Comment by freedomben
1 day ago
Devil's Advocate (meaning I don't agree with this, in fact I disagree with it, but I don't see this argument being made anywhere and think it would be interesting. If you're one of the people who are offended by this practice of people steel-manning "the other side" and only want to read comments that affirm your position, please don't read this comment).
Question: Wouldn't it be better for Apple to build a UK-only encryption that is backdoored but is at least better than nothing? If Apple really cared about people's privacy, why just abandon them?
My position: No because this is a war, not a battle. Creating a backdoored encryption would immediately trigger every government on the planet passing laws banning use of non-back-doored encryption, which would ultimately lead us to a much, much worse world. Refusing to do it is the right thing IMHO.
The UK's law here is specifically targetting encrypted data globally.
> The UK government's demand came through a "technical capability notice" under the Investigatory Powers Act (IPA), requiring Apple to create a backdoor that would allow British security officials to access encrypted user data globally.
Without Advanced Data Protection, your data is still encrypted at rest, it's just that Apple safeguards the encryption key. The purpose of ADP is to remove control of this key from Apple, so that it's impossible for Apple to leak your data to any third party, even if they are compelled to.
So to me, backdoor encryption seems like it defeats the whole point of ADP, no? But if not - even if there is some tiny marginal benefit - cryptography is extremely expensive to get right. It's doubtful that it makes financial sense to Apple to develop a new encryption workflow for a single country for very slight security benefits.
And it still wouldn't be complying with the UK's demands anyways. The UK demanded access to accounts worldwide. If Apple is going to be non-compliant, then they might as well be non-compliant the easy way.