million in wasteful government spending doesn't make up for how he loves China and deeply desires their level of autocracy.

America's laws have somehow held in-spite of presidents that seek to crush it (yes, both of them, both sides. They're the same. Stop believing the headlines and read the damn articles). Although defamation law has been weaponized to neuter some forms of speech and reporting.

There is an internal push by the CIA in America to further destabilize it and cause radical elements in the fake-left and fake-right to call for more authoritarianism. It's not a great nation, but sadly it is the last bastion of true liberty .. and it's eroding every day from every side.

In 20 years there might not be anywhere to flee to. Fight for your country. They can't put every British person in prison if everyone decided to tell the truth.

this is not a free speech issue, it's about key escrow

and the US invented technical crypto backdoors

https://en.wikipedia.org/wiki/Clipper_chip

I guess you're right there, but they don't have free speech at all in the UK, so this is a step even further into the new era of technocratic authoritarianism. It's about free speech AND illegal warrant-less searches.
> American courts probably won't take your infant away from you and force a medical procedure on it like in Kiwistan just because you wanted to use your own blood donors for the operation.

Whenever someone writes "just" in a case like this I can tell there's a complicated, ugly legal case that's being grossly misrepresented, and quite possibly one where no responsible journalist is reporting because of child privacy issues/laws.

The problem with both British and American surveillance state authoritarianism is it's hugely popular with the public when used against the ""wrong"" people. You might have "free speech" (subject to qualifications such as Comstock and their modern day equivalents) but you're much, much less likely to be shot and killed by the police - or a random stranger - in the UK.

> Whenever someone writes "just" in a case like this I can tell there's a complicated, ugly legal case that's being grossly misrepresented, and quite possibly one where no responsible journalist is reporting because of child privacy issues/laws.

No. No. No. It's really not. The parents were fully willing to give the infant surgery. They wanted their own blood donors. You can watch the video of the police taking the baby from the parents. It's horrific. It's authoritarian. There is zero justification at all. You didn't even look it up did you, because if you had bothered, you know what the "controversial" part is. You didn't mention it. I won't mention it here, because it's verboten on HN to criticism certain global events.

Australia is even more everyone-is-a-cop than the UK, and is doing this exact same shit for the exact same reason.
Of the whole list, if the Investigatory Powers Act is what you didn't like, I'd pick Switzerland first, then Belgium/Netherlands.

Of course, that assumes you're fluent in the local languages. Hoe goed spreekt u Nederlands?

I made a jump to Germany in 2018, and, thanks to learning a new language, have had a front-row seat to how flat the real Dunning Kruger effect really is: https://en.wikipedia.org/wiki/File:Dunning–Kruger_Effect2.sv...

Dubai, even as an international hub where you may be able to get by with English — لا تضيع وقتك باستخدام دولينجو لتعلم اللغة العربية، لقد حاولت خلال الوباء وما زلت لا أعرف الأبجدية — is much more authoritarian than the UK. Similar for Singapore.

If you're monolingual, and privacy is your concern, then the US is an improvement over Australia.

But also consider Canada and Ireland.

Ireland isn't in Five Eyes, Canada is, but also Canada is slightly further away from the madness of Trump etc. than any company still inside the USA.

I'm not even sure what's going to happen with the US federal government given that DOGE cannot meet its stated goals even by deleting all discretionary-budget federal agencies like the NSA, CIA, FBI, all branches of the armed forces, etc. but on the other hand the private sector is busy doing a huge volume of spying anyway in the name of selling adverts… chaos is impossible to predict, and you should want to predict things at least a few years out if you're going to the trouble of relocating.

>Ireland isn't in Five Eyes,

That's true, and I suspect Ireland does not do as much surveillance as many other countries, but if I recall correctly, it does have a passphrase-or-prison law like the UK. I also get the sense that in a number of cases, it tends to view its laws as suggestions, for example, with the autism dossiers scandal [1], and in some sense, gets away with it in the way that a small country can. To me, it feels like a country where you don't need to worry about organized, systemic surveillance abuses, but do need to worry about departments or even individual employees who decide that they just don't like you.

[1]: https://en.m.wikipedia.org/wiki/Department_of_Health_autism_...

> then Belgium/Netherlands

Belgium's EU presidency was pushing for Chat Control (on-device scanning of all your messages). Hungary took over and was pushing for the same. Poland took over and is proposing changes. Denmark has been in favor of the original proposal and is taking over in July 2025.

Wasn't this in line with JD Vance's European Eulogy last week, that we shouldn't be using 1984 as a playbook?
1984 could only ever have been written by an Englishman
Ireland might be easy option.

UK citizens do not need a visa or residency permit to live and work in Ireland due to the Common Travel Area (CTA) agreement

If you value personal freedoms, you should go to East Europe. The more to the east, the better. Snowden went to Russia.
> Snowden went to Russia.

He was stuck in an airport when his passport got cancelled. It's not really a free choice if you can't go anywhere else, and planes suspected of carrying you get forced to land, even if by virtue of being denied airspace access until they run out of fuel.

https://en.wikipedia.org/wiki/Evo_Morales_grounding_incident

freedom to _what_? Corruption is high, media is pretty restricted under Orban, and it doesn't look all that great for freely expressing your identity either. Whether Poland will follow their direction or manage to turn around is still up in the air.

You're only more "free" there if you have the money to bribe officials.

Snowden didn’t go to Russia because of the government there “valuing personal freedoms,” he went there bevause it is one of the very few major countries that absolutely will not cooperate with any extradition requests from western countries.

If you are thinking of going to east europe (and especially Russia) in search of personal freedoms, I got a bridge to sell you (for context, I grew up in Russia). The only “freedom” some of those countries might provide is the freedom from the long reach of the hands of western governments (and even that is a “maybe”, as Andrew Tate has been discovering recently).

Kremlin has full access to every service operating in Russia. If a service is banned in Russia, that's a service you should use. If it's not banned, it already has a backdoor.
You do realise that the UK government is, and always has been, notorious for surveillance. They haven't changed since before WW2 and probably never will, even if Apple suddenly decides to play hardball with them.

And to be very, very honest, if you look across the Five Eyes nations, I don't think this is much different from what other countries deal with when it comes to access to data. You had PRISM, the trick of asking other countries for access to their own citizens data to avoid scrutiny, and Apple delaying the implementation of E2E in the US after federal agencies got pissed about it. The list goes on for a long time. At least in the UK, the government is so detached from commoners hurt feelings that they ask for what they want explicitly, with no fear of political consequences.

The fact that it's always sucked is precisely why I want to leave.
Not gonna lie, I expected Apple to just kind of roll over and take the blow on this one. Interesting.
If any of the tech firms would resist, it would be Apple.

I wasn't sure which way they'd go.

While Apple especially under Tim Cook has done a lot questionable acquiescences under Cook for political expediences, they really didn’t have a choice here. It was the law.

Now going back on Twitter to get in the good graces of President Musk and bringing TikTok back to the AppStore even though it is clearly against the law is different.

> they really didn’t have a choice here

They did have a choice. They could have said they will just get out of UK. That would have resulted in enough political turmoil in UK that their government would roll back this stupid law. Apple chickened out.

Abandoning the UK market would hurt Apple more than it would hurt the UK. They are not a nation-state, Apple cannot wage diplomacy by threatening the government, they can only shoot their own foot off and say it was for the good of everyone.

It would also partially validate the EU's regulation if they abandoned the UK but stayed in Europe. Apple very much doesn't want to feed either side a line.

They could have started with not offering iCloud at all in UK. See how the blowback gets UK government to play ball and rollback the law.

It may have hurt Apple in the short term but helped in the long term.

Then instead of mandating a backdoor to cloud data, the UK would just mandate backdoor access to the devices themselves, again forcing Apple's hand to either comply or GTFO, if they want it bad enough.

We're losing the fight, and people are as apathetic as ever around privacy and security issues.

Besides, never trust E2EE where you don't control both ends, but everyone here should have already known that.

If the UK wants the law to change, that’s up to the citizens of the UK. These are the people they elected.

Don’t expect Apple to rescue the UK citizens to from their own choices.

So, Apple will just give in to whoever is in power? They were not this soft in the San Bernardino case when FBI asked them to unlock a phone.
The FBI doesn’t create laws. If Congress had passed a law then you would have a good analogy.

Yes Apple follows the laws of every country it operates in just like any other company.

There is an easy way to avoid having to follow laws of a country. Don't operate in that country.
If you don't want to be sued by activist investors, you need a good reason for that, and to be able to tell those investors what else you tried first before escalating that far if you eventually do pull out of a market.
Apple absolutely does not follow the laws of every country it operates in, else TikTok wouldn't be back on the App Store.
If only I had thought about that, I might have mentioned it.

Oh wait

https://news.ycombinator.com/item?id=43128684

> Now going back on Twitter to get in the good graces of President Musk and bringing TikTok back to the AppStore even though it is clearly against the law is different.

Then why subsequently say that they follow the laws of every country they operate in? They don't, so whether the FBI makes the laws is not relevant.
The UK made the law years ago and someone in authority said they were going to start enforcing it.

In the case of TikTok, the law was passed a year ago and the executive branch said they wouldn’t enforce it.

> So, Apple will just give in to whoever is in power?

This is definitionally why a country is sovereign and a company isn't.

> They were not this soft in the San Bernardino case when FBI asked them to unlock a phone.

FBI has to follow the laws of the USA.

The UK writes the laws of the UK, which Apple (if they want to operate in the UK) has to follow.

They did. They've giving the UK Government a backdoor to all UK users.

Apple lost here.

Technically, they are leaving the front door open to all interested parties
But Apple is not giving the UK Government anything they didn't already have. Now iCloud encryption will function in the UK just as it has for years (decades?) before the inception of ADP.
They heavily compete on "privacy" and "security", so I wouldn't expect them to. Additionally, once you start rolling with one government, every one wants you to do something for them while offering you no additional money for the work and weakening of your project.
Really disappointed that our government decided to take such a stance.

What are people using when self-hosting services in the scope of iCloud nowadays? Nextcloud seems the closest comparable service.

If you own an iPhone then nothing can come close to the feature set of iCloud. Apple just have it on lockdown and dont expose the functionality that would be needed for a competitor to take advantage of this.

A great time for all people to jump to android IMO and experience the freedom of choice it gives you.

I wonder, what are the alternatives now?

Tresorit? Self-hosted Nextcloud?

There is no alternative really as only iCloud can back-up your settings, saved networks, and apps data.

Other apps like Nextcloud, can only backup documents (those not in apps) and pictures, because there's an API for this.

iTunes backup is an option, but it's not automatic and convenient.

It encrypts your entire phone backups as well
Is that true? Only iCloud can back up an iPhone? They dont provide any way to even extract an encrypted archive so you can keep it safe for yourself?

I get more and more amazed at Apples lock in tactics. This is why I own nothing Apple, and have complete control over everything in my digital world.

No, you can use iTunes to make a local backup too. It was a thing long before iCloud.
Fair enough, however iTunes is also Apple software no?

So your choice is use Apple software to make your backups, or....?

well, yeah, iphones could be bit more open, and I wish they were. But there's no real way for UK to force Apple into adding backdoors into that.
Interacting with any device running iOS requires Apple software (or reverse engineered hacks) for many features.

However, in this case, the point is that you can use Apple software to make a local backup (and you can enforce the "local" part by doing so offline), and then use whatever you want to encrypt and stash away the resulting files.

iTunes backup is perfectly reasonable alternative to iCloud that retains e2ee, I don't know why they were dissing it. It can back up everything that iCloud can and it's automatic, you just plug your phone in, no lock in tactics.
It’s really not that complicated and none of those options can serve as an adequate backup for iOS devices including app data and meta data.

Just back up your phone to your computer via iTunes (Windows) or the built in facility on Macs

(comment deleted)
As a citizen, I don’t understand what the UK government thinks they are getting here - other than the possibility of leaks of the nation’s most sensitive data.

Also is it not possible to set up my Apple account outside of the UK while living here?

You need a valid payment method from that country and then cancel all current subscriptions and change to that new country/region.
btw, anyone know if this cancels Apple+ Support too? I’ve been resisting switching countries because I don’t want to lose that subscription since you can only subscribe within 60 days of device purchase.
You’ll probably want a method of downloading apps tied to the UK app store though - particularly banking apps.
> other than the possibility of leaks of the nation’s most sensitive data

Amusing when you consider the National Cyber Security Centre (NCSC, a part of GCHQ), along with the Information Commissioners Office, both publish guidance recommending, and describing how to use, encryption to protect personal and sensitive data.

Our government is almost schizophrenic in its attitude to encryption.

Correct me if I'm wrong here, and maybe this is too charged for HN, but looking over at you guys from the US:

The US has problems (don't get me wrong, look at our politics, enough said); but the UK seems to be speedrunning a collapse. The NHS having patients dying in hallways; Rotherham back in the popular mind; a bad economy even by EU standards; a massive talent exodus (as documented even on HN regarding hardware engineers); a military in the news for being too run down to even help Ukraine; and most relevant to this story - the government increasingly acting in every way like it is extremely paranoid of the citizens.

Any personal thoughts?

Yes - that is my impression as well as someone currently living in London. Literally ever single system that I have to interact with seems to be somewhere on the spectrum between barely functioning and complete disfunctionality, with almost very few exceptions that come to mind. By system in this context I mean every institution, service provider, company, business... everything. Couple that with low salaries across the board - including the "high paying tech jobs in London" with price increases that are out of control with no reason to believe this is ever going to stop you end up with a standard of living significantly lower than let's say for example the EU countries of Eastern Europe. Currently trying to figure out where to go next
Well Albanians apparently want to live in Norwich, leading to a bizarre anti-propaganda campaign with bleak black-and-white photography to convince them it's horrible.

https://www.bbc.com/news/articles/c99n0x4r17mo

Probably your money would go futher in Albania, and they've got a cool flag, but the devil's in the details.

I was referring to EU [European Union] countries. Albania is not in the EU so I am not sure what the point of your comment was besides trolling
It isn't? Huh, you're right, a lot of the Balkans aren't, I did not know that.

I don't think anywhere in the EU really describes itself as Eastern Europe, though. That's Ukraine, Belarus, Moldova. So really just Romania, sometimes.

Literally quite a significant number of EU countries describe themselves as Eastern European, what you said is factually wrong. At this point I am considering your replies as either trolling or interacting in bad faith.
Can't I just be incorrect?

For my education, which countries?

I'm an immigrant to the UK. I have lived here permanently for 21 successive years, though I was actually in and out of the UK for years before that. My current anecdotal feeling about the UK is at a pretty low point.

If it was an option, I would seriously look to emigrate again, but I honestly don't know where. The most appealing option for me is Australia, but my age works against me. I know everywhere has its issues, but I'm just so worn down by the horrible adversarial political system and gutter press in the UK right now. We seem unable to do anything of note recently. A train line connecting not very much of the UK has cost so much money, and in the end it hasn't even joined up the important part.

I don't know, life is good at a local level. I am privileged and live in a fantastically beautiful town, and life here is safe and friendly. If I ignored everything else for a while it would probably do me good.

Australia is hardly any better. E.g. it forces software engineers to try to sneak backdoors into the software they're working on.

Imagine hiring someone you didn't know had an Australian dual citizenship and two years later all your customers' data is leaked onto the net.

Australian law explicitly prohibits requests that have someone "implement or build a systemic weaknesses, or a systemic vulnerability, into a form of electronic protection" - including any request to "implement or build a new decryption capability", anything which would "render systematic methods of authentication or encryption less effective", anything aimed at one person but could "jeopardise the security or any information held by another person", anything which "creates a material risk that otherwise secure information can be accessed by an unauthorised third party".

This UK request as reported would not be legal in Australia.

Since 2018:

> Technical Capability Notices (TCNs): TCNs are orders that require a company to build new capabilities that assist law enforcement agencies in accessing encrypted data. The Attorney-General must approve a TCN by confirming it is reasonable, proportionate, practical, and technically feasible.

> It’s that final one that’s the real problem. The Australian government can force tech companies to build backdoors into their systems.

https://www.schneier.com/blog/archives/2024/09/australia-thr...

Yes. Since the 'Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018' which I was directly quoting from, and explicitly prohibits systemic backdoors.

That blog's own reference points this out:

> Regular use of encryption as electronic protection, such as online banking or shopping, is not of primary concern in the Act. To reinforce this, the Act includes safeguards between government and industry, such as restricting backdoors and decryption capabilities, preventing the creation of systemic weaknesses, and accessing communication without proper jurisdiction, warrants, or authorisations.

So I can only assume that the author is either too lazy to bother reading their own reference in full (let alone researching the topic of their blog), or is being knowingly dishonest.

Like most immigrants you were sold a lie. Enjoy.
Sorry? The UK has been an amazing place for me. It still is, when I focus locally, instead of being swept up by everything else.

Are you also an immigrant to the UK? I suggest you embrace it.

Seems like the US is trying to catch up, especially with the whole talent exodus thing and defunding of vital research funding.
There's a lethargy, but it's hardly speedrunning. Things will be the same or slightly worse in a decade. I'm not sure I can say the same for the US, it seems different this time.

> The NHS having patients dying in hallways

Sadly routine in winter. Nobody wants to spend the money to fix this. Well, the public want the money spent, but they do not want it raised in taxes.

> Rotherham back in the popular mind

The original events were between 1997 and 2013. The reason they're back in the mind is the newspapers want to keep them there to maintain islamophobia. Other incidents (more recently Glasgow grooming gangs) aren't used for that purpose.

> a bad economy even by EU standards

Average by EU standards. But stagnant, yes.

> the government increasingly acting in every way like it is extremely paranoid of the citizens.

They've been like this my entire life. Arguably it was a bit worse until the IRA ceasefire. Certainly the security services have been pushing anti-encryption for at least three decades.

Many people think like you. Western Europe in general has been destroyed by a certain ideology, and whoever can emigrate does emigrate.
I suppose they don't believe certain facts engineers are telling them. With Brexit it was coined "Project Fear". Now they're being told that adding backdoors to an encrypted service almost completely erodes trust in the encryption and, as in the case with Apple here, in the vendor. However, I suppose it is very hard to find objective facts to back this. I'd guess this is why Apple chose to both completely disable encryption and inform users about the cause.

Now we're probably just waiting for a law mandating encryption of cloud data. Let's see whether Apple will actually leave the UK market altogether or introduce a backdoor.

> Our government is almost schizophrenic in its attitude to encryption.

Of course: it's not a monolithic entity. It's a composite of different parts that have different goals an interests.

And yet if I steal your money and refuse to give it back, or let you steal it back, you'll call that hypocritical. What does the size of an entity have to do with whether this is idiotic or not?
You're not an entity, you're a person. Scale really does make a difference.
You're making the argument that the UK government will stop using encryption itself once the information about this becoming illegal makes it through the government.

It won't. The courts will refuse to force them to stop, and even if the courts attempt to force it, some government departments just won't listen, and be protected from the consequences.

This is another case of "the law applies to you, but not to me".

The law is that encrypted comms must be provided to the security services on request. This is not a problem for government agencies. It is not illegal per se.
I went digging a bit. No. You're wrong. You cannot substitute the law we're discussing with something else. If the law truly is that encrypted comms must be provided to the security services upon request, then Apple Encryption is not a problem. Security services simply should ask the owner of the icloud account ...

So that's NOT what the law says.

The law says that private sector entities cannot have effective encryption (so NOT government agencies). Why do I put it like that? Because it MUST be possible for the security services to get access to any data they can intercept in any way WITHOUT telling/alerting the participants. They must be able to ALTER those communications. Or to make it more practical: any software maker MUST be able to provide access to any data the security services physically intercept, encrypted hard drives, ssh capture ... anything. And no, there is no exception for open source software.

ANYONE who puts this in software is criminally liable, as well as any firm (director/...) of any firm that has software doing this:

    // we're done with the key for this session, erase the key
    key := 0
Obviously this means any government agency that runs a https website is violating this law. Publish an IOS app? Violation! (you're using encryption that is designed not to let anyone, including you yourself, alter the app on the wire). Publish an android app? Same. Publish a fucking rpm package on yum? (the signing code obviously violates this law). A fucking garbage collector violates this law. BUT ...

But there is one VERY specific limitation. Only the government gets to complain about this, and obviously, there is zero plans to enforce this equally. The government sure as hell is not planning to actually put in the effort to make the encryption they use compliant with this law. It's just to get at the contents of confiscated harddrives. It's just to force foreign companies to unlock phones that have been confiscated.

Oh and there's stricter punishments if you tell anyone you're complying with this. This law can be used to arrest Linus Torvalds until he backdoors encrypted loop devices, and threaten him with decades prison if he tells anyone he's done that.

And can I just say? If this law was put, properly explained, to the people of the UK, there's no way it would get 50% of the vote.

>> Of course: it's not a monolithic entity. It's a composite of different parts that have different goals an interests.

> And yet if I steal your money and refuse to give it back, or let you steal it back, you'll call that hypocritical.

That's a bad analogy.

> What does the size of an entity have to do with whether this is idiotic or not?

Because it's not about the size, and I said nothing about the size. It's about it being composed of different minds, organized into different organizations, focused on different goals.

It's just not going to behave like one mind (without a lot of inefficiency, because you'd need literal central planning), because that's not the kind of thing that it is.

In the US, the NSA has always had both missions (protect our country’s data and expose every other country’s data). Since everyone uses the same technology nowadays, that’s a rather hard set of missions to reconcile, and sometimes it looks a little ridiculous. As of fairly recently, they have a special committee that decides how to resolve that conflict for discovered exploits.
I mean, this is no different than one part of the government suggesting running laundry at night to reduce the environmental impact of energy use, while another suggests only running it while awake to reduce fire hazard. Governments and corporations rarely have complete internal alignment.
That's because GCHQ knows they can kill if you refuse to decrypt so they have no problem suggesting it to you.
(comment deleted)
(comment deleted)
I don't know, they've definitely been cracking down on journalists over the past year. Could be an attempt to crack down harder / create a chilling effect
They've been sending people to prison for posting memes....
Memes with illegal content. It’s not hard to imagine creating a meme that would have the FBI knocking on your door.
You need a non-UK card to use on your Apple Account to change its region.
Would a Wise card work?
No, because it still has a British billing address.
You need proof of address.
It's for Labour "data analysts" to go through people photos and search for nudes.
> Also is it not possible to set up my Apple account outside of the UK while living here?

The ability to turn on Advanced Data Protection does seem to be tied to your iCloud region (as of now I can still turn it on, and I’m in the UK but have an account from overseas).

The UK is arresting people for posting memes. They want full control and that's it.
full control on everyone they deem as an opponent. in UK being dimmed and oponent is about posting the wrong meme or even standing in the wrong street at the wrong moment.
I regret immensely not having turned ADP before... Now I'm feeling really angry at this whole thing.
The best time to turn on ADP was before this happened. For folks not in the U.K., the second best time is right now. The more people who use it, the more disruptive it will be to turn off.

Keep in mind there are some risks with any E2EE service! You’ll need to store a backup key or nominate a backup contact, and there’s a risk you could lose data. Some web-based iCloud services don’t work (there is a mode to reactivate them, with obvious security consequences.) for what it’s worth, I’ve been using it for well over a year (including one dead phone and recovery) and from my perspective it's invisible and works perfectly.

Here's how:

On iPhone or iPad

    Open the Settings app.

    Tap your name, then tap iCloud.

    Scroll down, tap Advanced Data Protection, then tap Turn on Advanced Data Protection.

    Follow the onscreen instructions to review your recovery methods and enable Advanced Data Protection.
On Mac

    Choose Apple menu  > System Settings.

    Click your name, then click iCloud.

    Click Advanced Data Protection, then click Turn On.

    Follow the onscreen instructions to review your recovery methods and enable Advanced Data Protection.
Unfortunately, the title says

> Apple pulls data protection tool after UK government security row

Only in the UK, everyone else should still do it. Not on by default
Apple should start prompting users to enable it.
probably avoiding the support issues of users losing access to encryption key recovery
Can confirm.

"Apple can no longer deliver ADP in the United Kingdom to new users" with the enable button disabled.

The article reports that it will be disabled for existing users at a later date.
I'm guessing this is because they haven't figured out a way to do it yet. I'm not very well versed in how these systems work but surely this type of encryption can't be disabled by Apple remotely (or they would have that backdoor they don't want)?
They will either just automatically turn it off in a future device software update, or they'll just post a deadline after which they will delete user data and prevent sync if it isn't disabled by the user.
The Bloomberg article has a little more detail about this:

> Customers already using Advanced Data Protection, or ADP, will need to manually disable it during an unspecified grace period to keep their iCloud accounts. The company said it will issue additional guidance in the future to affected users and that it does not have the ability to automatically disable it on their behalf.

Wow, thanks for sharing! I thought that might be the case but "disable it or we'll have to nuke your data" seems so extreme I thought there must be a better way.
I'm thinking that by losing their iCloud account is just means it will be blocked from syncing anything with Apple's servers.
Anything else would be indicative of ADP encryption not working the way they said it does.
The “grace period” will also function nicely as a period of time for UK citizens to shout at their government representatives about this.
If you care, then it's time to ditch iPhone and Android phones altogether. It's not like anything they offer will be safe. You need to invest instead in a FairPhone with e/OS or a PinePhone or some similar alternative. Something where you have complete control of the software and ideally the hardware.
This can set a dangerous precedent. Now why wouldn’t any country demand the same, basically eliminating Advanced Data Protection everywhere, making user data easily accessible to Apple (and therefore governments)?
Wait, are you saying the U.S. might demand the same? In the current political environment?
UK is much smaller than US and they didn’t even fight this ¯\_(ツ)_/¯
The choice was either eliminate it now (globally, via introduction of a backdoor) or eliminate it in the UK (but keep it globally).

So, perhaps this is a bit of a dangerous precedent, but it was the least-bad option.

When UK demanded a backdoor to e2ee in iMessage, Apple told them they’d rather get out of UK. Why not do the same here? You’re posing a false dichotomy.
What would that change, effectively, other than have Apple lose money?

The UK would still lose ADP (and then also just Apple products in general). A precedent would still be set.

Your posing a strictly worse third option. Sure, it's an option, I guess. Apple could also just close down globally, as a fourth option. Or sell off to Google as a fifth. But I was trying to present the least-bad option (turn off ADP), rather than an exhaustive list.

I totally get your point, but calling the UK's bluff could work. Are they really willing to ban Apple products in the UK? Maybe, maybe not
Depends on if the US emperor and his cronies have the UK's backs on this issue. If they don't, calling the bluff would work, there's zero chance the UK gov would ban Apple products without US approval. The backlash among the public would be far worse than the TikTok ban. Imagine all companies using Macs. The order of power here is US > Apple > UK.
> Apple told them they’d rather get out of UK

To my knowledge, Apple has always said that their response would be to withdraw affected services rather than break encryption.

> Apple has said planned changes to British surveillance laws could affect iPhone users’ privacy by forcing it to withdraw security features, which could ultimately lead to the closure of services such as FaceTime and iMessage in the UK.

https://www.theguardian.com/technology/2023/jul/20/uk-survei...

True! Thanks for the correction.

IMO they could’ve categorized the whole iCloud service as “affected” and disable all of it.

My guess is that the order they received would have only effected encrypted device backups, at least so far.

Users in the UK do still have the option to perform an encrypted backup to their local PC or Mac.

That’s a false dichotomy.

Another choice, however unpalatable to all parties, would have been for Apple to stop doing business in the UK.

See my other reply.

They could also sell the entire business to Google. Why bother with listing options even worse for everyone involved?

I mean they could have tried not complying, and fighting a lawsuit at the ECHR (right of every person to a private life). Takes money and time but more attractive than the other options.
It's less attractive, riskier, and more costly of a decision for Apple. Apple is a corporation, not an altruist.

This play by Apple applies pressure to the UK government indirectly via its citizens, for free, rather than taking the risk and expenses of a lawsuit.

Why do pro-privacy tech folks on here act like Apple is some charity? Apple is a business. It won't fight a citizen's fight on your behalf. It is on citizens to use their democratic power to ensure their representatives act as the voting base wants. Apple's goal is to make money. The government is a representation of your will.
> Apple is a business. It won't fight a citizen's fight on your behalf.

Being a business does not remove ethical considerations. And I’m an environment where corporations are considered people, it seems reasonable to expect some degree of alignment with normal citizens.

> Apple's goal is to make money. The government is a representation of your will.

The government is increasingly not a representation of the collective will, and is instead captured by those corporations.

I can’t help but feel the “but they exist to make money” line too often ignores the many ways this is not a sufficiently complex explanation of the situation.

Corporations are people in the legal sense not in any other philosophical way. Just like non-humans proposed for personhood, they are not entities expected to behave ethically. Like a dog, you set rules and apply punishments when they breach it. You don't argue ethics with a dog because they are not relevant to them
> where corporations are considered people,

People always get this wrong. Corporations are not people. They just have certain rights like owning property. Corporate personhood != full personhood.

lol. It literally does. This is a great example. You believe this is an ethical issue. Other shareholders (you are a shareholder, right?) could disagree and now there is a lawsuit. “Complying with national law” seems like an easy win for them.
Because while a business goal is to make money, it is not necessarily, unlike what you have 80% of the people here believe, to make the most money possible. Ethics can exist in businesses too.
This, plus privacy is in Apple's brand. Without this and other Apple-esque things (lack of bloatware etc.) you may as well get a Samsung for 2/3 price.
> Why do pro-privacy tech folks on here act like Apple is some charity...

Because Apple marketing keeps relentlessly bashing their customers skull that privacy is their advantage?

> would have been for Apple to stop doing business in the UK

Apple employes thousands of people in the UK. I really don't see any practical way they could have done that.

They could

They could pull out of the UK, and to hell with the consequences, but then if the EU decide to do the same thing, or the US, or China says "hold my beer", then the problem becomes much larger.

Losing the UK market wouldn't impact Apple that much - it'd be a hit to the stock, of course, but as a fraction of worldwide business, it isn't that huge. Larger markets would be a bigger issue.

I’m full in on Apple and hoped they nuked iCloud in the UK for this rather than compromise the product.

This is still better than a back door but it sets an awful precedent.

It isn't really a precedent. Companies, even high-rolling American tech companies, have to abide by the laws and regulations of the countries that they operate in. I guess there is a question of whether this is a legal demand that they truly had to follow, or just a request, and whether they could fight it in court, but Apple seems to be hoping to adjudicate it in the court of public opinion (apparently the initial backdoor request was secret and it got leaked).
> abide by the laws and regulations of the countries that they operate in.

In this case, the UK is seeking to use local law to change what is allowable on an international basis.

That's a bit different than a nation controlling the law on their own soil.

That was Apple's interpretation : That to comply with what the UK requested they would have to have the same thing everywhere.

But of course that is nonsense, and Apple could theoretically have a nation-specific backdoor (e.g. for accounts in a given country a separate sequestered decryption key is created and kept in escrow for court order).

I mean, Apple "complied" by disabling ADP just in the UK. They undermined their own "worldwide" claim, as ADP still works everywhere else, and the UK has no access.

> of course that is nonsense

Organizations like the EFF do not agree.

> most concerning, the U.K. is apparently seeking a backdoor into users’ data regardless of where they are or what citizenship they have.

https://www.eff.org/deeplinks/2025/02/uks-demands-apple-brea...

So Apple is non-compliant, given that all they did is disable ADP in the UK.

Right?

IANAL but that's not for any of us to decide. Depending on their initial motivations, the UK might consider this to be enough to rescind the demand for a backdoor. If it's not then Apple will face going to court and in that case they could choose more extreme actions like ceasing business in the UK.
I think that's right, and I think the UK will tell them so, and the issue will escalate.

Perhaps, if the UK continues to push, Apple will indeed pull out of the UK, but it'll make it as public as possible and tell the world who it was that forced its hand and what the consequences are - and I don't think the UK government is going to like that result.

they're non-complient but they made it a lot harder for the UK to fight. by showing that the "backdoor" is disabling the feature, for the UK to pursue this further, the need a judge to rule that the UK has the authority to prevent an American company from providing a feature in America.
The keys are stored only in the Secure Enclave. Encryption and decryption are handled outside the standard CPU and OS. This is hardware-level protection, not just some flag on a cloud account to be flipped. The only way for Apple to break this system is to break it for everyone, since anything else would risk bleed over or insufficient compliance.
> They undermined their own "worldwide" claim, as ADP still works everywhere else, and the UK has no access.

Disagree. There is a difference between ADP being unavailable in one country and it working differently in that country. Implementing a backdoor would mean changing the way ADP works.

what do you mean? other countries have demanded the same, e.g. China.
China only requires it for their citizens. The UK asked access to any person's data in the world.
I don't get what's happening to civil liberty in Europe.
Pot, meet kettle!

Frankly, our democracies are currently in a rather precarious state.

Nothing is happening to it. Governmental overreach, and then if people really want encryption they will vote in privacy-friendly officials. Here in Oregon, USA, we have Ron Wyden, who knows more about netsec than most IT graduates.

As long as you can vote there is still civil liberty, just vote for the right people who care about this stuff.

None of what you just said translates to any European country.

None.

Executive power is very representative, not direct, with the sole exception imo being Switzerland?

This was Brexits doing. As we are no longer EU, we have our own cool rules such as the upcoming PM allowed to watch me take a piss law.
> This was Brexits doing.

Not really? We've had horrors like the 2000 RIP[0] well before Brexit. The Blair government made a huge dent in civil liberties and the Tories carried it on.

[0] https://en.wikipedia.org/wiki/Regulation_of_Investigatory_Po...

This is one of the reasons why I will never vote Labour.

The UK has always hated not allowing people to self-incriminate, though...

> This is one of the reasons why I will never vote Labour.

The Tories are generally worse. But I agree it's currently a case of "lesser of two evils".

I wouldn't vote for Tory either.

I usually vote for Lib Dem. Though they do things from time to time I don't like...

(comment deleted)
This is why Scotland needs independence. It was once and with it chained by the UK, they're squeezing everything they can. Look at Wales, just pets for the UK. Scotland is an actually pretty awesome country but like Canada is kept pet by a leader. The only thing that could save this shitshow is Scotland getting independence. Lets be honest here. You thought Boris Johnson was bad ripping holes left right and center. Trump makes Boris look like a pet rat. And that's an insult to real rats.
I may be wrong here, but my impression of Scottish politics is that it's just as paternalistic and nanny-state if not more so.
Yes and no. But Scottish politics have more progressive.

Ultimately Scotland is governed by the UK so any first party rounds are annulled before they get a chance by the UK.

The EU is currently planning exactly the same thing with Chat Control.
What EU is planning with chat control is much worse. The UK still requires a warrant to access your iCloud data. EU wants to force companies to install spyware on your devices that will monitor whatever you send or receive in real time without any probable cause or suspicion.
Eu isnt 'planning' anything like that. Some Euparl MPs backed by people like Ashton Kutcher tried to push a law to spy on all chat apps. Then when the dirty web of American-style regulatory manipulation was exposed, they backed off. It was a proposal for a law by some MPs. Not something 'Eu' did.
They backed off "for now". They are trying this for ages, did you forget about ACTA and Von der Leyen's past censorship attempts in Germany? Have you read the DSA? Of course the EU is planning to go full authoritian in the name of "protecting democracy".
[flagged]
Troll much?

Your comment history reeks of differentiated, sensible arguments...

Overall quite ironic as in plain sight to anyone reading the news in the last two years, almost all of Western Europe sees rising right wing and extreme right wing parties.

At least we don't get to pee in the cup at work
We can drink alcohol in outdoor public places, can Americans?
This is specific to each municipality/state. The United States federally has no laws regarding the outdoor consumption of alcohol.
The problem is the decline. We had more liberties 10 years ago than we do today.

Whether Americans are free or unfree shouldn’t distract us from this.

The empire is collapsing, so the chairs are being moved aside, the curtain behind the stage is being drawn and the ugly brick wall is being exposed...
Could moves like this by other repressive regimes finally open the door to consumer-owned, consumer-controlled, decentralized cloud storage systems that are fully encrypted and inaccessible by any agency or individual except by the owner?

Would be a beautiful thing to see. Not sure how storage would work though since you cannot take payment (that would make it centralized), and storage would have to be distributed, but by who?

Why is there only one "iCloud" to backup your iPhone and store photos? Lots of ADP users would use a corporate or self-hosted solution instead.
The reason is that Apple was never required by UK law to offer any alternative. I think the DSA intended to challenge that, but it would do nothing for UK residents.
As far as I know you can still opt to backup your entire iPhone to a local computer instead of iCloud.

You can also manually transfer photos to the computer. Or you can enable a different app (Google Photos or Dropbox for example) to store copies of every picture you take, and then turn off iCloud Photos.

Note that neither Google nor Dropbox are E2E encrypted either though.

What would you recommend as a DIY method?

I have a NAS that is accessible through VPN. But I don't trust its encryption, thought it is in my controlled location.

Doing it locally doesn't really help. The RIP bill can force you to disclose your own encryption keys to the UK government, and if you "forgot them" you can be put in jail as if you were convicted of whatever they're accusing you of.

That's why cloud backup was useful.

[edit: actually I mis-remembered this, it's "only" 2 years (or 5 if it's national-security-related) that they'll jail you for. "Only" carrying a lot of water there...]

For this you can use truecrypt nested containers, so it will reveal data depending on your given password and there is no way to prove there is something else in the container.

To be fair this should be standard.

The simplest arrangement for me was to have the device back up to my Mac, and then said Mac has Time Machine set up to back up to the NAS. iOS and Mac local backups can be encrypted by the OS itself.
because Apple privacy is just marketing, they just want you to pay for it, they don't really care if it's possible to do better for free / by others
It's the right choice: don't bow to government pressure, let the people pressure the government.
> let the people pressure the government.

Hopefully they will.

I can't imagine many here (UK) will really care, we've had multiple breeches of privacy imposed on us by the powers that be. - Removed incorrect assumption of this not being reported.
It's literally the number one story on https://www.bbc.co.uk/news/ as I type this comment.
And I guarantee that the reaction from most people will be "good, I have nothing to hide so I have nothing to worry about". The apathy around this stuff in the UK is unbelivable - I've been trying to point out that hey, for years now something like 17 government agencies(including DEFRA - department of agriculture lol) can access your internet browsing history WITHOUT A WARRANT and that's absolutely fine. ISPs are required to keep your browsing history for a year too. Again, nothing to hide, why would I worry about it.
Does and of the doh or other DNS stuff help with this at all? Is the only solution to VPN out of Europe?
Only DNSCrypt provides any privacy. If you setup your relays properly.
The same is happening Europe-wide too. Everybody always points to the GPDR legislation. You know what is a feature of the GPDR too?

Every European government (even some non-EU ones) can grant any exception to anyone to the GPDR for any reason. And, of course, every last one has granted an exception to the police, to courts, to the secret service, their equivalent of the IRS, and to government health care (which imho is a big problem when we're talking mental health care), and when I say government health care, note that this includes private providers of health care, in other words insurances.

Note: these GPDR exclusions includes denying patients access to their own medical records. So if a hospital lies about "providing you" with mental health treatment (which they are incentivized to do, they get money for that), it can helpfully immediately be used in your divorce. For you yourself, however, it is conveniently impossible to verify if they've done this. Nor can you ask (despite GPDR explicitly granting you this right) to have your medical records just erased.

In other words. GPDR was explicitly created to give people control over their own medical records, and to deny insurance providers and the IRS access. It does the exact opposite.

Exactly the sort of information I would like to hide, exactly the people I would find it critical to hide it from. In other words: GPDR applies pretty much only to US FANG companies ... and no-one else.

So: if you don't pay tax and use that money to pay for a cancer treatment, don't think for a second the GPDR will protect you. If you have cancer and would like to get insured, the insurance companies will know. Etc.

I agree, have an upvote.

Even though its making the media headlines today, 99% of UK citizens will forget this tomorrow and it will fade into the mists of time. Just like evey other security infringement that any government has imposed on its citizens.

There was a lot of campaigning against the Investigatory Powers bill when it was introduced. It didn't help much given the people in power want more power regardless of where they sit on the political spectrum.
How?

In the UK, there's no right to bear arms, so people are pretty helpless against their oppressing government.

I'm sure shooting at the government would have solved this privacy issue.
It solved the taxation issue
As far as I know Americans are still required to pay taxes, so no.
We're working on it.
Surprisingly, the people in the government don't much like being shot. See the reaction to the UHC CEO for an example.
This is a decent point.

They're now getting investigated by the DOJ and their stock tanked

Weird. In the US there is a right to bear arms, yet people are also pretty helpless against their oppressing government.
Who do you know that's been arrested for posting on social media? I don't know of anyone.
True.

American police will shoot people dead in the streets with impunity, the military industrial complex engages in constant wars regardless of popular sentiment and the American government is currently being carved up by neo-nazis and oligarchs but you can legally be racist on the internet. I guess it truly is the land of the free.

Also... wait six months.

(comment deleted)
>> In the UK, there's no right to bear arms, so people are pretty helpless against their oppressing government.

There's a right to bear arms in the US and it doesn't seem to be helping them with their oppressive government.

Look into the Black Panthers. It actually does work quite effectively.
How? the Black Panthers were infiltrated and undermined by COINTELPRO and effectively destroyed from within, meanwhile the white supremacist capitalist system they fought against persists.

Their biggest success as far as I know is starting free school lunches in the US, but that wasn't at gunpoint.

Ahh yes the murders of Alex Rackley and Betty Van Patter, truly brave and revolutionary acts!
The fact that I can’t tell if this is a joke speaks volumes.
You people cannot seriously be this poorly educated
It only works when the gun nuts aren’t on the side of the oppressors.
Because that’s working so well for the US
it's working really well, we don't get arrested for social media posts as far as I can tell
If that’s the bar then I guess yes it’s a resounding success for freedom.
The UK seems to be actively covering up the mass rape of little girls and throwing dissidents in prison. They've sustained mass immigration for decades against their own peoples' will. The US just shook off, at least in part, the same mass immigration and the same clamping down of free speech in the US. It's not the only bar, but I would definitely consider it a resounding success. I can't help but think the 1st and 2nd amendment play a part because the 1st is obviously implicated and the 2nd is required to maintain the 1st.
> The UK seems to be actively covering up the mass rape of little girls

They're doing the worst cover up ever given grooming gangs and where they operate have been headlines in the UK for decades.

What they're not very good at is keeping the UK citizens at large well informed with a realistic sense of proportion given the scale of child sexual abuse far exceeds the activities of grooming gangs.

"seems to be" is not the same as "is".

I'm glad you observe the distinction though.

Technically I guess you're right, but one hopes that the foundations of British democracy provide its citizens with the tools to fight against an oppressive government. The only rub is getting them to stand up and do that.
Like what? Britain is a constitutional monarchy. Its foundations anticipated an oppressive king, not an oppressive parliament. Britain never had a revolution, it never had free speech to begin with. It seems to me that what made Britain successful in the past is maladaptive to its current situation.
Small arms are no match for drones and a fully armed military, a successful rebellion by any populace against a first world military is impossible unless the military lays their arms down voluntarily, full stop.
Rebels are able to use techniques that a government never could or would. I think you underestimate the usefulness of small arms in guerilla warfare.
You underestimate the nasty things goverments have done.
I think you underestimate the lethality of remotely piloted drones with missiles and IR cameras and the futility of fighting against them.
The Taliban would argue otherwise.
You can pretty easily build / buy these. Look at Ukraine. Lots of their drones were just off the shelf. Jamming is super directional and easy to spot so fighting forces use it sparingly.
Every time this argument comes up, I just feel like rolling eyes, it is so overplayed.

Yes, in a direct confrontation and an all out war, the populace stands no chance against the US military (assuming the military will unwaveringly side against the populace), no argument there.

But an all out war is not an option, the government wouldn’t be trying to pulverize an entire nation and leave a rubble in place. If you completely destroy your populace and your cities in an all-out direct war, you got no country and people left to govern. It is all about subjugation and populace control. You can’t achieve this with air strikes that level whole towns.

Similarly, if the US wanted to “win” in Afganistan by just glassing the whole region and capturing it, that would be rather quick and easy (from a technical perspective, not from the perspective of political consequences that would follow). Turns out, populace control and compliance are way more tricky to achieve than just capturing land. And while having overwhelming firepower and technological advantage helps with that, it isn’t enough.

I roll my eyes when I see this blissfully naive LARP/mallninja imagined scenario, but I do have to remind myself that the US was founded on the basis of forming a milita etc. and I would probably say the same thing if I had that upbringing. You forget that the vast majority of people are stupid and easily scared (this is not a solvable problem)

Help me out - how can policing possibly work if no one is legally required to be policed? You just end up with murderers, rapists etc. expressing their right to "resist" with arms like in spaghetti westerns. It is totally symbolic, and would crumble at the first instance of serious government interest of arresting 'troublemakers', which would of course start with a well crafted PR campaign to get the rest of the public on their side. I think it's naive.

This feels like a strawman because you’re only hypothesizing a situation in which it wouldn’t work well.

Imagine a dark future with a sudden military coup by a small faction of extreme radicals that 85% of the population opposes. could enough citizens rise up and stop them? Could the calculus of being that coup leader be changed by the likelihood that they will be assassinated in short order, by one of millions of potential assassins? Quite possibly. These are not everyday concerns, of course, but the concerns of dark and dangerous times. It’s a bit like buying life insurance: hopefully I never need it.

A first world military that has remotely piloted drones with IR cameras and other surveillance tools will have no problem crushing any form of resistance. They don’t even need to field any troops, they can remotely kill the rebels. How on earth do you wage a rebellion against such a force?
(comment deleted)
> How on earth do you wage a rebellion against such a force?

I am not an expert, but taliban+al qaeda forces from the Afghanistan war era (that ended in 2021) should be able to provide a solid answer to your question. All I know is that they definitely didn’t make the US give up due to their military tech/firepower advantage, that’s for sure.

The geography of Afghanistan is much different than the United States and fundamentally why Afghanistan is difficult to control, both for invaders and local leaders. It’s called the graveyard of empires for a reason, and that is mostly geographical, and partially cultural.
Guns are an inefficient/stupid way to kill people anyway.

Just ask Russia and Ukraine.

Look around, human beings are quite clever.

I just dont interact with the government or British society at all. I have turned my back on it.

If they ever come to my door I'll either go postal or leave the country.

Its so bad here now.

> In the UK, there's no right to bear arms, so people are pretty helpless against their oppressing government.

When people want to revolt it doesn’t seem like the right to bear arms has much to do with it. Not having the right to bear arms certainly hasn’t stopped countless rebellions and revolutions across the world. It’s not like the French of the Russians had a right to bear arms before their successful revolutions.

Even in the UK, the lack of a right to bear arms didn’t stop Cromwell using firearms to defeat Charles II at the Battle of Worcester.

We could try the American way, bear our arms and shoot up a school, but I don't see how that will help.
NO, it's the wrong choice. Most people do not understand this stuff enough to truly care about, and they just want their devices to work. This is an awful decision by Apple. There's really nothing consumers can do to pressure the British government.
Those people aren’t enabling ADP to begin with.
Exactly. There is a technological disconnect for a lot of people. They accept actions like this because they don't fully appreciate, IMHO, the ramifications. We do, and we must do more to educate people.
[flagged]
I'm sure the condescending attitude and negative stereotyping will sway readers.
Consumers being unable to pressure government, even if true, does not imply this is a bad decision.
It's a terrible decision that will have grave ramifications. I see no positive to this action.
This is Apple condeeding. Apple lost. UK Government got (almost) what they wanted - a backdoor into iCloud accounts.

Apple's only consolation prize is that its limited to UK users for now. But it seems inevitable that ADP will gradually be made illegal all around the world.

Given that they’ve only prevented new signups it looks to me more like Apple is trying to apply pressure to the U.K. government to get them to back down. The law that permits this was passed in 2016 so the situation was default lost already.
They have said all existing ADP enabled accounts will be disabled or deleted in time. They need to give people time to migrate their data out before they nuke it.
It's the right decision. Don't bow to the government, let the people demand it from their leaders, and vote in new ones.
Yes, countries lacking in proportional representation and having obscure procedures like proroguing parliament are the best at listening to important but fairly obscure issues from their voters. </s>
Very disappointed with this, but I think will be finding alternatives.

Family sharing especially of Reminders is a hard one - we use lists for grocery shopping and it is extremely convenient.

Has anyone tried out Ente https://ente.io/ for photos?

What happens if you're an international traveller?
This will likely depend on your primary account region. Apple can't just turn off E2EE on existing account nilly willy.
<< Apple can't just turn off E2EE on existing account nilly willy.

If they are able to, then then can be compelled. Do you mean won't/wouldn't?

They can break a sync on server-side for your account.

They can't disable it on device though.

They control the software running on your device, and said software ultimately has access to the encryption keys stored there (subject to the usual hoops; e.g. it might need you to do a FaceID unlock first, but it's not like you aren't already doing that many times every day).
(comment deleted)
I'm confused. I thought iCloud was end-to-end encrypted anyway, and I've never heard of ADP before. Is ADP encryption at rest, whereas normal iCloud storage is only encrypted from the device to the server?
The only difference is Apple doesn't hold the encryption keys when you use ADP.

In both cases it's encrypted in transit and at rest.

TIL that Apple holds the keys to my iCloud encrypted data!
For most of it, yes. There are exceptions, e.g., Health and Keychain, for which Apple does not have the keys even without ADP enabled.
Yes, otherwise, how would the web interface (iCloud.com) work?
How does this affect me if I travel to the UK with an E2E encrypted IThing?
Removed all my stuff from iCloud about a month ago in preparation for this.
I don't like Apple, nor do I use any of their products, but as someone from the UK, I do respect them for doing this.

Now if only the other companies who said they'd leave would grow a backbone...

Too right, it was far more problematic than they ever made out.

> The UK government's demand came through a "technical capability notice" under the Investigatory Powers Act (IPA), requiring Apple to create a backdoor that would allow British security officials to access encrypted user data globally. The order would have compromised Apple's Advanced Data Protection feature, which provides end-to-end encryption for iCloud data including Photos, Notes, Messages backups, and device backups.

One scenario would be somebody in an airport and security officials are searching your device under the Counter Terrorism Act (where you don't even have the right to legal advice, or the right to remain silent). You maybe a British person, but you could also be a foreign person moving through the airport. There's no time limit on when you may be searched, so all people who ever travelled through British territory could be searched by officials.

Let that sink in for a moment. We're talking about the largest back door I've ever heard of.

What concerns me more is that Apple is the only company audibly making a stand. I have an Android device beside me that regularly asks me to back my device up to the cloud (and make it difficult to opt out), you think Google didn't already sign up to this? You think Microsoft didn't?

Then think for a moment that most 2FA directly goes via a large tech company or to your mobile. We're just outright handing over the keys to all of our accounts. Your accounts have never been less protected. The battle is being lost for privacy and security.

Feels like marvel was onto something with captain america and winter soldier.
Life is imitating too many dystopian books, movies, etc these days. I think we need to put an end to all creative works before the timeline becomes irrecoverably destroyed.
Banning art?
Burning books, more specifically. Can't be a dystopia if nobody knows what the word "dystopia" means *taps forehead*
I suspect you’re being flippant, but destruction of and restrictions on creative works as an _antidote_ to dystopia is a take I haven’t seen before.
Yes, I am being very flippant. Sometimes we need to jest in order to digest reality.
The real prescient threat in that movie was the predictive AI algorithm that tracked individual behaviors and identified potential threats to the regime. In the movie they had a big airship with guns that would kill them on sight, but a more realistic threat is the AI deciding to feed them individualized propaganda to curtail their behavior. This is the villain's plot in Metal Gear Solid 2, which is another great story.

This got me thinking about MGS2 again and rewatching the colonel's dialogue at the end of the game: https://www.youtube.com/watch?v=eKl6WjfDqYA

> Your persona, experiences, triumphs, and defeats are nothing but byproducts. The real objective was ensuring that we could generate and manipulate them.

It's really brilliant to use a video game to deliver the message of the effectiveness of propaganda. 'Game design' as a concept is just about manipulation and hijacking dopamine responses. I don't think another medium can as effectively demonstrate how systems can manipulate people's behavior.

> have an Android device beside me that regularly asks me to back my device up to the cloud

But is that backup encrypted? If it's not, all they need is <whatever piece of paper a british security official needs, if any> to access your data.

This is about having access to backups that are theoretically encrypted with a key Apple doesn't have?

> We're talking about the largest back door I've ever heard of.

Doesn't the US have access to all the data of non US citizens whose data is stored in the US without any oversight?

> Doesn't the US have access to all the data of non US citizens whose data is stored in the US without any oversight?

Er, no...? I'm not sure where you get that idea. Access requires a warrant, and companies are not compelled to build systems which enable them to decrypt all data covered by the warrant.

See, for example, the Las Vegas shooter case, where Apple refused to create an iOS build that would bypass iCloud security.

I asked if your Android backup is encrypted. Implies I'm talking about unencrypted data.

> See, for example, the Las Vegas shooter case

I am not in Las Vegas or anywhere else in the US. So as far as i know all the data about me that is stored in the US is easily accessible without a warrant unless it's encrypted with a key that's not available with the storage.

> companies are not compelled to build systems which enable them to decrypt all data covered by the warrant

Again, not what I was talking about.

I'm merely pointing out that your data is not necessarily encrypted, and that the "rest of the world" was already unprotected vs at least one state. The UK joining in would just add another.

People always overestimate how much companies will defy their government for you, legally or otherwise.
This is why Apple, and more recently Google, create systems where they don't have access to your unencrypted data on their servers.

> Google Maps is changing the way it handles your location data. Instead of backing up your data to the cloud, Google will soon store it locally on your device.

https://www.theverge.com/2024/6/5/24172204/google-maps-delet...

You can't be forced to hand over data on your servers that you don't have access to, warrant or no.

The UK wants to make this workaround illegal on an international basis.

> You can't be forced to hand over data on your servers that you don't have access to, warrant or no.

But you can be forced to record and store that data even if you don't want to.

Which is why Apple takes the stance that the users device shouldn't be sending data to the mothership at all, if it isn't absolutely necessary.

Compare Apple Maps and Google Maps.

Google initially hoovered up all your location data and kept it forever. They learned from Waze that one use case for location data was keeping your map data updated.

Apple figured out how to accomplish the goal of keeping map data updated without storing private user data that could be subject to a subpoena.

> “We specifically don’t collect data, even from point A to point B,” notes Cue. “We collect data — when we do it — in an anonymous fashion, in subsections of the whole, so we couldn’t even say that there is a person that went from point A to point B.

The segments that he is referring to are sliced out of any given person’s navigation session. Neither the beginning or the end of any trip is ever transmitted to Apple. Rotating identifiers, not personal information, are assigned to any data sent to Apple... Apple is working very hard here to not know anything about its users.

https://techcrunch.com/2018/06/29/apple-is-rebuilding-maps-f...

Google or Apple could be forced by authorities to perform correlation on the map tiles being requested by users under investigation. Not as accurate as GPS coordinates but probably useful nonetheless.

One more reason to prefer offline maps for those who value privacy.

Given that you can browse map data for any location, not just where you happen to be, I'm betting that triangulation data from your carrier would be more accurate.
Sure, triangulation of carrier signals could lead to more accurate position estimates, but if the carrier isn't based in the US they are under no obligation to make this data available to US authorities.

Apple and Google are based in the US so are bound by the CLOUD Act to provide any and all data they have upon request, no matter where in the world it is being collected or stored.

Small correction.

Google had "created a system where they don't have access to your data on their servers" a couple of years BEFORE Apple. Android 10 introduced it in 2019.

Google didn't announce plans to stop storing a copy of user location data on their servers until the middle of last year.

See the story linked above.

They didn't announce that they could no longer access user location data on their servers to respond to geofence warrants until the last quarter of 2024.

We're talking iCloud and data encryption compared to Google's Android Cloud E2EE, and you're doing maps.
Were talking about protecting your personal data from government overreach, and Google's entire business model is to collect as much of your personal data as possible and store it on their servers to make ad sales more profitable.

Apple does its best not to collect personal data in the first place.

> all the data about me that is stored in the US is easily accessible without a warrant

No, law enforcement needs a warrant to legally access any data. This is why Prism was illegal, and why companies like Google are pushing back against overly broad geofence search warrants.

> This is why Prism was illegal

Yet it still existed, and was used for surveillance by 3 letter agencies. Why do you think this is any different?

No idea why the two of you are using past tense. PRISM is still very much alive and well.
All Encrochat evidence was illegal in at least three different ways. UK Law enforcement didn't care. They just lied.
No it wasn't.

The Dutch cracked and wiretapped it. It has been held not to be intercept evidence per RIPA so capable of being used in evidence.

Most went guilty because they caught red-handed in the most egregious criminality you've seen.

Encro was designed to enable and protect criminal communications. It had no redeeming public value.

> Doesn't the US have access to all the data of non US citizens whose data is stored in the US without any oversight?

Totally agree. Having this discussion so US centred just makes us miss the forest for the trees. Apart from data owned by US citizens, my impression is that data stored in the US is fair game for three letter agencies, and I really doubt most companies would spend more than five minutes agreeing with law enforcement if asked for full access to their database on non-US nationals.

Also, remember that WhatsApp is the go-to app for communication in most of the world outside the US. And although it's end-to-end encrypted, it's always nudging you to back up your data to Google or Apple storage. I can't think of a better target for US intelligence to get a glimpse of conversations about their targets in real time, without needing to hack each individual phone. If WhatsApp were a Chinese app, this conversation about E2E and backup restrictions would have happened a long time ago. It's the same on how TikTok algorithm suddenly had a strong influence on steering public opinion and instead of fixing the game we banned the player.

Agree in principle, though WhatsApp backups are encrypted with a user provided password, so ostensibly inaccessible to Google or whoever you use as backup
What makes you think WhatsApp backups don’t have a secondary way to unlock the encryption key? Wouldn’t it be more logical to assume the encryption key for whatsapp backups can also be unlocked by an alternate “password”

If the US is willing to build an entire data center in Outback Australia to allow warrantless access to US citizen data, why wouldn’t they be forcing WhatsApp backups to be unlockable?

International users that have Advanced Protection enabled would in theory be safe from all of the 3-letter agencies (like safe from those agencies getting the data from Apple...not safe generally).

Realistically we are talking about FISA here, so in theory if the FBI gets a FISA court order to gather "All of the Apple account data" for a non-us person, Apple would either hand over the encrypted data OR just omit that....

Based on the stance Apple is taking here, its reasonable to assume they would do the same in the US (disable the feature if USG asked for a backdoor or attempted to compel them to decrypt)

Would your answer be the same if this encrypted data was stored in China instead of US?

I don't think messages should ever leave the device, if you want to migrate to a different device this could be covered by that user flow directly. Maybe you want to sync media like photos or videos shared on a group chat and I'm fine with that compromise but I see more risks than benefits on backing up messages on the cloud, no matter if it's encrypted or not.

I think the average human will disagree with you. They want to preserve their data and aren't technically competent and organized enough to maintain their own backups with locally hosted hardware. Even the technically literate encourage _offsite_ backups of your data.

Know your threat model and what actions your trying to defend against.

Typical humans need trusted vendors that put in actual effort to make themselves blind to your personal data.

> its reasonable to assume they would do the same in the US (disable the feature if USG asked for a backdoor or attempted to compel them to decrypt)

I think it's more likely that Apple would challenge it in US courts and prevail. Certainly a legal battle worth waging, unlike in the UK.

This has already happened, and Apple did fight it in the US courts.

Eventually the US government withdrew their demand.

https://en.m.wikipedia.org/wiki/Apple%E2%80%93FBI_encryption...

It's worth pointing out that just because the FBI didn't have the access they wanted, it doesn't mean that other agencies don't, or that the FBI couldn't get the data they wanted by other means (which was exactly what they ended up doing in that specific case). It just means that they wanted Apple to make it easier for them to get the data.

It's good that Apple refused them, but I wouldn't count that as evidence that the data is secure from the US government.

It's also worth noting that the US courts have long held that computer code is speech.

Apple's legal argument that the government's demand that they insert a backdoor into iOS was tantamount to compelled speech (in violation of the first amendment) was going over a little too well in court.

The Feds will often find an excuse to drop cases that would set a precedent they want to avoid.

> Totally agree. Having this discussion so US centred just makes us miss the forest for the trees. Apart from data owned by US citizens, my impression is that data stored in the US is fair game for three letter agencies, and I really doubt most companies would spend more than five minutes agreeing with law enforcement if asked for full access to their database on ̶n̶o̶n̶-̶U̶S̶ ̶n̶a̶t̶i̶o̶n̶a̶l̶s̶ anyone.
This is different IMO. When you buy Apple you buy an American product and you know the company is beholden to US law. Snowden has made perfectly clear how much they can be trusted. When you buy it anyway it's an informed choice.

Here a country that has no ties with most of apple's customers is just butting in and claiming access to all of them.

So what's next. Are we also giving access to everyone's data to Russia? Iran?

> But is that backup encrypted? If it's not, all they need is <whatever piece of paper a british security official needs, if any> to access your data.

Based on them mentioning the difficulty of opting out, I presume OOP does not use Google's cloud backup.

Android data isn't encrypted at rest (or at least not in a way Google doesn't have the key). If the uk gov has a warrant, they can ask Google to provide your Google Drive content. The whole point of this issue is Apple specifically designed ADP so they couldn't do that.
Android backups are encrypted at rest using the lockscreen PIN or passphrase: https://developer.android.com/privacy-and-security/risks/bac...

So not hugely secure for most people if they use 4-6 decimal digits, but possible to make secure if you set a longer passphrase.

I don't know what Google's going to do about this UK business.

edit: Ah it looks like they have a Titan HSM involved as well. Have to take Google's word for it, but an HSM would let you do rate limits and lockouts. If that's in place, it seems all right to me.

I wonder how hard it would be for the US government to force Google to just get the lockscreen pin off of your device or for them to just infect your device with something to capture it themselves.
Wrong. Google Android user cloud backups are E2EE by default.There is no option to opt out. Use Google's backup service and your data is encrypted at rest, in transit, and on device. aka end-to-end.

It's not just Google saying it. Google Cloud encryption is independently verified

> non US citizens whose data is stored in the US

They don't even care where it's stored...

See: CLOUD Act [1]

[1] https://en.wikipedia.org/wiki/CLOUD_Act

I honestly doubt they even limit themselves to the data of non-US citizens. They have no respect at all for the fourth amendment.
i think people focus on whether backups are encrypted too much. it really doesn't matter when the government has remote access equivalent to your live phone when it's in an unencrypted state, which they almost certainly do.
(comment deleted)
This is why, while I applaud what Apple is doing here, they need to allow us to supply our own E2E encryption keys.
That’s literally what the feature they’re removing did.
Not exactly. It generates the keys for you and stores them on device in the Secure Enclave. You cannot "bring your own" encryption key, but the primary benefit of doing so--that Apple does not have access to it--is intentionally accomplished anyway by the implementation.
I’m not sure I appreciate the value of literally bringing your own keys. My device generating them on my behalf as part of a setup process seems sufficient. You’d use openssl or something and defer to software to actually do keygen no matter what.
It depends what kind of backdoor the UK is asking for but "encryption backdoor" sounds like cryptographic compromise. I don't know if that's what it means but either way the only way to be sure your keys are secure is to generate them yourself.
BYOK does not provide any additional security over the Secure Enclave (and similar security coprocessors). In fact, unless the Secure Enclave were to directly accept your input and bypass the OS, BYOK is worse because the software can just upload your key to a server as soon as you type it in. Whereas, a key generated on the Secure Enclave stays there, because there exists no operation to export it.
I don't believe it's the SE itself that encrypts user data so it must already be the case that the key is generated outside the SE, sent to it for storage, and is retrieved if the user is authenticated.

So the difference between Apple generating the key on device and storing it in the SE and the user generating it and storing it in the SE is that the user can use a known-secure key generation algo. If Apple generates the key you can't be sure it's cryptographically secure and doesn't have a backdoor.

The SE’s AES engine line encrypts and decrypts data to flash, and the SEP is responsible for generating all keys.

At this point, the people who claim they can’t trust Apple’s key generation should also distrust Intel or AMD or any other vendor’s key generation as well. Might as well generate keys by hand.

I agree it seems sort of academic at first blush, but I'm going to venture a guess it's the idea that you own them, instead of Apple.

So you can eg. keep a backup on your own (secure) infrastructure. Transfer them when switching devices or even mirror on two different ones*. Extract your own secret enclave contents. Improve confidence they were generated securely. And depending on implementation, perhaps reduce the ease with which Apple might "accidentally" vacuum the keys up as a result of an update / order.

*Not sure how much these two make sense in the iOS ecosystem. I know on the Android side I'd absolutely love to maintain a "hot standby" phone that is an exact duplicate of my daily driver, so if I drop it in the ocean I can be up and running again in a heartbeat with zero friction (without need to restore backups, reliance on nerfed backup API's outside the ones Google uses, having to re-setup 2FA, etc. and without ever touching Google's creepy-feeling cloud).

You would need to have a completely trusted software and hardware stack to actually own the keys. And that is already hard enough to get on a PC where ownership still means something, it is not going to happen on most mobile devices. To whatever extent you trust any of the stack already, the Secure Enclave is a better bet than BYOK. The real risk, as you imply, is if Apple is able to compromise the security coprocessor with an OTA firmware update, but they can definitely already push a regular OS update that exfiltrates any key you type in.
Just make an airgapped Linux device on a DYI FPGA CPU. This part is not that difficult comparing to persuading commercial vendors let you use your own cloud and your own encryption/backup mechanisms.
Yeah... unfortunately it ought to be the other way around. They should have a hard time pursuading us to trust them enough to use theirs.

If your phone company asked you to give them the key to your house, in perpetuity, how would you feel about that? (Particularly if they insisted you sign a 15 page Terms of Use first that disclaims all their liability if anything goes missing).

But if you don't trust Apple, how to you get the key into the Secure Enclave to begin with? Doesn't Apple control the software on your device that provides the interface into the Secure Enclave from outside of it?
Yes Apple controls the device so you're right, you can never be sure what it's doing. My thinking is that an encryption backdoor means the key generation algo is compromised. In that case you want to bypass that by generating the key yourself.

If the backdoor is some other method of getting your key off the device then all bets are off.

> What concerns me more is that Apple is the only company audibly making a stand.

Meta also said they would make a stand if a similar request comes for WhatsApp. I'm not going to hold my breath though.

They wouldn't even be able to.

WA is end-to-end encrypted.

WhatsApp is closed source. They could backdoor it if they wanted to (or were forced to).
And so in Apple and iOS. What is your point?
His point was that it is technically possible for WhatsApp to add a backdoor. Apple could too.
sure, but

a) that would involve changing the code base b) more privacy minded users would just delete the messages or not update.

With almost everyones backups stored in plain-text, making it all a little silly.

Think about it for a second: you can re-establish your WA account on a new device using only the SIM card from your old device. SIM cards don't have a storage area for random applications' encryption keys, and even if they did, a SIM card cannot count as "end-to-end" anymore. Same goes for whatever mobile cloud platform those backups might be stored on. And you'd hope Apple or Google aren't happily sending off your cloud decryption keys to any app that wants them. Though maybe they are?

Reestablishing your WhatsApp account on a new device doesn't give access to your old chat messages, you need to restore a WhatsApp backup for that. The backup doesn't need to be stored in the cloud, you can choose to create a local file and manually transfer that to your new device.

In any case, as soon as you start using WhatsApp on a new device, users in the chats you participate in will receive a message informing them that your encryption keys have changed.

It's all lip service, because the UK Govt wouldn't ask them that. WhatsApp messages are EE2E. They probably already handover all the metadata surrounding those messages.
> (where you don't even have the right to legal advice, or the right to remain silent)

A lot is posted about LEO's lying in the US, this seems worse.

how much distance between

1) tech monopoly strong enough to stand up to G7 nation state demands

2) tech monopoly strong enough to remove itself from G7 nation state jurisdiction?

edit: s/monopoly/empire, apologies

It's amusing to think of Apple as a "monopoly" (if anything they have a monopsony on TSMC production) but let's just replace that with "giant" for purposes of discussion.

Tech giants typically devolve local operations to small companies to avoid liability - think petroleum suppliers not owning gas stations (because those typically end up as superfund sites). Not sure if this analogy this works for Google Android and all the manufacturers that deploy it for their smartphones too.

So corporations have been doing this forever, trying to find legal loopholes where they can have their cake and eat it too.

(comment deleted)
Your Android and Microsoft backup aren't encrypted. They are already fair game for a warrant.
It's always hilarious to see how far people here are ready to go to twist some bad Apple news into something which might be considered good.

I mean seriously. Apple making a stand? What stand? They are ripping security out of their customers hands. Customers which are already dependent on the company's decision in their locked in environment.

There is absolutely nothing good about it, and you dragging Android into it and making it look like it's even worse is suspicious. You can have full control over your Android device. Something impossible on an Apple phone. You can make your Android device safer than your iPhone.

There is an upside (if you trust them) -- they're pulling a feature rather than adding a back door to it. Supposedly, anyway.
Well, sure it could be worse.

Doesn't make that one good, though.

The government forced them to pull the feature. Would you rather they left a toggle-switch that doesn't actually do anything? Or are you thinking they should just pull out of the EU altogether?
Making a stand would be leaving UK (UK is not in the EU) altogether.

This is almost as bad as building a backdoor. This is leaving your customer in the rain.

Fortunately for Apple, most of them won't even know or realize it.

> This is leaving your customer in the rain.

vs. taking their phone away??? Idk if you're trolling or what but I would be incredibly pissed at Apple if they deprecated my phone over something like this.

Yes, imagine the outrage in the rich and influential in the UK if Apple would seriously threaten to leave the country about this. They would cause the law to be fixed which would help everybody.

But instead. They run away.

Selling this as "making a stand" is ridiculous. Nothing more.

Making a stand would be displaying a full-screen notification about why they cannot provide protection for British users' data and which party voted for this.
No. Making a stand would be to threaten to leave and watch all those influential iPhone users scramble to get this law rolled back. Everything else is marketing and cowardice.
No, this tells the customer that backups to iCloud are not secure from the government. Adding the back door would make people think that there was more security than there was. Transparency is always better than deception.

Dropping the feature that the UK was targeting allows their customers to use all the other ways that Apple does things. Leaving the UK altogether is the nuclear option denying their customers of everything. “Apple should just leave the UK/China” never takes into consideration the millions of customers that bought or might want to buy in the future. Nobody would better off if Apple withdraws from a country.

I don't think we both have the same concept of "making a stand".

Yes, it would have been the nuclear option, but this is Apple. Probably most of the most influential people in the UK have an Apple phone. Just saying that you leave would cause an avalanche of influence targeted at this law. Maybe other companies would have joined them.

This, this is just cover dance and I wish they'd pay for this, but they won't and they know it. People locked into the Apple bubble only change if it REALLY hurts. This doesn't hurt the average Apple user, and those who really care moved onto a system they can control themselves.

> What concerns me more is that Apple is the only company audibly making a stand.

They are not making a stand. They roll over without a peep. And this is concerning users' privacy which they say is the core of the company.

Compare it to fighting every government tooth and nail over every single little thing concerning the "we don't know if it's profitable and we don't keep meeting records" AppStore

“ They roll over without a peep.”

What are you talking about? This is literally them doing the opposite, and there are multiple other public instances of them making a stand, not to mention in the design of their systems.

Truly curious how you see this that way.

"Literally doing the opposite" would be keeping encryption on.

Removing encryption for everyone is literally doing the opposite of making a stand

They had two paths to comply with the law. Silently backdoor the worldwide cloud serving every Apple device, or loudly tell people in the UK they don't get to have security because their government prohibits them. Between these two options, this is clearly "making a stand".

It's not as much "making a stand" as telling a major government that you have substantial seizable assets under their jurisdiction who is a major market you want to be in, that you're not going to do the thing that their laws say you are required to do, but it's hardly simple compliance either, instead of doing what the government wants them to do, they are making sure there is blowback.

Whether to try to fight it in court likely depends on details of case law and the wording of the laws they'd be contesting, I imagine much of the delay in their response to the demand was asking their lawyers how well they think they would fare in court.

> tell people in the UK

This doesn't affect only people in the UK. It allows access to all Apple users' data globally:

> No Heathrow connection necessary. “The law has extraterritorial powers, meaning UK law enforcement would have been able to access the encrypted iCloud data of Apple customers anywhere in the world, including in the US” [1].

> https://www.ft.com/content/bc20274f-f352-457c-8f86-32c6d4df8...

https://news.ycombinator.com/item?id=43132160

So they can spy on you regardless of where you live even in violation of your own country's privacy laws.

"Not making a stand" would be leaving everything as is, and handing your encryption keys over to the government. By loudly disabling ADP and saying this feature is illegal in the UK (they really should have said "illegal" instead of "unavailable" so people would know it was the government), they are at least making half a stand. By leaving it enabled in other regions and for visitors from other regions to the UK, they're making three quarters of a stand.
> By loudly disabling ADP and saying this feature is illegal in the UK

They didn't say anything loudly, or said it was illegal in the UK.

All they had was a single comment to a single (or perhaps a handful at most) comment to a media outlet that they disabled it.

They didn't even bother with a press release, or notify their users.

It's not even half a stand. It's a rollover

Is the UK law broadly against encrypted files?

For example if I encrypt a file locally, a zip file containing images, am I not permitted to upload that zip file to a cloud service in the UK?

Even if the UK's demands were "access to encrypted cloud services", does that also mean encrypted files within encrypted storage? It all seems so messy. Anyone who really wants to hide their files, can do so regardless of demands for backdoors.

> Anyone who really wants to hide their files, can do so regardless of demands for backdoors.

The question isn't about "anyone who wants". It's about "anyone, regardless of their technical skill"

> Apple is the only company audibly making a stand

Apples stand is false, they take with one hand and give with the other. There have been many times that Apple have been caught giving user data to governments at their request, lied about it, then later on admitted it once it had leaked from another source.

This whole 'we will never make a backdoor' is a complete whitewash marketing stunt, why do they need to make a backdoor when they are providing any and all metadata to any government on request.

https://www.macrumors.com/2023/12/06/apple-governments-surve...

I think that’s the whole point of their push to E2E encrypt as much as possible. Saying they can’t unencrypted something worked for a while.
> There have been many times that Apple have been caught giving user data to governments at their request, lied about it, then later on admitted it once it had leaked from another source.

In other words, Apple complies with legal government orders, as they are required to. The government can compel them with a warrant to hand over data that they have, and can prohibit them from talking about it. That's the whole reason for the push towards end-to-end encryption and for not collecting any data Apple doesn't need to operate the products. This also ties into things like photo landmark identification, where Apple designed it such that they don't get any information about the requests and so they don't have any information that they could be compelled to hand to the government.

> What concerns me more is that Apple is the only company audibly making a stand.

But still Apple operates in China and Google does not. This is weird to me. Google left China when the government wanted all keys to the citizens data. Apple is making a stand when it's visible and does not threaten their business too much.

Apple is not really in the business of protecting your data, they are just good at marketing and keeping their image.

Perhaps Apple has a greater leverage in China due to its outsized manufacturing presence. And it's likely they already dont offer ADP to Chinese citizens.
lol you think Apple has more leverage than China? What world are you living in?
A world where HN commentators can read English.
> And it's likely they already dont offer ADP to Chinese citizens.

AFAIK before UK only region with ADP was China.

> Perhaps Apple has a greater leverage in China due to its outsized manufacturing presence.

Perhaps china has greater leverage over apple in this case...

China had been an important area of growth for many companies during the 2010s. Apple bent over backwards to cater to that market. It was discussed in every financial release, and they obviously made tons of concessions for iCloud.

The UK just comparatively isn't that much revenue, and not worth the fallout.

> China had been an important area of growth for many companies during the 2010s. Apple bent over backwards to cater to that market

and it is the same with european car companies (like volkswagon). Look at where they are now.

I don't believe for a second, that china will not oust apple the moment there's a good reason to.

> Look at where they are now.

Apples revenue from china has been super dependent on new iPhone looking different, and has been steadily declining or flat for years, except for a few quarters when Huawei was sanctioned.

Chinese money was absolutely the forbidden temptress that continues to screw businesses. Luxury goods, cars, electronics, etc were all banking on china’s economic rise to grow their revenue, and post covid recovery saw all that money stay domestic.

China won’t oust Apple because twisting Tim Cook’s arm is way more useful. Same with Tesla and any other company that makes a big bet there. But they absolutely won’t be giving American companies an equal chance at success.

China feels like an important difference here though. Google leaving China doesn't protect Chinese citizen's data any more than Apple turning off ADP in the UK does. As far as I know, Apple isn't pretending that the data of Chinese users is encrypted from their government, and the way they're complying with the Chinese laws shouldn't impact the security of users outside of China.

Apple pulling ADP from UK users is similar - the UK has passed an ill-considered law that Apple doesn't think it can win a court case over, so they're complying in a way that minimally effects the security of people outside the UK. If, as someone outside the UK, I travel to the UK with ADP turned on, my understanding is it won't disable itself.

Would you have been more satisfied if Apple just pulled out of the UK entirely? Bricked every iPhone ever purchased there? Google doesn't seem to have made any stand for security ever - them pulling out of China feels more to do with it meaning they wouldn't have had access to Chinese users' data, which is what they really want.

> Would you have been more satisfied if Apple just pulled out of the UK entirely? Bricked every iPhone ever purchased there?

The request/law would be rolled back in minutes in that case. They wouldn't dare though. (wouldn't even have to be bricking - just disable services like icloud)

Apple has 40 retail stores in the UK with thousands of employees. They have a big new HQ in London where they have engineering, etc there.

I cannot see Apple completely shutting down in the UK, firing thousands of staff, selling off any property, and cancelling leases, just for a week long bargaining chip.

iCloud in China is operated by a local subsidiary. There is a dedicated screen explaining this when you set up an iCloud account in this region.

They adapt to the local rules of each region, much like they’re doing here in the UK.

>iCloud in China is operated by a local subsidiary

It's not operated by an Apple subsidiary. It's operated by a government owned company. I'm not aware of any local laws that require this particular arrangement.

Eh Google had pretty good reasons to not operate in China (not seeing them in this thread, don't recall the details precisely enough to relate here)

Apple is deeply embedded in China (manufacturing) and benefits from a decent (but shrinking) userbase in the country. China isn't asking for the keys to all iphone user data, just data stored in China.

> Google left China when the government wanted all keys to the citizens data.

Google left China after China started hacking into Google's servers.

> In January, Google said it would no longer cooperate with government censors after hackers based in China stole some of the company’s source code and even broke into the Gmail accounts of Chinese human rights advocates.

https://www.nytimes.com/2010/03/23/technology/23google.html

They were working to reenter the China market on China's terms many years later, when Google employees leaked the effort to the press. Google eventually backed down.

I'd imagine there were multiple factors that went into that business decision. Even if this was portrayed as the final straw.
It’s different. Apple follows Chinese law to operate their services in China, just like Microsoft.

With Google, their services are way broader. Operating a hunk of their search business with a third party Chinese firm just isn’t viable for their services, which are way more complex.

I want to buy my phone from a phone manufacturer.

I want to backup my data with a managed service.

I do NOT want these to be the same company.

The government, with anti trust laws, could easily force this issue. On the other hand, they really love how few places they have to go with FISA warrants to just take anyones data. This is the long tail of the American security state. So it's really ironic that China takes most of the blame.

> One scenario would be somebody in an airport and security officials are searching your device

No Heathrow connection necessary. “The law has extraterritorial powers, meaning UK law enforcement would have been able to access the encrypted iCloud data of Apple customers anywhere in the world, including in the US” [1].

[1] https://www.ft.com/content/bc20274f-f352-457c-8f86-32c6d4df8...

The US claims the same

https://en.wikipedia.org/wiki/CLOUD_Act

Lots of Americans in this thread seem to be talking down to other countries laws while being completely unaware of their own

Spot on, 727 comments, most probably by Americans, and only 2 (including yours) bringing up the CLOUD Act, the much worse US equivalent. Incredible ignorance.
Providing encrypted data and not providing encryption are two different things. The CLOUD act requires you to hand over data. It could be encrypted. The UK government is asking to hand over data that is also not encrypted. The two are not the same. Note : Not American.
> There's no time limit on when you may be searched, so all people who ever travelled through British territory could be searched by officials.

> Let that sink in for a moment. We're talking about the largest back door I've ever heard of.

Codename 'Krasnov' is the largest backdoor I have ever heard of. And, we only need to look at his behavior.

These E2EE from USA can be tainted in so many ways, and FAMAG sits on so much data, that codename 'Krasnov' can abuse such to target whoever he wants in West. Because everyone you know is or has been in ecosystem of Apple, Google, or Microsoft.

Whataboutism! Fair. From my PoV, as European, the UK government is (still) one of the good guys who will protect Europe from adversaries such as those who pwn codename 'Krasnov'. Such protection may come with a huge price.

> We're talking about the largest back door I've ever heard of.

Meh, I don't know. I can still decide to not go the UK and be fine. I think the CLOUD Act is much worse because it's independent from where I am.

Remember that the last fiasco was related to 2FA stores being stored unencrypted on google's backup cloud, namely google authenticator.

And yes, it's still pwnable this way, and happens regularly.

Everything in the cloud is not yours anymore, and you should always treat it like that.

> you think Google didn't already sign up to this?

My understanding is that Android's Google Drive backup has had an E2E encryption option for many years (they blogged about it at https://security.googleblog.com/2018/10/google-and-android-h...), and that the key is only stored locally in the Titan Security Module.

If they are complying with the IPA, wouldn't that mean that they must build a mechanism into Android to exfiltrate the key? And wouldn't this breach be discoverable by security research, which tends to be much simpler on Android than it is on iOS?

My assumption is that Google has keys to everything in its kingdom [1].

[1] https://qz.com/1145669/googles-true-origin-partly-lies-in-ci...

> My assumption is that Google has keys to everything in its kingdom

If that were true, then their claims to support E2E encrypted backups are simply false, and they would have been subject to warrants to unlock backups, just like Apple had been until they implemented their "Advanced Data Protection" in 2022.

Wouldn't there have been be some evidence of that in the past 7 years, either through security research, or through convictions that hinged on information that was gotten from a supposedly E2E-protected backup?

It is possible to set up end to end encryption where two different keys unlock your data. Your key, and a government key. I assume google does this.

1. encrypt data with special key 2. encrypt special key with users key, and 3. encrypt special key with government key

Anyone with the special key can read the data.the user key or the government key can be used to get special key.

This two step process can be done for good or bad purposes. A user can have their key on their device, and a second backup key could be in a usb stick locked in a safe, so if you loose your phone you can get your data back using the second key.

Would that still count as E2E-encrypted if another party has access? That would still count as lying to me.
To call it lying is just arguing about the meanings of words. This is literally what lawyers are paid to do. The data payload can be called end to end encrypted. You can easily say to the user that "your emails are encrypted from end to end, they are encrypted before it leaves your computer and decrypted on the receivers computer" without talking about how your key server works.

Systems that incorporate a method to allow unlocking using multiple keys don't usually advertise the fact that this is happening. People may even be legally obligated to not tell you.

TIL man in the middle = e2e encryption.
E2E encryption is not the same as MITM. You’re not adding anything useful to the conversation.

E2E encryption is not vulnerable to MITM. E2E encryption is vulnerable only to how many keys there are and who has access to them.

SO if google still has access in an E2E system, but you didnt know, is it still E2E?

What if google told you they also have a key? Does that change the above answer to the question?

> To call it lying is just arguing about the meanings of words.

Or, as us lowly laypeople call it, lying.

Well Wikipedia says this about E2E:

“End-to-end encryption (E2EE) is a method of implementing a secure communication system where only communicating users can participate. No one else, including the system provider, telecom providers, Internet providers or malicious actors, can access the cryptographic keys needed to read or send messages.”

So if you send another set of keys to someone else, it’s obviously not E2E.

This is a high level description of intent (by a third party), not a legal promise.

This is not enforceable and promises that are not enforceable are usually seen by BigCos of today as optional. My 2c.

Well I wasn’t saying I would sue them, I was arguing this:

> It is possible to set up end to end encryption where two different keys unlock your data. Your key, and a government key. I assume google does this.

Which by definition is wrong (unless the government is a party in the communication you want to E2E-Encrypt).

I believe the point being made here is that some governments legally mandate that they are a party in communication.
I agree completely that it is wrong in spirit. But wikipedia's text is a definition, not the only existing one. And for practical use even the most obvious definitions have legal caveats.

For example, asking for 10 gallons of soda at a restaurant advertising unlimited refills will not fly, even though virtually everyone will agree on the definition of the term "unlimited". My 2c.

E2EE means only your intended recipients can access the plaintext. Unless you intend to give the government access to your plaintext, what you described isn’t E2EE.
Is that google's definition or your definition? not being rude, but its pretty easy to get tricky about this.

Since you are sending the data to google, isn't google an intended recipient? Google has to comply with a variety of laws, and it is likely that they are doing the best they can under the legal constraints. The law just doesn't allow systems like this.

What's the intended recipient of your message? It's not Google, right?

You're discussing encryption in transit vs encryption at rest in this thread.

I agree with you, but these abstract technical systems have enough wiggle room for lawyers and marketers to bend the rules to get what they want
If Google is employing this “one simple trick”, they will get sued into the ground for securities fraud and false advertising.
history already proved you wrong. companies offering backdoor to abusive law enforcement are never sued.

they also employ things like exempt cases. for example, Whatsapp advertise E2E... but connect for the first time with a business account to see all the caveats that in plain text just means "meta will sign your messages from this point on with a dozen keys"

It’s the lying that gets companies in trouble.

The claim is that Google has implemented a security weakness and lied about it in claims to customers and investors.

Show me another company that did this, was exposed, and was not sued.

You are extremely naive if you think a company the size of Google or Microsoft or Apple will face any serious consequence from lying about E2EE actually being open to various governments.

They have lawyers aplenty, governments would file amicus briefs "explaining" E2EE and so on. Worse case they'll settle for a pittance.

Those companies never get sued? Never face class action lawsuits either?
So all you’ve got is hypotheticals that coincidentally confirm your biases? These are giant companies. Show me where a civil suit for lying about a product’s security was defended by this kind of claim.
> It’s the lying that gets companies in trouble.

It isnt if the government have asked them to lie.

yahoo sued the govt and was able to go public almost a decade later. as i said, history already proved that argument wrong.
Oh thanks. I've never done that before. I'll try that, it'll be very interesting to see those disclaimers.

I guess for consumer use all that stuff is hidden in the T&C legalese which is unreadable for normal people. I know the EU was trying to enforce that there must be a TL;DR in normal language but I haven't seen much effect of that yet.

> E2EE means only your intended recipients can access the plaintext.

No, it does not. It means that only endpoints - not intermediaries - handle plaintext. It says nothing about who those endpoints are or who the software is working for.

Key escrow and E2EE are fully compatible.

No, it is not. This is precisely why we have the term E2EE. An escrow agent having your keys but pinky promising not to touch them is indistinguishable from the escrow agent simply having your plaintext.

Unless you’re fine with the escrow agent and anybody they’re willing to share the keys with being a member of your group chat, in which case my original point still stands.

Well, WhatsApp backups claim they are E2E encrypted, but there’s a flow that uses their HSM for the encryption key, which still feels like some escrow system.

https://engineering.fb.com/2021/09/10/security/whatsapp-e2ee...

True but you can choose to store the key completely yourself. That fixes a big backdoor that's been around for ages.

The biggest problem remaining to me is that you don't chat alone. You're always chatting with one or more people. Right now there's no way of knowing how they handle their backups and thus the complete history of your chats with them.

It's the same thing as trying to avoid big tech reading your emails by setting up your own mailserver. Technically you can do it but in practice it's pointless because 95% of your emails go to users of Microsoft or Google anyway these days.

Edit: I think you might be confusing your personal intention (ie I wanted this to be private but didn't realize the service provider retained a copy of the keys) with the intention of the protocol (ie what the system is designed to send where). Key escrow is "by design" whereas E2EE protects against both system intrusions (very much not by design) as well as things like bugs in server software or human error when handling data.

> is indistinguishable

Technically correct (with respect to the escrow agent specifically) but rather misleading. With E2EE intermediary nodes serving or routing a request do not have access to it. This protects you against compromise of those systems. That's the point of E2EE - only authorized endpoints have access.

The entire point of key escrow is that the escrow agent is authorized. So, yes, the escrow agent has access to your stuff. That doesn't somehow make it "not E2EE". The point of E2EE is that you don't have to trust the infra. You do of course have to trust anyone who has the keys, which includes any escrow agents.

If we used the definition "only your intended recipients can access the plaintext" ... well let's be clear here, an escrow agent is very much an "intended recipient", so there's no issue.

But lets extrapolate that definition. That would make E2EE a property of the session rather than the implementation. For example if my device is compromised and my (E2EE) chat history leaks suddenly that history would no longer be considered E2EE ... even though the software and protocol haven't changed. It's utterly nonsensical.

> I think you might be confusing your personal intention with the intention of the protocol

So what would be the name for a mechanism where escrow is deliberately not a part of the design and nobody aside from the sender and recipient can access the plaintext data, no 3rd parties whatsoever, as long as those two participants aren’t compromised.

I’m not disagreeing with you but I’ve heard people talk about E2EE while actually thinking it’s more like the above. There is probably a term for truly private communication but I’m sleepy and it eludes me.

The literal answer to your question would be "E2EE without key escrow" I guess. Or E2EE between just me and this single party.

However I don't think that's so much a technical mechanism as it is a statement of preference or understanding about who you intend to have access to something.

To that end, you'll need to define "intended recipient" pretty carefully. After all, your intended recipient could take a screenshot and share it. Or there could be someone in a group chat who isn't participating and you forgot was there. Etc.

> There is probably a term for truly private communication

I'd argue that E2EE is "truly private" between the intended recipients, and that understanding who exactly those are is entirely the responsibility of the user.

Of course I recognize that we're talking past each other at that point. Your concern seems to be users not realizing an escrow agent is present. To the extent they might have been deceived about the implementation I'd point out that "snuck in an escrow agent" is just the tip of the security iceberg. They could also have been deceived about the implementation itself. And even if they weren't deceived initially, a binary or web app could be intentionally updated with a malicious version. Does it count as "truly private" if you didn't compile it yourself?

> Of course I recognize that we're talking past each other at that point. Your concern seems to be users not realizing an escrow agent is present. To the extent they might have been deceived about the implementation I'd point out that "snuck in an escrow agent" is just the tip of the security iceberg. They could also have been deceived about the implementation itself. And even if they weren't deceived initially, a binary or web app could be intentionally updated with a malicious version. Does it count as "truly private" if you didn't compile it yourself?

All of these are good points, thanks for taking the time to respond! I think that to a certain degree this means that, for the average layperson and someone with more skills and knowledge, there are still a bunch of challenges and attack vectors to contend with.

It probably involves more of something in the category of OpenPGP (or just Signal, I guess) where you yourselves are in control of the keys, and less of counting on various web apps to do right by the users. That said, E2EE with escrow is still helpful against certain risks and is a net positive, even if I've seen a lot of that misunderstanding about what it actually does.

No problem! The more people conscious of this stuff the better off we all are in the long run.

Anything that you can either audit or compile yourself is generally a good bet. You might add Matrix, XMPP with OMEMO, Briar, and Cwtch to your list.

Proprietary stuff isn't an entirely bad deal though. If you assume they aren't blatantly fraudulent then presumably your data is better protected than it would have been without even an attempt at E2EE.

Same for key escrow schemes. Even if the agent was literally the NSA you'd still most likely be better off than the much more vulnerable alternative. The fewer entities with access and the more deliberate that access is the better.

> Key escrow and E2EE are fully compatible.

Wild to see someone on HN even entertain this idea.

It's literally the point of key escrow. My views on a given practice are entirely irrelevant to the definition of the relevant terminology.
With key escrow, by definition you can only implement end-to-many-ends encryption.
TIL group chats can't be considered E2EE. /s
Those would be end-to-end encrypted x how many recipients you intend for. Very different from (end-to-end-encrypted x how many recipients you intend for) + an arbitrary amount of recipients you don't intend for.
> an arbitrary amount

Presumably there are a finite number of escrow agents who are known to you. Worrying that they will pass your messages along to others is the same as worrying that the people you're chatting with do the same. It's always on you to assess the trustworthiness of the other parties; key escrow is no exception to that.

To be clear I'm not a fan of large scale key escrow schemes and am not going to willingly use one outside of a corporate setting. But lets have accurate use of terminology while discussing these things.

Surely a company with auditing requirements running their own key escrow would still be considered E2EE? If not E2EE then what would you suppose to call that and where would you draw the line?

> Worrying that they will pass your messages along to others is the same as worrying that the people you're chatting with do the same.

This makes absolutely _no sense_. If I do not trust my end user to not propagate the message I send them, then I will not send them that message. There is no need for a third party here to make that mistake. It _is_ that black and white. Adding another end user is compromising your promise on the secure communication you established. There is no workaround to that.

Similarly, if you do not trust a particular escrow agent then do not use that escrow agent.

I can imagine a likely objection. "But I'm forced to use this particular agent by [ tech company | employer | government ]!" I don't see how that's any different from needing to communicate with a particular person. If I need to communicate with someone and I don't trust them not to share things then I will (must!) compose my correspondence accordingly.

If the government is forcing this on you, well, what is the alternative? Is point to point encryption somehow better in that scenario? Either way they're getting copies of everything you write assuming that the service you're using abides by the law. With key escrow that snooping is more explicit and there are fewer unknowns for the end user.

Wild to think otherwise.
Glad to hear your alternative solutions! Though going by your comment history I doubt that will occur.
Manufacturers have lied about E2EE since the beginning. Some claim that having the key doesn't change that it's e2ee. Others claim that using https = e2ee, because it's encrypted from one end to the other, you see? (A recent example is Anker Eufy)

The point is that the dictionary definition of E2EE really doesn't matter. Being pedantic about it doesn't help. The only thing that matters is that the vendor describes what they call E2EE.

Google intends you and the government as recipients of data here.
Yes, but going by that, most messaging services advertised as "E2EE" are already not E2EE by default. You trust them to give you the correct public keys for peer users, unless you verify your peers in-person. Some like iMessage didn't even have that feature until recently.
Sure is - three ends - you, the intended recipient, and the government.
I expect this is what they are all doing tbh, although isnt google open source? should be checkable, if the binaries the distribute match the source... oh...

"a special key" afaik is where instead of using 2 large primes for a public key, it uses 1 large prime and the other is a factor of 2 biggish primes, where 1 of the biggish is known, knowing one of the factors lets you factor any public key with a not insignificant but still more compute than most people have access to.

UK has also invested in some serious compute that would appear dedicated to exactly this task.

basically if you dont have full control over the key generation mechansim and enc/dec mechansim it is relatively trivial for states to backdoor anything they want.

"…two different keys…. Your key, and a government key. I assume google does this."

With the present state of politics—lack of both government and corporate ethics, deception, availability of much fake news, etc.—there's no guarantee that you could be certain of the accuracy of any information about this no matter what its source or apparent authenticity.

I'd thus suggest it'd be foolhardy to assume that total privacy is assured on any of these services.

BTW, I don't have need of these E2E services and don't use them, nor would I ever use them intentionally to send encrypted information. That said, occasionally, I'll send a PDF or such to say a relative containing some personal info and to minimize it being skimmed off by all-and-sundry—data brokers, etc. I'll encrypt it, but I always do so on the assumption that government can read it (that's if it's bothered to do so).

Only fools ought to think otherwise. Clearly, those in the know who actually require unbreakable encryption use other systems that are able to be better audited. If I were ever in their position, then I'd still be suspicious and only out of sheer necessity/desperation would I send an absolute minimum of information.

Yes. There is no ability to know one way or the other if Google, and similar services retain a secondary way to access decryption key. In light of this the only option is to _assume_ they have the capability.

Given the carefully crafted way companies describe their encryption services, it seems more likely than not they have master keys of some sort.

That would definitely be a safe assumption, that Google can look into anything they own or is on what they own. It's not like they are strong privacy advocates or don't already cooperate with any state apparatus they see as profitable or to their benefit.
> I don’t care for encryption or need it

> encrypts a pdf sent to tech illiterate family members

(comment deleted)
From where did you get both 'care' and 'illiterate' — words that I never used?

Not only have you misquoted me, but also you've attempted to distort what I actually said by changing its inference.

> …there's no guarantee that you could be certain of the accuracy of any information about this no matter what its source or apparent authenticity.

In any case like this, the only thing you could truly trust would be the source code and even then you’d have to be on the lookout for backdoors, which would definitely be beyond my own capability to spot.

In other words, the best bet is to probably only use open source solutions that have been audited and have a good track record, wherever available. Not that there are that many options when it comes to mobile OSes, although at least there are some for file storage and encryption.

Obviously, that's the ideal course of action but I'd reckon that in practice those who would have both a good understanding of the code as well as the intricacies/strengths of encryption algorithms and who also have need to send encrypted messages is vanishing small—except perhaps for some well-known government agencies.
Just because something you do today is legal and not a cause for scrutiny does not mean the same will be true tomorrow.

We have seen this many times throughout history, where people like academics, researchers, teachers, people of particular faith, etc are targeted and each of them has some sort of “evidence” produced as to some sort of crime they have committed either in the present or past to justify their arrest.

The group who needs it today may be small, but having it on and secure by default for all is a far better protection than any justification that the current need is small.

I don't know the particulars, but in general, silence around a massive tech company on warrants does not mean "they said no and the feds decided to leave them alone"
Is the source code for every binary blob present on an Android device available for inspection, and is the code running on every Android device verifiable as having been built from that source?

> or through convictions

If they wanted to use this evidence for a normal criminal case, they would just do parallel construction.

Would it be possible that they feel that the revelation of this backdoor would be too big of a loss so that any of these theoretical cases of the past 7 years have used parallel construction to avoid revealing the encrypted data was viewed?
That’s a big and brittle conspiracy. You have to have little to no defectors. It’s not a stable equilibrium
A trivial method for circumventing code review is to simply push a targeted update of the firmware to devices subject to a government search order.

There are no practical end-user protections against this vector.

PS: I strongly suspect that at least a few public package distribution services are run by security agencies to enable this kind of attack. They can distribute clean packages 99.999% of the time, except for a handful of targeted servers in countries being spied upon. A good example is Chocolatey, which popped up out of nowhere, had no visible source of funding, no mention of their ownership structure anywhere, and was incorporated along with hundreds of other companies in a small building in the middle of nowhere. It just screams of being a CIA front, but obviously that's hard to prove.

> Chocolatey, which popped up out of nowhere

Chocolatey assuredly did not "pop up out of nowhere" - it was a labour of love from Rob Reynolds to make Windows even barely usable. It likely existed for years before you ever heard of it.

> had no visible source of funding

Rob was employed by Puppet Labs to develop it until he started the commercial entity which now backs it.

> a small building in the middle of nowhere.

As I recall, Rob lives in Topeka, Kansas. It follows that his business would be incorporated there, no?

There was no evidence of any of this on the website until recently (maybe 2 or 3 years ago?), and I did look at every page on there. Similarly, I searched on Google for a while and raised the question in more than a few forums. I dug through the business registration records, etc... and found none of the above.

Sure, now, they have staff photos and the actual names of people on their about page, but just a few years ago it was almost completely devoid of information: https://web.archive.org/web/20190906125729/https://chocolate...

Look at it from the perspective of a paranoid sysadmin half way around the world raising a quizzical eyebrow when random Reddit posts mention how convenient it is, but it's distributing binaries to servers with absolutely no obvious links back to any organisations, people, or even a legitimate looking business building.

The end user protection is to sign updates and publish the fingerprints. It should not be possible for one device to get a different binary than everyone else.
How exactly do you plan on implementing this as an end user?

Even if you somehow manage to ensure 100% consistency with other users for updates you manually “pull” from the vendor, the vendor could simply have your device automatically reach out and update itself with a stealth update.

Or everyone can get the same exact binary, but it has a hash code check on it that activates the evil bits only on your device.

Etc…

Telegram author claims this is the case [1]:

> They were curious to learn which open source libraries are integrated to the Telegram app. You know, on the client side," Durov said. "And they were trying to persuade him to use certain open source tools that he would then integrate into the Telegram code

[1] https://www.newsweek.com/telegram-tucker-carlson-government-...

They might have keys to everything in their kingdom, but only if you look through the right len$$

--

as one who helped build the total awareness apparatus, I dont care about my privacy, only as a defeatist.

The only weapon again is trancperency of the Entanglements (recall that term, about AI entanglements?) -- What is unclear, is, WRT to these current revealings /confirmations(DOGE, etc) -- Are these institutions being untangled and removed, or squeezed out of their territory?

(comment deleted)
> Wouldn't there have been be some evidence of that in the past 7 years, either through security research, or through convictions that hinged on information that was gotten from a supposedly E2E-protected backup?

I wouldn't count on it. The main way we'd know about it would be a whistleblower at Google, and whistleblowers are extremely rare. Evidence and court records that might expose a secret backdoor or that the government was getting data from Google that was supposed to be private could easily be kept hidden from the public by sealing it all away for "national security reasons" or by obscuring it though parallel construction.

People are incredibly bad at keeping secrets. And there are a LOT of people at Google. I don’t buy it.
That’s why Rule #1 of Security, is limit access; regardless of clearance.

Which explains why there’s all these security levels above “Top Secret,” which is really just a baseline.

Google can just borrow a certified encryption library elsewhere.
There were a lot of people working for the NSA besides snowden, but none of them blew the whistle even though some of the programs he exposed had been around for 12 years. There were a whole lot of people working at AT&T but employees weren't lining up to tell us about Room 641A (https://en.wikipedia.org/wiki/Room_641A) before Mark Klein. How did everyone else manage to be kept quiet? The details about MKUltra and the Manhattan Project were successfully kept a secret for decades before eventually being declassified.

It'd be a huge mistake to look at the instances where somebody did come forward and spill a secret and assume that it means secrets aren't possible to keep or that there are no secrets being kept right now. It's may not be easy to keep a secret, but governments and corporations are extremely well practiced and have many documented successes.

You have a point, but a major reason that the examples you cited above were kept secret was because knowledge about them was compartmentalized. As knowledge leaks, so does the possibility of whistleblowers. It’s an unstable equilibrium. My argument (which admittedly is based on an anecdata about how undisciplined large tech corporations are) is that it’s uniquely hard to keep secrets in modern tech companies because by design, knowledge is not compartmentalized. Modern large tech companies have replaced fiefdoms of knowledge with fiefdoms of operational expertise, if that makes sense.

Anyway, there have been hundreds, perhaps thousands of whistleblowers in the past and the examples you picked I think are representative of the upper bound, rather than the lower bound of the secret keeping capacity of organizations.

Until Yahoo! broke the news, did you know anything about Google’s involvement with PRISM?
It's worth noting that what the security services don't have access to is as secret as what they do have access to. According to the late Ross Anderson, for many years the police were unable to trace calls (or was it internet access?) on one of the major UK mobile networks, because it had been designed without that and in such a way that it was hard to retrofit. This was considered highly confidential, lest all the drug dealers etc switch to that network.
They are so used to bend reality that could easily call it e2e encryption even if the key was generated by Google or had a skew that made it vulnerable with some extra knowledge that they have or will have in the next sync.
My assumption is that the NSA does too.
This would mean no independent security researcher has ever taken a look at Google Drive's E2EE on Android. Or those that did missed the part where the key is uploaded.

It's possible to decrypt this network traffic and see if the key is sent. It may be obfuscated though.

Google didn't announce that they could no longer process geofence warrants because they no longer stored a copy of user location data on their servers until last October.

How much good does an encrypted device backup do when harvesting user data and storing it on your servers (to make ad sales more profitable) is your entire business model?

The linked article makes a lot of assumptions about the "Massive Digital Data Systems Program". It seems this program existed. For example, here is a 1996 paper [1] about research funded by the "Massive Digital Data Systems (MDDS) Program, through the Department of Defense."

But it's not clear that funding for early research into data warehousing (back when a terabyte was a lot of data) has anything to do with whether or not Google uses end-to-end encryption? Lots of research got funded through the Department of Defense.

Without having relevant evidence, this is just "let's assume X is true, therefore X is true."

[1] https://papers.rgrossman.com/proc-047.htm

I doubt it. Much to my annoyance they moved Google Maps Timeline from their database to an encrypted copy on my phone specifically so if law enforcement asks for the records of where you were at a given time and place they can say dunno, can't tell. If they had the keys it would wreck their legal strategy not to get hassled every time law enforcement are trying to track someone.
(comment deleted)
Could that be true and at the same time a 'vulnerability' exists that megacorp is party to?
Apple's ADP is not E2E for only its backups, it's E2E for _everything_ in iCloud Drive and a few other iCloud services.
Even more shocking that Germany - my country - leads the leaderboard with over ten times as much requests as the second place.
I don't really understand your comment to be honest. Section 3 of the Regulation of Regulatory Powers Act 2000 allows for compelled key disclosure (disclosure of the information sought instead of the key is also possible). Schedule 7 of the Counter-Terrorism Act allows 9 hour detention, questioning and device search at the border. With these powers it isn't necessary to get access to iCloud backups, as you can get the device and/or the data.

I don't think the e2e icloud backup is problematic under existing legislation / before the TCN. While you can't disclose the key because it lives in the secure enclave, you can disclose the information that is requested because you can log into your apple account and retrieve it. IANAL, but I believe this to be sufficient (and refusing would mean jail).

The Investigatory Powers Act allows for technical capability notices, and the TCN in this case says (as far as we know) "allow us a method to be able to get the contents of any iCloud backup that is protected by E2EE for any user worldwide". This means that there is no need to ask the target to disclose information and if implemented as asked, also means that any user worldwide could be a target of the order, even if they'd never been to the UK.

Relevant info:

- https://wiki.openrightsgroup.org/wiki/Regulation_of_Investig...

I imagine they want the ability to look at someone's iCloud backups without notifying the owner that they are doing so or they want to do it when the owner is unwilling or unable to provide keys.

For the latter, there are a lot of cases where jail isn't much a threat (e.g. the person is dead or not in the country).

Also given automatic iPhone backup it might contain information they want as part of an investigation that they'd otherwise have to demand key disclosure for (if cloud backup didn't exist)... Absolutely.

The jail time for failure to comply with key disclosure is 2 years unless it is national security, then it is 5. But if you're organised crime and facing who knows what for being a snitch it might be better simply to do the time.

I can see why they want it. I just don't understand why the person I'm replying to said the feature (I think) was problematic. Not really a criticism, I'm just struggling to identify the tone and why 'too right' and 'more problematic than they let on'.

"technical capability notice" under the Investigatory Powers Act (IPA)

Sounds a lot like the godawful "assistance and access" laws that were rushed through in Australia a couple of years ago, right down to the name of the secret instrument sent to the entity who gets forced into to building the intercept capability.

Now that Apple has caved once, I expect to see other providers strongarmed in the same way, as well as the same move tried in other countries.

What is going on in the UK? How do they stand for this?
When “misinformation” or “hate speech” are illegal, and the government decides what those are, you cannot risk complaining
Irrespective of political leanings, a lot of British people are saying this. They stand for it because they have to. It's a government that was voted in by a large margin only six months ago. Disquiet, if that's the word, is pretty much universal and I am not sure we've been quite in this position before. Keir Starmer's decline in approval ratings 'marks the most substantial post-election fall for any British prime minister in recent history'.

https://politicalpulse.net/uk-polls/keir-starmer-approval-ra...

This is a law enacted by the previous government.
Did Starmer run on this big brother type platform?
By a large margin with their seat count doubling off a 1.6% swing in their favour. The decline in approval ratings should have been entirely predictable to them.
Also, I wondered if by complying with British law that they may somehow be breaking laws of another country?

Hypothetically, if Apple just provide a back door to the data they have on US Senators for instance, then providing that information may be considered treason by the US.

That's a totally made up example, and I have no idea, but it seems like it's possibly an issue.

Which is all about the issues around data sovereignty I suppose!

That would not be treason, by a long shot.

Treason is the only crime defined in the constitution, and it is quite a high bar.

The king is a strict constitutionalist, who may disagree with you/ Pray he doesn’t.
> Treason is the only crime defined in the constitution, and it is quite a high bar.

Well, it's defined, or bounded above, in the constitution. It's not exactly a high bar:

> Treason against the United States, shall consist only in levying War against them, or in adhering to their Enemies, giving them Aid and Comfort.

So, if you happened to know Nicolas Maduro, thought he was looking stressed, and bought him some food, that would qualify as treason. There's no requirement that you act against the interests of the United States. The constitution will stop you from being prosecuted for treason for sleeping with Melania Trump. It won't stop you from being prosecuted for treason for completely spurious reasons.

Treason is a very heavy charge and as far as I know it applies more to individuals. Can a company be prosecuted for treason? I guess it depends on the country and I don't know US law well (never even visited there)

But I'm sure local laws conflict heavily between countries yes. I'm often wondering how multinationals manage to navigate this maze. This is why we have such a big legal department I guess :) And the company I work for is a pretty honest one, I've never seen any skullduggery going on with eg privacy or media manipulation. In fact employees are urged to report such things and I have to do a course on responsible behaviour yearly. Probably a result of being purely B2B. But anyway I digress, just wanted to say that getting away with stuff does not seem to be the reason for us having a big legal dept.

But just look at the laws of e.g. the EU and Iran. Pretty diametrically opposed on many topics. There's no way to satisfy them both.

I think what helps to make this happen is that most countries don't try to push their laws outside of their jurisdiction. Which the UK is trying to do here.

You have no laws when traveling through immigration. Thats true in US too. There was an article (trying to look for it could be arstechnica verge I dont remember where) once where a US citizen journalist was detained at the border for hours while traveling into the US and questioned. You can be in the immigration for hours or even decades until you give out what they demand which can involve your unlocked phone and password. There are no laws protecting you.
And now imagine for a second that the only thing the UK is doing here is getting the same direct access that the US (NSA) has already had for decades.
What I fund 'amusing' is the swap between Left vs Right.

'Back in the day' it was the "Right" that wanted have total access/total control over everything. So people turned a bit "left". Now the "Left" government is seeking totalitarian-style control ('because paedophiles/drugs/etc.).

As a reminder, both Right and Left extremes went from 'liberal/conservatives' to "we don't need elections ever again - trust me!".

I saw this happening in the US, in Saudi (e.g. Blackberry 'keys'). Now I see it in the UK. So I interpret this in two ways: 1) The "Left is the new Right" (or "Right is the new Left") 2) Left and Right are irrelevant terms when it comes down to "we need to exert control over people/knowledge/data/information/etc. And the 'guise' of Left/Right is just on the fiscal policies. So UK has been playing around with 'snooper charter' but at 'that' time Apple's encryption was not on the table.

Apple (I don't blame them - very much - just a little) does what a company does. Makes money. And they prefer to sell-out the data of their clients and keep their money, than lose that money.

So... yeah.. if your data is in someone else's server, that happens.

>> 'Back in the day' it was the "Right" that wanted have total access/total control over everything.

It was the Clinton administration that pushed for the Clipper chip.

Are you talking about a 'day' before that time?

If you go too far right or left, both types of authoritarianism are difficult to distinguish. I think this just makes the case that every election you need to be a swing voter, make sure your politicians still overlap with your ideals.

Apple today appear to be on the 'correct side of history', but even then you need to be swing consumer.

> One scenario would be somebody in an airport and security officials are searching your device under the Counter Terrorism Act

No, it's much broader than that. The UK is asking for a backdoor to your data and backups in the cloud, not on your device. Why bother with searching physical devices when they can just issue a secret subpoena to any account they want?

It's actually pretty amazing that Apple made ADP possible for the general public. This is the culmination of a major breakthrough in privacy architecture about ten years ago.

Traditionally you had to make a choice between end-to-end encryption and data recoverability. If you went with E2EE, it's only useful if you use a strong password, but if you forget it then Apple can't help you recover your account (no password reset possible). So that was totally unsuitable for precious memories like photos for the average user.

Apple's first attempt to make this feasible was a recovery key that you print out and stuff in a drawer somewhere. But you might lose this. The trusted contact feature is also not totally reliable either, because chances are it's your spouse and they might also lose their device at that same time as you (for example in a house fire).

So while recovery keys and trusted contacts help, the solution that really made the breakthrough for ADP was iCloud Keychain Backup. This thing is low-key so cool and kind of rips up the previous assumptions about E2EE.

iCloud Keychain Backup makes it possible to recover your data with a simple, weak 6 digit passcode that you are virtually guaranteed never to forget, yet you are also protected from brute force attacks on the server. It is specifically designed to work on "adversarial clouds" that are being actively attacked. This is... sort of not supposed to be possible in the traditional thinking. But they added something called hardware security modules to limit the number of guesses an attacker can make before it wipes your key.

And crucially it ensures you don't forget this passcode because it's your device passcode which the OS keeps in sync with the backup key. This is part of the reason your iPhone asks you to enter your passcode now and then even though your biometrics work just fine.

It is a true secret that only you know and can keep in your brain even when your house burns down and nobody (hopefully) can derive from something they can research about you. This didn't really exist for the general populace until smartphones came along. And that ultimately was the breakthrough that allowed for changing the conventional wisdom on E2EE.

iCloud Keychain Backup came out about a decade ago and it has taken this long to gradually test the feasibility of going 100% E2EE without significantly risking customer data loss. The UK is kind of panicking but when people see how well ADP protects their most personal data from breaches, I think they will demand it. It just wasn't practical before.

> No, it's much broader than that. The UK is asking for a backdoor to your data and backups in the cloud, not on your device. Why bother with searching physical devices when they can just issue a secret subpoena to any account they want?

My point was that there was already a clear chain in place that would give them access to the data of foreign nationals. It's not just a "UK problem", but actually the ramifications are further reaching.

Another thing to consider is that these cookie alerts on sites were for EU countries only, but ended up everywhere. If Apple were to comply, this cloud backdoor could end up in other countries too, with the keys sitting there ready for collection.

To make things more complex still, they would need to support dual/multi nationality. It probably ends up looking like a dual key E2E system where there is a unique key for the end-user and then a third party. Key revocation would likely be difficult, so it would likely be the cloud provided decrypting and re-encrypting the files per request, throwing E2E out the window entirely.

> What concerns me more is that Apple is the only company audibly making a stand.

Dropping the functionality for a particular market hardly equals to making a stand. Sure they haven't added a backdoor that would give all user's data access to UK icloud user's data so in the end UK residents didn't win anything.

And who knows if they simply have an agreement with US gov to have a backdoor only available to them and not the other govs.

For photos, it's probably best to use an open-source (also self-hostable) service like Ente. For files it's best to self-host Nextcloud or similar. And rely on other people's computers as little as possible. Sadly, operating systems are very complex and mostly composed of proprietary blobs nowadays so there is still a risk of it leaking data but people can still do at least something.
Your smartphone cannot be considered a private device. You as the owner don’t have sufficient control over its operating system and applications to ever make that claim.
In theory you have the likes of the PinePhone where you can run a full Linux kernel [1]. You could then use something like Waydroid to run Android apps [2].

I think the biggest concern is that many of the important apps are anti-emulation, for example banking apps and authentication apps.

[1] https://pine64.org/devices/pinephone_pro/

[2] https://waydro.id/

Ugh. Is this by App Store country? Anyone know what happens if I already have it configured? I’m actually in US App Store region and sometimes switch to UK… I wonder if that would disable it.
(comment deleted)
Could any hackers on here now please hack the fuck out of UK government ministers please?
I doubt it would play out like you think.