Comment by matthewdgreen
15 days ago
You're assuming that turning off ADP in the U.K. is sufficient to appease the British Government. The Investigatory Powers Act can also be interpreted to give the U.K. the right to ask for encrypted data from users outside of the U.K. (see Apple making this exact point in a filing here [1].) Turning off ADP in the U.K. doesn't end the controversy if that's what's at stake.
[1] https://bsky.app/profile/matthewdgreen.bsky.social/post/3lhl...
It creates a nasty precedent doesn't it? If Apple can provide the UK government with foreign data, what's to stop Russia or China making them provide data on UK minister's phones, or more likely dissidents in exile? I can't see on what basis the government thinks they're going to get to be exceptional here?
It's also worth noting that one of the ways the five eyes get around domestic spying laws is to spy on each other's citizens. So the CIA spy on British citizens the UK government want to spy on, and GCHQ spy on American citizens the US government want to spy on. So this would indirectly allow the US government to spy on US citizens (even more than it already does, anyway)
Its data laundering
2 replies →
This is a fun theory that I've heard repeatedly, but with no evidence. Is there any indication that this is actually legal and happening? I have friends who work in the space that tell me that it's neither.
Why do you think 3 letters agencies care about the law? Ever heard of Snowden leaks?
44 replies →
Why are you using Russia and China as examples of the bad guys here. They're not asking for global access to everyones data, the UK is. The UK are the bad guys.
Why did you assume the context was "bad guys?" It's a well-known fact that there's a lot of geopolitical tension between Russia/China and Western Europe. The comment is raising the point that by setting this precedent they are opening the doors for their geopolitical rivals to publicly do the same (we already know it happens through private state-sponsored cyber gangs).
I read it as using Russia and China as the other guys, rather than the bad guys. The idea is to eliminate any pre-existing feelings of trust and illustrate the fact that once your data is held by anyone in the global intelligence community you should think of it as being held by everyone in the global intelligence community.
1 reply →
Because the UK is “on our side”. We’ve always been at war with Eastasia.
33 replies →
Because russia is a bag guy? (Idk about China, but considering they support russia...)
Have you been living under a rock?
41 replies →
He is just trying to show how it would feel if the shoe was on the other foot.
>They're not asking for global access to everyones data, the UK is.
They literally do.
Because they are ruthless crazy murderers? Because they want to turn us into radioactive ash (basically every day on Russian state TV)?
DPRUK
this is at best a disingenuous argument
(russia and china would love to have access to that data. so would a lot of other governments)
[flagged]
The thing is, most people think that governments wants new tools for surveillance. The fact is, they had this power for a very long time (see Crypto A.G. and history of NSA and others), and practical and verifiable E2EE took these capabilities away.
Now they want their toys back. This is why the push is so hard and coming from everywhere at once.
I think this is an extreme take - they only had those mass surveillance tools since the start of the internet, and any other method of communication (phone calls, physical mail) all required warrants individualized to specific people to tap. But somehow the internet is excluded from all those privacy protections, and now that there’s technology available to ratchet us back to where we used to be, law enforcement agencies are throwing a tantrum about not being able to constantly violate our privacy.
In my mind, it’s pretty simple: if you want to surveil someone, get an individualized warrant to access their devices and data. If they refuse or wipe their data, treat it like destroying evidence in a case and throw the book at them. There’s zero excuse for what law enforcement and intelligence agencies have done to our privacy rights since 9/11.
3 replies →
What stops them is one of two things:
Option 1: they operate a separate shard in that country and that shared is only accessible by that country. Companies like Apple, AWS, Cloudflare etc. have been doing it this way in China for a while now. Result: they can spy on the stuff in their country, but the only stuff in their country is their own stuff.
Option 2: no longer operate in an official capacity in that country. Have no people and no assets. Mostly works when the country is not a significant market. This usually means some things are only available grey market, black market or not at all. This is why certain products have lists of "supported countries" - it's not just ITAR stuff but also "we don't want to deal with their regime" stuff. Result: country gets nothing, no matter how loud they ask. Side-effect: you can't really risk your employees visiting such a country as they will be "leveraged".
Option 3: Cook talks to Trump and asks for tariffs in the UK until this demand is rescinded.
> If Apple can provide the UK government with foreign data, what's to stop Russia or China making them provide data on UK minister's phones, or more likely dissidents in exile?
nothing
the first precedence of not-draft law here was Cloud Act I think
through I would be surprised if China doesn't "de-facto" requires Chineese companies operating outside of China (including Subsidiaries) to cooperate with their secret service in whatever way they want
and if we go back to the "crypto wars" of the ~2000th then there is a lot of precedence of similar law _ideas_ by the US which where turned down
similar we can't say for sure that there aren't secret US court orders which already did force apple to do "something like that" for the FBI or similar, SURE there is a lot of precedence of Apple pushing back against backdoor when it comes to police and offline device encryption, but one thing is in the public and the other fully in secret with gag orders and meant for usage in secret never seeing the light of courts so while it's somewhat unlikely it would be foolish to just assume it isn't the case, especially if we go forward one or two years with the current government...
Anyway UK might realize that now they have left the US they have very little power to force US tech giants to do anything _in the UK_ not even speaking about regulation which is a direct attack on the sovereignty of other states to own/control/decide about their population(s data).
IMHO ignoring the US for a moment because they are in chaos the EU, or at least some key EU states should make a statement that a UK backdoor allowing UK to access EU citizen data would be classified as espionage and isn't permittable if Apple wants to operate in the EU (but formulated to make it clear it's not to put pressure on Apple but on the UK). Sadly I don't see this happening as there are two many politcans which want laws like that, too. Often due to not understanding the implications undermining encryption has on national security, industry espionage and even protection of democracy as a whole... Sometimes also because they are greedy corrupt lobbyist from the industry which produces mass surveillance tools.
There are tangentially similar precedents already, such as the American FACTA law. It is obviously a quite different context, as it just relates to financial information, not all information - but it's a law from the US government, that demands foreign companies send information back to the US.
The wild thing is that foreign companies actually do it. To avoid annoying the US, a lot of other governments ensure that the data is reported.
https://en.wikipedia.org/wiki/Foreign_Account_Tax_Compliance...
The US can get away with this through its immense power and economic influence (for the moment, at least). The UK is a small market of middling relevance, and their government's belief that they're a global power is an anachronism. I hope these decisions cause enough companies to break ties that they're forced to realize their position.
1 reply →
The key difference being that it is perfectly legal for the US to request data on income and gains received by US taxpayers while it is illegal for the US to spy (in certain ways) on US residents.
It is completely routine for countries to exchange data on financial accounts [1]. The only aspect that makes FATCA somewhat unusual is that the US taxes US persons even when they are residents of other countries.
[1] https://www.gov.uk/hmrc-internal-manuals/international-excha...
2 replies →
Actually the foreign banks have to do this, and if they don't and get caught, they will be barred from accessing the US financial market.
That is why, as a side effect, some refuse service to US citizens.
> what's to stop Russia or China making them provide data on UK minister's phones, or more likely dissidents in exile?
Realistically: Apple is a US company (with lots of foreign entanglements) with US leaders, and the US and UK are close allies with extradition treaties and the like. I'd expect the US government to put lots of pressure on Apple to prevent it from acting on such requests from Russia or China, and I wouldn't be surprised if Apple execs would get slapped with espionage charges if they didn't head the warnings (especially if they "provide data on UK minister's phones").
We are watching the redefinition of the idea of territorial sovereignty that emerged from the Peace of Westphalia in 1648. We in the US see our expectations of privacy shaped in the UK, and the reverse.
Imagine Kim Jong-un goes to a few police stations in North Korea. It might not work on the first try, but eventually, he manages to trick one officer into believing that Trump threatened him on Facebook. Now, the police of a given country can legally request Apple to provide all information from Trump’s iCloud for an "investigation" into threats of violence— even if they are completely fabricated.
Or what's keeping the US from asking for Data, too.
What if Apple just stops operating in the UK? They could start selling "English language" iPhones in France, let people go on a day trip if they wanted to buy them. There are ways of sidestepping this bullshit if you're an international company. Supposing they have any integrity, I mean. How far will the UK double down?
I still don’t think the UK is a big enough market for Apple to be that worried about the following, but if the government and Apple escalate to the point of Apple pulling out of the UK, it would be pretty easy for the government to force all of its telecoms to ban any new iPhones from their mobile networks. So the citizens will probably not get to simply walk right around the restrictions that way, assuming the government is serious about this.
3 replies →
You lost me at "government thinks". ;-)
At what point is this just extortionary cash grab from U.S. tech companies?
Want to fund some expensive grand program? Find a reason to fine U.S. companies.
Why not. Their hegemony is used as a weapon of war, since 1998 when Microsoft was condemned-but-not-penalized for its monopoly. Make it costly for USA to spy & conquer.
1 reply →
They might have to settle for it. The power of a government is not equal to what legislation they pass - they are heavily limited by the economic and publicity consequences of decisions.
As such, any outcome where this is enforced will be a compromise.
That’s probably the reason apple is resisting. They are currently certified as moderately trust worthy for government operations in Germany. Giving in would invalidate that.
https://support.apple.com/en-bh/guide/certifications/apc37da...
I mean, "Apple refuses to hand over private data to government at cost of UK business" is a pretty good headline.
Give me that sort of commitment to privacy and translucent colorful cases for future Macs and Tim Apple's got my money for the next five years at least.
Give Apple a big enough incentive to negotiate with and they may very well cave. If I've learned anything about corporations, it's that money and incentives always speak louder than their purported values.
this isn't apple weighing ethics against revenue. this is apple being forced to decide how much their pro-privacy marketing is really getting them in the market.
5 replies →
Yes, this would be something i would love to read
If Apple sticks to their guns, they can just stop doing business in the UK. And the UK government will have zero rights to demand anything from Apple.
In China, Apple limits end to end encryption and stores user data on state-owned servers. The Chinese app stores censors apps like the New York Times and Washington Post, disallows privacy apps like Signal, or any VPN that might bypass the great firewall.
I think the odds that they quit trying to earn the ~$100B annual revenues they get from the UK over this is closer to zero than 1
They obviously don't care about privacy enough to fully withdraw from the UK! That would be insane.
Guess what? Trump will (hopefully) come to the rescue here. Don't laugh at that. I'd imagine he will be helpful possibly even with some of the EU rules such as in particular the one which makes even small US companies liable (as I recal) for notifying users of cookies on a website.
Tim Apple has been on inauguration, so very possible.
Is calling him Tim Apple some sort of inside joke I'm out of the loop on? We don't call Elon "Elon Tesla" or Satya "Satya Microsoft".
4 replies →
It’s odd, I wonder how that will interact with apple’s existing FIPS 140-2/3 certifications.
I will stop using a service or hardware that could grant peaking rights into my folders to a possible administration like the one currently in the US. On day 1, zero hesitation
I have bad news for you...