Comment by em500
15 days ago
Before people immediately think the worst of Google or other corporate representatives, be aware that people working in these companies need to weight their words carefully. From The Verge's article on the issue:
The UK has reportedly served Apple a document called a technical capability notice. It’s a criminal offense to even reveal that the government has made a demand. Similarly, if Apple did cede to the UK’s demands then it apparently would not be allowed to warn users that its encrypted service is no longer fully secure.
Which is exactly why I’m making this point. If no government had requested a backdoor, they could’ve simply answered “no”. When you have to weight your words, it means you’re not at liberty to say whatever you want. That is itself a signal, and why warrant canaries are a thing.
https://en.wikipedia.org/wiki/Warrant_canary
Simply answering "no" when that's the truth could be illegal too. The ability to say no creates the ability to say yes as well. If I ask Apple whether they got an order and they say "no", then a year later they say "we cannot confirm nor deny", well then that's a yes.
Kinda depends on judicial interpretations of free speech, but that's how warrant canaries work. Are warrant canaries legal in the UK? They seem to be in the US but idk how well established that is.
That concept has always sounded like tech people trying to hack the law without the proper real-world legal knowledge, IMO.
Bruce Schneier wrote in a blog post that "[p]ersonally, I have never believed [warrant canaries] would work. It relies on the fact that a prohibition against speaking doesn't prevent someone from not speaking. But courts generally aren't impressed by this sort of thing, and I can easily imagine a secret warrant that includes a prohibition against triggering the warrant canary.
Lots of similar discussion on HN already, e.g. in https://news.ycombinator.com/item?id=5871541.
You're right to point out how carefully worded these statements are. But I suspect it's rare for companies of Google's status to not have been asked for a backdoor. It's not really an informative question to ask Google.
Of course they were asked. That doesn’t matter, my point is the author is assuming more from the reply than what was said.
It’s like if you conspired with your brother to steal from the cookie jar. He stole the cookies while you distracted your parents. Later on your mother reports to your father:
> When asked whether they stole from the cookie jar, derbOac did not provide a direct answer but suggested they didn’t didn’t know who did it: "I did not see anyone removing cookies from the jar," they stated.
Your statement is factually correct, but it doesn’t say what your mother concluded.
Can you elaborate on why you say it is not informative?
2 replies →
How does this work wrt false advertising laws? If I relied upon their end to end encryption and it turns out to be false advertising because there's a secret backdoor, who do I sue?
no one, you'll be in secret prison before you somehow gain standing
If the back door was used the a three letter agency sure.
If the backdoor was exploited by a criminal though?
1 reply →
But they can still notify the public, through those canary statements. (I forgot the name commonly used).
For example (a simplistic one), you can have a statement like "we do not have any backdoors in our software" added to your legal documents (TOS, etc). But once a backdoor is added, you are compelled by your lawyers to remove that statement. So you aren't disclosing that you have added a backdoor. You're just updating your legal documents to make accurate claims.
Such actions, even just the act of deleting text, conveys a message you were ordered to not convey and the government is not likely to take too kindly to that.
That is a fraudulent TOS if you're lying to the customer though
1 reply →
> if Apple did cede to the UK’s demands then it apparently would not be allowed to warn users that its encrypted service is no longer fully secure.
One would think this runs afoul of other laws though, truth in advertising and similar.
Its such a legal minefield, and the UKs request borders on violating the sovereignty of other nations I can't see Apple complying, but maybe that's hopium talking.
[dead]