Comment by Lio
15 days ago
I don't think the UK government would try to put Apple out of business if they don't comply it's more likely that they would just get heavily fined until they do so.
The most likely outcome, I would guess, is that Apple just stop offering Advanced Data Protection as a service in the UK rather than create some kind of backdoor.
It's a weak proposition from the government because anyone with something to hide will just move it somewhere else with encryption. Honest UK consumers are the one's getting the shitty end of the stick because we're about to loose protection from criminals.
Daft waste of time.
You're assuming that turning off ADP in the U.K. is sufficient to appease the British Government. The Investigatory Powers Act can also be interpreted to give the U.K. the right to ask for encrypted data from users outside of the U.K. (see Apple making this exact point in a filing here [1].) Turning off ADP in the U.K. doesn't end the controversy if that's what's at stake.
[1] https://bsky.app/profile/matthewdgreen.bsky.social/post/3lhl...
It creates a nasty precedent doesn't it? If Apple can provide the UK government with foreign data, what's to stop Russia or China making them provide data on UK minister's phones, or more likely dissidents in exile? I can't see on what basis the government thinks they're going to get to be exceptional here?
It's also worth noting that one of the ways the five eyes get around domestic spying laws is to spy on each other's citizens. So the CIA spy on British citizens the UK government want to spy on, and GCHQ spy on American citizens the US government want to spy on. So this would indirectly allow the US government to spy on US citizens (even more than it already does, anyway)
49 replies →
Why are you using Russia and China as examples of the bad guys here. They're not asking for global access to everyones data, the UK is. The UK are the bad guys.
86 replies →
The thing is, most people think that governments wants new tools for surveillance. The fact is, they had this power for a very long time (see Crypto A.G. and history of NSA and others), and practical and verifiable E2EE took these capabilities away.
Now they want their toys back. This is why the push is so hard and coming from everywhere at once.
4 replies →
What stops them is one of two things:
Option 1: they operate a separate shard in that country and that shared is only accessible by that country. Companies like Apple, AWS, Cloudflare etc. have been doing it this way in China for a while now. Result: they can spy on the stuff in their country, but the only stuff in their country is their own stuff.
Option 2: no longer operate in an official capacity in that country. Have no people and no assets. Mostly works when the country is not a significant market. This usually means some things are only available grey market, black market or not at all. This is why certain products have lists of "supported countries" - it's not just ITAR stuff but also "we don't want to deal with their regime" stuff. Result: country gets nothing, no matter how loud they ask. Side-effect: you can't really risk your employees visiting such a country as they will be "leveraged".
1 reply →
> If Apple can provide the UK government with foreign data, what's to stop Russia or China making them provide data on UK minister's phones, or more likely dissidents in exile?
nothing
the first precedence of not-draft law here was Cloud Act I think
through I would be surprised if China doesn't "de-facto" requires Chineese companies operating outside of China (including Subsidiaries) to cooperate with their secret service in whatever way they want
and if we go back to the "crypto wars" of the ~2000th then there is a lot of precedence of similar law _ideas_ by the US which where turned down
similar we can't say for sure that there aren't secret US court orders which already did force apple to do "something like that" for the FBI or similar, SURE there is a lot of precedence of Apple pushing back against backdoor when it comes to police and offline device encryption, but one thing is in the public and the other fully in secret with gag orders and meant for usage in secret never seeing the light of courts so while it's somewhat unlikely it would be foolish to just assume it isn't the case, especially if we go forward one or two years with the current government...
Anyway UK might realize that now they have left the US they have very little power to force US tech giants to do anything _in the UK_ not even speaking about regulation which is a direct attack on the sovereignty of other states to own/control/decide about their population(s data).
IMHO ignoring the US for a moment because they are in chaos the EU, or at least some key EU states should make a statement that a UK backdoor allowing UK to access EU citizen data would be classified as espionage and isn't permittable if Apple wants to operate in the EU (but formulated to make it clear it's not to put pressure on Apple but on the UK). Sadly I don't see this happening as there are two many politcans which want laws like that, too. Often due to not understanding the implications undermining encryption has on national security, industry espionage and even protection of democracy as a whole... Sometimes also because they are greedy corrupt lobbyist from the industry which produces mass surveillance tools.
There are tangentially similar precedents already, such as the American FACTA law. It is obviously a quite different context, as it just relates to financial information, not all information - but it's a law from the US government, that demands foreign companies send information back to the US.
The wild thing is that foreign companies actually do it. To avoid annoying the US, a lot of other governments ensure that the data is reported.
https://en.wikipedia.org/wiki/Foreign_Account_Tax_Compliance...
6 replies →
> what's to stop Russia or China making them provide data on UK minister's phones, or more likely dissidents in exile?
Realistically: Apple is a US company (with lots of foreign entanglements) with US leaders, and the US and UK are close allies with extradition treaties and the like. I'd expect the US government to put lots of pressure on Apple to prevent it from acting on such requests from Russia or China, and I wouldn't be surprised if Apple execs would get slapped with espionage charges if they didn't head the warnings (especially if they "provide data on UK minister's phones").
We are watching the redefinition of the idea of territorial sovereignty that emerged from the Peace of Westphalia in 1648. We in the US see our expectations of privacy shaped in the UK, and the reverse.
Imagine Kim Jong-un goes to a few police stations in North Korea. It might not work on the first try, but eventually, he manages to trick one officer into believing that Trump threatened him on Facebook. Now, the police of a given country can legally request Apple to provide all information from Trump’s iCloud for an "investigation" into threats of violence— even if they are completely fabricated.
Or what's keeping the US from asking for Data, too.
What if Apple just stops operating in the UK? They could start selling "English language" iPhones in France, let people go on a day trip if they wanted to buy them. There are ways of sidestepping this bullshit if you're an international company. Supposing they have any integrity, I mean. How far will the UK double down?
4 replies →
You lost me at "government thinks". ;-)
At what point is this just extortionary cash grab from U.S. tech companies?
Want to fund some expensive grand program? Find a reason to fine U.S. companies.
2 replies →
They might have to settle for it. The power of a government is not equal to what legislation they pass - they are heavily limited by the economic and publicity consequences of decisions.
As such, any outcome where this is enforced will be a compromise.
That’s probably the reason apple is resisting. They are currently certified as moderately trust worthy for government operations in Germany. Giving in would invalidate that.
https://support.apple.com/en-bh/guide/certifications/apc37da...
I mean, "Apple refuses to hand over private data to government at cost of UK business" is a pretty good headline.
Give me that sort of commitment to privacy and translucent colorful cases for future Macs and Tim Apple's got my money for the next five years at least.
Give Apple a big enough incentive to negotiate with and they may very well cave. If I've learned anything about corporations, it's that money and incentives always speak louder than their purported values.
6 replies →
Yes, this would be something i would love to read
If Apple sticks to their guns, they can just stop doing business in the UK. And the UK government will have zero rights to demand anything from Apple.
In China, Apple limits end to end encryption and stores user data on state-owned servers. The Chinese app stores censors apps like the New York Times and Washington Post, disallows privacy apps like Signal, or any VPN that might bypass the great firewall.
I think the odds that they quit trying to earn the ~$100B annual revenues they get from the UK over this is closer to zero than 1
They obviously don't care about privacy enough to fully withdraw from the UK! That would be insane.
Guess what? Trump will (hopefully) come to the rescue here. Don't laugh at that. I'd imagine he will be helpful possibly even with some of the EU rules such as in particular the one which makes even small US companies liable (as I recal) for notifying users of cookies on a website.
Tim Apple has been on inauguration, so very possible.
5 replies →
It’s odd, I wonder how that will interact with apple’s existing FIPS 140-2/3 certifications.
I will stop using a service or hardware that could grant peaking rights into my folders to a possible administration like the one currently in the US. On day 1, zero hesitation
I have bad news for you...
What is up with the UK? I have always loved my British friends and appreciated England’s history (setting aside their brutality during the British Empire). I just don’t understand where they went wrong on curtailing free speech rights of their citizens, privacy rights, etc. I just hope we in the USA don’t follow their lead.
Democracies without free speech and privacy are not really democracies.
We're governed by the most technically inept people possible.
The Peter Principle writ large.
I'm pretty sure there was a story on here recently when UKGOV / GCHQ were recruiting for a 'senior something something tech/developer/code breaker', offering about the same as a typical entry-level graduate job.
Sell off ARM to foreign interests? Check.
Tell AI data centres where they must be built? Check.
Various inept age checking and backdoor access plans? Check.
That's where the UK is.
So at least we don't have to worry about anything. Apple can give them access to LLM generated SQLite rows and call it a day. Nobody would notice.
The USA strongarming us after 9/11 didn't help. You don't have to look beyond the borders of the US to answer "what's up with the UK" when it comes to eg terrorism legislation
But yes historically we have been pretty brutal. Look up history the past 600 years. We didn't get a huge empire by asking nicely for their land and resources
> I just don’t understand where they went wrong on curtailing free speech rights of their citizens, privacy rights, etc.
Isn’t this precisely the set of causes that precipitated The Declaration of Independence?
Yes but no, post WW2 the UK was one of the most liberal places in the world. Somehow things took a turn in the past two decades or so. And then around the 2020s the decline started to rapidly accelerate. The stories that have come out lately are really insane.
14 replies →
They wanted to execute Thomas Paine so I'd say about then
all started after our guns were taken
Perhaps. Another possibility is that the same societal shift that drove the UK to give up the right to be armed also pushed them in the direction of giving up other rights.
They broke Enigma code, and since then their spy agencies have overweight influence?
Poland broke the Enigma code .. and built the first Bombes.
Maybe you're thinking of William Thomas Tutte breaking the Tunny (sawfish) code?
4 replies →
> I just don’t understand where they went wrong on curtailing free speech rights of their citizens, privacy rights, etc.
Security establishment's innate desire to read and listen to absolutely everything. Blair/Bush's war on terror. Id card proposals. Smart phone use sky rockets. Supposed E2E comms. Hate speech. Something must be done! Right wing policies on pretty much everything cause more protest. Tories criminalise (*some types of) protest. Labour government raises TCN to Apple.
The war on terror was a big thing in the UK long before 2001—largely because there was in fact quite a lot of terrorism going on there, to be clear.
1 reply →
[dead]
UK probably went wrong when they left the EU, which since then has done some work on data protection laws. Leaving the EU will probably turn out a mistake, but they could have, in some areas made it a positive thing. They could have made even stronger data protection and privacy laws for their citizen. They could have enforced them more than the EU enforces GDPR. These things do not happen because of uninformed and corrupt politicians. Trade is of course another area, where they could have tried to ensure, that they stick to EU quality and safety controls, to avoid lots of drama and headache. But it was difficult anyway, because if you stick to all things EU, then why leave in the first place? They would have to uphold standards and improve upon them, while being in a weaker position to negotiate with outside of EU partners.
> The most likely outcome, I would guess, is that Apple just stop offering Advanced Data Protection as a service in the UK
Agreed.
> Apple previously made its stance public when it formally opposed the UK government's power to issue Technical Capability Notices in testimony submitted in March 2024 and warned that it would withdraw security features from the UK market if forced to comply.
https://arstechnica.com/tech-policy/2025/02/uk-demands-apple...
I feel like the UK always tries to do this w/ encryption. I don't know if it's a cultural sway GCHQ has on legislators and such but it happens w/ every generation of cryptography. Weren't they the one that neutered GSM encryption such that it was essentially ineffective from the get go?
> Weren't they the one that neutered GSM encryption such that it was essentially ineffective from the get go?
The A5 cipher used in GSM came from France, but supposedly the Brits were also happy to have it be weak.
You're assuming people's actual motivations match up with their stated motivations. If your motivation is to be re-elected to a government post by appearing to be tough on terrorism and drugs, every possible outcome of this course of action benefits you. Apple leaves? They were terrorist enablers and you're better off without them. Apple acquiesces? You're the David who took on Apple's goliath and won safety for everyone (again, regardless of whether this actually improves safety for anyone). Apple ignores you? You have an ongoing feud with Dangerous Big Tech that you can campaign and fundraise on for as long as it lasts.
The UK government can’t put Apple out of business; Apple can easily afford to simply exit all business in the UK. The UK is betting that Apple’s greed outweighs their principles. Long odds.
It's betting that the size of Apple's UK market is larger than the impact Apple's privacy marketing has on its worldwide market. Those odds aren't obvious to me
Curious about what would happen if Apple withdrew from the UK and locked all devices with a message saying 'Your device has been disabled following the decision of the UK government to introduce new laws which mean service can no longer be offered in the UK', or something similar. They could base it on GPS or detected MCC codes.
I wonder if you would get anarchist riots until the law was removed. Many of the young with an expensive bricked iPhone (or parents whose kid's iPad was disabled) would probably side with Apple over already unpopular politicians...
The UK is betting that Apple’s greed outweighs their principles. Long odds.
Three weeks ago, I would have agreed with you.
Then Tim Cook wrote a check for $1,000,000.00 to help pay for Donald Trump's inauguration party.†
In spite of what they led us to believe over the last couple of decades, Tim Cook and Apple are no different than any of the other tech companies genuflecting before the new emperor, whose stated goals are the opposite of the "mission, vision and values" lies we were fed by the tech industry.
† In case you (or anyone else) missed it: https://variety.com/2025/biz/news/apple-ceo-tim-cook-donates...
As Apple isn’t based in the UK and owes no fealty to their government. I don’t agree that your citation is relevant here. Apple is a US company. Bribing local officials to overlook the gay founder is sensible corporate practices, however uncomfortable that is to consider. Revoking privacy guarantees globally, reversing years of public opinion gains overnight, is not. The UK cannot do anything to materially harm Apple in any way that Apple can’t afford short of sending a double-oh to Cupertino.
14 replies →
Of course Apple doesn't have principles, they're a for-profit company. What's in question here is whether they believe the UK is financially worth opening this can of worms. Following US government whims is good business for them in almost all cases, but that math isn't the same for the UK.
For $1 million, you’re promised intimate access to Trump and his inner circle. This isn’t just about tradition or unity-it’s about buying influence and maintaining power. In a world where we’re supposedly pushing for fairness, equality, and transparency, this feels incredibly hypocritical. It’s as if we’re endorsing a system where money talks louder than public interest or ethical considerations. It makes you wonder where the line is between modern capitalism and a system that operates more like an oligarchy.
1 reply →
> Apple can easily afford to simply exit all business in the UK.
Apple has shareholders, so no it can't (or more precisely, Tim Cook can't).
Google had shareholders in 2005 too or thereabouts when they publicly decided to abandon the Chinese search market for soft, fuzzy reasons (i.e., not because they were losing money on Chinese operations).
And as far as I know, they're still absent from the Chinese search market.
Sounds like you're assuming that UK's goal is to stop criminals. I don't think that's their goal. I think that's their cover story.
As for Apple, their daily/hourly/whatever fines might be less than cost of a major ad campaign if they were to buy that publicity directly. Sounds like a good deal for them to refuse to honor the request.
So what is the goal?
A backdoor for one is an opportunity for many. Given the UK is completely incapable of outspending most of the world on compute, this effectively hands their enemies that data they’re looking for.
Yep. It's the creation of an artificial Hobson's choice: "do this, or I'm breaking up with you."
Yes, encryption is one of the most “cat’s out of the bag” situations - even assuming every company worldwide is cowed into submission by governments to add back doors, all they’re going to be catching is the dumb and unsophisticated criminals and even that will diminish as even the dummies realize every text and call is wiretapped once people start seeing their private communiques come out in court.
I suppose there are people in the camp advocating for back doors who still think it’s worth the tremendous downsides to be able to catch that group of criminals (there are certainly plenty of idiot criminals), but anybody can just use plain GPG emails for free, or deploy some open source encrypted chat server on a $20 a month cloud instance… and I assume operators in places like Russia or China won’t mind hosting easy services for less nerdy criminals willing to pay in crypto.
> the dumb and unsophisticated criminals
This appears to be majority of them if Brian Krebs is to be trusted. Very few have proper OPSEC, fewer still are disciplined enough to prevent cross contaminating their virtual identities.
Even if you keep your communications airtight, boneheaded decisions when they move the money from cyberspace into meatspace are quite common: people living way beyond their means, 22 y/o's buying $200K+ cars without proper income records get caught quickly once people start looking.
> The most likely outcome, I would guess, is that Apple just stop offering Advanced Data Protection as a service in the UK rather than create some kind of backdoor.
First, these are the same thing.
Second, ADP is already off by default so approximately nobody uses it. It is irrelevant from a privacy standpoint whether or not they offer it.
ADP is a relatively new thing. it makes sense to roll it out gradually both from engineering POV as well as marketing.
Further, as all other forms of e2ee, it makes you responsible for the encryption keys.
As a user on the platform I am quite happy it is offered. Considering that these days it is quite difficult not to have a mobile device associated with “you” (you open links sent to “you” on your mobile device? consider that device compromised from privacy perspective), id rather it be on the platform with stronger protections.
UK government wants a backdoor access to all users, worldwide, irrespective of their nationality.
The UK needs to be reminded of 1776 before they reprise what gave rise to the 4th ammendment.
Apple should and can just sever its relationship with the British public and let them reap the consequences of submitting to their nanny state.
Although it's worth wondering why anyone would use any type of corporate cloud backup, anyway. Certainly if you had anything worth hiding, you would disable that first. That just makes this whole endeavor that much more dubious.
If just turning off ADP placates the UK, it implies that the UK already has a backdoor to unencrypted data.
"It's a weak proposition from the government because anyone with something to hide will just move it somewhere else with encryption."
This. Whether it is an app to install on your phone or desktop or simply a website to use. People who need encryption to make sure their communication is private will _easily_ find ways around any kind of government snooping.
Governments have much more power than global companies, even though it seems that they are untouchable from the outside.
Anyone with serious intent to hide something will just use another encrypted service or self-host their data...
>I don't think the UK government would try to put Apple out of business if they don't comply it's more likely that they would just get heavily fined until they do so.
Sufficiently advanced "escalating fines until they comply" is indistinguishable from "putting them out of business".
The government would soon cave if Apple started disinvesting in the UK. The current government are desperate for growth.
I honestly don't even think we'd fine them real money, it would be too unfriendly to business. So what's this? I think political posturing or at worst the worlds weakest bargaining chip.
Maybe USG will now stand behind American companies and push back on this sort of thing? Enough of the EU or UK fining US companies over bullshit. In this case it's also better for the UK consumers too.
(lose*)
[flagged]
[flagged]
They should work at an Apple store then: https://www.theverge.com/2021/6/7/22522560/apple-repair-mult...
[flagged]