Comment by ComputerGuru
1 day ago
Note that this doesn’t satisfy the government’s original request, which was for worldwide backdoor access into E2E-encrypted cloud accounts.
But I have a more pertinent question: how can you “pull” E2E encryption without data loss? What happens to those that had this enabled?
Edit:
Part of my concern is that you have to keep in mind Apple's defense against backdooring E2E is the (US) doctrine that work cannot be compelled. Any solution Apple develops that enables "disable E2E for this account" makes it harder for them to claim that implementing that would be compelling work (or speech, if you prefer) if that capability already exists.
When you disable ADP, your local encryption keys are uploaded to Apple's servers to be read by them.
Apple could just lock you out of iCloud until you do this.
That’s exactly the plan. Anyone with this enabled in the UK will need to manually disable it or they’ll get locked out of their iCloud account after a deadline.
And I guess Apple gets fined for not allowing government approved alternatives to these services not long after.
The hardware will not allow this, at least not without modifications. The encryption keys are not exportable from the Secure Enclave, not even to Apple's own servers.
The Apple security paper describe how to disable ADP through a key rotation sequence.
This will be a "forced rotation", they just need to decide how to communicate to users and work out what happens to those who don't comply. Lockout until key rotation look like an option as someone said.
1 reply →
Behind the scenes, it'd probably decrypt it locally piece-by-piece with the key in the Secure Enclave, and then reencrypt it with a new key that Apple has a copy of when you disable ADP.
Are you gonna unlock that phone anytime soon?
Thanks for opening the enclave, don't mind if I ship these keys back home.
No notification needed, Apple has root access.
2 replies →
> how can you “pull” E2E encryption without data loss
You can’t. The article says if you don’t disable it (which you have to do yourself, they can’t do it for you, because it’s E2E), your iCloud account will be canceled.
At this point, the right thing to do is allow for an alt-service.
How would an alt service help this situation? You’d just end up with backdoored services advertising E2EE, no? Apple’s move here is definitely the right one, introduce as much friction as possible to hopefully get the user pissed off at their government for writing such stupid laws.
1 reply →
Apple has an organization-wide mandate for services revenue.
Every product must make money on an ongoing basis, every month. That's why you get constantly spammed to subscribe to things on iOS.
Apple will never drop this anticompetitive practice of favoring their services until they are legally compelled to.
1 reply →
We are told the encryption keys reside only on your device. But Apple control “your” device so they can just issue an update that causes your device to decrypt data and upload it.
Apple has already fought US government demands that they push an update that would allow the US governmrnt to break encryption on a user's device.
> In 2015 and 2016, Apple Inc. received and objected to or challenged at least 11 orders issued by United States district courts under the All Writs Act of 1789. Most of these seek to compel Apple "to use its existing capabilities to extract data like contacts, photos and calls from locked iPhones running on operating systems iOS 7 and older" in order to assist in criminal investigations and prosecutions. A few requests, however, involve phones with more extensive security protections, which Apple has no current ability to break. These orders would compel Apple to write new software that would let the government bypass these devices' security and unlock the phones.
https://www.wikipedia.org/wiki/Apple%E2%80%93FBI_encryption_...
Would just upload the keys
Presumably these keys live in a hardware security module on your phone called “secure enclave” and cannot be extracted
11 replies →
Apple do not remotely control devices, and automatic updates are not mandatory.
I think Prof Woodward's quote in the article will likely hold true for Apple's response to the original UK government request:
"It was naïve of the UK government to think they could tell a US technology company what to do globally"
Apple is in a really tough position. I don't know if there's any way they could fulfil the original request without it effectively becoming a backdoor. Disabling E2E for the UK market is just kicking the can down the road.
Even simply developing a tool to coerce users out of E2E without their explicit consent to comply with local laws could be abused in the future to obtain E2E messages with a warrant on different countries.
A very difficult position to be in.
> Apple is in a really tough position.
You mean Apple is in a unique position to make a statement. No more Apple products in the UK. Mic drop. Exit stage left.
But… money
1 reply →
Or, this is how they save face with their customers having complied with the request rather than stop trading with the UK.
> Any solution Apple develops that enables "disable E2E for this account" makes it harder for them to claim that implementing that would be compelling work (or speech, if you prefer)
I think it’s really speech [0], which is why it’s important to user privacy and security that Apple widely advertises their entire product line and business as valuing privacy. That way, it’s a higher bar for a court to cross, on balance, when weighing whether to compel speech/code (& signing) to break E2EE.
After all, if the CEO says privacy is unimportant [1], maybe compelling a code update to break E2EE is no big deal? (“The court is just asking you, Google, to say/code what you already believe”).
Whereas if the company says they value privacy, then does the opposite without so much as a fight and then the stock price drops, maybe that’d be securities fraud? [2]. And so maybe that’d be harder to compel.
[0]: https://www.bloomberg.com/opinion/articles/2019-06-26/everyt...
The iOS screenshot displays a message saying it's no longer available for new users.
> the (US) doctrine that work cannot be compelled
Is this actually a thing? Telecoms in the US are compelled to provide wiretap facilities to the US and state and local governments.
>> Apple's defense against backdooring E2E is the (US) doctrine that [government can’t] be compelling work (or speech, if you prefer)
It’s really not "work” but speech. That’s why telecoms can be compelled to wiretap. But code is speech [2], signing that code is also speech, and speech is constitutionally protected (US).
The tension is between the All Writs Act (requiring “third parties’ assistance to execute a prior order of the court”) and the First Amendment. [1]
So Apple may be compelled to produce the iCloud drives the data is stored on. But they can’t be made to write and sign code to run locally in your iPhone to decrypt that E2EE data (even though obviously they technologically could).
[1]: https://www.eff.org/deeplinks/2015/10/judge-doj-not-all-writ...
[2]: https://www.eff.org/deeplinks/2015/04/remembering-case-estab...
It's weird bending of law. Code, especially closed-source code, is not a speech; it's a mechanism and the government may mandate what features a mechanism must have (for example, a safety belt in a car).
> how can you “pull” E2E encryption without data loss? What happens to those that had this enabled?
They'll keep your data hostage and disable your iCloud account. Clever, huh? So they are not deleting it, just disabling your account. "If you don't like it, make your own hardware and cloud storage company" kind of a thing.
More like "If you don't like it, talk to your local politicians", which is, IMO, a totally valid approach.
> "If you don't like it, talk to your local politicians",
Indeed people only noticed this because Apple tried to do the right thing and now it's somehow also Apple's fault. No good deed goes unpunished, I guess.
I think there is a feeling the government power is so overwhelming that they are hoping maybe some trillion dollar corporation would help them out somehow.
> But I have a more pertinent question: how can you “pull” E2E encryption without data loss? What happens to those that had this enabled?
Well exactly. The UK just showed the whole thing is a joke and that Apple can do this worldwide.