I don't think the UK government would try to put Apple out of business if they don't comply it's more likely that they would just get heavily fined until they do so.
The most likely outcome, I would guess, is that Apple just stop offering Advanced Data Protection as a service in the UK rather than create some kind of backdoor.
It's a weak proposition from the government because anyone with something to hide will just move it somewhere else with encryption. Honest UK consumers are the one's getting the shitty end of the stick because we're about to loose protection from criminals.
You're assuming that turning off ADP in the U.K. is sufficient to appease the British Government. The Investigatory Powers Act can also be interpreted to give the U.K. the right to ask for encrypted data from users outside of the U.K. (see Apple making this exact point in a filing here [1].) Turning off ADP in the U.K. doesn't end the controversy if that's what's at stake.
It creates a nasty precedent doesn't it? If Apple can provide the UK government with foreign data, what's to stop Russia or China making them provide data on UK minister's phones, or more likely dissidents in exile? I can't see on what basis the government thinks they're going to get to be exceptional here?
They might have to settle for it. The power of a government is not equal to what legislation they pass - they are heavily limited by the economic and publicity consequences of decisions.
As such, any outcome where this is enforced will be a compromise.
That’s probably the reason apple is resisting. They are currently certified as moderately trust worthy for government operations in Germany. Giving in would invalidate that.
Guess what? Trump will (hopefully) come to the rescue here. Don't laugh at that. I'd imagine he will be helpful possibly even with some of the EU rules such as in particular the one which makes even small US companies liable (as I recal) for notifying users of cookies on a website.
I will stop using a service or hardware that could grant peaking rights into my folders to a possible administration like the one currently in the US. On day 1, zero hesitation
What is up with the UK? I have always loved my British friends and appreciated England’s history (setting aside their brutality during the British Empire). I just don’t understand where they went wrong on curtailing free speech rights of their citizens, privacy rights, etc. I just hope we in the USA don’t follow their lead.
Democracies without free speech and privacy are not really democracies.
We're governed by the most technically inept people possible.
The Peter Principle writ large.
I'm pretty sure there was a story on here recently when UKGOV / GCHQ were recruiting for a 'senior something something tech/developer/code breaker', offering about the same as a typical entry-level graduate job.
Sell off ARM to foreign interests? Check.
Tell AI data centres where they must be built? Check.
Various inept age checking and backdoor access plans? Check.
The USA strongarming us after 9/11 didn't help. You don't have to look beyond the borders of the US to answer "what's up with the UK" when it comes to eg terrorism legislation
But yes historically we have been pretty brutal. Look up history the past 600 years. We didn't get a huge empire by asking nicely for their land and resources
> I just don’t understand where they went wrong on curtailing free speech rights of their citizens, privacy rights, etc.
Security establishment's innate desire to read and listen to absolutely everything. Blair/Bush's war on terror. Id card proposals. Smart phone use sky rockets. Supposed E2E comms. Hate speech. Something must be done! Right wing policies on pretty much everything cause more protest. Tories criminalise (*some types of) protest. Labour government raises TCN to Apple.
UK probably went wrong when they left the EU, which since then has done some work on data protection laws. Leaving the EU will probably turn out a mistake, but they could have, in some areas made it a positive thing. They could have made even stronger data protection and privacy laws for their citizen. They could have enforced them more than the EU enforces GDPR. These things do not happen because of uninformed and corrupt politicians. Trade is of course another area, where they could have tried to ensure, that they stick to EU quality and safety controls, to avoid lots of drama and headache. But it was difficult anyway, because if you stick to all things EU, then why leave in the first place? They would have to uphold standards and improve upon them, while being in a weaker position to negotiate with outside of EU partners.
> The most likely outcome, I would guess, is that Apple just stop offering Advanced Data Protection as a service in the UK
Agreed.
> Apple previously made its stance public when it formally opposed the UK government's power to issue Technical Capability Notices in testimony submitted in March 2024 and warned that it would withdraw security features from the UK market if forced to comply.
I feel like the UK always tries to do this w/ encryption. I don't know if it's a cultural sway GCHQ has on legislators and such but it happens w/ every generation of cryptography. Weren't they the one that neutered GSM encryption such that it was essentially ineffective from the get go?
You're assuming people's actual motivations match up with their stated motivations. If your motivation is to be re-elected to a government post by appearing to be tough on terrorism and drugs, every possible outcome of this course of action benefits you. Apple leaves? They were terrorist enablers and you're better off without them. Apple acquiesces? You're the David who took on Apple's goliath and won safety for everyone (again, regardless of whether this actually improves safety for anyone). Apple ignores you? You have an ongoing feud with Dangerous Big Tech that you can campaign and fundraise on for as long as it lasts.
The UK government can’t put Apple out of business; Apple can easily afford to simply exit all business in the UK. The UK is betting that Apple’s greed outweighs their principles. Long odds.
It's betting that the size of Apple's UK market is larger than the impact Apple's privacy marketing has on its worldwide market. Those odds aren't obvious to me
Curious about what would happen if Apple withdrew from the UK and locked all devices with a message saying 'Your device has been disabled following the decision of the UK government to introduce new laws which mean service can no longer be offered in the UK', or something similar. They could base it on GPS or detected MCC codes.
I wonder if you would get anarchist riots until the law was removed. Many of the young with an expensive bricked iPhone (or parents whose kid's iPad was disabled) would probably side with Apple over already unpopular politicians...
The UK is betting that Apple’s greed outweighs their principles. Long odds.
Three weeks ago, I would have agreed with you.
Then Tim Cook wrote a check for $1,000,000.00 to help pay for Donald Trump's inauguration party.†
In spite of what they led us to believe over the last couple of decades, Tim Cook and Apple are no different than any of the other tech companies genuflecting before the new emperor, whose stated goals are the opposite of the "mission, vision and values" lies we were fed by the tech industry.
Sounds like you're assuming that UK's goal is to stop criminals. I don't think that's their goal. I think that's their cover story.
As for Apple, their daily/hourly/whatever fines might be less than cost of a major ad campaign if they were to buy that publicity directly. Sounds like a good deal for them to refuse to honor the request.
A backdoor for one is an opportunity for many. Given the UK is completely incapable of outspending most of the world on compute, this effectively hands their enemies that data they’re looking for.
Yes, encryption is one of the most “cat’s out of the bag” situations - even assuming every company worldwide is cowed into submission by governments to add back doors, all they’re going to be catching is the dumb and unsophisticated criminals and even that will diminish as even the dummies realize every text and call is wiretapped once people start seeing their private communiques come out in court.
I suppose there are people in the camp advocating for back doors who still think it’s worth the tremendous downsides to be able to catch that group of criminals (there are certainly plenty of idiot criminals), but anybody can just use plain GPG emails for free, or deploy some open source encrypted chat server on a $20 a month cloud instance… and I assume operators in places like Russia or China won’t mind hosting easy services for less nerdy criminals willing to pay in crypto.
This appears to be majority of them if Brian Krebs is to be trusted. Very few have proper OPSEC, fewer still are disciplined enough to prevent cross contaminating their virtual identities.
Even if you keep your communications airtight, boneheaded decisions when they move the money from cyberspace into meatspace are quite common: people living way beyond their means, 22 y/o's buying $200K+ cars without proper income records get caught quickly once people start looking.
> The most likely outcome, I would guess, is that Apple just stop offering Advanced Data Protection as a service in the UK rather than create some kind of backdoor.
First, these are the same thing.
Second, ADP is already off by default so approximately nobody uses it. It is irrelevant from a privacy standpoint whether or not they offer it.
ADP is a relatively new thing. it makes sense to roll it out gradually both from engineering POV as well as marketing.
Further, as all other forms of e2ee, it makes you responsible for the encryption keys.
As a user on the platform I am quite happy it is offered. Considering that these days it is quite difficult not to have a mobile device associated with “you” (you open links sent to “you” on your mobile device? consider that device compromised from privacy perspective), id rather it be on the platform with stronger protections.
Apple should and can just sever its relationship with the British public and let them reap the consequences of submitting to their nanny state.
Although it's worth wondering why anyone would use any type of corporate cloud backup, anyway. Certainly if you had anything worth hiding, you would disable that first. That just makes this whole endeavor that much more dubious.
"It's a weak proposition from the government because anyone with something to hide will just move it somewhere else with encryption."
This. Whether it is an app to install on your phone or desktop or simply a website to use. People who need encryption to make sure their communication is private will _easily_ find ways around any kind of government snooping.
>I don't think the UK government would try to put Apple out of business if they don't comply it's more likely that they would just get heavily fined until they do so.
Sufficiently advanced "escalating fines until they comply" is indistinguishable from "putting them out of business".
I honestly don't even think we'd fine them real money, it would be too unfriendly to business. So what's this? I think political posturing or at worst the worlds weakest bargaining chip.
Maybe USG will now stand behind American companies and push back on this sort of thing? Enough of the EU or UK fining US companies over bullshit. In this case it's also better for the UK consumers too.
As long as Apple has a business presence in the UK, they are subject to the laws the UK imposes on them even if they're vastly overreaching and impose on other government's citizens. Not supporting cloud services wouldn't be sufficient to avoid the compliance requirement, they would have to formerly stop doing business in the UK.
Looking at the market size that might be a decision that Apple is willing to make as it would most likely be a temporary stick. The government can spin it anyway they want, but Apple devices do not work basically at all without the deep integration of their services. A geoblock would effectively mean UK citizens would be left with unusable devices and I can't see the resulting outrage being directed exclusively at Apple.
It'll be interesting to see how this plays out for sure.
I think this is the most solid answer I’ve seen so far that makes any sense. Could they still go through with it , I’m not sure, they want to project some influence but I still feel this is like haggling for half price to get cost.
Someone else here said something spot on for me, we’re all focusing on how bat sh*t this is because it’s global without even considering how human privacy obligations are just ignored.
Humans have a right to privacy, feels unbelievably pretentious and privileged to even say that. But it’s still true
> As long as Apple has a business presence in the UK, they are subject to the laws the UK imposes on them even if they're vastly overreaching and impose on other government's citizens.
I wonder if this means that Apple would ultimately take the same approach that they have in China, where the iCloud data and services are entirely localized within China and allows the Chinese government unrestricted access.
Apple still has legal entities in the UK. Pulling out cloud services would be insufficient to prevent the UK authorities from interfering with their activities.
> prevent the UK authorities from interfering with their activities
I'm still missing how this could be enforced ? To my layman understanding, this reads the same as if China said : "Meta, Tesla, Valve etc has entities in China therefore we get to see all data they store in the EU and the US.
The UK has Zero jurisdiction in Ireland for example where a lot of EU data may be stored.
More importantly, apple has customers in the UK. The business from captured apple users is more valuable than apple's privacy reputation.
This all seems very similar to RIM and the aftermath of the riots in the UK. The backdoors became too obvious for customers to ignore. Did not go well for RIM in the market afterwards.
I think it’s a cultural issue. The British have an inflated sense of national self worth as a result of being the world’s largest power during the British empire. While this has not been the case for some time now (since Suez in 1948? Longer?) the people still carry the memory and national myth of great importance. This is likely what drives a sense of entitlement that British demands should bypass the laws of every other country in the world and give them unfettered access to everyone’s data. Think about that, literally everyone who has an Apple device!
MI6 probably gutted the cybersec division. Probably don’t have many viable sploits in their cache against Apple.
I suppose this is _good_ but more competent and well funded groups out of Israel, Israeli military complex, Cyprus don’t need to “ask” for a back door.
> When asked by The Post whether any government had requested a backdoor, Google spokesman Ed Fernandez did not provide a direct answer but suggested none exist: "Google cannot access Android end-to-end encrypted backup data, even with a legal order," he stated.
No, that does not suggest none exists, it only says they don’t have access to it. They could have chosen or have been ordered to give the keys to the government agency but not keep one themselves. I’m not saying that’s likely, just that it’s important to not take these statements as saying more than they do. They wouldn’t hesitate to use “technically correct” as a defence and you have to take that into account.
Before people immediately think the worst of Google or other corporate representatives, be aware that people working in these companies need to weight their words carefully. From The Verge's article on the issue:
The UK has reportedly served Apple a document called a technical capability notice. It’s a criminal offense to even reveal that the government has made a demand. Similarly, if Apple did cede to the UK’s demands then it apparently would not be allowed to warn users that its encrypted service is no longer fully secure.
Which is exactly why I’m making this point. If no government had requested a backdoor, they could’ve simply answered “no”. When you have to weight your words, it means you’re not at liberty to say whatever you want. That is itself a signal, and why warrant canaries are a thing.
How does this work wrt false advertising laws? If I relied upon their end to end encryption and it turns out to be false advertising because there's a secret backdoor, who do I sue?
But they can still notify the public, through those canary statements. (I forgot the name commonly used).
For example (a simplistic one), you can have a statement like "we do not have any backdoors in our software" added to your legal documents (TOS, etc). But once a backdoor is added, you are compelled by your lawyers to remove that statement. So you aren't disclosing that you have added a backdoor. You're just updating your legal documents to make accurate claims.
> if Apple did cede to the UK’s demands then it apparently would not be allowed to warn users that its encrypted service is no longer fully secure.
One would think this runs afoul of other laws though, truth in advertising and similar.
Its such a legal minefield, and the UKs request borders on violating the sovereignty of other nations I can't see Apple complying, but maybe that's hopium talking.
> No, that does not suggest none exists, it only says they don’t have access to it. They could have chosen or have been ordered to give the keys to the government agency but not keep one themselves.
The whole definition of "end-to-end encrypted" is that only the two ends have the keys. If anyone or anything other than the two ends (the one sending and the one receiving) has access to the keys, it's not end-to-end encrypted.
Whatsapp has had end-to-end encryption since 2016. But it only added encryption to cloud backups in 2021. They didn't share any key material with Google, just backed up the messages and media without any encryption to begin with.
Yes exactly. Google is very careful to say that "Google cannot access Android end-to-end encrypted backup data" and notice it doesn't say that all Android backups are end-to-end encrypted. For what we know, Google could have decided to use non-end-to-end backups in the UK and end-to-end backups everywhere else.
But if they could give a key to the government agency, it wouldn't be end-to-end encrypted, right? Or are you thinking they would have a copy of users' keys that they gave out? (Which I guess is technically possible.)
They could also cripple user key-generation. E.g. they choose random primes from a known subset. It would make communication crackable while also being difficult to detect.
It would be no different from how multiple devices and users access the same content (chat, shared data, etc.). The government’s keys would always be included in set which encrypts the real key. They don’t need the users’ key, Apple doesn’t need their private keys. So technically still end to end encrypted, just with a hidden party involved. Users have no way of knowing this doesn’t already happen.
And when their key leaks, it’s as good as no encryption, but still end-to-end encrypted.
You can not use a DH key exchange, and create the symmetric key by some procedure that is predictable, or encode the symmetric key with the government's public key and send it to them.
It doesn't stop being end-to-end when you add another end. We often do group chats that way.
Or you can create a side-channel and send al the data there. That would stop it from being end-to-end.
My layman’s understanding is that a user’s private key is used to decrypt a random key, which is then used to protect data. Shared files then only require adding key access to that small secret by someone who knows the original key. If one of the original public keys is always one held by authorities, Google never needs to have custody of the private key and can’t access the data themselves making the statement true, but misleading.
Not surprised, considering UK's ridiculous key disclosure law (United Kingdom
The Regulation of Investigatory Powers Act 2000 (RIPA), Part III, activated by ministerial order in October 2007, requires persons to decrypt information and/or supply keys to government representatives to decrypt information without a court order.)
that makes anyone with high-entropy random data (which is undistinguishable from the crypto-container) a criminal for "not providing the keys to decrypt"
This is the way that the UK has passed laws for a while now, make them so broad that they potentially criminalise everyone, then selectively prosecute. This is a very obvious setup for future totalitarianism. I’m surprised that the British public stands for it, but I guess they must not care.
People here are very passive and used to being pulled around.
It's insane how far people's rights have eroded already. No right to protest, no right for privacy - what's next on the chopping block?
This is fuelled by notion that law enforcement is incompetent and doesn't work.
If law enforcement won't catch criminal even if you had them all the details, evidence, witnesses, then average person thinks there laws are dead anyway as there is no one competent to enforce them.
> I’m surprised that the British public stands for it, but I guess they must not care.
I can educate people but it always comes back to "I've not got anything to hide". What are we suppose to do, go out to the streets and protest? Start a petition, right to a PM who has no idea what encryption is?
Mentioning Linux to my family opens a can of worms. We are naive to think protesting actually changes something, it's old fashion. Those with power just don't care so unless people attack with their wallets nothing will come from.
It's not 1995 so unless you have £ for lobbying surrounded by people in suites there is nothing public of any nation can do against anyone in power.
Brit here. Yeah from my experience people don't care. Hardly anyone gets prosecuted and those who do have often done something bad.
Most day to day complaints are they don't prosecute enough, often related to the bastard that snatched your phone. We have approximately zero people sitting in jail for failing to decrypt and similar.
>This is a very obvious setup for future totalitarianism.
No it really isn't. If they are planning a totalitarian takeover they are being very sneaky about it. There is a strong anti totalitarianism tradition here including elections since 1265, writing books like 1984 and bombing nazis.
I've tried to explain the issues with the UK government's stance on digital privacy to my friends. The responses I get:
* I have nothing to hide, I don't care
* Oh come on, our government doesn't care what I'm up to
* The UK will never be totalitarian. I'm not scared of the government
* The UK civil service is incompetent and could never pull this off (fair point, although I worry about the safety of my personal data in the hands of such people)
Let's not forget we had a hard-left (Corbyn) socialist regime come close to power, whose cabinet members called for "direct action" against political opponents, just a few years ago.
I don't think people realise how quickly things could go wrong with these surveillance mechanisms in place, and spiteful, authoritarian politicians taking power.
It seems like perfect case to make multi-container encryption as default. That is different data will be revealed using different key and there is no way of knowing how many containers there are in the blob of data and not possible to prove someone is hiding a key.
Not if the state can access your super secret containers while you access them with your software. Because state backdoor either in hardware or in OS level
It's incumbent on the prosecution to prove that you know the key they are claiming you are withholding. It is a defence to say you forgot it, or that the data is random. The prosecution would have to prove that you didn't forget it and that the data is not random.
As mentioned in the article, Salt Typhoon and the recency of this request by the UK. At this point they should know better.
My pet theory is anytime the US wants to do something illegal under US law, they simply ask the UK to do it and vice versa. That's why Salt Typhoon isn't and never will be a lesson learned.
It's not a pet theory, it's exactly how the Five-Eyes system is meant to work. I remember when Total Information Awareness was announced and they even had a cool badge designed for the new govt department. It wasn't a popular idea.
It is a pet theory. It is illegal for the US to access its citizens' and residents' data without a warrant, and asking somebody else to do it doesn't magically make it legal.
Australia does a great job of enacting wacky authoritarian policies in the last 5 years; It would make sense to use them as a staging ground. Does any specific legislation come to mind?
This is so disheartening. I thought we were making progress in the anti-surveillance privacy narrative, but this says otherwise. As a UK citizen, is there anything I can do to dissuade this?
In my mind, the only way to beat these efforts for good is to win hearts and minds of the larger public. Currently because only weirdos like us care about this stuff, we have to constantly be on top of these things and writing letters making posts etc.
Overall i agree with you, it is really disheartening. That being said, i've made progress with my family on valuing privacy and the dangers of surveillance. I think people might be changing their minds slowly but still lots of work to do.
A breakthrough with my sisters was when abortion was threatened here in the states. Mentioned to them that it would be easy for authorities to enforce abortion punishments by subpoenaing data from menstruation cycle tracker apps. This kind of "clicked" for them and they became more open to the other parts (not given ratukan or whatever their purchase history, etc. etc.)
Thought experiment: let’s say that Trump said that he thinks Apple is helping hide illegal immigrants because they are communicating with each other over channels that ICE can’t decrypt, how much pressure do you think he could put on legislatures to pass a law here?
Now let’s say that some Republican Senators and Representatives were ethically opposed to but then threatened to be primaried and President Musk said he would throw all of his money behind a potential opponent, how long do you think it would take a law to be passed?
Even without a law, we already see that Cook will willingly bend a knee to Trump as will Google.
Right now in my home state the governor was trying to get a law passed banning Western Union from allowing illegal immigrants from sending money overseas.
> I thought we were making progress in the anti-surveillance privacy narrative, but this says otherwise.
I think we are perhaps the lowest point ever in terms of anti-surveillance efforts. There seems to be bipartisan effort among many (most?) western governments that the government should have unfettered access to all data, regardless of any reasonable expectation of privacy.
Encryption seems barely tolerated these days. Governments are insisting on backdoors, they are making it illegal in some cases for companies to even discuss what is going on or that monitoring is happening.
We barely know what is going on with the programs and efforts that get leaked to the media, much less the programs that operate in total secret.
> As a UK citizen, is there anything I can do to dissuade this?
If you voted for this Tory-lite government, then you can stop voting for any future Tory-lite governments. If you did not, there's not much you can do in practice without devoting your life to it.
Wait. The Tories aren’t in power yet you want to attribute this to “Tory-lite?” It’s the Labour Party that is in charge, so why not put the blame on the actual perpetrators? Is it because you don’t want Labour getting blamed? I am confused. The Labour Party is the one jailing people for speech, so it follows that they would want backdoors into iCloud so they can better investigate ThoughtCrime.
The director of public prosecutions of England and Wales, Stephen Parkinson (appointed by the Labour Attorney General), warned against "publishing or distributing material which is insulting or abusive which is intended to or likely to start racial hatred. So, if you retweet that, then you’re republishing that and then potentially you're committing that offense [incitement to racial hatred]."
He added further, "We do have dedicated police officers who are scouring social media. Their job is to look for this material, and then follow up with identification, arrests, and so forth."
If you agree that Brexit happened under the Tories and not Labour, then we can also agree that THIS order is happening under the newly elected "Labour Party" and not the "Tories", or so-called "Tory-lite" names.
It's completely pointless trying to remove accountability of this government's illogical actions and then to immediately resort to blaming the previous government for bad decisions like this one.
Just admit that this is under the Labour government.
The government is a reflection of the people. It might not be perfect, but if 80% of the country didn’t want this type of surveillance we wouldn’t see any government pushing it.
You have to change the view of the country as a whole, and for generations the U.K. has been a country of curtain twitchers.
Yeah know, at some point a historical review would suggest that the constant stream of labour led initiatives to end privacy might indicate that the problem is not just the tories.
> I thought we were making progress in the anti-surveillance privacy na[rra]tive
What lead to to believe that? The Conservatives and Conservative-Continuity governments both agree that our data simply must be in the hands of the police, DEFRA, and your local council.
RIPA will never be repealed and only strengthened.
I don't disagree with your analysis but i wouldn't be so fatalistic. This stuff _isn't_ inevitable and i think it's possible to win people over to our side. Things can change for the better, but they won't unless people who care don't give up
Probably helps if the next time they try to remove the rights of large segments of the populace based on medical choices, lock people down, track them and propose vaccine passports, that you realize where everything is headed and oppose it vocally.
It's always through the appearance of good intentions and a public that pushes for whatever narrative they're fed that they normalize this.
Let's start supporting parties that have principles.
And stop making excuses for parties that don't (i.e. Labour, Lib Dems and Conservatives).
At the moment, the UK public (and media) considers it a sport to disparage and smear parties like Reform, whose leaders want to shrink the power and over-reach of the state.
We are so concerned with appearing virtuous and internationally generous, we cannot be seen to align with a party that wants to put UK citizens first (border security? deporting dangerous criminals back to their home nation? gasp, how could we be so ghastly!)
This self-defeating attitude needs to change if we want a better future for our children.
> Let's start supporting parties that have principles.
The problem is that there are none.
The correct assessment of all these political parties is that by default, they all cannot be trusted. Especially both labour and the conservatives.
> This self-defeating attitude needs to change if we want a better future for our children.
Yes. The second problem is that the United Kingdom is incapable to changing itself historically and is fundamentally destined to never be open to change.
Sadly, the EU is trying very hard and very persistently to pass the Chat Control bill. So far the EU hasn't succeeded, but I would be surprised if EU politicians didn't keep trying until it is finally codified into law.
Successive UK governments consistently fail to understand the UK's place in the modern world. Insisting on access to encrypted data in all jurisdictions globally is just another example of them thinking small and acting big. Its the digital equivalent of sending a gunboat to put-down the troublesome "natives". Meanwhile its 2025, not 1925.
I'd like to think that we've reached the point now that there will be mass resistance to threats to privacy and freedom of speech in the UK, but Britons are such a docile, accepting, and pliant people when it comes to standing up to Big Brother.
Why now? I gave up on this at least 10 years ago. If you can't even get techy people to think about the ethical ramifications of encryption etc then it's a lost cause. What makes you think now it's different? They said it couldn't get much worse 10 years ago, as did they 20. Do you really think the UK population has a breaking point where they will suddenly understand privacy and why it's important?
The UK population generally wants to put their fingers in their ears and pretend everything is ok. Remember we're all descended from people who didn't go to the colonies to try to get a better life.
I looked them up and they are not terribly old but did Ancient and Modern History at Oxford - the guy who did the law and philosophy, politics and economics at Oxford - Home Secretary. I doubt they are very up on tech.
What are you talking about? I'm a german and the surveillance here is crazy. The EU is pushing for more surveillance.
I always love the left wing echo chambers like reddit/HN who pretend like the EU is some kind of utopia.
I was wondering whether this is about Advanced Data Protection, which encrypts almost all data end-to-end on iCloud. It’s only later in this report that it gets into this key detail:
> At issue is cloud storage that only the user, not Apple, can unlock. Apple started rolling out the option, which it calls Advanced Data Protection, in 2022.
Before stating this, the article says:
> Rather than break the security promises it made to its users everywhere, Apple is likely to stop offering encrypted storage in the U.K., the people said.
This means Apple would be prevented from providing Advanced Data Protection to users in the U.K.
Not making Advanced Data Protection available is made worse by this requirement:
> One of the people briefed on the situation, a consultant advising the United States on encryption matters, said Apple would be barred from warning its users that its most advanced encryption no longer provided full security.
Apple can appeal, but is forced to comply meanwhile (until the appeal is heard) anyway:
> Apple can appeal the U.K. capability notice to a secret technical panel, which would consider arguments about the expense of the requirement, and to a judge who would weigh whether the request was in proportion to the government’s needs. But the law does not permit Apple to delay complying during an appeal.
If they had some balls, they would just stop offering icloud altogether in the UK until they have appealed. Let's see how the judge feels when half the country can't access their files anymore and Apple points to this decision as the reason.
Not just most of the judges, but most of the MPs who voted on this. Let them eat their own cake.
I think they could do something like what Tik Tok did, by letting users know why they can no longer provide the service.
I would personally give Apple money to see them actually stand-up to this. What's probably more concerning is the number of companies not complaining about this at all.
Democracies around the world are increasingly looking to surveil and expose private data of their citizens, and introducing laws where simple act of defiance will become criminal.
I believe we should increasingly turn to steganography as a way to ensure our privacy (obviously, combined with encryption). Something that provides simple plausible deniability but lots of data to use as a carrying medium should become the default selection (like "personal videos" — a great use for our phone cameras to build an extensive collection), so even if "identified" as potential carrier for the data, it would be impossible to convict someone over it.
I can imagine a scheme where your secret passphrase defines what bits of data in a video to use to carry actual data and yet avoid changing the output too much. Obviously, coming with a non-reversible algorithm that takes into account different lossy video encoding schemes is non-trivial, though I am sure there is some (plenty?) prior art to build off of.
Clever technological tricks are not the solution to political problems.
"Plausible deniability" is cute, but in practice, who cares?
> impossible to convict someone over it.
Yeah, sure, tell me how well that works for you. "Your honor, the data is mathematically indistinguishable from random bytes so you can't convict me" -> "The witness saw you type in a password to view data from that image, give us the password or you're going to prison. Even if you don't give us the passphrase, the police officer says you might be using something called 'steganography', and that's already enough to convict you"
The court and legal system does not care about clever logical tricks or cryptographic tricks or any of that.
When you've been observed doing something (esp with evidence), "plausible deniability" falls through.
But when you haven't (eg. if you had your data that way in an Apple Cloud, and Apple was required to provide blanket access to everything), nobody can come and claim you've got there anything other than videos.
Obviously, a sufficiently motivated actor won't be stopped (see torture), but your data is not out in the open.
> Democracies around the world are increasingly looking to surveil and expose private data of their citizens, and introducing laws where simple act of defiance will become criminal.
Not only that, but also trying to ban platforms that don't follow their censorship guidelines (TikTok in the US, X under scrutiny in UE) and even voiding elections when the result is not good (Romania) under very slim technology-related pretense (somehow a few ads are deemed enough to cancel an election, but 24/7 oriented news from every established newspapers in another country like France is totally OK). It's becoming harder and harder to believe in said democracy when the methods are all but looking like the ones used in non-democracies.
> Democracies around the world are increasingly looking to surveil and expose private data of their citizens, and introducing laws where simple act of defiance will become criminal.
Yes. Democracies around the world are increasingly stopping being democracies.
> Something that provides simple plausible deniability but lots of data to use as a carrying medium should become the default selection (like "personal videos" — a great use for our phone cameras to build an extensive collection) [...]
No. I want all of my data end-to-end encrypted. In transit, at rest, everywhere and at all times. Privacy is a human right. Security of their citizens is what these governments vowed to protect. If they can't, these governments should be changed.
What I am suggesting is embedding encrypted data in innocent-looking files using steganography to avoid it being obvious you are using encryption in the first place.
This protects you even if we — as citizens — fail to stop governments from going rogue and forbidding encryption (some of us remember US export controls on strong encryption that was only lifted 2 decades or so ago).
For years, law enforcement pushed for encryption backdoors, arguing they were necessary to combat crime and terrorism.
In the US, after Salt Typhoon compromised telecom networks—including court-authorized wiretap systems—the FBI has now (somewhat reluctantly, I think) started advising government officials to use end-to-end encrypted apps like Signal and WhatsApp to protect themselves. [1]
I think the UK government is running a bit behind wrt Encryption.
> So much for personal liberties. I'd like to give Labour the benefit of the doubt and assume this is a holdover from the last government knowing how fast the civil service actually works but given the Tory 3.0 plan they are going with I wouldn't put it passed them.
>We didn't vote for this.
You very much did vote for this, you voted for Labour under Keir Starmer and he did not particularly hide his being tory-lite. If one is surprised by this they must not have paid any attention before voting.
quite why Labour deserve the benefit of the doubt on anything authoritarian I don't know
Labour was behind:
- forced key disclosure (Regulation of Investigatory Powers Act 2000), still in force
- 72 day detention without charge (Terrorism Act 2006), defeated before it became an Act
- national identity register and mandatory id cards (Identity Cards Act 2006), ripped up by the next Tory government
- various attempts at removal of ancient right to trial by jury (partially successful)
Its crazy how people still think one political party will be 'better' than another! I guess they must be young. After you have seen 10 or so government terms play out you soon learn.
The US is the only country with codified freedoms from the government. Every other country has rights given by the government to their citizens.
The US may suck every now and then, but the US constitution is one of the best things in human history. It protects us from governments like the UK that don't think they have any limits to control their citizens.
> and because the constitution hasn’t prevented state censorship in the US[2-4]
That the constitution hasn't been upheld to a perfect standard all the time doesn't mean it doesn't codify freedoms. Also, precisely what the standard is isn't universally agreed upon and changes over time.
The constitution is merely a few pages of paper produced by the founding fathers together with many more pages of paper produced by the Supreme Court.
Without men and women willing to stand by it and defend it, it is useless. And what we are seeing is that there are increasing number of people who have taken an oath to defend the constitution but have chosen not to do so.
History is full of cases where a well written constitution is ignored by the ruling government.
> The US is the only country with codified freedoms from the government.
No, its not. Plenty of other countries have written constitutions with codified rights against the government. Many of them are more explicit about how the conflict between explicit grants of power to the government and explicit rights of the people balance in conflict, which may make them seem superficially less strong; OTOH, the fact that the US Constitution has both unqualified grants of power and unqualified enumerated rights has led to that conflict being resolved by the courts, by...qualifying the rights based in large part on the grants of power.
> Every other country has rights given by the government to their citizens.
That's no more true of “every other country” than it is of the US. The Constitution itself is a deal negotiated between representatives of and ratified by state governments, so all of the rights it protects are, ipso facto, granted by government.
Indeed. It’s somewhat funny (and sad) how the average educated person simply denies this or says it doesn’t matter.
For example, in the Dutch constitution, freedom of speech, religion, privacy et cetera are all qualified “except as restricted by law.” [0] That is to say: if the government passes a law restricting your speech, religion or privacy, that will typically be Constitutionally acceptable. Meanwhile, in the US, the Constitution is absolute, to rather extreme ends. The Dutch constitution is of course rather obvious in its weaknesses, but there are other signs for other countries aside from the text itself. One good method is to take a look at the mechanisms of enforcement of the Constitution and measures of Constitutionality. For a good laugh: https://www.advocatie.nl/nieuws/rechter-mag-wetten-langs-de-...
[0] https://wetten.overheid.nl/BWBR0001840/2023-02-22 For example: “Ieder heeft, behoudens bij of krachtens de wet te stellen beperkingen, recht op onaantastbaarheid van zijn lichaam.” or “Everyone has, subject to restrictions under the law, the right to inviolability of his body.” Most other rights include such a provision.
How do you mean? Who upholds those codified freedoms? Many democratic countries have similar fundamental laws that are explicitly hard to change or bypass. In the end though all rules are either enforced by some authority or they are mere suggestions. The USA doesn’t seem like a special case to me?
> Many democratic countries have similar fundamental laws that are explicitly hard to change or bypass.
What exactly constitutes "hard to change"? In many countries, fundamental freedoms are regular legislation which can be overturned in the usual manner. Even a threshold of 2/3 or 3/4 to change is much easier to overcome than the federated constitutional amendment process in the US.
While the US does have a written Constitution that explicitly limits government power (notably in the Bill of Rights), many other countries also have codified documents or legal frameworks that protect citizens from government overreach.
For example, Germany's Basic Law (Grundgesetz) was created after World War II to ensure the protection of human rights, including freedoms of speech, assembly, and religion, among others. In Canada, the Charter of Rights and Freedoms is part of the Constitution Act of 1982 and guarantees a range of civil liberties. India's Constitution, too, contains an extensive list of fundamental rights that are designed to restrict arbitrary government action, such as the rights to equality, freedom of expression, and personal liberty. South Africa's Constitution is also highly regarded for its strong emphasis on human rights protections.
Even in the United Kingdom, where there is no single written constitution in the US sense, many rights are protected by statutes (such as the Human Rights Act 1998) and established common law principles that limit government power.
Many democracies enshrine rights in law, reflecting the widely accepted idea that such rights are inherent and must be protected against undue governmental interference, rather than merely being granted as privileges.
> In Canada, the Charter of Rights and Freedoms is part of the Constitution Act of 1982 and guarantees a range of civil liberties.
I would like to point out Section 1 of the Charter:
> 1. The Canadian Charter of Rights and Freedoms guarantees the rights and freedoms set out in it subject only to such reasonable limits prescribed by law as can be demonstrably justified in a free and democratic society.
There is a ton of complexity to determining whether or not Charter violations by the government will actually have any kind of consequential remedy for those whose rights have been violated. None of the rights or freedoms in it are strictly absolute and there's legislation that infringes on many of them with those infringements held as "reasonable" by the courts.
Well didn’t Snowden reveal that is a bit of a stretch in what actually happens?
Don’t the 5 eyes just just look over each other citizens and report to each other?
The constitution only protects up until a national security threat and then ignored is it not?
Still I think the US is an amazing country with some of the strongest protections from the government. I just don’t think it is as rock hard as you believe.
You are missing the most important part: a culture in which these kinds od overreach are not tolerated. For sure resistance has waned over time, but it is still strong. The constitution is merely a piece of paper if people are not willing to defend their rights.
>the US constitution is one of the best things in human history. It protects us from governments like the UK that don't think they have any limits to control their citizens.
The next 4 years will certainly prove or disprove this statement!
The US Constitution also guarantees birthright citizenship, but that doesn't mean the government will actually respect that right. The US Constitution only holds as long as people are willing to defend it.
That amendment has never been tested in the grounds that the Trump administration is.
It certainly wasn’t intended for the currently used purpose and will very much come down to “and subject to the jurisdiction thereof,” which anyone short of the best legal scholars in our country aren’t qualified to speak to.
Erm, a nationwide injunction was already made against that part of the executive order by a federal judge. You're the second person today I've seen try to imply that we're in a dictatorship because of that executive order. Whoever is spreading that misinformation should be fact-checked!
Further proof against the idea that we live in "democracies", if anyone still believes that. We're at the hands of petty tyrants. Modern societies are surveillance hellholes, and it seems to only get worse and worse. So much for "progress".
I think Technofeudalism, as Yanis Varoufakis put it, creates inverted totalitarianism where people are controlled not directly by government with guns but with corporations with access control and moderation power over apps that form the majority of the public commons, personal, and work lives. To resist this subjugation, individuals, municipalities, and groups, large and small, need to build their castles on the bedrock of non-profit co-op services in countries with strong privacy safeguards rather than on the uncertain sands of corporate shores where they will be swept away by the next wave. It's expensive, it's starting from scratch it many cases, and not going to be as immediately polished as corporate offerings, but the socioeconomic and human capital won't be as easily destroyed, manipulated, or raided by police or corporate whims.
I think this is unnecessarily defeatist. The UK is still a well functioning democracy. Using scare quotes around proper democracy just blurs the line to authoritarians and dictators.
We elect our politicians. We demand they stop serious crime and terrorism. When they have bad ideas about how to do that, we let them know that it's a bad idea. Or we don't elect them again. This works.
"We elect our politicians. …When they have bad ideas about how to do that, we let them know that it's a bad idea. Or we don't elect them again. This works."
Think so? Perhaps on the surface. Think Yes Minister and Sir Humphrey. No matter how well meaning politicians are they'll be screwed rotten by determined public sector employees and then they'll be finished off by powerful corporate interests, citizens haven't a chance.
What's more you the citizen will likely be the last to know about it. Yes, outwardly all will seem normal as that's the plan but it's only a chimera—appearance is everything. Those in control learned that trick from Vespasian, it has a long lineage of working well.
Can't you see the Investigatory Powers Act wasn't dreamt up by politicans but by nameless but very powerful gnomes in GCHQ, MI6, etc., etc? For starters, politicians wouldn't have had the brains to concoct an Orwellian act on a scale like that on their own. (I've spent too long working in government bureaucracies to know how it works.)
Tragically, democracy, these days, is essentially dead. On the surface it appears alive and functioning and the citizenry still thinks it has say, but in reality it's actually like a cockroach that's been parsitized by a wasp—it's 'alive' in appearance only.
And yet you have a lengthy accumulation of the aforementioned bad ideas.
Perhaps because in your FPTP electoral system, you have few avenues to actually "let them know that it's a bad idea". I mean, supposing you don't like this particular law - which party would you vote for to send the signal?
People vote like their dad or what the paper (Murdoch) tells them. If you are lucky to have a thinking voter they only get to choose 1 or 2 issues. Maybe they want lower income tax more than something something privacy.
People won't vote against their interests? "Latinos for Trump" etc. Says otherwise. Brexit people getting kicked out of Spain etc.
I think you'll find that the majority of UK's citizens believe its government should be able to access data with a warrant. Whether the dēmos agree with your particular values is another matter, but this is not obviously undemocratic, unlike royal assent.
If a company starts hosting backups for millions of users across the world, the become a natural target of such court orders.
The only way to prevent this is to avoid this huge, massive, centralisation. Of course, Apple wouldn’t want this.
If we had lots of smaller scale hosting providers around the world (potentially dozens per country), the scope of attacking each one with such an order is much smaller.
"The USA fought a war in part because they did not like the use of general writs of assistance to allow agents of the British King to search peoples houses and papers where their suspicion chanced to fall. The UK lost that war so no way!"
Not the strongest argument these days. There's no way that the US hasn't already backdoored apple's systems. They might not be sharing that access with your local law enforcement agencies, but you can bet that the NSA has a backdoor. They've likely set up camp inside Apple. (see https://en.wikipedia.org/wiki/Room_641A). It seems the US lost the war to stop kings from spying too.
The UK government drops the ball on just about every matter the public care about, but when it comes to overreaching digital surveillance, they're absolutely obsessed.
I feel Apple is one of the few companies that has the market power to say, Fuck you, we will just not sell or offer any services in your market, and I suspect that would be enough for voters to knock some sense into their government.
The writing is on the wall for the UK, has been for long, and the Labour government is going out of the way to ensure there can never be any reform, even if they have no mandate. There is one way they want to go, and they will drag their population along kicking and screaming. Anyone who can should get out.
Presumably the US government will have no compunction in using this to view US citizens private materials under UK government access rights, irrespective of US privacy law.
They'll share the data on US citizens with their US counterparts. Thats what the US and Australia do. That way govt's can claim they dont spy on their citizens. Their allies do it for them.
"Stupid is as stupid does...",
this is the same Home Office Minister, Yvette Cooper (Flipper) that says pointy kitchen knives and Amazon orders are the reason for knife crime epidemic in the UK.
Next up x.com banned from the UK.
The government did get more than third of the votes. So this is the choice of democratically elected government and the voters and as such should be followed.
This sort of policy comes from the Home Office regardless of who gets elected. The spooks always want everything.
You could probably make an ECHR argument about it, but even Germany who are most paranoid about Stasi-like behavior have some sort of rights carveout for law enforcement purposes.
Germany hasn't imposed any similar ban on end-to-end encryption without a law enforcement backdoor. My configured iPhone region, configured Apple ID region, and physical location are all in Germany right now, and I was able to enable Apple's Advanced Data Protection here without a problem.
Yes, German law enforcement does have a rights carveout, but not nearly as big of one as in the UK (or the US).
Yes. Unfortunately those who thought a Labour government would be any less likely to deploy surveillance law than the Conservatives clearly do not have a very long memory. A pervasive obsession with snooping and controlling people's private affairs is one thing the two parties are quite united on
Of course, the U.K. is rather famously not a republic, but rather a democratic monarchy. Now, if only the King would do his job and refuse assent to the Parliament when it does something wrong.
Just make TimeCapsule for iOS and iPadOS. With option to store it fully encrypted in AWS cold storage as Apple subscription. I want my data to stay at home.
Given recent polling, we have to assume that what is MI5's today will be Reform's tomorrow. We have to ask what our government and judiciary are doing putting our privacy in the hands of the far-right.
I never understood this kinds of arguments... both sides want to read your private data, but it's bad if 'the other side' does it? It's your current MI5/government that wants access to apples data.
My interpretation is that it is an argument against trust in authority in privacy discussions.
A: Privacy matters!
B: Why should you care if you have nothing to hide?
A: If you have nothing to hide, then give me the password to your Facebook.
B: I don't trust you with that, but I trust my governments and relevant authorities.
The point is that B's faith in authority is flawed as the "powers that be" are an eternally shifting target. By agreeing to government surveillance, you place trust in every subsequent government, even the ones you would rather not.
One side wants to purge large parts of the population and the other one doesn't. Yes, all parties can abuse data, but their policies do actually matter.
If there were a way to magically ensure that only the good guys had access to the information, I'd be way less concerned about these measures. (There are only a few things that I care about being secret for the sake of secrecy, and I can easily keep those off of computers.)
Every encryption backdoor is a huge vulnerability. Even if we somehow ensure that the powers-that-be remain entirely trustworthy (something that, historically, we can't even manage for a century), they're not the only people who'll have access to the backdoor. It's not possible to make an encryption backdoor that only authorised parties can use: as they say, the laws of mathematics do not respect the laws of Australia.
I see from your history you may have knee jerked this one. I am referencing the far-right Reform party's current polling success and how this may be reflected in our government in the future.
Yeah, this is likely not intended to catch the most sophisticated of hackers, but your average drug dealer / murderer / thief / paedophile.
I don't know where the belief that all criminals are tech experts comes from; the popularity of cool-looking "encrypted" phones as opposed to actually encrypted apps like Signal should have long dispelled that myth.
I'd argue that the opposite is probably true, people who think that crime pays are less smart and more impulsive than the average person, and hence less likely to think about things like this.
I don't know to what extent this is true. A lot of criminals strike me as good at chopping off fingers etc but not computer stuff.
There absolutely is a balance between Average Joe's right to privacy and privacy restrictions for fighting crime. Without undermining the former, I'm astounded how HN discounts the latter 100%. It is real.
I disagree. There should no compromise on my privacy ever. We are not (yet) in a dictatorship and I’m not a criminal. Why should I suffer because governments are incompetent?
That's true at a point in time, but bad guys start out as clueless noobs with poor opsec. The Silk Road guy, for example, was identified by forum posts he made before becoming a drug lord. The sort of people who become radicalized through online videos aren't using strong crypto until after they've committed to becoming terrorists. So a database of texts going back several years is quite useful in catching actual bad guys.
Which is not to say I approve of more surveillance. Just that surveillance of convenient modes of communication (iMessage) is useful to serious crime fighting.
It's baffling to me that any sane, healthy person would advocate for invasion of not just one person's privacy (in the case of known or highly suspected criminal activity), but a whole country's people's privacy. (In this case, at least, the privacy of all Apple users in the UK.)
Where does this problem start? Is it a basic education thing that valuing one's own and others' privacy needs to be taught to kids from a young age?
For instance, in the meetings in which these ideas are proposed, why are they not considered a serious, fireable offence, like bringing up racist or sexist comments?
I very much agree. I think to many people the preference for safety/security over privacy is just very tilted toward the former. That especially becomes true once there is some incident that triggers people's amygdalas, like a terrorist attack or even petty crime. Nothing makes "privacy" seem stupid like getting assaulted or otherwise victimized. Although I'm heavily skewed toward the "privacy" end of the spectrum, I do understand people's need and desire for safety above privacy/freedom. I wish they would recognize when they're decision-making is being driven by emotion rather than logic, but alas we can't change humanity.
It baffles me how you seem to think intelligence agencies have some sort of morals or sense of duty to their citizens. These organisations are set up with the sole purpose of spying on all people. They have done it for decades and have done it in some fantasticly dispicable ways. So no, asking a corporation for data on their customers is probably is probably a relatively weak action for them to pull on the grand scheme of things.
Sure, but something like this isn't limited to just the spy agencies. They don't have the authority to do something like this on their own. Therefore there must be some buy-in from people outside the intelligence communities such as MPs, members of Congress (in US), etc. Those are the groups I think GP's comment deserves an answer to.
I totally get the spy agencies' "moral flexibility" requirements, as I've heard it put.
From what I understand, the spy agencies have ways of obtaining your private information that don't necessarily involve blanket requirements to access all users' data (e.g. creative ways of injecting malware into specific people's devices). But those approaches don't scale, of course. And they shouldn't need to.
Intelligence agencies may have their own definitions of morality, but they do not exist outside of the law, which is supposed to be the output of a democratic process.
> For instance, in the meetings in which these ideas are proposed, why are they not considered a serious, fireable offence, like bringing up racist or sexist comments?
Hate to tell ya, those aren't fireable offenses at the highest offices anymore either.
Thats what Five Eyes does and always has done. It asks other countries for info on their own citizens so that they do not have to break their own laws in accessing their data directly.
Suffice to say, they don't even have to backdoor the encryption to give the UK what they want. iOS users are like fish in a barrel, if you force some insecure paradigm on them they can either adopt it or leave.
It will be interesting to see if Apple will follow up on comments they made when this change was first floated, and remove effected services from the UK.
> Apple says it will remove services such as FaceTime and iMessage from the UK rather than weaken security if new proposals are made law and acted upon.
My gf doesn't have iCloud. She makes a backup from time to time by connecting her iphone to her macbook, encrypts the backup folder with 7z, and then I store the resulting file in my dropbox.
I follow the same procedure with my Android phone, no google cloud.
BTW anything I upload to Dropbox is encrypted first.
In case you don't already know, if you don't encrypt an iPhone backup with macOS first the backup won't contain _all_ of your data.
Apple says "Encrypted backups can include information that unencrypted backups don't" however the list they give is non-exhaustive. You might find yourself disappointed when trying to restore a non-encrypted backup that you've encrypted yourself in a disaster scenario.
Apple basically already has this built into macos - you can create an encrypted disk image and mount it to access the files. I'm not sure if it is possible to open these on ios.
Right, after all the docs leaked by Snowden et al? After it has been shown time and time again that Apple give any customer data to the US government that they ask for? Trump as your president?! Thats right, the UK is the creepy nanny state!
Where is my iCloud data stored? If I visit China, is a copy stored there? If my phone is from China, but i live in the USA, where is my iCloud data? Is it replicated globally? I once asked in an Apple store, but no-one knew the answer
Where your data is stored depends on the country set in your Apple Account. In your scenario your data will never be stored in China but I don't know if your USA-based account data is replicated in the EU, though.
don't know why the downvote, this is a genuine question. If i bought my iPhone on holiday in Vietnam and created my iCloud account there, but live in France, where is my iCloud?
It'd be nice to not have to have this fight every 3-5 years but privacy is antithetical to the role of the security services so they're never going to give it up.
I’m so ashamed to be a U.K. citizen and to have both legacy parties (Tories and Labour) staunchly supporting these horrendous breaches of privacy.
We have had a number of bad laws over the last ten years that have entrenched state surveillance and presumption of guilt.
The only party I can see taking a principled stance on civil liberties is Reform UK, whose policy document states:
> A British Bill of Rights
> Our freedoms must be codified and guaranteed. Never again can our entire country be locked down on shoddy evidence and lies. Our data and privacy must be protected. Surveillance of the public must be limited and those monitoring us held to account.
In the past the Lib Dems were quite good at standing up for privacy and liberties when Lab and Con were both agreeing on more intrusion, but I'm not sure if that's still the case
Lib Dems did vote against the Investigatory Powers Bill (2016), and Nick Clegg blocked the original Snoopers Charter (Draft Communications Data Bill). So they have good form on this.
However, since 2016 the party almost exclusively shifted focus to opposing Brexit... which is ironic for a party that describes itself as "Liberal Democrats," trying to overthrow a public referendum (the strongest form of democracy)
Reform UK believe that the detrimental side effects of lockdown policy outweighed the benefits of lockdown policy (again, there's evidence to support this view)
"While this meta-analysis concludes that lockdowns have had little to no public health effects, they have imposed enormous economic and social costs where they have been adopted. In consequence, lockdown policies are ill-founded and should be rejected as a pandemic policy instrument."
We need more voices that are willing to state these truths in Parliament IMO.
Yes - Reform UK is a far right populist party. They currently have 5 out of 650 MPs and are steadily gaining popularity - similar to the rise of other parties like AfD across Europe.
The only way to get one over on the NCA is to irretreivably delete the data they want. As long as it exists, they will extort you and your family uitil you give them the keys.
Love swinging through here to collect the latest crop of:
- that’s silly
- they can’t do that legally
- this makes no technical sense
- this is a bad idea
- this will never happen
The entire globe becomes Xi Jinpeng’s China with American Characteristics after the iCloud encryption system is neutered and a court warrant is no longer needed.
See also "U.K. orders Apple to let it spy on users’ encrypted accounts":
> The law, known by critics as the Snoopers’ Charter, makes it a criminal offense to reveal that the government has even made such a demand. An Apple spokesman declined to comment.
> The Investigatory Powers Act 2016 (c. 25) (nicknamed the Snoopers' Charter)[1] is an Act of the Parliament of the United Kingdom which received royal assent on 29 November 2016.[2][3] Its different parts came into force on various dates from 30 December 2016.[4] The Act comprehensively sets out and in limited respects expands the electronic surveillance powers of the British intelligence agencies and police.[4] It also claims to improve the safeguards on the exercise of those powers.[5]
See also "U.K. orders Apple to let it spy on users’ encrypted accounts"
Not just "see also." Your link is the original reporting.
Without journalists and organizations like these doing hard, expensive work like this no one -- not even on HN -- would know about it.
It's a shame that the link being used for the HN entry is to a blog re-writing other people's work, and not doing any of that work or sharing any of that expense themselves.
The extraterritorial effect of the law is profoundly troubling, especially the prohibition on revealing the existence of the Technical Capability Notice. However, Apple would almost certainly be subject to lawsuits in the US and EU if it secretly added a backdoor to iCloud Advanced Data Protection, because doing so would violate their privacy policy and would likely give rise to fraud claims. They could kill iCloud Advanced Data Protection entirely, or they could add a backdoor and say there is a backdoor, but they could not, without being exposed to liability, secretly add a backdoor while simultaneously claiming that the data is end-to-end encrypted and nobody other than the user can access the data.
Considering that the only tool that humans have to manage AI is the mathematical guarantee of both practically unbreakable and even theoretically unbreakable encryption maths alongside the inherent safety of an ecosystem of human enslaved AIs (or whatever nicer way there is to say that), then this is by default the most dangerous worst possible action a government could initiate towards destroying AI safety at both an individual and "ecosystem"-wide level.
This is not my opinion, this is just logic.
My opinion on this is that these people are f***g retarded.
I'm in the UK pretty much only use iMessage/Snapchat.
I had a look at the stats though and you're probably correct about WhatsApp being default, although we do have a surprisingly diverse and competitive messenger market:
Surprising that UK specifically demanded a worldwide backdoor, not just backdoor for UK citizens. Looks like a good workaround for this US gov to get info on Americans via 5 eyes.
Apple have about 50% of the UK handset market. It's 80m terminals so that's 40m x their estimated profit of $500 per phone, so $20b (sure, currency, tax, you name it)
Does Apple lose much, in future revenue if people buy out of the ecology in the UK market? At scale, sure. But then again no. It's a 3.8 trillion dollar company. This is almost noise.
I don't think there will be a rush to the door. Set against overall revenue targets, they can comply and weather the storm.
There is so much utterly cynical LARPing in that article. Apple was one of the earliest members to join PRISM. [1] And given the nature of the 5-eyes surveillance [2], The British government almost certainly already has access to 'encrypted' accounts from Apple. The difference is that that access is probably not lawful, which means they need to engage in parallel construction as is already regularly done in the US [3] if/when using it in court cases. All this change would likely do is enable them to use the data directly.
I felt an obligation to excessively site stuff here, because I find it bemusing anybody in tech can take such articles or topics at face value.
If Apple can be compelled to keep shut about Push Notifications being bugged, who knows what else they're obligated to keep under the covers. Caveat emptor.
They overtly and actively lied about participation in PRISM, as did all companies involved (Google, Microsoft, YouTube, Facebook, etc) because they were legally obligated to lie about participation in it. It's all just so unbelievably fake and stupid. I suspect the main reason there's minimal to no anti-trust in big tech is because it's largely just become a branch of the US intelligence services.
In some way I find the Chinese system preferable in that they're completely transparent about spying and domineering the companies within the country. The only difference in the US is we actively lie about and engage in all this utterly ridiculous LARPing that makes anybody with half a head on their shoulder just despise every player involved.
About the time a country has secret courts and is forcing private entities to lie to others publicly, something has gone very wrong with the direction of the country.
The complete lack of any kind of technological understanding by the people in power of most major governments is a huge existential risk. Thankfully businesses like Apple are completely staked on privacy, but Apple is actually big enough to give a middle finger to the UK. Other companies might not be able to.
Apple is a hypocrite. They already were a huge partner to NSA's PRISM and China's surveillance programs. Their privacy marketing is solely because they could not tolerate profits made by Google and Meta. Now they also want to become ad company.
Even if you ignore the above points, Apple's software is closed source. You cannot change OS or install any unapproved app on your own phone. Apple phones are Orwellian's wet dream. If people still trust bigtech then society is doomed.
> businesses like Apple are completely staked on privacy
This is completely false. It has been shown time and time again that Apple will bend to whatever data requests the US government ask for.
You may think they care about your privacy, because they tell you they do. But they are legally bound to say that. Every surveilance program they have ever been part of has had a legal requirement to lie publicly about its existance. Then when it becomes public through a leak, they are able to say 'Sorry we lied, we had to by law'.
Apple frequently acquiesces to privacy-diminishing demands from demonstrably unnecessary markets like China and Russia. They are also card-holding members of PRISM and admit to being part of warrantless surveillance efforts[0] in America.
If you're holding out on Apple, a company that has proven to betray every principle they claim to stand for, to defend privacy when money is on the line, then you've been fooled. I don't know how many times Hacker News has to say it before you chumps learn, but Apple is not a privacy-committed company. Being able to point at whitepapers is not the same as knowing how your device functions.
PRISM, blocking of apps in china, giving over that data to the CCP. I believe they did similar in Russia. The FBI hackings and Pegasus stuff (Although, this is more like bad security)
I should emphasize that 'I personally don't care'. I find it more interesting that people believe there is some safety in Apple products because their marketing says so.
When I was younger, I used to care about these people getting taken advantage of. Today, I wonder how I can replicate the formula. Sorry pals, Apple did it and people were happy about it. I'll make people happy too, its a Noble lie... err Paternal lie :)
This is fucked, TBH, i would be happier if Apple jus pulled every single aspect of their business out of the UK rather than comply with this, I don't want to get some shitty android phone, I don't care what anyone says, theu are just not as good.
This kind of thing makes me furious. I know there’s the EFF but what can someone concerned with privacy advocacy do in the face of these kinds of things? Are there orgs and political movements that are out there already? Privacy is a human right. IMO it’s one of the big issues of our time.
Surely any moderately sophisticated group of criminals can simply create there own end to end encryption apps. So even if the UK, or other governments, get there own way they will only et to see the content related to the less competent criminals. Perhaps it's still worth it to some.
> After the Dutch and Canadian police compromised their server in 2016, EncroChat turned into a popular alternative among criminals for its security-oriented services in 2017–2018. The founders and owners of EncroChat are not known. According to Dutch journalist Jan Meeus, a Dutch organized crime gang was involved and financed the developers.
You cannot acknowledge the existence of a request by the UK. You cannot tell users you implemented the proposed system. And you must do all of this to citizens who have no representation in your system, without the consent of their governments.
It all begs the question, what else have they requested, and of those which requests were accepted secretly?
There is only one way to respond to this. You just do not comply with this. If you are Apple you withdraw from the UK completely if necessary. But a better option is probably to just take the punishment for not complying while you appeal. The cost will be large regardless. But the reputational damage if Apple complies seems it will be larger than both the fine for noncompliance or the cost of losing all business in a large market like the UK.
I think Apple has a very short window for a powerful response here. It should be re-using the famous Pirate Bay wording for maximum effect.
> You just do not comply with this. If you are Apple you withdraw from the UK completely if necessary
But Apple has a massive history of complying with government data requests all over the world. They care not for user privacy one bit, and so this request is not that unusual for them.
Funny that the government does not need to order people to divulge their private communications.
It can just order to a third party do so. Wait, why does a third party have access to peoples' private communications. That is the Apple design. The company wants people to use their servers.
> iCloud Backup is not end to end encrypted. iCloud Photos is not end to end encrypted.
DO NOT SPREAD FUD.
If you could be bothered to spend two microseconds on a search engine, you would find this[1] which states IN THE FIRST PARAGRAPH :
For users who turn on Advanced Data Protection, the total number of data categories protected using end-to-end encryption rises from 14 to 23 and includes iCloud Backup, Photos, Notes and more.
Approximately nobody has turned on advanced data protection.
When you go to an Apple store and buy and use an iPhone, as millions do, you are prompted to create an Apple Account and log in. iCloud and iCloud Backup are automatically and silently enabled. The device automatically runs non-e2ee backups nightly.
This is how almost every iPhone on Earth runs. Most people don’t even know the feature exists. Even amongst techies that know about it, almost nobody has it enabled.
That is what remains when a government grows to incompetent, the fear of the citizen, who sure is planning "something" as he should, for such incompetence shall not get away. Paranoia is the subconscious awareness of institutional incompetence.
This would mean that they would have access to everything stored in Keychain too if you have that synced with iCloud… Which I believe probably most people have. So they will essentially have access to millions of peoples email accounts then.
Encryption is encryption. If this is for dirt digging or evidence for police... then make the person provide it instead. Spy agencies just have to deal with it. Sure there are other ways of tapping information.
I'm pretty sure this is not unique to Apple. They likely served the same order to Google, Microsoft, and any other major provider that has any user data. And most of them complied without objection.
The moment this happens, I will stop using an iPhone and switch to a mainline Linux phone like Pinephone. Android is far worse though and you can't even uninstall Meta apps.
So the whole article is based on “people familiar with the matter”. I suspect that the real motivation, truth and substance lies beyond the “enrage” oriented title.
This is exactly the arrangement five eyes had with partners, spying on citizens of partner countries to circumvent laws preventing local authorities doing so.
Is this something UK demanded, or a FVEY loophole from other partners. Does US still need to fiddle with legal loop holes to surveille on domestic citizens after Cloud?
I doubt very much if any terrorist, criminal or child abuser is going to use any google or apple cloud service to back up their files.
Anyone with a fundamental understanding of online privacy and security would encrypt any files prior to uploading them to the cloud rendering any back doors and access to those files useless and toothless.
I dont use any of these services. I have never understood the thinking around uploading your private life to some server in the cloud when they are more secure on an external hard drive at home.
The overlap between “criminal” and “fundamental understanding of online security” is fairly small.
I use online services and sync, but my life is so boring (and data breaches have exposed so much) that a disaster that destroys my house and all backups is far more likely that harm from government or private snooping on my cloud files.
I know we’re supposed to stand on principle and make data storage choices as if today’s cat photo were evidence of being the real JFK assassin, but I don’t have the energy.
Hamas switched from smartphones, with encrypted messengers to pagers, a communication device with encryption so weak it may as well not be there. Criminals get caught because they used plain phone calls and texts _all the time_. Hell, child abusers are regularly reported to the police because someone saw a suspicious picture on their phone when scrolling through the gallery. Crime and an understanding of cybersecurity don't necessarily overlap.
I agree that cloud services cannot be trusted to do encryption within their clients, but on platforms like iOS it's difficult to do automated backups using independent encryption. It's also quite difficult not to accidentally enable backups to these services because the setup flow for every phone guides you to hitting the "upload everything I do to Apple/Google".
To Apple's credit, while they normally store a copy of the encryption key, making most cloud encryption entirely useless, they do offer setting a custom key at least. GDrive and OneDrive sure don't.
I believe they switched to pagers because their location can't be tracked. Every pager message is broadcast across the whole country and the pagers just listen to all of them and only tell the owner about the ones meant for them.
A phone has to at least tell the nearest tower that it's within range so that the tower can know to send it messages. After that, when it get's a message it sends some sort of acknowledgement. In theory anyone can pick up those messages with a phased array or set of directional antennas and get a directional fix on the phone.
there are dumb people out there but can you sum up (just talking about illegal drugs) an industry that makes $360 billion per year? Brazilian ghettos have army grade weapons like anti-aircraft missiles [0]
psychopathy is a mental disease who impair people to control their impulses/defected judgment; often these are permanent personality traits, which either will let them sit in a prison for the rest of their lives depending on what they did or they will be liberated if they get caught with a high chance of another incidence... search for papers/work from Kent Kiehl if you are interested in this type of stuff
I think you have a very high opinion of the millions of people around the globe, with varying levels of computer literacy, who are terrorists, criminals, and/or child abusers.
I once worked with a business lady who used her dumbphone as an argument in a discussion where we were deciding whether all our users have smartphones. She proudly displayed the dumbphone and said that if she has one, others probably have too.
I learned only much later that her husband was prosecuted for fraud related to government funds. So she had a good reason to have a dumbphone.
It's anecdotal evidence, but still.
You are of very low opinion of people, probably assuming that you are smarter because you are some kind of IT guy.
> I have never understood the thinking around uploading your private life to some server in the cloud when they are more secure on an external hard drive at home.
Depends on your threat model. If someone unofficial wanted at what you're doing, they'd likely find it easier to go after your home data than what you have in iCloud -- particularly if using Advanced Data Protection for iCloud.
The real goldmine is WhatsApp. In most cases, WhatsApp backups are enabled and uploaded by default, including when the whole iPhone backup is created. And by default, backups are unencrypted.
So if you ever wonder how they access those WhatsApp messages, when you think that they would be end-to-end encrypted, reality is something else.
> I doubt very much if any terrorist, criminal or child abuser is going to use any google or apple cloud service to back up their files.
Meanwhile, the amount of local news arrests for people getting busted for uploading CSAM to online platforms like Google and Apple is exponentially increasing.
News stories seem to indicate that many criminals use computers just like any given person does.
Even people concerned with security who know a little seem to be terrible at it.
A local protest group in my area was passing around an image with security tips. They were hilariously bad, suggestions based on very confused understandings of risk. These people weren’t criminals necessarily, but they were motivated and concerned and somehow just terrible at basic security.
Rather than break the security promises it made to its users everywhere, Apple is likely to stop offering encrypted storage in the U.K., the people said. Yet that concession would not fulfill the U.K. demand for backdoor access to the service in other countries, including the United States.
Considering that the UK and Aus are both countries that share all their data with the US, I'm surprised at the naivety of the comments here about this.
This is a well worn path for the CIA gather dirt without needing to break any rules on monitoring US citizens.
They're not exactly the same, but you should have similar feelings about forcing a company to hand over data to researchers and forcing a company to install a back door for law enforcement.
I don't care about either, they're voluntary problems. You're a moron for trusting X with your data, you're a moron for trusting Apple with it too. It's just like how Apple defenders said with iMessage - "just buy a different phone if you care, duh."
All of the sudden people start caring, acting like they never had the chance to regulate their OEM of choice. No, you get exactly what you paid for. You trust Apple, don't you? They're a prestige company, they'd never sell you out. Probably. Oops[0].
The funny thing is that anyone pointing out authoritarianism will get downvoted with a whole bunch of partisan arguments or left/right false dichotomies.
Here we are, though, at the point where the government overreach for these "beacons of democracy" such as US and UK do this often and by design and we're all supposed to pretend "thing are fine, trust us". Next they'll push some other overreach using children, terrorism, drugs or some other usual excuse and people will defend it pretending the government has good intentions and largely works for the people.
This is why it is so important to shrink the size of the US government. As government gets bigger, it tends to make more and more demands like this. And if you refuse, they will imprison you.
> the law actually makes it a criminal offense to reveal that the government even made such a demand.
Why is it tho ? The government has something to hide ?
i mean it's complete bullshit, citizen have the right to privacy and government has the obligation of transparency and being accountable to its citizens.
When did the UK turned into a middle east dictatorship ?
> Google has enforced default encryption for Android phone backups since 2018. When asked by The Post whether any government had requested a backdoor, Google spokesman Ed Fernandez did not provide a direct answer but suggested none exist: "Google cannot access Android end-to-end encrypted backup data, even with a legal order," he stated.
That is absolutely laughable.
If the uk government couldn't access google data, they would have ordered google the same thing they did with apple.
Apple theoretically can't access their user data when e2e encryption is enabled yet the uk government doesn't care. how does that differ from google ?
once again, if you want your data to be safe from google, apple, and the others you got to avoid all cloud and resort to use good old hard drive with encryption.
the only ones getting fcked are once again the average people who don't have much to hide in the first place, the pedophiles and terrorist they are much more aware than the old fart at the government on how to stay hidden.
It's pretty funny that as the US implodes, UKGOV, instead of grasping the opportunity to show that they're the new good option for your internet service needs, decides to blow not one but both kneecaps clean off with the doubly whammy of the OSA/Ofcom debacle[0] and now this farce.
(I suppose the silver lining is that Starmer is merely sidling towards Trump as his new best mate rather than the full-throated slobbering that Johnson/Truss/Sunak would have given him.)
[0] I know this is primarily the fault of the last lot but this shower of onions haven't done anything to roll it back and/or clarify WTF is going on.
Once again, governments push for backdoors under the guise of security, ignoring that any vulnerability they introduce can and will be exploited by bad actors. If Apple caves to this demand, it sets a precedent for every other country... Privacy isn't just a marketing gimmick! It's a fundamental right
I don't assume in general that any of cloud services in the US are free of government surveillance either. Your only hope for any kind of privacy is self-hosting, and using certs issued by your own CA (I strongly suspect Let's Encrypt is a honeypot). Likewise I strongly suspect Proton Mail and Signal are both honeypots. Tucker Carlson was spied on when arranging his interview with Putin, even though he uses Signal. This likely bypasses the protocol - you don't get to examine the binary that's installed on your phone. It could contain all sorts of Five Eyes special sauce, as could iOS, and the companies won't even be able to tell you about any of it. It's safe to assume that all VPNs are tapped, too, unless you run your own.
I saw a comment earlier about this being the USA asking the UK to do this.
Sounds like quite the conspiracy theory, but if the USA were not OK with this, the UK surely wouldn’t dare to take on a crown jewel in the US tech sector, potentially causing them serious problems.
Why not just require all data on the icloud be sent to a server all unencrypted? Ain’t no difference. Apple isn’t gonna do it and Trump will tell UK to shove it
With the increased caliber of software folks in Trumps orbit, my sense is we will have a much more informed decision from the Whitehouse on this topic and whether the US should weigh into the fray with the UK.
as a side note, its really baffling what this capability would actually provide for? Any serious criminal isn't using icloud backup or even an iPhone in the first place. So this is just a shit outcome for the general population.
If this goes through, I look forward to the news of the world expose on some cabinet members personal details
before migrating to the u.k - immigrants prepay for services e.g nhs etc. then still get taxed when they work for those same services. & remember some of these services are not easily available. yeah NHS is free - but good luck getting an appointment at the doc.
that's extra revenue for the u.k gvt.
the security guards, the care workers etc - which people are working those jobs ? immigrants or spouses of immigrants.
right now the conservative leader Kemi is campaining to increase permanent residency to 10 years. & citizenship to 15 years. who's gonna stay for that in a country where electricity & basic bills are expensive as hell.
skilled native british people are leaving & getting replaced by migrants. the doctors at the nhs majority are foreign trained.
Can you offer an example of someone being jailed for "disagreeing with the extreme left on social media," or is this an alternative fact that you've acquired via osmosis?
I am aware of people being jailed in the UK for making terrorist threats on social media, and arguably those prosecutions were inappropriate, but that doesn't appear to be what you're claiming.
All you have to do is search for it yourself. It’s not just UK citizens that are affected. They’re threatening to have US citizens extradited to the UK to face charges [1] for online speech that’s protected by the first amendment.
There are several examples, but connected, just this week, the British police not only arrested a men for burning the Koran, but they also doxed his full name and hometown.
This, right after Islamists killed people in Europe for burning the Koran.
US tech needs to obey the laws of the country in which it operates. I am sure the demands of UK government are more than reasonable - and, as it is a democracy - as full endorsement of the people / users
The Investigatory Powers Act 2016 was one of the big things (before Brexit) that made me realise the UK wasn't a suitable place to run a tech business.
> I am sure the demands of UK government are more than reasonable - and, as it is a democracy - as full endorsement of the people / users
"Full endorsement" of the electorate isn't how representative democracy works. Given FPTP, the government got a huge majority of seats with 33.7% of the votes, but as there's not universal voting that's only 14% of the actual population, and even with those who did vote it's not clear how many people were voting "not the other lot".
It doesn't. Apple could play hardball and threaten to withdraw from the UK market, with a propaganda notification like TikTok did. They could also appeal to Trump/Elon for help.
Also the wider part of this order is that Apple would access to the international users data, including US customers, if I understand the article correctly.
https://archive.is/3Pp0U
(Although I was able to access the article in full on the original URL)
I don't think the UK government would try to put Apple out of business if they don't comply it's more likely that they would just get heavily fined until they do so.
The most likely outcome, I would guess, is that Apple just stop offering Advanced Data Protection as a service in the UK rather than create some kind of backdoor.
It's a weak proposition from the government because anyone with something to hide will just move it somewhere else with encryption. Honest UK consumers are the one's getting the shitty end of the stick because we're about to loose protection from criminals.
Daft waste of time.
You're assuming that turning off ADP in the U.K. is sufficient to appease the British Government. The Investigatory Powers Act can also be interpreted to give the U.K. the right to ask for encrypted data from users outside of the U.K. (see Apple making this exact point in a filing here [1].) Turning off ADP in the U.K. doesn't end the controversy if that's what's at stake.
[1] https://bsky.app/profile/matthewdgreen.bsky.social/post/3lhl...
It creates a nasty precedent doesn't it? If Apple can provide the UK government with foreign data, what's to stop Russia or China making them provide data on UK minister's phones, or more likely dissidents in exile? I can't see on what basis the government thinks they're going to get to be exceptional here?
167 replies →
They might have to settle for it. The power of a government is not equal to what legislation they pass - they are heavily limited by the economic and publicity consequences of decisions.
As such, any outcome where this is enforced will be a compromise.
That’s probably the reason apple is resisting. They are currently certified as moderately trust worthy for government operations in Germany. Giving in would invalidate that.
https://support.apple.com/en-bh/guide/certifications/apc37da...
I mean, "Apple refuses to hand over private data to government at cost of UK business" is a pretty good headline.
9 replies →
If Apple sticks to their guns, they can just stop doing business in the UK. And the UK government will have zero rights to demand anything from Apple.
2 replies →
Guess what? Trump will (hopefully) come to the rescue here. Don't laugh at that. I'd imagine he will be helpful possibly even with some of the EU rules such as in particular the one which makes even small US companies liable (as I recal) for notifying users of cookies on a website.
6 replies →
It’s odd, I wonder how that will interact with apple’s existing FIPS 140-2/3 certifications.
I will stop using a service or hardware that could grant peaking rights into my folders to a possible administration like the one currently in the US. On day 1, zero hesitation
1 reply →
What is up with the UK? I have always loved my British friends and appreciated England’s history (setting aside their brutality during the British Empire). I just don’t understand where they went wrong on curtailing free speech rights of their citizens, privacy rights, etc. I just hope we in the USA don’t follow their lead.
Democracies without free speech and privacy are not really democracies.
We're governed by the most technically inept people possible.
The Peter Principle writ large.
I'm pretty sure there was a story on here recently when UKGOV / GCHQ were recruiting for a 'senior something something tech/developer/code breaker', offering about the same as a typical entry-level graduate job.
Sell off ARM to foreign interests? Check.
Tell AI data centres where they must be built? Check.
Various inept age checking and backdoor access plans? Check.
That's where the UK is.
1 reply →
The USA strongarming us after 9/11 didn't help. You don't have to look beyond the borders of the US to answer "what's up with the UK" when it comes to eg terrorism legislation
But yes historically we have been pretty brutal. Look up history the past 600 years. We didn't get a huge empire by asking nicely for their land and resources
> I just don’t understand where they went wrong on curtailing free speech rights of their citizens, privacy rights, etc.
Isn’t this precisely the set of causes that precipitated The Declaration of Independence?
15 replies →
They wanted to execute Thomas Paine so I'd say about then
all started after our guns were taken
1 reply →
They broke Enigma code, and since then their spy agencies have overweight influence?
5 replies →
> I just don’t understand where they went wrong on curtailing free speech rights of their citizens, privacy rights, etc.
Security establishment's innate desire to read and listen to absolutely everything. Blair/Bush's war on terror. Id card proposals. Smart phone use sky rockets. Supposed E2E comms. Hate speech. Something must be done! Right wing policies on pretty much everything cause more protest. Tories criminalise (*some types of) protest. Labour government raises TCN to Apple.
2 replies →
[dead]
UK probably went wrong when they left the EU, which since then has done some work on data protection laws. Leaving the EU will probably turn out a mistake, but they could have, in some areas made it a positive thing. They could have made even stronger data protection and privacy laws for their citizen. They could have enforced them more than the EU enforces GDPR. These things do not happen because of uninformed and corrupt politicians. Trade is of course another area, where they could have tried to ensure, that they stick to EU quality and safety controls, to avoid lots of drama and headache. But it was difficult anyway, because if you stick to all things EU, then why leave in the first place? They would have to uphold standards and improve upon them, while being in a weaker position to negotiate with outside of EU partners.
> The most likely outcome, I would guess, is that Apple just stop offering Advanced Data Protection as a service in the UK
Agreed.
> Apple previously made its stance public when it formally opposed the UK government's power to issue Technical Capability Notices in testimony submitted in March 2024 and warned that it would withdraw security features from the UK market if forced to comply.
https://arstechnica.com/tech-policy/2025/02/uk-demands-apple...
I feel like the UK always tries to do this w/ encryption. I don't know if it's a cultural sway GCHQ has on legislators and such but it happens w/ every generation of cryptography. Weren't they the one that neutered GSM encryption such that it was essentially ineffective from the get go?
> Weren't they the one that neutered GSM encryption such that it was essentially ineffective from the get go?
The A5 cipher used in GSM came from France, but supposedly the Brits were also happy to have it be weak.
You're assuming people's actual motivations match up with their stated motivations. If your motivation is to be re-elected to a government post by appearing to be tough on terrorism and drugs, every possible outcome of this course of action benefits you. Apple leaves? They were terrorist enablers and you're better off without them. Apple acquiesces? You're the David who took on Apple's goliath and won safety for everyone (again, regardless of whether this actually improves safety for anyone). Apple ignores you? You have an ongoing feud with Dangerous Big Tech that you can campaign and fundraise on for as long as it lasts.
The UK government can’t put Apple out of business; Apple can easily afford to simply exit all business in the UK. The UK is betting that Apple’s greed outweighs their principles. Long odds.
It's betting that the size of Apple's UK market is larger than the impact Apple's privacy marketing has on its worldwide market. Those odds aren't obvious to me
Curious about what would happen if Apple withdrew from the UK and locked all devices with a message saying 'Your device has been disabled following the decision of the UK government to introduce new laws which mean service can no longer be offered in the UK', or something similar. They could base it on GPS or detected MCC codes.
I wonder if you would get anarchist riots until the law was removed. Many of the young with an expensive bricked iPhone (or parents whose kid's iPad was disabled) would probably side with Apple over already unpopular politicians...
The UK is betting that Apple’s greed outweighs their principles. Long odds.
Three weeks ago, I would have agreed with you.
Then Tim Cook wrote a check for $1,000,000.00 to help pay for Donald Trump's inauguration party.†
In spite of what they led us to believe over the last couple of decades, Tim Cook and Apple are no different than any of the other tech companies genuflecting before the new emperor, whose stated goals are the opposite of the "mission, vision and values" lies we were fed by the tech industry.
† In case you (or anyone else) missed it: https://variety.com/2025/biz/news/apple-ceo-tim-cook-donates...
18 replies →
> Apple can easily afford to simply exit all business in the UK.
Apple has shareholders, so no it can't (or more precisely, Tim Cook can't).
1 reply →
Sounds like you're assuming that UK's goal is to stop criminals. I don't think that's their goal. I think that's their cover story.
As for Apple, their daily/hourly/whatever fines might be less than cost of a major ad campaign if they were to buy that publicity directly. Sounds like a good deal for them to refuse to honor the request.
So what is the goal?
A backdoor for one is an opportunity for many. Given the UK is completely incapable of outspending most of the world on compute, this effectively hands their enemies that data they’re looking for.
Yep. It's the creation of an artificial Hobson's choice: "do this, or I'm breaking up with you."
Yes, encryption is one of the most “cat’s out of the bag” situations - even assuming every company worldwide is cowed into submission by governments to add back doors, all they’re going to be catching is the dumb and unsophisticated criminals and even that will diminish as even the dummies realize every text and call is wiretapped once people start seeing their private communiques come out in court.
I suppose there are people in the camp advocating for back doors who still think it’s worth the tremendous downsides to be able to catch that group of criminals (there are certainly plenty of idiot criminals), but anybody can just use plain GPG emails for free, or deploy some open source encrypted chat server on a $20 a month cloud instance… and I assume operators in places like Russia or China won’t mind hosting easy services for less nerdy criminals willing to pay in crypto.
> the dumb and unsophisticated criminals
This appears to be majority of them if Brian Krebs is to be trusted. Very few have proper OPSEC, fewer still are disciplined enough to prevent cross contaminating their virtual identities.
Even if you keep your communications airtight, boneheaded decisions when they move the money from cyberspace into meatspace are quite common: people living way beyond their means, 22 y/o's buying $200K+ cars without proper income records get caught quickly once people start looking.
> The most likely outcome, I would guess, is that Apple just stop offering Advanced Data Protection as a service in the UK rather than create some kind of backdoor.
First, these are the same thing.
Second, ADP is already off by default so approximately nobody uses it. It is irrelevant from a privacy standpoint whether or not they offer it.
ADP is a relatively new thing. it makes sense to roll it out gradually both from engineering POV as well as marketing.
Further, as all other forms of e2ee, it makes you responsible for the encryption keys.
As a user on the platform I am quite happy it is offered. Considering that these days it is quite difficult not to have a mobile device associated with “you” (you open links sent to “you” on your mobile device? consider that device compromised from privacy perspective), id rather it be on the platform with stronger protections.
UK government wants a backdoor access to all users, worldwide, irrespective of their nationality.
The UK needs to be reminded of 1776 before they reprise what gave rise to the 4th ammendment.
Apple should and can just sever its relationship with the British public and let them reap the consequences of submitting to their nanny state.
Although it's worth wondering why anyone would use any type of corporate cloud backup, anyway. Certainly if you had anything worth hiding, you would disable that first. That just makes this whole endeavor that much more dubious.
If just turning off ADP placates the UK, it implies that the UK already has a backdoor to unencrypted data.
"It's a weak proposition from the government because anyone with something to hide will just move it somewhere else with encryption."
This. Whether it is an app to install on your phone or desktop or simply a website to use. People who need encryption to make sure their communication is private will _easily_ find ways around any kind of government snooping.
Governments have much more power than global companies, even though it seems that they are untouchable from the outside.
Anyone with serious intent to hide something will just use another encrypted service or self-host their data...
>I don't think the UK government would try to put Apple out of business if they don't comply it's more likely that they would just get heavily fined until they do so.
Sufficiently advanced "escalating fines until they comply" is indistinguishable from "putting them out of business".
The government would soon cave if Apple started disinvesting in the UK. The current government are desperate for growth.
I honestly don't even think we'd fine them real money, it would be too unfriendly to business. So what's this? I think political posturing or at worst the worlds weakest bargaining chip.
Maybe USG will now stand behind American companies and push back on this sort of thing? Enough of the EU or UK fining US companies over bullshit. In this case it's also better for the UK consumers too.
(lose*)
[flagged]
[flagged]
They should work at an Apple store then: https://www.theverge.com/2021/6/7/22522560/apple-repair-mult...
[flagged]
> requires that Apple creates a back door that allows UK security officials unencumbered access to encrypted user data worldwide
How could this even be enforced if Apple pulls out cloud services of the UK ?
It's such a ridiculous request, the British Intelligence agencies must be bored coming up with new ways to make Apple look good.
As long as Apple has a business presence in the UK, they are subject to the laws the UK imposes on them even if they're vastly overreaching and impose on other government's citizens. Not supporting cloud services wouldn't be sufficient to avoid the compliance requirement, they would have to formerly stop doing business in the UK.
Looking at the market size that might be a decision that Apple is willing to make as it would most likely be a temporary stick. The government can spin it anyway they want, but Apple devices do not work basically at all without the deep integration of their services. A geoblock would effectively mean UK citizens would be left with unusable devices and I can't see the resulting outrage being directed exclusively at Apple.
It'll be interesting to see how this plays out for sure.
I think this is the most solid answer I’ve seen so far that makes any sense. Could they still go through with it , I’m not sure, they want to project some influence but I still feel this is like haggling for half price to get cost.
Someone else here said something spot on for me, we’re all focusing on how bat sh*t this is because it’s global without even considering how human privacy obligations are just ignored.
Humans have a right to privacy, feels unbelievably pretentious and privileged to even say that. But it’s still true
1 reply →
> As long as Apple has a business presence in the UK, they are subject to the laws the UK imposes on them even if they're vastly overreaching and impose on other government's citizens.
I wonder if this means that Apple would ultimately take the same approach that they have in China, where the iCloud data and services are entirely localized within China and allows the Chinese government unrestricted access.
2 replies →
The decision wouldn't involve just market size, but their Irish tax haven as well. They're not going to pull out of the UK entirely.
12 replies →
Apple still has legal entities in the UK. Pulling out cloud services would be insufficient to prevent the UK authorities from interfering with their activities.
> prevent the UK authorities from interfering with their activities
I'm still missing how this could be enforced ? To my layman understanding, this reads the same as if China said : "Meta, Tesla, Valve etc has entities in China therefore we get to see all data they store in the EU and the US.
The UK has Zero jurisdiction in Ireland for example where a lot of EU data may be stored.
86 replies →
More importantly, apple has customers in the UK. The business from captured apple users is more valuable than apple's privacy reputation.
This all seems very similar to RIM and the aftermath of the riots in the UK. The backdoors became too obvious for customers to ignore. Did not go well for RIM in the market afterwards.
2 replies →
> the British Intelligence agencies must be bored coming up with new ways to make Apple look good.
We know they collude with US intelligence serviceUS
But as far as we know there is no encryption back door
25 replies →
By collude, you mean responding to subpoenas they are legally obliged to respond to?
2 replies →
Funny
https://youtu.be/eW-OMR-iWOE
Collude is such a fucking weird word to describe an alliance.
2 replies →
That's not even the main issue in my opinion: how can Apple do this without breaking laws in other countries ?
I am not a lawyer, but I think that this would be illegal under EU privacy law.
The same way it operates in China? I guess, China is much bigger market, so it’s worth the effort. Not sure how it’ll go in the UK.
1 reply →
I think it’s a cultural issue. The British have an inflated sense of national self worth as a result of being the world’s largest power during the British empire. While this has not been the case for some time now (since Suez in 1948? Longer?) the people still carry the memory and national myth of great importance. This is likely what drives a sense of entitlement that British demands should bypass the laws of every other country in the world and give them unfettered access to everyone’s data. Think about that, literally everyone who has an Apple device!
Frankly, the arrogance is appalling.
MI6 probably gutted the cybersec division. Probably don’t have many viable sploits in their cache against Apple.
I suppose this is _good_ but more competent and well funded groups out of Israel, Israeli military complex, Cyprus don’t need to “ask” for a back door.
Cyber-related stuff is GCHQ (black/greyhat) or NCSC (whitehat)
Probably a manouver to make them look good but also privately complying anyway.
>How could this even be enforced if Apple pulls out cloud services of the UK ?
Honest question, how Apple is doing it in China? Maybe the exact same scheme will work for UK.
> When asked by The Post whether any government had requested a backdoor, Google spokesman Ed Fernandez did not provide a direct answer but suggested none exist: "Google cannot access Android end-to-end encrypted backup data, even with a legal order," he stated.
No, that does not suggest none exists, it only says they don’t have access to it. They could have chosen or have been ordered to give the keys to the government agency but not keep one themselves. I’m not saying that’s likely, just that it’s important to not take these statements as saying more than they do. They wouldn’t hesitate to use “technically correct” as a defence and you have to take that into account.
Before people immediately think the worst of Google or other corporate representatives, be aware that people working in these companies need to weight their words carefully. From The Verge's article on the issue:
The UK has reportedly served Apple a document called a technical capability notice. It’s a criminal offense to even reveal that the government has made a demand. Similarly, if Apple did cede to the UK’s demands then it apparently would not be allowed to warn users that its encrypted service is no longer fully secure.
Which is exactly why I’m making this point. If no government had requested a backdoor, they could’ve simply answered “no”. When you have to weight your words, it means you’re not at liberty to say whatever you want. That is itself a signal, and why warrant canaries are a thing.
https://en.wikipedia.org/wiki/Warrant_canary
7 replies →
How does this work wrt false advertising laws? If I relied upon their end to end encryption and it turns out to be false advertising because there's a secret backdoor, who do I sue?
3 replies →
But they can still notify the public, through those canary statements. (I forgot the name commonly used).
For example (a simplistic one), you can have a statement like "we do not have any backdoors in our software" added to your legal documents (TOS, etc). But once a backdoor is added, you are compelled by your lawyers to remove that statement. So you aren't disclosing that you have added a backdoor. You're just updating your legal documents to make accurate claims.
4 replies →
> if Apple did cede to the UK’s demands then it apparently would not be allowed to warn users that its encrypted service is no longer fully secure.
One would think this runs afoul of other laws though, truth in advertising and similar.
Its such a legal minefield, and the UKs request borders on violating the sovereignty of other nations I can't see Apple complying, but maybe that's hopium talking.
[dead]
> No, that does not suggest none exists, it only says they don’t have access to it. They could have chosen or have been ordered to give the keys to the government agency but not keep one themselves.
The whole definition of "end-to-end encrypted" is that only the two ends have the keys. If anyone or anything other than the two ends (the one sending and the one receiving) has access to the keys, it's not end-to-end encrypted.
Whatsapp has had end-to-end encryption since 2016. But it only added encryption to cloud backups in 2021. They didn't share any key material with Google, just backed up the messages and media without any encryption to begin with.
Yes exactly. Google is very careful to say that "Google cannot access Android end-to-end encrypted backup data" and notice it doesn't say that all Android backups are end-to-end encrypted. For what we know, Google could have decided to use non-end-to-end backups in the UK and end-to-end backups everywhere else.
I think that's the implication, not the definition. Data remains encrypted even when a third party gets access a key.
But if they could give a key to the government agency, it wouldn't be end-to-end encrypted, right? Or are you thinking they would have a copy of users' keys that they gave out? (Which I guess is technically possible.)
They could also cripple user key-generation. E.g. they choose random primes from a known subset. It would make communication crackable while also being difficult to detect.
It would be no different from how multiple devices and users access the same content (chat, shared data, etc.). The government’s keys would always be included in set which encrypts the real key. They don’t need the users’ key, Apple doesn’t need their private keys. So technically still end to end encrypted, just with a hidden party involved. Users have no way of knowing this doesn’t already happen.
And when their key leaks, it’s as good as no encryption, but still end-to-end encrypted.
1 reply →
If the other end is the government, then it's kinda valid? =)
You can not use a DH key exchange, and create the symmetric key by some procedure that is predictable, or encode the symmetric key with the government's public key and send it to them.
It doesn't stop being end-to-end when you add another end. We often do group chats that way.
Or you can create a side-channel and send al the data there. That would stop it from being end-to-end.
if google were to transfer the keys elsewhere, they would have (temporary) custody of the keys, granting them access, and invalidating the statement.
My layman’s understanding is that a user’s private key is used to decrypt a random key, which is then used to protect data. Shared files then only require adding key access to that small secret by someone who knows the original key. If one of the original public keys is always one held by authorities, Google never needs to have custody of the private key and can’t access the data themselves making the statement true, but misleading.
> they would have (temporary) custody of the keys
No, they would have had custody of the keys. Meaning it would still be true they cannot (now) access the data.
Not surprised, considering UK's ridiculous key disclosure law (United Kingdom The Regulation of Investigatory Powers Act 2000 (RIPA), Part III, activated by ministerial order in October 2007, requires persons to decrypt information and/or supply keys to government representatives to decrypt information without a court order.) that makes anyone with high-entropy random data (which is undistinguishable from the crypto-container) a criminal for "not providing the keys to decrypt"
This is the way that the UK has passed laws for a while now, make them so broad that they potentially criminalise everyone, then selectively prosecute. This is a very obvious setup for future totalitarianism. I’m surprised that the British public stands for it, but I guess they must not care.
People here are very passive and used to being pulled around. It's insane how far people's rights have eroded already. No right to protest, no right for privacy - what's next on the chopping block?
5 replies →
Future totalitarianism? Is the UK's government restricted in anyway right now? What line have they not crossed yet?
4 replies →
This is fuelled by notion that law enforcement is incompetent and doesn't work.
If law enforcement won't catch criminal even if you had them all the details, evidence, witnesses, then average person thinks there laws are dead anyway as there is no one competent to enforce them.
> I’m surprised that the British public stands for it, but I guess they must not care.
I can educate people but it always comes back to "I've not got anything to hide". What are we suppose to do, go out to the streets and protest? Start a petition, right to a PM who has no idea what encryption is?
Mentioning Linux to my family opens a can of worms. We are naive to think protesting actually changes something, it's old fashion. Those with power just don't care so unless people attack with their wallets nothing will come from.
It's not 1995 so unless you have £ for lobbying surrounded by people in suites there is nothing public of any nation can do against anyone in power.
12 replies →
I'm not surprised at all
Brit here. Yeah from my experience people don't care. Hardly anyone gets prosecuted and those who do have often done something bad.
Most day to day complaints are they don't prosecute enough, often related to the bastard that snatched your phone. We have approximately zero people sitting in jail for failing to decrypt and similar.
>This is a very obvious setup for future totalitarianism.
No it really isn't. If they are planning a totalitarian takeover they are being very sneaky about it. There is a strong anti totalitarianism tradition here including elections since 1265, writing books like 1984 and bombing nazis.
6 replies →
I've tried to explain the issues with the UK government's stance on digital privacy to my friends. The responses I get:
* I have nothing to hide, I don't care
* Oh come on, our government doesn't care what I'm up to
* The UK will never be totalitarian. I'm not scared of the government
* The UK civil service is incompetent and could never pull this off (fair point, although I worry about the safety of my personal data in the hands of such people)
Let's not forget we had a hard-left (Corbyn) socialist regime come close to power, whose cabinet members called for "direct action" against political opponents, just a few years ago.
https://www.spectator.co.uk/article/watch-john-mcdonnell-s-c...
I don't think people realise how quickly things could go wrong with these surveillance mechanisms in place, and spiteful, authoritarian politicians taking power.
9 replies →
It seems like perfect case to make multi-container encryption as default. That is different data will be revealed using different key and there is no way of knowing how many containers there are in the blob of data and not possible to prove someone is hiding a key.
Not if the state can access your super secret containers while you access them with your software. Because state backdoor either in hardware or in OS level
You could try but you might find it/you get "disappeared" like Truecrypt.
It's incumbent on the prosecution to prove that you know the key they are claiming you are withholding. It is a defence to say you forgot it, or that the data is random. The prosecution would have to prove that you didn't forget it and that the data is not random.
In most cases it requires a court order as well.
> It is a defence to say you forgot it,
Do you have a source for that assertion?
1 reply →
What's new here?
As mentioned in the article, Salt Typhoon and the recency of this request by the UK. At this point they should know better.
My pet theory is anytime the US wants to do something illegal under US law, they simply ask the UK to do it and vice versa. That's why Salt Typhoon isn't and never will be a lesson learned.
I recommend Susan Landau as the goto person on this. She recently spoke with Lawfare on the current state of play.
[1] Susan Landau and Alan Rozenshtein Debate End-to-End Encryption (Again!) https://www.lawfaremedia.org/article/lawfare-daily--susan-la...!)
Working link: https://www.lawfaremedia.org/article/lawfare-daily--susan-la...
Formatting in link is broken. This is a direct link to the youtube version: https://www.youtube.com/watch?v=AWBFXiOcR88
It's not a pet theory, it's exactly how the Five-Eyes system is meant to work. I remember when Total Information Awareness was announced and they even had a cool badge designed for the new govt department. It wasn't a popular idea.
https://commons.wikimedia.org/wiki/File:IAO-logo.png
It is a pet theory. It is illegal for the US to access its citizens' and residents' data without a warrant, and asking somebody else to do it doesn't magically make it legal.
7 replies →
It is actually Australia where the US goes to test out far-out legislative ideas before implementing them at home.
Australia does a great job of enacting wacky authoritarian policies in the last 5 years; It would make sense to use them as a staging ground. Does any specific legislation come to mind?
15 replies →
It's exactly how the five-eyes information sharing works.
Participants spy on each other's citizens on the other's behalf and share data, to avoid the legality of doing so to their own citizens.
That is exactly what this is.
This is so disheartening. I thought we were making progress in the anti-surveillance privacy narrative, but this says otherwise. As a UK citizen, is there anything I can do to dissuade this?
edit: typo
In my mind, the only way to beat these efforts for good is to win hearts and minds of the larger public. Currently because only weirdos like us care about this stuff, we have to constantly be on top of these things and writing letters making posts etc.
Overall i agree with you, it is really disheartening. That being said, i've made progress with my family on valuing privacy and the dangers of surveillance. I think people might be changing their minds slowly but still lots of work to do.
A breakthrough with my sisters was when abortion was threatened here in the states. Mentioned to them that it would be easy for authorities to enforce abortion punishments by subpoenaing data from menstruation cycle tracker apps. This kind of "clicked" for them and they became more open to the other parts (not given ratukan or whatever their purchase history, etc. etc.)
Thought experiment: let’s say that Trump said that he thinks Apple is helping hide illegal immigrants because they are communicating with each other over channels that ICE can’t decrypt, how much pressure do you think he could put on legislatures to pass a law here?
Now let’s say that some Republican Senators and Representatives were ethically opposed to but then threatened to be primaried and President Musk said he would throw all of his money behind a potential opponent, how long do you think it would take a law to be passed?
Even without a law, we already see that Cook will willingly bend a knee to Trump as will Google.
Right now in my home state the governor was trying to get a law passed banning Western Union from allowing illegal immigrants from sending money overseas.
4 replies →
> I thought we were making progress in the anti-surveillance privacy narrative, but this says otherwise.
I think we are perhaps the lowest point ever in terms of anti-surveillance efforts. There seems to be bipartisan effort among many (most?) western governments that the government should have unfettered access to all data, regardless of any reasonable expectation of privacy.
Encryption seems barely tolerated these days. Governments are insisting on backdoors, they are making it illegal in some cases for companies to even discuss what is going on or that monitoring is happening.
We barely know what is going on with the programs and efforts that get leaked to the media, much less the programs that operate in total secret.
> As a UK citizen, is there anything I can do to dissuade this?
If you voted for this Tory-lite government, then you can stop voting for any future Tory-lite governments. If you did not, there's not much you can do in practice without devoting your life to it.
Wait. The Tories aren’t in power yet you want to attribute this to “Tory-lite?” It’s the Labour Party that is in charge, so why not put the blame on the actual perpetrators? Is it because you don’t want Labour getting blamed? I am confused. The Labour Party is the one jailing people for speech, so it follows that they would want backdoors into iCloud so they can better investigate ThoughtCrime.
The director of public prosecutions of England and Wales, Stephen Parkinson (appointed by the Labour Attorney General), warned against "publishing or distributing material which is insulting or abusive which is intended to or likely to start racial hatred. So, if you retweet that, then you’re republishing that and then potentially you're committing that offense [incitement to racial hatred]."
He added further, "We do have dedicated police officers who are scouring social media. Their job is to look for this material, and then follow up with identification, arrests, and so forth."
This isn’t “Tory-lite,” this is Labour.
Sources: https://freespeechunion.org/labours-war-on-free-speech/
https://x.com/skynews/status/1821178852397477984?s=46
5 replies →
Which party, with a realistic chance of being first past the post, could you vote for that wouldn't bring this in?
This is Hobson's choice as far as I can see.
I don't think there's anyone you could currently vote for that wouldn't do this.
2 replies →
> If you voted for this Tory-lite government
If you agree that Brexit happened under the Tories and not Labour, then we can also agree that THIS order is happening under the newly elected "Labour Party" and not the "Tories", or so-called "Tory-lite" names.
It's completely pointless trying to remove accountability of this government's illogical actions and then to immediately resort to blaming the previous government for bad decisions like this one.
Just admit that this is under the Labour government.
2 replies →
The government is a reflection of the people. It might not be perfect, but if 80% of the country didn’t want this type of surveillance we wouldn’t see any government pushing it.
You have to change the view of the country as a whole, and for generations the U.K. has been a country of curtain twitchers.
Coupd protest on weekends and holidays as a hobby, bring a Bluetooth speaker and blast the kinks.
6 replies →
But the Tories are not in power. Can't labour just repeal it?
8 replies →
Yeah know, at some point a historical review would suggest that the constant stream of labour led initiatives to end privacy might indicate that the problem is not just the tories.
"Don't blame me. I voted for Kodos"
[dead]
> I thought we were making progress in the anti-surveillance privacy na[rra]tive
What lead to to believe that? The Conservatives and Conservative-Continuity governments both agree that our data simply must be in the hands of the police, DEFRA, and your local council.
RIPA will never be repealed and only strengthened.
I don't disagree with your analysis but i wouldn't be so fatalistic. This stuff _isn't_ inevitable and i think it's possible to win people over to our side. Things can change for the better, but they won't unless people who care don't give up
5 replies →
Probably helps if the next time they try to remove the rights of large segments of the populace based on medical choices, lock people down, track them and propose vaccine passports, that you realize where everything is headed and oppose it vocally.
It's always through the appearance of good intentions and a public that pushes for whatever narrative they're fed that they normalize this.
People love and want more of this, not less.
vote for people who are anti surveillance.
so right wing?
1 reply →
Let's start supporting parties that have principles.
And stop making excuses for parties that don't (i.e. Labour, Lib Dems and Conservatives).
At the moment, the UK public (and media) considers it a sport to disparage and smear parties like Reform, whose leaders want to shrink the power and over-reach of the state.
We are so concerned with appearing virtuous and internationally generous, we cannot be seen to align with a party that wants to put UK citizens first (border security? deporting dangerous criminals back to their home nation? gasp, how could we be so ghastly!)
This self-defeating attitude needs to change if we want a better future for our children.
> Let's start supporting parties that have principles.
The problem is that there are none.
The correct assessment of all these political parties is that by default, they all cannot be trusted. Especially both labour and the conservatives.
> This self-defeating attitude needs to change if we want a better future for our children.
Yes. The second problem is that the United Kingdom is incapable to changing itself historically and is fundamentally destined to never be open to change.
[dead]
[dead]
UK tech laws seem to consistently be the worst of both worlds. Not rights centric like the EU and not business supportive like the US.
Just old people making bad laws about stuff they don't understand - or are straight up citizen hostile, sometimes hard to tell which it is.
> Not rights centric like the EU
Sadly, the EU is trying very hard and very persistently to pass the Chat Control bill. So far the EU hasn't succeeded, but I would be surprised if EU politicians didn't keep trying until it is finally codified into law.
There's always competing interests, but I like to look at it as a glass half full. It's the focus on rights that has ensured it's still not passed.
1 reply →
The EU has one extremely corrupt legislative body, yes. But they are usually not a problem due to them not having any formal power.
Successive UK governments consistently fail to understand the UK's place in the modern world. Insisting on access to encrypted data in all jurisdictions globally is just another example of them thinking small and acting big. Its the digital equivalent of sending a gunboat to put-down the troublesome "natives". Meanwhile its 2025, not 1925.
(disclosure: brit)
This was even warranted in 1925, more like 1875.
It would be like demanding a lock up in NYC open a locker in your name and seize all contents.
I'd like to think that we've reached the point now that there will be mass resistance to threats to privacy and freedom of speech in the UK, but Britons are such a docile, accepting, and pliant people when it comes to standing up to Big Brother.
Why now? I gave up on this at least 10 years ago. If you can't even get techy people to think about the ethical ramifications of encryption etc then it's a lost cause. What makes you think now it's different? They said it couldn't get much worse 10 years ago, as did they 20. Do you really think the UK population has a breaking point where they will suddenly understand privacy and why it's important?
The UK population generally wants to put their fingers in their ears and pretend everything is ok. Remember we're all descended from people who didn't go to the colonies to try to get a better life.
1 reply →
It's pretty standard for the UK gov to take a "worst of both worlds" approach.
Ignorant rather than old. Alan Turing was born more than 100 years ago.
I looked them up and they are not terribly old but did Ancient and Modern History at Oxford - the guy who did the law and philosophy, politics and economics at Oxford - Home Secretary. I doubt they are very up on tech.
What are you talking about? I'm a german and the surveillance here is crazy. The EU is pushing for more surveillance. I always love the left wing echo chambers like reddit/HN who pretend like the EU is some kind of utopia.
Archive link: https://archive.is/3Pp0U
I was wondering whether this is about Advanced Data Protection, which encrypts almost all data end-to-end on iCloud. It’s only later in this report that it gets into this key detail:
> At issue is cloud storage that only the user, not Apple, can unlock. Apple started rolling out the option, which it calls Advanced Data Protection, in 2022.
Before stating this, the article says:
> Rather than break the security promises it made to its users everywhere, Apple is likely to stop offering encrypted storage in the U.K., the people said.
This means Apple would be prevented from providing Advanced Data Protection to users in the U.K.
Not making Advanced Data Protection available is made worse by this requirement:
> One of the people briefed on the situation, a consultant advising the United States on encryption matters, said Apple would be barred from warning its users that its most advanced encryption no longer provided full security.
Apple can appeal, but is forced to comply meanwhile (until the appeal is heard) anyway:
> Apple can appeal the U.K. capability notice to a secret technical panel, which would consider arguments about the expense of the requirement, and to a judge who would weigh whether the request was in proportion to the government’s needs. But the law does not permit Apple to delay complying during an appeal.
If they had some balls, they would just stop offering icloud altogether in the UK until they have appealed. Let's see how the judge feels when half the country can't access their files anymore and Apple points to this decision as the reason.
Not just most of the judges, but most of the MPs who voted on this. Let them eat their own cake.
I think they could do something like what Tik Tok did, by letting users know why they can no longer provide the service.
I would personally give Apple money to see them actually stand-up to this. What's probably more concerning is the number of companies not complaining about this at all.
UK judges are not elected, and don't do things on the basis of what the public thinks.
This headline comes to mind: https://en.wikipedia.org/wiki/Enemies_of_the_People_(headlin...
2 replies →
> when half the country can't access their files anymore and Apple points to this decision as the reason.
Governments are extremely powerful. They may issue a gag order (https://en.wikipedia.org/wiki/Gag_order) that makes it illegal for Apple to do that.
3 replies →
> the law does not permit Apple to delay complying during an appeal.
Seems absurdist. They have to implement the backdoor, appeal, and only if the appeal is successful can they disable it.
1 reply →
Apple doesn't have the same dominance in the UK than it does in the US, so the UK would probably just tough that one out.
10 replies →
> Apple points to this decision as the reason.
Unlikely. That's illegal.
Roll out the change in the city of London first and watch the finance sector crash :D The rest of the UK probably won't have to follow suit.
Democracies around the world are increasingly looking to surveil and expose private data of their citizens, and introducing laws where simple act of defiance will become criminal.
I believe we should increasingly turn to steganography as a way to ensure our privacy (obviously, combined with encryption). Something that provides simple plausible deniability but lots of data to use as a carrying medium should become the default selection (like "personal videos" — a great use for our phone cameras to build an extensive collection), so even if "identified" as potential carrier for the data, it would be impossible to convict someone over it.
I can imagine a scheme where your secret passphrase defines what bits of data in a video to use to carry actual data and yet avoid changing the output too much. Obviously, coming with a non-reversible algorithm that takes into account different lossy video encoding schemes is non-trivial, though I am sure there is some (plenty?) prior art to build off of.
Clever technological tricks are not the solution to political problems.
"Plausible deniability" is cute, but in practice, who cares?
> impossible to convict someone over it.
Yeah, sure, tell me how well that works for you. "Your honor, the data is mathematically indistinguishable from random bytes so you can't convict me" -> "The witness saw you type in a password to view data from that image, give us the password or you're going to prison. Even if you don't give us the passphrase, the police officer says you might be using something called 'steganography', and that's already enough to convict you"
The court and legal system does not care about clever logical tricks or cryptographic tricks or any of that.
When you've been observed doing something (esp with evidence), "plausible deniability" falls through.
But when you haven't (eg. if you had your data that way in an Apple Cloud, and Apple was required to provide blanket access to everything), nobody can come and claim you've got there anything other than videos.
Obviously, a sufficiently motivated actor won't be stopped (see torture), but your data is not out in the open.
Obligatory XKCD: https://xkcd.com/538/
2 replies →
> Democracies around the world are increasingly looking to surveil and expose private data of their citizens, and introducing laws where simple act of defiance will become criminal.
Not only that, but also trying to ban platforms that don't follow their censorship guidelines (TikTok in the US, X under scrutiny in UE) and even voiding elections when the result is not good (Romania) under very slim technology-related pretense (somehow a few ads are deemed enough to cancel an election, but 24/7 oriented news from every established newspapers in another country like France is totally OK). It's becoming harder and harder to believe in said democracy when the methods are all but looking like the ones used in non-democracies.
voiding elections when the result is not good (Romania)
Downvoting for this claim. Stop spreading misinformation.
1) it wasn't the government voiding the election, it was the courts
2) it wasn't because they disagreed with the results, it was because an existing law was broken (undisclosed campaign financing)
2 replies →
> Democracies around the world are increasingly looking to surveil and expose private data of their citizens, and introducing laws where simple act of defiance will become criminal.
Yes. Democracies around the world are increasingly stopping being democracies.
> Something that provides simple plausible deniability but lots of data to use as a carrying medium should become the default selection (like "personal videos" — a great use for our phone cameras to build an extensive collection) [...]
No. I want all of my data end-to-end encrypted. In transit, at rest, everywhere and at all times. Privacy is a human right. Security of their citizens is what these governments vowed to protect. If they can't, these governments should be changed.
What I am suggesting is embedding encrypted data in innocent-looking files using steganography to avoid it being obvious you are using encryption in the first place.
This protects you even if we — as citizens — fail to stop governments from going rogue and forbidding encryption (some of us remember US export controls on strong encryption that was only lifted 2 decades or so ago).
For years, law enforcement pushed for encryption backdoors, arguing they were necessary to combat crime and terrorism.
In the US, after Salt Typhoon compromised telecom networks—including court-authorized wiretap systems—the FBI has now (somewhat reluctantly, I think) started advising government officials to use end-to-end encrypted apps like Signal and WhatsApp to protect themselves. [1]
I think the UK government is running a bit behind wrt Encryption.
[1] https://www.npr.org/2024/12/17/nx-s1-5223490/text-messaging-...
No, the government is always exempt. Citizens shouldn't be allowed e2e, the government, that's ok.
The problem with this line of thinking is that the government is, of course, composed of... individual citizens.
1 reply →
They do seem to think that way sometimes, don't they?
But the counter-argument here is: if the civilian E2E apps had also/already been backdoored, they'd be entirely out of options now.
From the macrumors thread:
> So much for personal liberties. I'd like to give Labour the benefit of the doubt and assume this is a holdover from the last government knowing how fast the civil service actually works but given the Tory 3.0 plan they are going with I wouldn't put it passed them.
>We didn't vote for this.
You very much did vote for this, you voted for Labour under Keir Starmer and he did not particularly hide his being tory-lite. If one is surprised by this they must not have paid any attention before voting.
quite why Labour deserve the benefit of the doubt on anything authoritarian I don't know
Labour was behind:
they are as bad, if not worse than the tories
As I posted under another comment, https://en.m.wikipedia.org/wiki/Communications_Data_Bill_200... - communications data bill 2008 / interception modernisation programme. A precursor to what became the IPA.
Didn't they abolish double jeopardy and introduce secret trials as well?
1 reply →
Have people forgotten the authoritarian tendencies of the 1997–2010 Labour governments? This is nothing new.
Its crazy how people still think one political party will be 'better' than another! I guess they must be young. After you have seen 10 or so government terms play out you soon learn.
Yeah yeah vote for the other clowns next time, they'll definitely roll back these totalitarian policies :)
Labour are social democrats, not classical liberals…
The US is the only country with codified freedoms from the government. Every other country has rights given by the government to their citizens.
The US may suck every now and then, but the US constitution is one of the best things in human history. It protects us from governments like the UK that don't think they have any limits to control their citizens.
> The US is the only country with codified freedoms from the government.
This is not true, both because it’s not the only one[1], and because the constitution hasn’t prevented state censorship in the US[2-4].
> It protects us from governments like the UK that don't think they have any limits to control their citizens.
How would it do that? The US constitution has no power over the UK.
[1]: https://worldpopulationreview.com/country-rankings/countries...
[2]: https://journals.ala.org/index.php/jifp/article/view/7208/10...
[3]: https://historycollection.com/10-situations-in-history-when-...
[4]: https://en.m.wikipedia.org/wiki/Censorship_in_the_United_Sta...
> and because the constitution hasn’t prevented state censorship in the US[2-4]
That the constitution hasn't been upheld to a perfect standard all the time doesn't mean it doesn't codify freedoms. Also, precisely what the standard is isn't universally agreed upon and changes over time.
1 reply →
The constitution is merely a few pages of paper produced by the founding fathers together with many more pages of paper produced by the Supreme Court.
Without men and women willing to stand by it and defend it, it is useless. And what we are seeing is that there are increasing number of people who have taken an oath to defend the constitution but have chosen not to do so.
History is full of cases where a well written constitution is ignored by the ruling government.
> The US is the only country with codified freedoms from the government.
No, its not. Plenty of other countries have written constitutions with codified rights against the government. Many of them are more explicit about how the conflict between explicit grants of power to the government and explicit rights of the people balance in conflict, which may make them seem superficially less strong; OTOH, the fact that the US Constitution has both unqualified grants of power and unqualified enumerated rights has led to that conflict being resolved by the courts, by...qualifying the rights based in large part on the grants of power.
> Every other country has rights given by the government to their citizens.
That's no more true of “every other country” than it is of the US. The Constitution itself is a deal negotiated between representatives of and ratified by state governments, so all of the rights it protects are, ipso facto, granted by government.
Indeed. It’s somewhat funny (and sad) how the average educated person simply denies this or says it doesn’t matter.
For example, in the Dutch constitution, freedom of speech, religion, privacy et cetera are all qualified “except as restricted by law.” [0] That is to say: if the government passes a law restricting your speech, religion or privacy, that will typically be Constitutionally acceptable. Meanwhile, in the US, the Constitution is absolute, to rather extreme ends. The Dutch constitution is of course rather obvious in its weaknesses, but there are other signs for other countries aside from the text itself. One good method is to take a look at the mechanisms of enforcement of the Constitution and measures of Constitutionality. For a good laugh: https://www.advocatie.nl/nieuws/rechter-mag-wetten-langs-de-...
[0] https://wetten.overheid.nl/BWBR0001840/2023-02-22 For example: “Ieder heeft, behoudens bij of krachtens de wet te stellen beperkingen, recht op onaantastbaarheid van zijn lichaam.” or “Everyone has, subject to restrictions under the law, the right to inviolability of his body.” Most other rights include such a provision.
How do you mean? Who upholds those codified freedoms? Many democratic countries have similar fundamental laws that are explicitly hard to change or bypass. In the end though all rules are either enforced by some authority or they are mere suggestions. The USA doesn’t seem like a special case to me?
> Many democratic countries have similar fundamental laws that are explicitly hard to change or bypass.
What exactly constitutes "hard to change"? In many countries, fundamental freedoms are regular legislation which can be overturned in the usual manner. Even a threshold of 2/3 or 3/4 to change is much easier to overcome than the federated constitutional amendment process in the US.
3 replies →
Did the US constitution protect you from NSA conducting mass surveillance on all US citizens like the Snowden files showed?
Constitution, yes - but following it, not so much. I would really like the Federal government to improve in that regard.
While the US does have a written Constitution that explicitly limits government power (notably in the Bill of Rights), many other countries also have codified documents or legal frameworks that protect citizens from government overreach.
For example, Germany's Basic Law (Grundgesetz) was created after World War II to ensure the protection of human rights, including freedoms of speech, assembly, and religion, among others. In Canada, the Charter of Rights and Freedoms is part of the Constitution Act of 1982 and guarantees a range of civil liberties. India's Constitution, too, contains an extensive list of fundamental rights that are designed to restrict arbitrary government action, such as the rights to equality, freedom of expression, and personal liberty. South Africa's Constitution is also highly regarded for its strong emphasis on human rights protections.
Even in the United Kingdom, where there is no single written constitution in the US sense, many rights are protected by statutes (such as the Human Rights Act 1998) and established common law principles that limit government power.
Many democracies enshrine rights in law, reflecting the widely accepted idea that such rights are inherent and must be protected against undue governmental interference, rather than merely being granted as privileges.
> In Canada, the Charter of Rights and Freedoms is part of the Constitution Act of 1982 and guarantees a range of civil liberties.
I would like to point out Section 1 of the Charter:
> 1. The Canadian Charter of Rights and Freedoms guarantees the rights and freedoms set out in it subject only to such reasonable limits prescribed by law as can be demonstrably justified in a free and democratic society.
There is a ton of complexity to determining whether or not Charter violations by the government will actually have any kind of consequential remedy for those whose rights have been violated. None of the rights or freedoms in it are strictly absolute and there's legislation that infringes on many of them with those infringements held as "reasonable" by the courts.
Hello ChatGPT
Well didn’t Snowden reveal that is a bit of a stretch in what actually happens? Don’t the 5 eyes just just look over each other citizens and report to each other? The constitution only protects up until a national security threat and then ignored is it not? Still I think the US is an amazing country with some of the strongest protections from the government. I just don’t think it is as rock hard as you believe.
You are missing the most important part: a culture in which these kinds od overreach are not tolerated. For sure resistance has waned over time, but it is still strong. The constitution is merely a piece of paper if people are not willing to defend their rights.
>the US constitution is one of the best things in human history. It protects us from governments like the UK that don't think they have any limits to control their citizens.
The next 4 years will certainly prove or disprove this statement!
The US Constitution also guarantees birthright citizenship, but that doesn't mean the government will actually respect that right. The US Constitution only holds as long as people are willing to defend it.
That amendment has never been tested in the grounds that the Trump administration is.
It certainly wasn’t intended for the currently used purpose and will very much come down to “and subject to the jurisdiction thereof,” which anyone short of the best legal scholars in our country aren’t qualified to speak to.
3 replies →
Erm, a nationwide injunction was already made against that part of the executive order by a federal judge. You're the second person today I've seen try to imply that we're in a dictatorship because of that executive order. Whoever is spreading that misinformation should be fact-checked!
3 replies →
Please read Articles 1 to 19 of the German Constitution.
It's a worthwhile read for anyone.
Further proof against the idea that we live in "democracies", if anyone still believes that. We're at the hands of petty tyrants. Modern societies are surveillance hellholes, and it seems to only get worse and worse. So much for "progress".
I think Technofeudalism, as Yanis Varoufakis put it, creates inverted totalitarianism where people are controlled not directly by government with guns but with corporations with access control and moderation power over apps that form the majority of the public commons, personal, and work lives. To resist this subjugation, individuals, municipalities, and groups, large and small, need to build their castles on the bedrock of non-profit co-op services in countries with strong privacy safeguards rather than on the uncertain sands of corporate shores where they will be swept away by the next wave. It's expensive, it's starting from scratch it many cases, and not going to be as immediately polished as corporate offerings, but the socioeconomic and human capital won't be as easily destroyed, manipulated, or raided by police or corporate whims.
I think this is unnecessarily defeatist. The UK is still a well functioning democracy. Using scare quotes around proper democracy just blurs the line to authoritarians and dictators.
We elect our politicians. We demand they stop serious crime and terrorism. When they have bad ideas about how to do that, we let them know that it's a bad idea. Or we don't elect them again. This works.
"We elect our politicians. …When they have bad ideas about how to do that, we let them know that it's a bad idea. Or we don't elect them again. This works."
Think so? Perhaps on the surface. Think Yes Minister and Sir Humphrey. No matter how well meaning politicians are they'll be screwed rotten by determined public sector employees and then they'll be finished off by powerful corporate interests, citizens haven't a chance.
What's more you the citizen will likely be the last to know about it. Yes, outwardly all will seem normal as that's the plan but it's only a chimera—appearance is everything. Those in control learned that trick from Vespasian, it has a long lineage of working well.
Can't you see the Investigatory Powers Act wasn't dreamt up by politicans but by nameless but very powerful gnomes in GCHQ, MI6, etc., etc? For starters, politicians wouldn't have had the brains to concoct an Orwellian act on a scale like that on their own. (I've spent too long working in government bureaucracies to know how it works.)
Tragically, democracy, these days, is essentially dead. On the surface it appears alive and functioning and the citizenry still thinks it has say, but in reality it's actually like a cockroach that's been parsitized by a wasp—it's 'alive' in appearance only.
And yet you have a lengthy accumulation of the aforementioned bad ideas.
Perhaps because in your FPTP electoral system, you have few avenues to actually "let them know that it's a bad idea". I mean, supposing you don't like this particular law - which party would you vote for to send the signal?
"This works" in a parallel universe.
People vote like their dad or what the paper (Murdoch) tells them. If you are lucky to have a thinking voter they only get to choose 1 or 2 issues. Maybe they want lower income tax more than something something privacy.
People won't vote against their interests? "Latinos for Trump" etc. Says otherwise. Brexit people getting kicked out of Spain etc.
[dead]
Thats nothing yet, just wait until we have no reals cash, just electronic money. This will be fun NOT
No cash... now that will cause a riot. Why? Tax evaders won't like it.
2 replies →
I think you'll find that the majority of UK's citizens believe its government should be able to access data with a warrant. Whether the dēmos agree with your particular values is another matter, but this is not obviously undemocratic, unlike royal assent.
Certainly this decision seems intended to defend the state more than the people.
If a company starts hosting backups for millions of users across the world, the become a natural target of such court orders.
The only way to prevent this is to avoid this huge, massive, centralisation. Of course, Apple wouldn’t want this.
If we had lots of smaller scale hosting providers around the world (potentially dozens per country), the scope of attacking each one with such an order is much smaller.
A home network attached storage being the ultimate. Maybe you encrypt then sync the encrypted to a cloud.
My response would be along the lines of:
"The USA fought a war in part because they did not like the use of general writs of assistance to allow agents of the British King to search peoples houses and papers where their suspicion chanced to fall. The UK lost that war so no way!"
Not the strongest argument these days. There's no way that the US hasn't already backdoored apple's systems. They might not be sharing that access with your local law enforcement agencies, but you can bet that the NSA has a backdoor. They've likely set up camp inside Apple. (see https://en.wikipedia.org/wiki/Room_641A). It seems the US lost the war to stop kings from spying too.
Apple Shrugged
The UK government drops the ball on just about every matter the public care about, but when it comes to overreaching digital surveillance, they're absolutely obsessed.
glances at FIVE-EYES
I wouldn't characterize the rest of the world as not obsessed, really.
I feel Apple is one of the few companies that has the market power to say, Fuck you, we will just not sell or offer any services in your market, and I suspect that would be enough for voters to knock some sense into their government.
What makes you think they'll do that? Any previous examples? China maybe?
It is what Apple publicly said they would do if the UK attempted this.
https://www.bbc.com/news/technology-66256081
5 replies →
They probably won't, but it'd probably work
Please please please let them do that. I would love to see a UK without Apple devices!
What is better for shareholder value? The privacy brand or the UK market.
Doesn't matter, cannot be done by the board alone, explicit shareholder approval required for shutdown.
The order does not seem to apply only to users in the U.K.
From the article, discussing the idea of Apple stopping offering encryption in the U.K.
“Yet that concession would not fulfill the U.K. demand for backdoor access to the service in other countries, including the United States”
The writing is on the wall for the UK, has been for long, and the Labour government is going out of the way to ensure there can never be any reform, even if they have no mandate. There is one way they want to go, and they will drag their population along kicking and screaming. Anyone who can should get out.
The question is increasingly becoming “where?”. Every place seems to be moving in this direction.
Not Ireland -- Ireland so far has been immune to any global veering to the right. There are efforts though -- just not successful.
Probably South American somewhere.
New Zealand.
2 replies →
What are you trying to say exactly? What kind of reform are you suggesting they make impossible? And how?
“Those who would give up essential liberty, to purchase a little temporary safety, deserve neither liberty nor safety.” — Benjamin Franklin
China looks pretty safe to me. Unless you‘re a dissident of course.
Presumably the US government will have no compunction in using this to view US citizens private materials under UK government access rights, irrespective of US privacy law.
They'll share the data on US citizens with their US counterparts. Thats what the US and Australia do. That way govt's can claim they dont spy on their citizens. Their allies do it for them.
https://en.wikipedia.org/wiki/Five_Eyes
"Stupid is as stupid does...", this is the same Home Office Minister, Yvette Cooper (Flipper) that says pointy kitchen knives and Amazon orders are the reason for knife crime epidemic in the UK. Next up x.com banned from the UK.
What is the reason?
Covering for Muslim terrorism.
1 reply →
It’s a propaganda machine.
The government did get more than third of the votes. So this is the choice of democratically elected government and the voters and as such should be followed.
This sort of policy comes from the Home Office regardless of who gets elected. The spooks always want everything.
You could probably make an ECHR argument about it, but even Germany who are most paranoid about Stasi-like behavior have some sort of rights carveout for law enforcement purposes.
Germany hasn't imposed any similar ban on end-to-end encryption without a law enforcement backdoor. My configured iPhone region, configured Apple ID region, and physical location are all in Germany right now, and I was able to enable Apple's Advanced Data Protection here without a problem.
Yes, German law enforcement does have a rights carveout, but not nearly as big of one as in the UK (or the US).
Yes. Unfortunately those who thought a Labour government would be any less likely to deploy surveillance law than the Conservatives clearly do not have a very long memory. A pervasive obsession with snooping and controlling people's private affairs is one thing the two parties are quite united on
I have to give you a full up vote since they don't come in thirds.
Huh, I guess 1/3 isn't rational!
/j
This was before the current government.
[flagged]
Of course, the U.K. is rather famously not a republic, but rather a democratic monarchy. Now, if only the King would do his job and refuse assent to the Parliament when it does something wrong.
1 reply →
Just make TimeCapsule for iOS and iPadOS. With option to store it fully encrypted in AWS cold storage as Apple subscription. I want my data to stay at home.
Are iTunes backups not a thing anymore?
iTunes backup requires a computer. Time capsule for iOS should be an appliance.
Given recent polling, we have to assume that what is MI5's today will be Reform's tomorrow. We have to ask what our government and judiciary are doing putting our privacy in the hands of the far-right.
I never understood this kinds of arguments... both sides want to read your private data, but it's bad if 'the other side' does it? It's your current MI5/government that wants access to apples data.
My interpretation is that it is an argument against trust in authority in privacy discussions.
A: Privacy matters! B: Why should you care if you have nothing to hide? A: If you have nothing to hide, then give me the password to your Facebook. B: I don't trust you with that, but I trust my governments and relevant authorities.
The point is that B's faith in authority is flawed as the "powers that be" are an eternally shifting target. By agreeing to government surveillance, you place trust in every subsequent government, even the ones you would rather not.
4 replies →
One is bad in principle and the other is also bad in practice. Both are very bad but the latter is more likely to move people to action.
Generally speaking it is worse if a party who is ideologically inclined to do something bad to you reads it, yes.
One side wants to purge large parts of the population and the other one doesn't. Yes, all parties can abuse data, but their policies do actually matter.
8 replies →
Does it matter who has access to the data? It’s the principal not the actor
If there were a way to magically ensure that only the good guys had access to the information, I'd be way less concerned about these measures. (There are only a few things that I care about being secret for the sake of secrecy, and I can easily keep those off of computers.)
Every encryption backdoor is a huge vulnerability. Even if we somehow ensure that the powers-that-be remain entirely trustworthy (something that, historically, we can't even manage for a century), they're not the only people who'll have access to the backdoor. It's not possible to make an encryption backdoor that only authorised parties can use: as they say, the laws of mathematics do not respect the laws of Australia.
The actor informs the principal
It’s a Labour government, not a “far right” government.
I see from your history you may have knee jerked this one. I am referencing the far-right Reform party's current polling success and how this may be reflected in our government in the future.
The bad guys know where to find solid open source crypto for their cloud backups and whatnot.
Therefore you know this is not about chasing the bad guys. It's about keeping the Average Joe under the thumb.
It'll catch the bad guys who don't know what they're doing, which is a pretty big percentage of them.
Yeah, this is likely not intended to catch the most sophisticated of hackers, but your average drug dealer / murderer / thief / paedophile.
I don't know where the belief that all criminals are tech experts comes from; the popularity of cool-looking "encrypted" phones as opposed to actually encrypted apps like Signal should have long dispelled that myth.
I'd argue that the opposite is probably true, people who think that crime pays are less smart and more impulsive than the average person, and hence less likely to think about things like this.
4 replies →
I don't know to what extent this is true. A lot of criminals strike me as good at chopping off fingers etc but not computer stuff.
There absolutely is a balance between Average Joe's right to privacy and privacy restrictions for fighting crime. Without undermining the former, I'm astounded how HN discounts the latter 100%. It is real.
I disagree. There should no compromise on my privacy ever. We are not (yet) in a dictatorship and I’m not a criminal. Why should I suffer because governments are incompetent?
11 replies →
Because the latter are fucking pathological liars who maintain a rachet stealing away rights. They earned their reflexsive distrust.
Something something ounce of freedom something something safety something something deserves neither
That's true at a point in time, but bad guys start out as clueless noobs with poor opsec. The Silk Road guy, for example, was identified by forum posts he made before becoming a drug lord. The sort of people who become radicalized through online videos aren't using strong crypto until after they've committed to becoming terrorists. So a database of texts going back several years is quite useful in catching actual bad guys.
Which is not to say I approve of more surveillance. Just that surveillance of convenient modes of communication (iMessage) is useful to serious crime fighting.
> The bad guys know where to find solid open source crypto for their cloud backups and whatnot.
That's a very bold assumption after EncroChat and SkyECC.
It's baffling to me that any sane, healthy person would advocate for invasion of not just one person's privacy (in the case of known or highly suspected criminal activity), but a whole country's people's privacy. (In this case, at least, the privacy of all Apple users in the UK.)
Where does this problem start? Is it a basic education thing that valuing one's own and others' privacy needs to be taught to kids from a young age?
For instance, in the meetings in which these ideas are proposed, why are they not considered a serious, fireable offence, like bringing up racist or sexist comments?
I very much agree. I think to many people the preference for safety/security over privacy is just very tilted toward the former. That especially becomes true once there is some incident that triggers people's amygdalas, like a terrorist attack or even petty crime. Nothing makes "privacy" seem stupid like getting assaulted or otherwise victimized. Although I'm heavily skewed toward the "privacy" end of the spectrum, I do understand people's need and desire for safety above privacy/freedom. I wish they would recognize when they're decision-making is being driven by emotion rather than logic, but alas we can't change humanity.
It baffles me how you seem to think intelligence agencies have some sort of morals or sense of duty to their citizens. These organisations are set up with the sole purpose of spying on all people. They have done it for decades and have done it in some fantasticly dispicable ways. So no, asking a corporation for data on their customers is probably is probably a relatively weak action for them to pull on the grand scheme of things.
Sure, but something like this isn't limited to just the spy agencies. They don't have the authority to do something like this on their own. Therefore there must be some buy-in from people outside the intelligence communities such as MPs, members of Congress (in US), etc. Those are the groups I think GP's comment deserves an answer to.
I totally get the spy agencies' "moral flexibility" requirements, as I've heard it put.
From what I understand, the spy agencies have ways of obtaining your private information that don't necessarily involve blanket requirements to access all users' data (e.g. creative ways of injecting malware into specific people's devices). But those approaches don't scale, of course. And they shouldn't need to.
Intelligence agencies may have their own definitions of morality, but they do not exist outside of the law, which is supposed to be the output of a democratic process.
> For instance, in the meetings in which these ideas are proposed, why are they not considered a serious, fireable offence, like bringing up racist or sexist comments?
Hate to tell ya, those aren't fireable offenses at the highest offices anymore either.
This problem starts when people in power are addicted to power and are accountable to foreign agents and not the population.
Privacy should absolutely be treated as a fundamental right, not a luxury that can be revoked when convenient
“It’s for the children!”
> Where does this problem start?
It starts with UK citizens buying iPhones and expecting their data to be private at all.
Is it any different with Android phones? From what I've read it doesn't seem so.
My comment applies just as much to the people working at Apple and Google as to the folks in the UK government.
4 replies →
It starts with ALL citizens buying iPhones and expecting their data to be private at all.
In 10 years we'll all be shocked to discover this headline should have read "US Tells UK to Demand Apple Create Global iCloud Encryption Backdoor".
Why would you suspect that the US pushed their hand on this? This is not out of character at all for the UK.
Thats what Five Eyes does and always has done. It asks other countries for info on their own citizens so that they do not have to break their own laws in accessing their data directly.
How does Apple have any interest building encryption back doors?
Here's Apple documenting the end-to-end encryption scheme for retrieving Push Notifications: https://developer.apple.com/documentation/usernotifications/...
Here's Apple admitting that they just bugged the Push Notification server so the NSA could read them without MITMing anything: https://arstechnica.com/tech-policy/2023/12/apple-admits-to-...
Suffice to say, they don't even have to backdoor the encryption to give the UK what they want. iOS users are like fish in a barrel, if you force some insecure paradigm on them they can either adopt it or leave.
It will be interesting to see if Apple will follow up on comments they made when this change was first floated, and remove effected services from the UK.
> Apple says it will remove services such as FaceTime and iMessage from the UK rather than weaken security if new proposals are made law and acted upon.
https://www.bbc.com/news/technology-66256081
Question: Would it be technically feasible to make an Apple app which encrypts/decrypts the files used in iCloud and is able to use iCloud itself?
As a solution to never have unencrypted files in iCloud.
My gf doesn't have iCloud. She makes a backup from time to time by connecting her iphone to her macbook, encrypts the backup folder with 7z, and then I store the resulting file in my dropbox.
I follow the same procedure with my Android phone, no google cloud.
BTW anything I upload to Dropbox is encrypted first.
In case you don't already know, if you don't encrypt an iPhone backup with macOS first the backup won't contain _all_ of your data.
Apple says "Encrypted backups can include information that unencrypted backups don't" however the list they give is non-exhaustive. You might find yourself disappointed when trying to restore a non-encrypted backup that you've encrypted yourself in a disaster scenario.
5 replies →
Cryptomator does this and it's on the App Store. And it's open source! https://github.com/cryptomator/ios
That's only possible for the files owned by the app. Apps have no access to other unrelated apps' iCloud data.
Apple basically already has this built into macos - you can create an encrypted disk image and mount it to access the files. I'm not sure if it is possible to open these on ios.
iOS cannot mount .dmg files (at least, not without jailbreaking).
I was hoping this dreamland thinking on encryption had died with our last sorry excuse for a government.
I thought we had grown ups running the show now. Clearly that was optimistic.
[dead]
I’d love to see a collection of every attempt to add encryption back doors to apple/iPhone products. It feels like they never stop trying.
Fuck the UK and their creepy nanny state.
As a Brit I feel you may have a point there.
Right, after all the docs leaked by Snowden et al? After it has been shown time and time again that Apple give any customer data to the US government that they ask for? Trump as your president?! Thats right, the UK is the creepy nanny state!
Why can't they both be bad?
2 replies →
Where is my iCloud data stored? If I visit China, is a copy stored there? If my phone is from China, but i live in the USA, where is my iCloud data? Is it replicated globally? I once asked in an Apple store, but no-one knew the answer
Where your data is stored depends on the country set in your Apple Account. In your scenario your data will never be stored in China but I don't know if your USA-based account data is replicated in the EU, though.
1. https://support.apple.com/en-us/111754 says you can change your country to opt-out of GCBD.
2. https://www.bbc.com/news/business-42631386 says "iCloud accounts registered outside of China are not affected."
don't know why the downvote, this is a genuine question. If i bought my iPhone on holiday in Vietnam and created my iCloud account there, but live in France, where is my iCloud?
It'd be nice to not have to have this fight every 3-5 years but privacy is antithetical to the role of the security services so they're never going to give it up.
I’m so ashamed to be a U.K. citizen and to have both legacy parties (Tories and Labour) staunchly supporting these horrendous breaches of privacy.
We have had a number of bad laws over the last ten years that have entrenched state surveillance and presumption of guilt.
The only party I can see taking a principled stance on civil liberties is Reform UK, whose policy document states:
> A British Bill of Rights
> Our freedoms must be codified and guaranteed. Never again can our entire country be locked down on shoddy evidence and lies. Our data and privacy must be protected. Surveillance of the public must be limited and those monitoring us held to account.
https://assets.nationbuilder.com/reformuk/pages/253/attachme...
Recent polls show Reform is currently the most popular party. So there is hope.
In the past the Lib Dems were quite good at standing up for privacy and liberties when Lab and Con were both agreeing on more intrusion, but I'm not sure if that's still the case
Lib Dems did vote against the Investigatory Powers Bill (2016), and Nick Clegg blocked the original Snoopers Charter (Draft Communications Data Bill). So they have good form on this.
However, since 2016 the party almost exclusively shifted focus to opposing Brexit... which is ironic for a party that describes itself as "Liberal Democrats," trying to overthrow a public referendum (the strongest form of democracy)
The party seems to have lost its way, sadly.
> Never again can our entire country be locked down on shoddy evidence and lies
What’s this about? Is it some mad “covid was a hoax” thing?
Reform UK don't believe Covid was a hoax.
Reform UK believe that the purported efficacy of the mRNA vaccines at preventing transmission was massively exaggerated (we now know it was).
https://www.thelancet.com/journals/laninf/article/PIIS1473-3...
Reform UK believe that the detrimental side effects of lockdown policy outweighed the benefits of lockdown policy (again, there's evidence to support this view)
https://sites.krieger.jhu.edu/iae/files/2022/01/A-Literature...
"While this meta-analysis concludes that lockdowns have had little to no public health effects, they have imposed enormous economic and social costs where they have been adopted. In consequence, lockdown policies are ill-founded and should be rejected as a pandemic policy instrument."
We need more voices that are willing to state these truths in Parliament IMO.
5 replies →
Yes - Reform UK is a far right populist party. They currently have 5 out of 650 MPs and are steadily gaining popularity - similar to the rise of other parties like AfD across Europe.
3 replies →
[flagged]
I personally pissed all over the NCA with a Pixel 3 and a 6 digit pin + Graphene OS.
UK Law Enforcement can suck my dick.
Encryption works people. Use it.
The only way to get one over on the NCA is to irretreivably delete the data they want. As long as it exists, they will extort you and your family uitil you give them the keys.
Works until they demand your passwords and threaten to label you a terrorist if you don't
Love swinging through here to collect the latest crop of:
- that’s silly - they can’t do that legally - this makes no technical sense - this is a bad idea - this will never happen
The entire globe becomes Xi Jinpeng’s China with American Characteristics after the iCloud encryption system is neutered and a court warrant is no longer needed.
To be fair, Apple seemingly has no qualms letting the CCP surveil iCloud: https://support.apple.com/en-us/HT208351
Because iCloud in China is complete separate from the rest of the world.
China is not asking to see other countries’ iCloud data.
See also "U.K. orders Apple to let it spy on users’ encrypted accounts":
> The law, known by critics as the Snoopers’ Charter, makes it a criminal offense to reveal that the government has even made such a demand. An Apple spokesman declined to comment.
* https://www.washingtonpost.com/technology/2025/02/07/apple-e...
* https://archive.is/https://www.washingtonpost.com/technology...
> The Investigatory Powers Act 2016 (c. 25) (nicknamed the Snoopers' Charter)[1] is an Act of the Parliament of the United Kingdom which received royal assent on 29 November 2016.[2][3] Its different parts came into force on various dates from 30 December 2016.[4] The Act comprehensively sets out and in limited respects expands the electronic surveillance powers of the British intelligence agencies and police.[4] It also claims to improve the safeguards on the exercise of those powers.[5]
* https://en.wikipedia.org/wiki/Investigatory_Powers_Act_2016
See also "U.K. orders Apple to let it spy on users’ encrypted accounts"
Not just "see also." Your link is the original reporting.
Without journalists and organizations like these doing hard, expensive work like this no one -- not even on HN -- would know about it.
It's a shame that the link being used for the HN entry is to a blog re-writing other people's work, and not doing any of that work or sharing any of that expense themselves.
Correct link:
https://www.washingtonpost.com/technology/2025/02/07/apple-e...
No, I don't care if there's a paywall. Credit where credit is due is something your mom should have taught you when you were five.
The extraterritorial effect of the law is profoundly troubling, especially the prohibition on revealing the existence of the Technical Capability Notice. However, Apple would almost certainly be subject to lawsuits in the US and EU if it secretly added a backdoor to iCloud Advanced Data Protection, because doing so would violate their privacy policy and would likely give rise to fraud claims. They could kill iCloud Advanced Data Protection entirely, or they could add a backdoor and say there is a backdoor, but they could not, without being exposed to liability, secretly add a backdoor while simultaneously claiming that the data is end-to-end encrypted and nobody other than the user can access the data.
Seems like the UK really does need Musks help(1).
1: https://x.com/elonmusk/status/1876174862747930717?lang=en
Considering that the only tool that humans have to manage AI is the mathematical guarantee of both practically unbreakable and even theoretically unbreakable encryption maths alongside the inherent safety of an ecosystem of human enslaved AIs (or whatever nicer way there is to say that), then this is by default the most dangerous worst possible action a government could initiate towards destroying AI safety at both an individual and "ecosystem"-wide level.
This is not my opinion, this is just logic.
My opinion on this is that these people are f***g retarded.
Apple should green bubble all UK text messages and explain that it is the law.
Is green bubble iMessage or SMS?
iMessage is barely used in the UK, WhatsApp is the default messaging platform here
I'm in the UK pretty much only use iMessage/Snapchat.
I had a look at the stats though and you're probably correct about WhatsApp being default, although we do have a surprisingly diverse and competitive messenger market:
https://www.statista.com/forecasts/997945/most-used-messenge...
2 replies →
Green bubble is messages you sent via SMS (and so may have been charged by your carrier depending on your cellular plan)
Blue bubble is messages you sent via iMessage.
All incoming messages are grey, regardless of whether they were sent to you via SMS or iMessage.
6 replies →
Surprising that UK specifically demanded a worldwide backdoor, not just backdoor for UK citizens. Looks like a good workaround for this US gov to get info on Americans via 5 eyes.
DOGE was recently unable to obtain data on Americans (https://www.msn.com/en-us/news/politics/elon-musks-doge-deal...), maybe related...
> DOGE was recently unable to obtain data on Americans (https://www.msn.com/en-us/news/politics/elon-musks-doge-deal...), maybe related..
They had read/write data for a few days before being denied access https://www.wired.com/story/elon-musk-associate-bfs-federal-...
Apple have about 50% of the UK handset market. It's 80m terminals so that's 40m x their estimated profit of $500 per phone, so $20b (sure, currency, tax, you name it)
Does Apple lose much, in future revenue if people buy out of the ecology in the UK market? At scale, sure. But then again no. It's a 3.8 trillion dollar company. This is almost noise.
I don't think there will be a rush to the door. Set against overall revenue targets, they can comply and weather the storm.
Constitutionally guaranteed privacy and free speech have made America... the world leader.
America used to push the rest of the world to give their people those rights. Used to....
Why is this not said in the same light as politics in the US? E.g trump government demands...so in this case its Labour's Starmer government?
Can Apple please play hardball here? Just discontinue support for iCloud in the UK. Let the people complain to their representatives.
There is so much utterly cynical LARPing in that article. Apple was one of the earliest members to join PRISM. [1] And given the nature of the 5-eyes surveillance [2], The British government almost certainly already has access to 'encrypted' accounts from Apple. The difference is that that access is probably not lawful, which means they need to engage in parallel construction as is already regularly done in the US [3] if/when using it in court cases. All this change would likely do is enable them to use the data directly.
I felt an obligation to excessively site stuff here, because I find it bemusing anybody in tech can take such articles or topics at face value.
[1] - https://en.wikipedia.org/wiki/PRISM
[2] - https://en.wikipedia.org/wiki/Five_Eyes
[3] - https://en.wikipedia.org/wiki/Parallel_construction#By_the_U...
Not to mention, Apple has already sheepishly admit to implementing warrantless dragnet surveillance in the United States: https://www.macrumors.com/2023/12/06/apple-governments-surve...
If Apple can be compelled to keep shut about Push Notifications being bugged, who knows what else they're obligated to keep under the covers. Caveat emptor.
They overtly and actively lied about participation in PRISM, as did all companies involved (Google, Microsoft, YouTube, Facebook, etc) because they were legally obligated to lie about participation in it. It's all just so unbelievably fake and stupid. I suspect the main reason there's minimal to no anti-trust in big tech is because it's largely just become a branch of the US intelligence services.
In some way I find the Chinese system preferable in that they're completely transparent about spying and domineering the companies within the country. The only difference in the US is we actively lie about and engage in all this utterly ridiculous LARPing that makes anybody with half a head on their shoulder just despise every player involved.
About the time a country has secret courts and is forcing private entities to lie to others publicly, something has gone very wrong with the direction of the country.
Just make TimeCapsule for iOS and iPadOS. With option to store it fully encrypted in AWS cold storage as Apple subscription.
Any time someone on HN starts a reply with "Just..." you know they didn't think it through.
Care to explain yourself?
2 replies →
This might sidestep the current order, but the U.K.’s lawyers will just write a new order.
The complete lack of any kind of technological understanding by the people in power of most major governments is a huge existential risk. Thankfully businesses like Apple are completely staked on privacy, but Apple is actually big enough to give a middle finger to the UK. Other companies might not be able to.
Apple is a hypocrite. They already were a huge partner to NSA's PRISM and China's surveillance programs. Their privacy marketing is solely because they could not tolerate profits made by Google and Meta. Now they also want to become ad company.
Even if you ignore the above points, Apple's software is closed source. You cannot change OS or install any unapproved app on your own phone. Apple phones are Orwellian's wet dream. If people still trust bigtech then society is doomed.
> businesses like Apple are completely staked on privacy
This is completely false. It has been shown time and time again that Apple will bend to whatever data requests the US government ask for.
You may think they care about your privacy, because they tell you they do. But they are legally bound to say that. Every surveilance program they have ever been part of has had a legal requirement to lie publicly about its existance. Then when it becomes public through a leak, they are able to say 'Sorry we lied, we had to by law'.
Heres just one example: https://www.macrumors.com/2023/12/06/apple-governments-surve...
>The complete lack of any kind of technological understanding by the people in power
Naive implication. They're authoritarian henchmen.
Apple frequently acquiesces to privacy-diminishing demands from demonstrably unnecessary markets like China and Russia. They are also card-holding members of PRISM and admit to being part of warrantless surveillance efforts[0] in America.
If you're holding out on Apple, a company that has proven to betray every principle they claim to stand for, to defend privacy when money is on the line, then you've been fooled. I don't know how many times Hacker News has to say it before you chumps learn, but Apple is not a privacy-committed company. Being able to point at whitepapers is not the same as knowing how your device functions.
[0] https://www.macrumors.com/2023/12/06/apple-governments-surve...
It wouldn't be the first time Apple did extremely shady things for the government https://tidbits.com/2020/08/17/the-case-of-the-top-secret-ip...
PRISM, blocking of apps in china, giving over that data to the CCP. I believe they did similar in Russia. The FBI hackings and Pegasus stuff (Although, this is more like bad security)
I should emphasize that 'I personally don't care'. I find it more interesting that people believe there is some safety in Apple products because their marketing says so.
When I was younger, I used to care about these people getting taken advantage of. Today, I wonder how I can replicate the formula. Sorry pals, Apple did it and people were happy about it. I'll make people happy too, its a Noble lie... err Paternal lie :)
This is fucked, TBH, i would be happier if Apple jus pulled every single aspect of their business out of the UK rather than comply with this, I don't want to get some shitty android phone, I don't care what anyone says, theu are just not as good.
This kind of thing makes me furious. I know there’s the EFF but what can someone concerned with privacy advocacy do in the face of these kinds of things? Are there orgs and political movements that are out there already? Privacy is a human right. IMO it’s one of the big issues of our time.
Surely any moderately sophisticated group of criminals can simply create there own end to end encryption apps. So even if the UK, or other governments, get there own way they will only et to see the content related to the less competent criminals. Perhaps it's still worth it to some.
As Encrochat/ANOM/Sky ECC show, not only is this possible, it actually happens.
Encrochat was almost certainly a honeypot:
> After the Dutch and Canadian police compromised their server in 2016, EncroChat turned into a popular alternative among criminals for its security-oriented services in 2017–2018. The founders and owners of EncroChat are not known. According to Dutch journalist Jan Meeus, a Dutch organized crime gang was involved and financed the developers.
Surely they can make their own apps, but whether or not Apple will let them install it has always been a point of contention.
You cannot acknowledge the existence of a request by the UK. You cannot tell users you implemented the proposed system. And you must do all of this to citizens who have no representation in your system, without the consent of their governments.
It all begs the question, what else have they requested, and of those which requests were accepted secretly?
Truly a pathetic example of a democracy.
There is only one way to respond to this. You just do not comply with this. If you are Apple you withdraw from the UK completely if necessary. But a better option is probably to just take the punishment for not complying while you appeal. The cost will be large regardless. But the reputational damage if Apple complies seems it will be larger than both the fine for noncompliance or the cost of losing all business in a large market like the UK.
I think Apple has a very short window for a powerful response here. It should be re-using the famous Pirate Bay wording for maximum effect.
> You just do not comply with this. If you are Apple you withdraw from the UK completely if necessary
But Apple has a massive history of complying with government data requests all over the world. They care not for user privacy one bit, and so this request is not that unusual for them.
Funny that the government does not need to order people to divulge their private communications.
It can just order to a third party do so. Wait, why does a third party have access to peoples' private communications. That is the Apple design. The company wants people to use their servers.
> Wait, why does a third party have access to peoples' private communications.
If you take the information at face value, they don't.
The government is mandating them to actively infiltrate into people's private communications.
There is already a global iCloud encryption backdoor.
iCloud Backup is not end to end encrypted. iCloud Photos is not end to end encrypted.
Apple can read all of your iMessages and see all of your photos.
The governments where they operate can compel them to turn over this data. They can and do. Often.
Operationally this doesn’t really change much.
> iCloud Backup is not end to end encrypted. iCloud Photos is not end to end encrypted.
DO NOT SPREAD FUD.
If you could be bothered to spend two microseconds on a search engine, you would find this[1] which states IN THE FIRST PARAGRAPH :
For users who turn on Advanced Data Protection, the total number of data categories protected using end-to-end encryption rises from 14 to 23 and includes iCloud Backup, Photos, Notes and more.
[1] https://support.apple.com/en-gb/guide/security/sec973254c5f/...
Approximately nobody has turned on advanced data protection.
When you go to an Apple store and buy and use an iPhone, as millions do, you are prompted to create an Apple Account and log in. iCloud and iCloud Backup are automatically and silently enabled. The device automatically runs non-e2ee backups nightly.
This is how almost every iPhone on Earth runs. Most people don’t even know the feature exists. Even amongst techies that know about it, almost nobody has it enabled.
1 reply →
Whatever the opposite of fud is, you're spreading it
Came here for your comment. Thank you for your dedication to the truth.
That is what remains when a government grows to incompetent, the fear of the citizen, who sure is planning "something" as he should, for such incompetence shall not get away. Paranoia is the subconscious awareness of institutional incompetence.
I wonder how UK politicians would feel about being no longer able to use their iPhones.
This would mean that they would have access to everything stored in Keychain too if you have that synced with iCloud… Which I believe probably most people have. So they will essentially have access to millions of peoples email accounts then.
They already have
> We do not comment on operational matters, including for example confirming or denying the existence of any such notices
Cloaking mass privacy violations under "operational matters" is the most doublespeak bullshit I've ever heard.
Never use corporate controlled encryption and court orders to corporations will never impact you.
If you do not control the keys and the software that controls the keys, then you are not using end to end encryption.
Encryption is encryption. If this is for dirt digging or evidence for police... then make the person provide it instead. Spy agencies just have to deal with it. Sure there are other ways of tapping information.
I'm pretty sure this is not unique to Apple. They likely served the same order to Google, Microsoft, and any other major provider that has any user data. And most of them complied without objection.
The moment this happens, I will stop using an iPhone and switch to a mainline Linux phone like Pinephone. Android is far worse though and you can't even uninstall Meta apps.
So the whole article is based on “people familiar with the matter”. I suspect that the real motivation, truth and substance lies beyond the “enrage” oriented title.
Maybe the EU should be glad that the UK is not a member any more.
This is exactly the arrangement five eyes had with partners, spying on citizens of partner countries to circumvent laws preventing local authorities doing so.
Is this something UK demanded, or a FVEY loophole from other partners. Does US still need to fiddle with legal loop holes to surveille on domestic citizens after Cloud?
This really doesn't feel like a position that we'd really care about, I would wager this is something we'd be doing for our American friends.
That is an extremely corrupt and authoritarian government.
Gross behavior. But not surprised. UK is a real surveillance state.
In my honest opinion, in this specific context UK should be treated with the same scrutiny we treat China.
If it happens, likely the main beneficiary of this would be the US govt
Through Five Eyes the US agencies could, via the UK, get global access to iCloud accounts
No need to change US law
The UK is as important as Zimbabwe. Zimbabwe, is probably a bit more relevant to the future. Unplug the UK. No way we should follow this law.
Apple should tell those ignorant fuckwits to do one.
I doubt very much if any terrorist, criminal or child abuser is going to use any google or apple cloud service to back up their files.
Anyone with a fundamental understanding of online privacy and security would encrypt any files prior to uploading them to the cloud rendering any back doors and access to those files useless and toothless.
I dont use any of these services. I have never understood the thinking around uploading your private life to some server in the cloud when they are more secure on an external hard drive at home.
The overlap between “criminal” and “fundamental understanding of online security” is fairly small.
I use online services and sync, but my life is so boring (and data breaches have exposed so much) that a disaster that destroys my house and all backups is far more likely that harm from government or private snooping on my cloud files.
I know we’re supposed to stand on principle and make data storage choices as if today’s cat photo were evidence of being the real JFK assassin, but I don’t have the energy.
Hamas switched from smartphones, with encrypted messengers to pagers, a communication device with encryption so weak it may as well not be there. Criminals get caught because they used plain phone calls and texts _all the time_. Hell, child abusers are regularly reported to the police because someone saw a suspicious picture on their phone when scrolling through the gallery. Crime and an understanding of cybersecurity don't necessarily overlap.
I agree that cloud services cannot be trusted to do encryption within their clients, but on platforms like iOS it's difficult to do automated backups using independent encryption. It's also quite difficult not to accidentally enable backups to these services because the setup flow for every phone guides you to hitting the "upload everything I do to Apple/Google".
To Apple's credit, while they normally store a copy of the encryption key, making most cloud encryption entirely useless, they do offer setting a custom key at least. GDrive and OneDrive sure don't.
> on platforms like iOS it's difficult to do automated backups using independent encryption.
iOS allows you to perform encrypted backups to your local PC or Mac out of the box.
https://support.apple.com/guide/iphone/back-up-iphone-iph3ec...
I believe they switched to pagers because their location can't be tracked. Every pager message is broadcast across the whole country and the pagers just listen to all of them and only tell the owner about the ones meant for them.
A phone has to at least tell the nearest tower that it's within range so that the tower can know to send it messages. After that, when it get's a message it sends some sort of acknowledgement. In theory anyone can pick up those messages with a phased array or set of directional antennas and get a directional fix on the phone.
there are dumb people out there but can you sum up (just talking about illegal drugs) an industry that makes $360 billion per year? Brazilian ghettos have army grade weapons like anti-aircraft missiles [0]
psychopathy is a mental disease who impair people to control their impulses/defected judgment; often these are permanent personality traits, which either will let them sit in a prison for the rest of their lives depending on what they did or they will be liberated if they get caught with a high chance of another incidence... search for papers/work from Kent Kiehl if you are interested in this type of stuff
[0] https://www.globalissues.org/news/2009/10/30/3330
I think you have a very high opinion of the millions of people around the globe, with varying levels of computer literacy, who are terrorists, criminals, and/or child abusers.
I once worked with a business lady who used her dumbphone as an argument in a discussion where we were deciding whether all our users have smartphones. She proudly displayed the dumbphone and said that if she has one, others probably have too.
I learned only much later that her husband was prosecuted for fraud related to government funds. So she had a good reason to have a dumbphone.
It's anecdotal evidence, but still.
You are of very low opinion of people, probably assuming that you are smarter because you are some kind of IT guy.
And you are likely wrong.
2 replies →
> I have never understood the thinking around uploading your private life to some server in the cloud when they are more secure on an external hard drive at home.
Depends on your threat model. If someone unofficial wanted at what you're doing, they'd likely find it easier to go after your home data than what you have in iCloud -- particularly if using Advanced Data Protection for iCloud.
https://support.apple.com/en-us/108756
Also, ask the folks in Los Angeles how those external hard drives at home are working out for them in the fires. There are many types of threats.
The real goldmine is WhatsApp. In most cases, WhatsApp backups are enabled and uploaded by default, including when the whole iPhone backup is created. And by default, backups are unencrypted.
So if you ever wonder how they access those WhatsApp messages, when you think that they would be end-to-end encrypted, reality is something else.
I've got backups disabled on WhatsApp and the app reminds me like once every few weeks "You should turn on your backups!". Easier to click yes.
> I doubt very much if any terrorist, criminal or child abuser is going to use any google or apple cloud service to back up their files.
Meanwhile, the amount of local news arrests for people getting busted for uploading CSAM to online platforms like Google and Apple is exponentially increasing.
The average "criminal" is an idiot.
News stories seem to indicate that many criminals use computers just like any given person does.
Even people concerned with security who know a little seem to be terrible at it.
A local protest group in my area was passing around an image with security tips. They were hilariously bad, suggestions based on very confused understandings of risk. These people weren’t criminals necessarily, but they were motivated and concerned and somehow just terrible at basic security.
> News stories seem to indicate
What's the inverse of survivor bias?
1 reply →
The average people have zero idea about these things. They just use phones, and do not care how they function, what they do in the background.
> I doubt very much if any terrorist, criminal or child abuser is going to use any google or apple cloud service to back up their files.
Most of the time, people become terrorists, criminals or child abusers because they're stupid, not because they're smart.
[flagged]
Don't iPhone photos automatically sync to your iCloud?
You can turn it off, and it is E2EE.
1 reply →
Complete waste of time. At this point I am not sure if its Europe not wanting to understand, or the lack of abilityto understand.
Rather than break the security promises it made to its users everywhere, Apple is likely to stop offering encrypted storage in the U.K., the people said. Yet that concession would not fulfill the U.K. demand for backdoor access to the service in other countries, including the United States.
Considering that the UK and Aus are both countries that share all their data with the US, I'm surprised at the naivety of the comments here about this.
This is a well worn path for the CIA gather dirt without needing to break any rules on monitoring US citizens.
Jurisdiction, schmurisdiction. What's that, you know?
And that conversation will look something like this:
"If you want to sell phones in our country, you have to give us access to anyone we say is a criminal using your phones in any country".
"You are asking us to break the law in those other countries."
"Do you want to sell phones in our country, or not? We know you'll blink first."
(Will Apple blink? I don't know. But I am confident that the UK government is filled with people who assume they will).
4 replies →
OK, We've found out Apple, but not all the others? Has google and meta got the same but maintained silence?
If this passes and Apple has to break encryption worldwide I hope they leave the UK. They won’t but they should.
EU/UK is like: - we care about your privacy and will not allow censorship.
And the next day this or blocking DeepSeek (in Italy).
Also on the front page, "German civil activists win victory in election case against Musk's X"
https://news.ycombinator.com/item?id=42975170
They're not exactly the same, but you should have similar feelings about forcing a company to hand over data to researchers and forcing a company to install a back door for law enforcement.
Forcing Twitter to make public posts easily accessible is not at all the same as compelling Apple to hand over your private messages.
Not the same, but still batsh#t.
1 reply →
I don't care about either, they're voluntary problems. You're a moron for trusting X with your data, you're a moron for trusting Apple with it too. It's just like how Apple defenders said with iMessage - "just buy a different phone if you care, duh."
All of the sudden people start caring, acting like they never had the chance to regulate their OEM of choice. No, you get exactly what you paid for. You trust Apple, don't you? They're a prestige company, they'd never sell you out. Probably. Oops[0].
[0] https://www.macrumors.com/2023/12/06/apple-governments-surve...
This is fine as long as citizens get backdoors into all government accounts. They have nothing to hide after all.
UK is a dystopian nightmare, very grateful to the founding fathers for sending them back to the island.
The funny thing is that anyone pointing out authoritarianism will get downvoted with a whole bunch of partisan arguments or left/right false dichotomies.
Here we are, though, at the point where the government overreach for these "beacons of democracy" such as US and UK do this often and by design and we're all supposed to pretend "thing are fine, trust us". Next they'll push some other overreach using children, terrorism, drugs or some other usual excuse and people will defend it pretending the government has good intentions and largely works for the people.
All of a sudden, 100 nerds start seeing the UK government for what it's been: tyrannical.
So UK gov is demanding similar access as China? Not a good look for a supposed free democracy..
This is why it is so important to shrink the size of the US government. As government gets bigger, it tends to make more and more demands like this. And if you refuse, they will imprison you.
Isn't ARM based in the UK, and can't they make a backdoor that way?
No, it'd be a huge overreach as ARM itself doesn't sell finished products.
> the law actually makes it a criminal offense to reveal that the government even made such a demand.
Why is it tho ? The government has something to hide ? i mean it's complete bullshit, citizen have the right to privacy and government has the obligation of transparency and being accountable to its citizens.
When did the UK turned into a middle east dictatorship ?
> Google has enforced default encryption for Android phone backups since 2018. When asked by The Post whether any government had requested a backdoor, Google spokesman Ed Fernandez did not provide a direct answer but suggested none exist: "Google cannot access Android end-to-end encrypted backup data, even with a legal order," he stated.
That is absolutely laughable. If the uk government couldn't access google data, they would have ordered google the same thing they did with apple.
Apple theoretically can't access their user data when e2e encryption is enabled yet the uk government doesn't care. how does that differ from google ?
once again, if you want your data to be safe from google, apple, and the others you got to avoid all cloud and resort to use good old hard drive with encryption.
the only ones getting fcked are once again the average people who don't have much to hide in the first place, the pedophiles and terrorist they are much more aware than the old fart at the government on how to stay hidden.
Behavior like this makes me question sourcing software releases from the UK.
Does apple have a canary provision in their EULA / TOS somewhere?
Encryption is encryption. Purposely breaking it defeats the purpose.
Does it mean they already have such a backdoor on all Android phones?
It's pretty funny that as the US implodes, UKGOV, instead of grasping the opportunity to show that they're the new good option for your internet service needs, decides to blow not one but both kneecaps clean off with the doubly whammy of the OSA/Ofcom debacle[0] and now this farce.
(I suppose the silver lining is that Starmer is merely sidling towards Trump as his new best mate rather than the full-throated slobbering that Johnson/Truss/Sunak would have given him.)
[0] I know this is primarily the fault of the last lot but this shower of onions haven't done anything to roll it back and/or clarify WTF is going on.
Not surprising as the UK wants to ban E2EE too.
everyone needs to just belly laugh. at some point. would be grand if it were collective and all inclusive
Discussion: https://news.ycombinator.com/item?id=42970412
New tariffs on UK in 3... 2... 1... ?
I hope Apple's answer is simply:
"No."
Why must the UK be like this?
Faux privacy gets what faux privacy deserves.
Once again, governments push for backdoors under the guise of security, ignoring that any vulnerability they introduce can and will be exploited by bad actors. If Apple caves to this demand, it sets a precedent for every other country... Privacy isn't just a marketing gimmick! It's a fundamental right
Black hats love this
the UK needs to be slapped in the face. wake up man!
I don't assume in general that any of cloud services in the US are free of government surveillance either. Your only hope for any kind of privacy is self-hosting, and using certs issued by your own CA (I strongly suspect Let's Encrypt is a honeypot). Likewise I strongly suspect Proton Mail and Signal are both honeypots. Tucker Carlson was spied on when arranging his interview with Putin, even though he uses Signal. This likely bypasses the protocol - you don't get to examine the binary that's installed on your phone. It could contain all sorts of Five Eyes special sauce, as could iOS, and the companies won't even be able to tell you about any of it. It's safe to assume that all VPNs are tapped, too, unless you run your own.
I saw a comment earlier about this being the USA asking the UK to do this.
Sounds like quite the conspiracy theory, but if the USA were not OK with this, the UK surely wouldn’t dare to take on a crown jewel in the US tech sector, potentially causing them serious problems.
US have asked for far more and far worse from Apple and been given it. Im sure UK was just following the precedent set from other governments.
What have they asked for and received worse than this?
the world is gayer by the day
time to pull business out of the U.K. then.
U.K. is as correct as U.S.A.
Why not just require all data on the icloud be sent to a server all unencrypted? Ain’t no difference. Apple isn’t gonna do it and Trump will tell UK to shove it
surely UK is going to give two shits what Trump says :)
well it was nice knowing you, UK
I am leaving the Apple ecosystem.
I assume its the USA using the UK to do its dirty work, as always?
Hence why Trump was cheering on Starmer the other day, despite all that has gone on between them.
Americans need to wake up and realise their state uses uk/israel to do what they don't want to be seen to be doing.
Imagine all the unfinished screenplays they will get access to.
With the increased caliber of software folks in Trumps orbit, my sense is we will have a much more informed decision from the Whitehouse on this topic and whether the US should weigh into the fray with the UK.
as a side note, its really baffling what this capability would actually provide for? Any serious criminal isn't using icloud backup or even an iPhone in the first place. So this is just a shit outcome for the general population.
If this goes through, I look forward to the news of the world expose on some cabinet members personal details
good luck with that :D
lol the f they will
How about NO. Fuck off.
[dead]
[dead]
[dead]
[dead]
[dead]
[dead]
[flagged]
[flagged]
>>currently been held up by migrants they don't like.
What does that even mean?
before migrating to the u.k - immigrants prepay for services e.g nhs etc. then still get taxed when they work for those same services. & remember some of these services are not easily available. yeah NHS is free - but good luck getting an appointment at the doc.
that's extra revenue for the u.k gvt.
the security guards, the care workers etc - which people are working those jobs ? immigrants or spouses of immigrants.
right now the conservative leader Kemi is campaining to increase permanent residency to 10 years. & citizenship to 15 years. who's gonna stay for that in a country where electricity & basic bills are expensive as hell.
skilled native british people are leaving & getting replaced by migrants. the doctors at the nhs majority are foreign trained.
[flagged]
3 replies →
[flagged]
lol https://www.youtube.com/watch?v=h513h-rXdQs
instead of dumping tea in the ocean and waging a bloody war they simply have to brick a few million iphones temporarily, it would be a short fight
[flagged]
[flagged]
Can you offer an example of someone being jailed for "disagreeing with the extreme left on social media," or is this an alternative fact that you've acquired via osmosis?
I am aware of people being jailed in the UK for making terrorist threats on social media, and arguably those prosecutions were inappropriate, but that doesn't appear to be what you're claiming.
All you have to do is search for it yourself. It’s not just UK citizens that are affected. They’re threatening to have US citizens extradited to the UK to face charges [1] for online speech that’s protected by the first amendment.
[1] https://thenationaldesk.com/news/americas-news-now/uk-author...
7 replies →
There are several examples, but connected, just this week, the British police not only arrested a men for burning the Koran, but they also doxed his full name and hometown.
This, right after Islamists killed people in Europe for burning the Koran.
https://www.telegraph.co.uk/news/2025/02/04/manchester-polic...
1 reply →
Headline should be "Someone other than US want's to access your data and that's scandalous for some reason".
For clarification. I do not want to give them backdoor to users data. I just think that it's understendable that they too desire it.
US tech needs to obey the laws of the country in which it operates. I am sure the demands of UK government are more than reasonable - and, as it is a democracy - as full endorsement of the people / users
I’m from the U.K. and I consider the government’s actions around digital privacy to be somewhere between incompetent and malicious.
Indeed.
The Investigatory Powers Act 2016 was one of the big things (before Brexit) that made me realise the UK wasn't a suitable place to run a tech business.
It hasn't noticeably improved.
Anyone who watched Monkey Dust in the 90's will suspect that the government is under the thrall of the Paedofinder General.
Same here.
Same here.
> I am sure the demands of UK government are more than reasonable - and, as it is a democracy - as full endorsement of the people / users
"Full endorsement" of the electorate isn't how representative democracy works. Given FPTP, the government got a huge majority of seats with 33.7% of the votes, but as there's not universal voting that's only 14% of the actual population, and even with those who did vote it's not clear how many people were voting "not the other lot".
It doesn't. Apple could play hardball and threaten to withdraw from the UK market, with a propaganda notification like TikTok did. They could also appeal to Trump/Elon for help.
Also the wider part of this order is that Apple would access to the international users data, including US customers, if I understand the article correctly.
They're currently antagonizing Trumpelon by refusing to halt DEI stuff, so they might not get any help.
3 replies →