Comment by bilekas
15 days ago
> requires that Apple creates a back door that allows UK security officials unencumbered access to encrypted user data worldwide
How could this even be enforced if Apple pulls out cloud services of the UK ?
It's such a ridiculous request, the British Intelligence agencies must be bored coming up with new ways to make Apple look good.
As long as Apple has a business presence in the UK, they are subject to the laws the UK imposes on them even if they're vastly overreaching and impose on other government's citizens. Not supporting cloud services wouldn't be sufficient to avoid the compliance requirement, they would have to formerly stop doing business in the UK.
Looking at the market size that might be a decision that Apple is willing to make as it would most likely be a temporary stick. The government can spin it anyway they want, but Apple devices do not work basically at all without the deep integration of their services. A geoblock would effectively mean UK citizens would be left with unusable devices and I can't see the resulting outrage being directed exclusively at Apple.
It'll be interesting to see how this plays out for sure.
I think this is the most solid answer I’ve seen so far that makes any sense. Could they still go through with it , I’m not sure, they want to project some influence but I still feel this is like haggling for half price to get cost.
Someone else here said something spot on for me, we’re all focusing on how bat sh*t this is because it’s global without even considering how human privacy obligations are just ignored.
Humans have a right to privacy, feels unbelievably pretentious and privileged to even say that. But it’s still true
Imagine weighing the right of privacy of everyone in the world against the right of safety of 0.8% of the world population.
> As long as Apple has a business presence in the UK, they are subject to the laws the UK imposes on them even if they're vastly overreaching and impose on other government's citizens.
I wonder if this means that Apple would ultimately take the same approach that they have in China, where the iCloud data and services are entirely localized within China and allows the Chinese government unrestricted access.
one can't compare china and the uk.
china had leverage because of the manufacturing happening over there and the incredible market opportunity, UK doesn't have much.
technically i believe apple could get out of the UK market to provoke a backslash on the government.
If they concede, other government will use the exact same blackmailing technique and one can say it will be the absolute end of their "privacy" marketing campaign they spent so much money into.
Apple offers the same escrowed key and non-escrowed key (advanced data protection) features in China as far as I'm aware. The extra capability GCBD has would be access to protected at rest data like iCloud email.
The decision wouldn't involve just market size, but their Irish tax haven as well. They're not going to pull out of the UK entirely.
Their Irish tax haven is rather specifically _not_ in the UK.
7 replies →
Apologies for any offense given. Total brain fart moment. If I could delete this comment I would
Go ahead and call someone from Ireland, British.
1 reply →
Ireland is in EU. UK is not in EU anymore
Apple still has legal entities in the UK. Pulling out cloud services would be insufficient to prevent the UK authorities from interfering with their activities.
> prevent the UK authorities from interfering with their activities
I'm still missing how this could be enforced ? To my layman understanding, this reads the same as if China said : "Meta, Tesla, Valve etc has entities in China therefore we get to see all data they store in the EU and the US.
The UK has Zero jurisdiction in Ireland for example where a lot of EU data may be stored.
I have lived to the day that we give an example on china not doing something stupid a western democracy does about rights and freedom. Wild times to be alive. I am also surprised that they demand worldwide access and not just UK users data or all the data stored in UK jurisdiction. But this is going too far.
20 replies →
It can be enforced in this way: police raids the local headquarters and jail a bunch of people because their company didn't comply with the law.
The only way to prevent that is not having any local office, no employees, nothing. Sell physical objects only by the means of local 3rd party resellers which will import goods. Same thing for services. Of course they can ban imports and services or go after those 3rd parties. It depends how nasty they want to be.
1 reply →
> I'm still missing how this could be enforced ?
By banning Apple from doing business in the UK.
The US used a similar strategy decades ago to break Swiss Bank Secrecy laws (either Swiss banks had to give up the info or they were going to be kicked out of the US).
23 replies →
Sadly jurisdiction has nothing to do with it.
https://www.irishtimes.com/business/technology/uk-spy-base-g...
This is not just a case of the British intelligence services secretly “tapping into” Irish telephonic and internet traffic via land and maritime cables. Rather in most cases they are being provided free (or commercial) access to the information by companies associated with the use, ownership or maintenance of these cables.
Post-Snowden the Irish government retroactively legalised it...
> I'm still missing how this could be enforced ?
Basically by saying that if they don't comply, they can't do business in the UK.
15 replies →
The US CLOUD act says something similar to your straw man (though it doesn't ban E2E encryption like the UK is attempting to do):
https://en.wikipedia.org/wiki/CLOUD_Act
Note that it the bar is having the ability to access the server, so this law is completely incompatible with most GPDR solutions: It's illegal to store European user data and then refuse to hand it over to US law enforcement, regardless of whether the data is stored in Europe or the request breaks European law.
I imagine they would fine apple a large sum of money. If apple refuse to pay they send high court sheriffs to confiscate any property they have in the UK to pay the debt.
The opposite is happening all the time - i.e. US demanding access to European data from Facebook and Google et al. It is not one-sided.
It would be enforced by fining the UK legal entities (or worse, like charging their legal representatives) if they don't comply. If the UK is serious about this, the only alternative for Apple would eventually be to completely cease operations in the UK.
By the way, this is similar to why for true GDPR compliance, data centers should be operated by EU companies that aren't subsidiaries of US companies, because even if the latter operate data centers located in the EU, they would still be bound to secret orders by the US government.
17 replies →
More importantly, apple has customers in the UK. The business from captured apple users is more valuable than apple's privacy reputation.
This all seems very similar to RIM and the aftermath of the riots in the UK. The backdoors became too obvious for customers to ignore. Did not go well for RIM in the market afterwards.
> More importantly, apple has customers in the UK. The business from captured apple users is more valuable than apple's privacy reputation.
Is it though? I wonder how much of Apple's revenue is from the UK, probably around 5-6%? Apple isn't exactly as popular in the rest of the world as they are in the US.
Would damaging their privacy reputation globally be more valuable than the UK market? I honestly don't know, but my hunch says no - they are likely to want to keep their reputation and dump the UK market. I think more likely is Apple is going to be able to get the UK to cave in. Apple is extremely competent with PR, and would be able to spin any kind of pull-out or degraded service in the UK as the government's choice and fault, to the ire of UK citizens.
Who has more to lose though? I mean any government that would do something as stupid as banning Apple because Apple didn’t allow it to spy on its citizens wouldn’t be very popular or last that long..
I mean this would be even more stupid than Partygate and the whole Truss debacle put together.
> the British Intelligence agencies must be bored coming up with new ways to make Apple look good.
We know they collude with US intelligence serviceUS
But as far as we know there is no encryption back door
"As far as we know" is the most important part.
23 replies →
We know.
By collude, you mean responding to subpoenas they are legally obliged to respond to?
Of course that's a thing. However, anyone who's ever read a history book has a pretty good reason to be suspicious it ends there.
Funny
https://youtu.be/eW-OMR-iWOE
Collude is such a fucking weird word to describe an alliance.
Collude seems like a pretty good word for an alliance formed for the purpose of subverting the law.
1 reply →
That's not even the main issue in my opinion: how can Apple do this without breaking laws in other countries ?
I am not a lawyer, but I think that this would be illegal under EU privacy law.
The same way it operates in China? I guess, China is much bigger market, so it’s worth the effort. Not sure how it’ll go in the UK.
> a back door that allows UK security officials unencumbered access to encrypted user data worldwide
As far as I can tell, China is asking to keep Chinese data in China and have access to it, but it is not asking to access data of American or European citizen and if it did we would be pissed off.
I think it’s a cultural issue. The British have an inflated sense of national self worth as a result of being the world’s largest power during the British empire. While this has not been the case for some time now (since Suez in 1948? Longer?) the people still carry the memory and national myth of great importance. This is likely what drives a sense of entitlement that British demands should bypass the laws of every other country in the world and give them unfettered access to everyone’s data. Think about that, literally everyone who has an Apple device!
Frankly, the arrogance is appalling.
MI6 probably gutted the cybersec division. Probably don’t have many viable sploits in their cache against Apple.
I suppose this is _good_ but more competent and well funded groups out of Israel, Israeli military complex, Cyprus don’t need to “ask” for a back door.
Cyber-related stuff is GCHQ (black/greyhat) or NCSC (whitehat)
Probably a manouver to make them look good but also privately complying anyway.
>How could this even be enforced if Apple pulls out cloud services of the UK ?
Honest question, how Apple is doing it in China? Maybe the exact same scheme will work for UK.