Comment by nottorp
2 days ago
> have an Android device beside me that regularly asks me to back my device up to the cloud
But is that backup encrypted? If it's not, all they need is <whatever piece of paper a british security official needs, if any> to access your data.
This is about having access to backups that are theoretically encrypted with a key Apple doesn't have?
> We're talking about the largest back door I've ever heard of.
Doesn't the US have access to all the data of non US citizens whose data is stored in the US without any oversight?
> Doesn't the US have access to all the data of non US citizens whose data is stored in the US without any oversight?
Totally agree. Having this discussion so US centred just makes us miss the forest for the trees. Apart from data owned by US citizens, my impression is that data stored in the US is fair game for three letter agencies, and I really doubt most companies would spend more than five minutes agreeing with law enforcement if asked for full access to their database on non-US nationals.
Also, remember that WhatsApp is the go-to app for communication in most of the world outside the US. And although it's end-to-end encrypted, it's always nudging you to back up your data to Google or Apple storage. I can't think of a better target for US intelligence to get a glimpse of conversations about their targets in real time, without needing to hack each individual phone. If WhatsApp were a Chinese app, this conversation about E2E and backup restrictions would have happened a long time ago. It's the same on how TikTok algorithm suddenly had a strong influence on steering public opinion and instead of fixing the game we banned the player.
International users that have Advanced Protection enabled would in theory be safe from all of the 3-letter agencies (like safe from those agencies getting the data from Apple...not safe generally).
Realistically we are talking about FISA here, so in theory if the FBI gets a FISA court order to gather "All of the Apple account data" for a non-us person, Apple would either hand over the encrypted data OR just omit that....
Based on the stance Apple is taking here, its reasonable to assume they would do the same in the US (disable the feature if USG asked for a backdoor or attempted to compel them to decrypt)
> its reasonable to assume they would do the same in the US (disable the feature if USG asked for a backdoor or attempted to compel them to decrypt)
I think it's more likely that Apple would challenge it in US courts and prevail. Certainly a legal battle worth waging, unlike in the UK.
4 replies →
Would your answer be the same if this encrypted data was stored in China instead of US?
I don't think messages should ever leave the device, if you want to migrate to a different device this could be covered by that user flow directly. Maybe you want to sync media like photos or videos shared on a group chat and I'm fine with that compromise but I see more risks than benefits on backing up messages on the cloud, no matter if it's encrypted or not.
1 reply →
This is different IMO. When you buy Apple you buy an American product and you know the company is beholden to US law. Snowden has made perfectly clear how much they can be trusted. When you buy it anyway it's an informed choice.
Here a country that has no ties with most of apple's customers is just butting in and claiming access to all of them.
So what's next. Are we also giving access to everyone's data to Russia? Iran?
Agree in principle, though WhatsApp backups are encrypted with a user provided password, so ostensibly inaccessible to Google or whoever you use as backup
What makes you think WhatsApp backups don’t have a secondary way to unlock the encryption key? Wouldn’t it be more logical to assume the encryption key for whatsapp backups can also be unlocked by an alternate “password”
If the US is willing to build an entire data center in Outback Australia to allow warrantless access to US citizen data, why wouldn’t they be forcing WhatsApp backups to be unlockable?
> Totally agree. Having this discussion so US centred just makes us miss the forest for the trees. Apart from data owned by US citizens, my impression is that data stored in the US is fair game for three letter agencies, and I really doubt most companies would spend more than five minutes agreeing with law enforcement if asked for full access to their database on ̶n̶o̶n̶-̶U̶S̶ ̶n̶a̶t̶i̶o̶n̶a̶l̶s̶ anyone.
> non US citizens whose data is stored in the US
They don't even care where it's stored...
See: CLOUD Act [1]
[1] https://en.wikipedia.org/wiki/CLOUD_Act
I honestly doubt they even limit themselves to the data of non-US citizens. They have no respect at all for the fourth amendment.
Android data isn't encrypted at rest (or at least not in a way Google doesn't have the key). If the uk gov has a warrant, they can ask Google to provide your Google Drive content. The whole point of this issue is Apple specifically designed ADP so they couldn't do that.
Android backups are encrypted at rest using the lockscreen PIN or passphrase: https://developer.android.com/privacy-and-security/risks/bac...
So not hugely secure for most people if they use 4-6 decimal digits, but possible to make secure if you set a longer passphrase.
I don't know what Google's going to do about this UK business.
edit: Ah it looks like they have a Titan HSM involved as well. Have to take Google's word for it, but an HSM would let you do rate limits and lockouts. If that's in place, it seems all right to me.
I wonder how hard it would be for the US government to force Google to just get the lockscreen pin off of your device or for them to just infect your device with something to capture it themselves.
Wrong. Google Android user cloud backups are E2EE by default.There is no option to opt out. Use Google's backup service and your data is encrypted at rest, in transit, and on device. aka end-to-end.
It's not just Google saying it. Google Cloud encryption is independently verified
> But is that backup encrypted? If it's not, all they need is <whatever piece of paper a british security official needs, if any> to access your data.
Based on them mentioning the difficulty of opting out, I presume OOP does not use Google's cloud backup.
> Doesn't the US have access to all the data of non US citizens whose data is stored in the US without any oversight?
Er, no...? I'm not sure where you get that idea. Access requires a warrant, and companies are not compelled to build systems which enable them to decrypt all data covered by the warrant.
See, for example, the Las Vegas shooter case, where Apple refused to create an iOS build that would bypass iCloud security.
I asked if your Android backup is encrypted. Implies I'm talking about unencrypted data.
> See, for example, the Las Vegas shooter case
I am not in Las Vegas or anywhere else in the US. So as far as i know all the data about me that is stored in the US is easily accessible without a warrant unless it's encrypted with a key that's not available with the storage.
> companies are not compelled to build systems which enable them to decrypt all data covered by the warrant
Again, not what I was talking about.
I'm merely pointing out that your data is not necessarily encrypted, and that the "rest of the world" was already unprotected vs at least one state. The UK joining in would just add another.
This is why Apple, and more recently Google, create systems where they don't have access to your unencrypted data on their servers.
> Google Maps is changing the way it handles your location data. Instead of backing up your data to the cloud, Google will soon store it locally on your device.
https://www.theverge.com/2024/6/5/24172204/google-maps-delet...
You can't be forced to hand over data on your servers that you don't have access to, warrant or no.
The UK wants to make this workaround illegal on an international basis.
9 replies →
People always overestimate how much companies will defy their government for you, legally or otherwise.
> all the data about me that is stored in the US is easily accessible without a warrant
No, law enforcement needs a warrant to legally access any data. This is why Prism was illegal, and why companies like Google are pushing back against overly broad geofence search warrants.
5 replies →
i think people focus on whether backups are encrypted too much. it really doesn't matter when the government has remote access equivalent to your live phone when it's in an unencrypted state, which they almost certainly do.