Comment by layer8
16 days ago
It would be enforced by fining the UK legal entities (or worse, like charging their legal representatives) if they don't comply. If the UK is serious about this, the only alternative for Apple would eventually be to completely cease operations in the UK.
By the way, this is similar to why for true GDPR compliance, data centers should be operated by EU companies that aren't subsidiaries of US companies, because even if the latter operate data centers located in the EU, they would still be bound to secret orders by the US government.
The most horrible part of the discussion we're making is that we're arguing that UK intelligence should be able to access only UK related data, and not that UK intelligence should not undermine privacy of people
The Overton Window has shifted.
Has it? UK has a long-standing reputation as one of the most persistent surveillance nanny states in the West.
The Clipper Chip died a quick death back when the Clinton administration wanted it, as the push back against it was pretty strong. Now? Seems like a matter of time before every form of electronic communication has a dozen different back, side, and front doors into it.
1 reply →
PSA:
* https://en.wikipedia.org/wiki/Overton_window
What we're discussing here is whether a private company should obey laws of the country they operate in or not.
The moral thing to do would be to resist obeying such laws as much as is feasible. If that fails close all your legal entities and continue offering services to the citizens of that country to the extent that is feasible.
Of course it wouldn’t be very profitable. So unfortunately you really can’t expect a major public company to take a stand like in a case like this.
Fully agree. Imagine giving your data to company XYZ which promises you full encryption privacy. The company XYZ opens a subdivision in country CBA and all's okay unless CBA's law is changed to mandate all companies to give all their data. Now your data is lost to CBA's agents.
Surely if the current government were dumb enough to try and ban Apple from the UK over something like this it would it would make even Truss look competent in comparison.
Not so much because British people love their iPhones to such a extreme degree but because they willing to waste money and resources over something this stupid.
IMHO Apple could bring down the government that tried this if they really wanted to.
That's actually the only thing that would keep Apple services usable to everyone else around the world.
> By the way, this is similar to why for true GDPR compliance, data centers should be operated by EU companies that aren't subsidiaries of US companies, because even if the latter operate data centers located in the EU, they would still be bound to secret orders by the US government.
This is interesting, I know GDPR does not mandate data localization but I was under the impression that the requirements are a bit more difficult/stringent for transferring data out of the EU region ? While not perfect, it's a bit less 'open door' than it would be if it was hosted in the US.
The EU has a law saying "don't transfer data out of the EU without the right paperwork, but of course if your American sysadmins have SSH access to servers in the EU to do maintenance that's no problem, just tell them not to copy the data off it"
The US has a law saying "If our spies tell American sysadmins to SSH into a server in the EU and copy data off it, they must do it and they must keep it secret"
I’ve never worked in a company with data the gov’t cared about that wouldn’t have sirens going off. Why is Joe SSHing into the EU data center? And now why’s he trying to turn off the GuardDuty rule that caught him? And why is he trying to delete that from CloudTrail? And why is the SOC 2 auditor asking why he has access to delete things from CloudTrail in the first place?”
You’d have to get a surprising number of people to go along with it.
3 replies →