Comment by TechnicalVault
16 days ago
It creates a nasty precedent doesn't it? If Apple can provide the UK government with foreign data, what's to stop Russia or China making them provide data on UK minister's phones, or more likely dissidents in exile? I can't see on what basis the government thinks they're going to get to be exceptional here?
It's also worth noting that one of the ways the five eyes get around domestic spying laws is to spy on each other's citizens. So the CIA spy on British citizens the UK government want to spy on, and GCHQ spy on American citizens the US government want to spy on. So this would indirectly allow the US government to spy on US citizens (even more than it already does, anyway)
Its data laundering
Jurisdiction arbitrage
True. The data taken can end up anywhere, and where it came from is obscured. Too much circumventing of laws or purposefully violating the privacy and human rights of one's own citizens, even for profit.
This is a fun theory that I've heard repeatedly, but with no evidence. Is there any indication that this is actually legal and happening? I have friends who work in the space that tell me that it's neither.
Why do you think 3 letters agencies care about the law? Ever heard of Snowden leaks?
Actually my takeaway from the Snowden leaks was that the government tried really hard to stay within the confines of the law, even if they wildly stretched the legal theory to get there.
https://www.blankenship.io/essays/2020-07-13/
Doesn’t justify what they were doing, or make it legal, but it’s an important distinction when trying to reason about government surveillance programs.
33 replies →
one of the Snowden leaks was exactly about the five eyes countries coordinating in this way to dodge oversight though?
2 replies →
Didn’t these leaks precisely show that the agencies were effectively above the law? I mean, they tried to make it look like they were abiding by the regulations, but effectively tried every work around they could come up with. Including subcontracting domestic spying to foreign intelligence agencies, using the exact mechanism the parent mentioned? It seems you’re contradicting them by making their point.
2 replies →
I think stuff like Parallel Reconstruction show that they do care about the law. They care about working around it.
2 replies →
Correct. The 'law' exists to provide common citizens something to argue on, and a sense of justice, even if not real.
A revolting citizenry can be potentially dangerous than a citizenry that is endlessly bickering amongst each other about the 'law'.
Why are you using Russia and China as examples of the bad guys here. They're not asking for global access to everyones data, the UK is. The UK are the bad guys.
Why did you assume the context was "bad guys?" It's a well-known fact that there's a lot of geopolitical tension between Russia/China and Western Europe. The comment is raising the point that by setting this precedent they are opening the doors for their geopolitical rivals to publicly do the same (we already know it happens through private state-sponsored cyber gangs).
I read it as using Russia and China as the other guys, rather than the bad guys. The idea is to eliminate any pre-existing feelings of trust and illustrate the fact that once your data is held by anyone in the global intelligence community you should think of it as being held by everyone in the global intelligence community.
Whatever you think of their politics, they are authoritarian in structure. There are fewer restrictions on what those governments can do with the information. I’m not saying anyone should trust the UK government here, but it’s easier to see the risks in a country that doesn’t have to be accountable to the people or the legal system.
Because the UK is “on our side”. We’ve always been at war with Eastasia.
I dont think that is actually true in those cases.
Relations with China were pretty cosy till they did a 180 around the second Bush administration and started all that Wolf Warrior diplomacy, 9 dotted line stuff, Hongkong crackdowns.......
Regarding Russia, nobody really cared at all till it was absolutely impossible to ignore. Putin seems to think that he needs the west as an enemy to bolster his standing and power. Just remember after starting the full scale invasion he proudly declared "I hope I will now be heard" or something to that effect. In Russian mass media the imperial project has long been clear and accepted.
32 replies →
Because russia is a bag guy? (Idk about China, but considering they support russia...)
Have you been living under a rock?
I'll be explicit: russia is a terrorist state. Majority of russian population supports the unprovoked genocidal war it currently wages on Ukraine.
40 replies →
He is just trying to show how it would feel if the shoe was on the other foot.
>They're not asking for global access to everyones data, the UK is.
They literally do.
Because they are ruthless crazy murderers? Because they want to turn us into radioactive ash (basically every day on Russian state TV)?
DPRUK
this is at best a disingenuous argument
(russia and china would love to have access to that data. so would a lot of other governments)
[flagged]
The thing is, most people think that governments wants new tools for surveillance. The fact is, they had this power for a very long time (see Crypto A.G. and history of NSA and others), and practical and verifiable E2EE took these capabilities away.
Now they want their toys back. This is why the push is so hard and coming from everywhere at once.
I think this is an extreme take - they only had those mass surveillance tools since the start of the internet, and any other method of communication (phone calls, physical mail) all required warrants individualized to specific people to tap. But somehow the internet is excluded from all those privacy protections, and now that there’s technology available to ratchet us back to where we used to be, law enforcement agencies are throwing a tantrum about not being able to constantly violate our privacy.
In my mind, it’s pretty simple: if you want to surveil someone, get an individualized warrant to access their devices and data. If they refuse or wipe their data, treat it like destroying evidence in a case and throw the book at them. There’s zero excuse for what law enforcement and intelligence agencies have done to our privacy rights since 9/11.
These (mass surveillance) programs go back to 60s, and it was already prevalent before internet was widespread, also internet was also under blanket surveillance way before. Moreover, this is not only limited to internet per se. Phone calls and any form of unencrypted communications are probably actively monitored for signals intelligence. We're not seeing laws related to this, because mechanisms are probably already in place.
So, I'm keeping my stance of "They want their tools back, because they had them before".
1 reply →
How to achive total pervasive surveillance? One step at a time where each step is not quite too much to cause rioting and revolution. Outrage has a very short attention span.
What stops them is one of two things:
Option 1: they operate a separate shard in that country and that shared is only accessible by that country. Companies like Apple, AWS, Cloudflare etc. have been doing it this way in China for a while now. Result: they can spy on the stuff in their country, but the only stuff in their country is their own stuff.
Option 2: no longer operate in an official capacity in that country. Have no people and no assets. Mostly works when the country is not a significant market. This usually means some things are only available grey market, black market or not at all. This is why certain products have lists of "supported countries" - it's not just ITAR stuff but also "we don't want to deal with their regime" stuff. Result: country gets nothing, no matter how loud they ask. Side-effect: you can't really risk your employees visiting such a country as they will be "leveraged".
Option 3: Cook talks to Trump and asks for tariffs in the UK until this demand is rescinded.
> If Apple can provide the UK government with foreign data, what's to stop Russia or China making them provide data on UK minister's phones, or more likely dissidents in exile?
nothing
the first precedence of not-draft law here was Cloud Act I think
through I would be surprised if China doesn't "de-facto" requires Chineese companies operating outside of China (including Subsidiaries) to cooperate with their secret service in whatever way they want
and if we go back to the "crypto wars" of the ~2000th then there is a lot of precedence of similar law _ideas_ by the US which where turned down
similar we can't say for sure that there aren't secret US court orders which already did force apple to do "something like that" for the FBI or similar, SURE there is a lot of precedence of Apple pushing back against backdoor when it comes to police and offline device encryption, but one thing is in the public and the other fully in secret with gag orders and meant for usage in secret never seeing the light of courts so while it's somewhat unlikely it would be foolish to just assume it isn't the case, especially if we go forward one or two years with the current government...
Anyway UK might realize that now they have left the US they have very little power to force US tech giants to do anything _in the UK_ not even speaking about regulation which is a direct attack on the sovereignty of other states to own/control/decide about their population(s data).
IMHO ignoring the US for a moment because they are in chaos the EU, or at least some key EU states should make a statement that a UK backdoor allowing UK to access EU citizen data would be classified as espionage and isn't permittable if Apple wants to operate in the EU (but formulated to make it clear it's not to put pressure on Apple but on the UK). Sadly I don't see this happening as there are two many politcans which want laws like that, too. Often due to not understanding the implications undermining encryption has on national security, industry espionage and even protection of democracy as a whole... Sometimes also because they are greedy corrupt lobbyist from the industry which produces mass surveillance tools.
There are tangentially similar precedents already, such as the American FACTA law. It is obviously a quite different context, as it just relates to financial information, not all information - but it's a law from the US government, that demands foreign companies send information back to the US.
The wild thing is that foreign companies actually do it. To avoid annoying the US, a lot of other governments ensure that the data is reported.
https://en.wikipedia.org/wiki/Foreign_Account_Tax_Compliance...
The US can get away with this through its immense power and economic influence (for the moment, at least). The UK is a small market of middling relevance, and their government's belief that they're a global power is an anachronism. I hope these decisions cause enough companies to break ties that they're forced to realize their position.
Yeah totally, it only works due to their influence. The uk has nothing to backup these demands.
The key difference being that it is perfectly legal for the US to request data on income and gains received by US taxpayers while it is illegal for the US to spy (in certain ways) on US residents.
It is completely routine for countries to exchange data on financial accounts [1]. The only aspect that makes FATCA somewhat unusual is that the US taxes US persons even when they are residents of other countries.
[1] https://www.gov.uk/hmrc-internal-manuals/international-excha...
Oh 100%, the content (and context) is completely different. The similarity I mean is a government passing a law that asks a foreign company to hand data over to them.
It's legal in the same way this UK thing is legal - because there's a law justifying it. It may make more moral sense, depending on your political persuasion.
Actually the foreign banks have to do this, and if they don't and get caught, they will be barred from accessing the US financial market.
That is why, as a side effect, some refuse service to US citizens.
> what's to stop Russia or China making them provide data on UK minister's phones, or more likely dissidents in exile?
Realistically: Apple is a US company (with lots of foreign entanglements) with US leaders, and the US and UK are close allies with extradition treaties and the like. I'd expect the US government to put lots of pressure on Apple to prevent it from acting on such requests from Russia or China, and I wouldn't be surprised if Apple execs would get slapped with espionage charges if they didn't head the warnings (especially if they "provide data on UK minister's phones").
We are watching the redefinition of the idea of territorial sovereignty that emerged from the Peace of Westphalia in 1648. We in the US see our expectations of privacy shaped in the UK, and the reverse.
Imagine Kim Jong-un goes to a few police stations in North Korea. It might not work on the first try, but eventually, he manages to trick one officer into believing that Trump threatened him on Facebook. Now, the police of a given country can legally request Apple to provide all information from Trump’s iCloud for an "investigation" into threats of violence— even if they are completely fabricated.
Or what's keeping the US from asking for Data, too.
What if Apple just stops operating in the UK? They could start selling "English language" iPhones in France, let people go on a day trip if they wanted to buy them. There are ways of sidestepping this bullshit if you're an international company. Supposing they have any integrity, I mean. How far will the UK double down?
I still don’t think the UK is a big enough market for Apple to be that worried about the following, but if the government and Apple escalate to the point of Apple pulling out of the UK, it would be pretty easy for the government to force all of its telecoms to ban any new iPhones from their mobile networks. So the citizens will probably not get to simply walk right around the restrictions that way, assuming the government is serious about this.
So, any visiting American businessmen with iPhones are inconvenienced? What happens when that curtails investment?
I think Apple might just have some leverage here, if they choose to exert it. Starmer's government would, at minimum become a laughingstock.
Hell, do we know whether Chucky Three uses an Android? Or would the royals get a secret exemption?
Given the desperation for economic growth in the UK, the idea that they would inflict such a massive bit of self harm on themselves over increased spying options is frankly ludicrous.
1 reply →
You lost me at "government thinks". ;-)
At what point is this just extortionary cash grab from U.S. tech companies?
Want to fund some expensive grand program? Find a reason to fine U.S. companies.
Why not. Their hegemony is used as a weapon of war, since 1998 when Microsoft was condemned-but-not-penalized for its monopoly. Make it costly for USA to spy & conquer.
Let us see how that works out for you