Comment by sholladay
17 hours ago
So many questions around this that need answering, such as:
1. What happens if I have ADP enabled and then visit the UK? Will photos I take there still be E2E encrypted? If not, will I be notified? I realize that at the moment the answer is yes, that for now, they are only disabling ADP enrollment. But they are planning to turn it off for everyone in the UK in the future. So what happens then?
2. If they make an exception for visitors, such as by checking the account region, then obviously anyone in the UK who cares about security will just change their account region - a small inconvenience. Maybe this will be a small enough group that the UK government doesn’t really care, but it could catch on.
3. Is this going to be retroactive? It’s one thing to disallow E2E encryption for new content going forward, where people can at least start making different decisions about what they store in the cloud. It’s an entirely different thing for them to remove the protection from existing content that was previously promised to be E2E encrypted. When they turn off ADP for people who were already enrolled, how is their existing data going to be handled?
This is bad news and it is going to be messy.
These are important questions, particularly 2 because even a layover in London or Dublin puts you under UK jurisdiction. So now you have to put that into account when traveling.
The precedent here is China. I spent a few days in China and, as far as I know, my region is still <other country> and ADP is still active.
How does a layover in Dublin put you in UK jurisdiction?
I have seen advice in big companies to only take a burner phone when going to China on business. Perhaps the same will apply to the UK.