Fights like this only legitimize the EU's DSA to me. UK users would not be beholden to Apple for E2EE if their clients had legitimate alternatives to the first-party iCloud service. There would be no world where Apple could even threaten to disable it.
Break the walled garden down, and all of the sudden it doesn't matter what Apple's stance on E2EE is. But Apple wouldn't want that, since then you might realize they aren't the sole arbiters of online privacy.
> There would be no world where Apple could even threaten to disable it.
They did not "threaten to disable it" and apple's stance on E2EE is not the issue here, UK's stance is. UK essentially made icloud E2EE by demanding apple to make a global backdoor into it, and essentially thus forced them to disable it. It is not disabled anywhere else in the world.
Essentially the UK (and other states) want somehow to have their pie and eat it too, but that's just not possible.
Apples stance on E2EE is off by default. UK stance is no E2EE at all.
If Apple wasn't a walled garden neither opinions would matter since the user could just decide for themselves without Apple or the government having power over it.
I dislike how removing a optional feature is being equated to a backdoor since unlike this situation it would effect everyone without there knowledge. If no E2EE is a backdoor then Apple by default is backdoored (which it is but people here like to pretend otherwise).
The torches and pitchforks that are soon to follow? You might get away with that in oppressive “some countries”, but I just can’t imagine it ending well in someplace like the UK.
I'd hope so, but you never know what you can get people to tolerate "for the children". This is, after all, the same UK population that voted these halfwits into power.
You're doing them a favour calling them halfwits, if most of the current crop of British politicians were light bulbs they wouldn't be bright enough the light the cupboard under my stairs.
You could just as well argue that changing direction or admitting you got things wrong requires more spine than blindly sticking to the same direction even in light of new information.
Whether that applies to Starmer is a matter of opinion I suppose
I don't know how UK electorate feels about this, global backdoor feels like much more unreasonable ask than domestic backdoor. Really takes particular hubris to ask for it in the first place.
> you can't backdoor encryption without making it insecure.
That’s not really true is it? If I have a building where every room has its own key, but there is also a “master key” that can open all doors; then it’s not “insecure”. You want to be pretty bl—dy careful with that master key, sure, but the idea isn’t crazy.
You can have a service beyond the reach of UK law enforcement. Somehow piracy on the clearnet never really stopped with it being illegal in most countries.
You're suggesting that Apple, a giant publicly traded company with known people that can be summoned to court and assets located in places that can be seized, should ignore lawful orders from a country they are operating in?
Can I ask you how you think that would play out?
>Somehow piracy on the clearnet never really stopped with it being illegal in most countries.
I'm sure you can spot the difference between a small group of people running a piracy site and a multinational company selling physical devices in physical stores.
> Any sufficiently popular alternative would be subject to the same issue: you can't backdoor encryption without making it insecure.
I'm just saying this is not true because you can have a company without any legal presence, thus susceptibility to law enforcement, in the UK. The legal issue will be shifted onto the user, but it's hard to go after millions of users compared to one big company.
The parallel with piracy is that they also tend to be operated from beyond the jurisdiction of countries enforcing the copyright.
That's mostly because of them using Musk's other business as leverage. A good company created explicitly to operate like this has no such vulnerability. The UK can try to stop them by trying to block the IPs or whatever, and the company is in turn free to try to circumvent it. The only issue is they may be banned from App store, which is a self-inflicted problem caused by Apple.
I'm all for the DSA as well, but this argument doesn't hold water. Any sufficiently large cloud provider alternative (ie. Google, Microsoft, etc) would likely be the target of similar government instructions. In fact, I bet they already are - they just can't talk about it.
And of course, it's already possible to disable iCloud backups and use a smaller provider or host your own alternatives. I already do, through Nextcloud, etc. It's not as fully integrated of course, but you bet that if it was, then the largest alternatives would be targeted all the same.
If Apple were to add new APIs, it might be possible to use personal cloud storage (NAS, Decentralized Web Nodes, etc.) with the same UX as iCloud with E2EE.
> it might be possible to use personal cloud storage [...] with E2EE
Which would quickly become illegal if UKGOV is set on getting access to people's iOS backups / cloud storage / etc. Hell, it's already a legal requirement to hand over your keys if UKGOV demands them[0].
[0] "Regulation of Investigatory Powers Act 2000 part III (RIPA 3) gives the UK power to authorities to compel the disclosure of encryption keys or decryption of encrypted data by way of a Section 49 Notice." https://wiki.openrightsgroup.org/wiki/Regulation_of_Investig...
Scale matters. Police don't have the time to go through everyone's computers. It is much easier to scan everyone's conversations, notes, or photos. Cloud storage invites this kind of mass surveillance by being high-value targets with little capacity to resist.
You can always have an company without legal presence in the UK to do the operations, beyond the reach of the UK government. If you are allowed to run your own software on your devices, you can always encrypt before sending. Apple and to a lesser extent Google got themselves in this position of being able to spy by building their walled gardens.
OP here. I am sympathetic, really I am, but the challenge then is a diversity of solutions tends to lack really good high quality security systems integration, meaning that data leaks differently. It's hard to have a high integrity solution which is an open standard and implemented equally well by all players.
One of the hardest problems you can face is getting a community of disparate developers to do the right thing at scale; sometimes the easiest solution for that is a monolithic integrated blob.
I agree, that's why I applaud smart regulation. Apple is a disparate business too, you have no way to bring them to the table for doing "the right thing" unless there's some threat of repercussions.
It's really easy for Apple to back themselves into a vulnerable corner with the "ecosystem" mentality drawn out to it's logical extremes. I'd argue it's our democratic duty to stop businesses from endangering their customers like that, but that really depends on how you feel about consumer protections.
The UK demands a backdoor in the backups, so having an alternative backup app isn't the solution here. All the alternatives would just get forced into also adding backdoors, or everyone working for the companies that provide alternatives find themselves unable to ever enter the UK again.
That said, I do wish there were more backup solutions for mobile platforms. Android has an API for this, but it's only available to software signed with manufacturer keys. LineageOS and various other custom ROMs use this to allow Seedvault backups, but as a stock Android user I can only pick between Google backups and no backups.
On the other hand, these backups do contain material you don't necessarily want random apps to have access to. Seeing how powerful stalkerware/"parental control" already is on Android, I recognise that there are dangers that the general population might not realise. Adding additional warnings and messages about backups (even when the backups are made using manufacturer software) would probably strike a balance, though.
Both Apple and Android (stock) are candidates for anti-monopoly regulations regarding the limited, vendor locked backup API.
Enforcing choice of the backup solution would solve the problem of rogue countries like the UK meddling with privacy and security.
Like the browser choice, backup provider choice can end up being enforced, likely by the EU as they have a good history of breaking up vendor lock-ins.
Possibly an information/lobby campaign can be started and endorsed by some major online storage providers?
I agree, though with Android an argument can be had that Samsung and other manufacturers can offer alternatives if they want to (they have their own stores and their own platform keys).
I don't think there's a large lobby for the backup app industry but a lawsuit against Apple/Google/Samsung should be easily won here.
How is an exploration of broad spectrum legislative attacks on all forms of encryption regardless of hosting and corporate ownership and data communication moot?
The UK has to formally ask for a backdoor, the United States has the leverage to coerce Apple into implimenting one while demanding that it remain a secret. We don't know if the US has implemented equivalent iCloud backdoors yet, it might be under wraps like the push notification bug.
Maybe that doesn't concern you though, and that's fine. Apple is always looking for customers that don't care that much about their devices.
Is there any particular reason you ignored Apple's admission of extralegal surveillance that they were demanded to hide by the US government?
If you want to turn this into a relativist pissing contest, be my guest. I think it's a moot point, since the United States is complicit in an even more heinous form of surveillance. Don't moralize to me when America refuses to lead by example, this is the precedent that we set.
So the question in my mind is: is the UK Government attempting to cover-up its previous advocacy of ADP, by censoring this old document?
In a word, yes.
I'd be fascinated to know who in the hive mind decided to do it though; I can't see someone too senior coming up with an http redirect as the answer. I guess the scrub order came down the chain and an automaton jumped into action.
Interestingly, the well respected head of the Home Office announced departure around the same time as this story breaking.
There are always lots of juicy things going on in the big government departments, so connections could be made at almost any time. But the timing and quick departure does seems notable.
There is absolutely no reason why the public at large can't know that some three letter agency is legally forcing a company to provide information with a national security letter. The public knowing that this is happening doesn't divulge any useful information to anyone. The fact that free speech is in fact being trounced in the US is really freaking gross to me.
I don't disagree that it can change behavior, but surely many or most of these nefarious actors must already assume that uploading illegal materials to Apple or Google, whether they claim E2EE or not, is a risk? See for example Apple's ditched efforts to scan and flag CSAM material on-device.
My assumption has been that the real bad guys use their own infrastructure attached to anonymous access methods like Tor, or using anonymous file sharing accounts that can't be tied to an iPhone's serial number. Maybe that's not true?
Offering transparency in these areas may help to understand whether the government is really doing this to arrest criminals, or just to have unfettered access to everyone's data.
It's not naive. I can definitely see value in a two-tier warrant system. The first (and normal one), just like a physical warrant: you know you're being searched. The second, and it is much harder to get: a covert warrant, more like a wiretap.
The oversight body is the legislature. The judiciary has no ability to provide oversight. The judiciary cannot act on it's own. It cannot conduct investigations. It can only act on cases and motions within those cases. The two ideas you've presented do not have anything to do with eachother.
The good news: The US Director of National Intelligence, Tulsi Gabbard, is fully aware of the request and has responded to a letter from Congress about it. She has stated that in her opinion, while this plays out, it would actually be possibly illegal for the UK to make this request, let alone Apple to comply with it, under the US CLOUD Act. If this is true, Apple will have no choice but to leave the UK than comply, and the UK will find themselves in a no-win situation for this demand.
Edit: This is in addition (for better or worse, I’m just the messenger) to Trump personally calling the EU’s rules for tech unfair, JD Vance giving a speech accusing the UK and Europe at large of violating free speech, the UK’s prime minister being personally teased by Vance at their meeting about free speech (overshadowed by Zelensky’s meeting later the same day), and FCC Commissioner Brendan Carr stating the EU Digital Services Act is incompatible with American free speech values. In my opinion, this turned out to be the dumbest possible time for the UK to attempt such a move, even if it wasn’t foreseeable when the demand was issued.
That's great news, now Ron Wyden won't have to feel so lonely when congress ignores his demands to end illegal surveillance of American citizens. It'll be like a hunky-dory, bipartisan "anti-surveillance surveillance club" or something!
One part of the UK government is trying to force Apple to introduce back doors in cloud data encryption. The back doors are intended for UK government access to user data. This undermines the whole feature. Meanwhile, other parts of the UK government have been encouraging at-risk people to use the same feature, including to hide information from hostile foreign governments. The UK government as a whole has apparently realized that this is embarrassing and taken down the advice.
Surely Apple's lawyers can use this information in court - the fact that the government itself is relying on, and recommending, citizens and (presumably) intelligence assets to use Apple's encryption technology abroad makes it VERY clear that outlawing said technology will systematically weaken ALL UK information infrastructure and make it 110% easier for foreign powers to exploit and sabotage the UK as whole.
edit: removed political quip since, as evidenced by sub-comments, it too easily derails from the primary discussion point, excuse-moi.
Well, the rumor is that Apple has secretly appealed the order (which is officially secret) to whatever secret tribunal reviews such secret orders to create secret features giving secret government investigations access to various people's secrets. The Court of the Star Chamber, I think it's called.
Which is at least Apple doing something vaguely like fighting. But, yeah, UK citizens might want to think hard about doing something about the situation themselves. For one thing, Apple will probably lose. And the US government isn't going to have Apple's back against the UK, either.
If you think Reform are likely to be in favour of anything other than the most authoritarian implantation of whatever law enforcement suggests they want, I don’t think you’ve been paying attention to who Reform are.
It was not removed out of embarrassment, it's just wrong advice. The government can't tell people use this feature, because the feature no longer exists for them to use.
Uk Govt wanted Apple to give them backdoor keys to all accounts. Not even just UK accounts, all accounts. Apple said no and said they will remove encryption from iCloud for UK users. Apple then sued UK govt to try and get the whole thing stopped so that they dont need to remove the encryption from UK. But some parts of the govt were telling other parts to use some of the encryption features.
As I understand it (which might be incorrect), they don't want to tell people "use Apple encryption" anymore and e silently removed that advice from their websites. Probably due to the fact that they didn't get their Backdoor access to user data, so now they want people to just now encrypt stuff
There is too much deflection from the true purpose for these regulations.
The main thing here is that if a Govt approaches a party to gain access to their encrypted data the party can stall them, destroy the data, claim amnesia or point the Govt in the direction of their lawyers. If the Govt approaches Apple or some other company, the companies don't have to inform the targets and can probably compel the companies not to inform the targets.
With encryption there is even no hard evidence that the data sought exists.
This is the main reason for the laws. Their purpose is to gain access to encrypted information without their target's knowledge.
Though I doubt it's the main driving force of the government, a common theme in news articles about suicides and murders is family members being upset that Apple won't give iPhone backups or unlock codes to loved ones. Grieving family members often portray Apple as uncaring and unwilling to unlock devices with a simple software update.
There are plenty of people with good intentions calling for backdoors like this. I believe a good government will know the implications and ignore the pleas, but it seems there aren't that many good governments left.
I've made a (shortened) copy of your comment and pinned it to the top of the thread. I hope that's ok with you! I just thought it's only fair for you to get the karma.
That's not correct. It's for people who think they might be targets of surveillance operations, like journalists and activists.
> Lockdown Mode is an optional, extreme protection that’s designed for the very few individuals who, because of who they are or what they do, might be personally targeted by some of the most sophisticated digital threats.
Most people were born there and have nowhere to go.
The problem is, that it's spreading... EU already wants "AI" to read our private messages, US and it's patriot act was not much better (+ everything within wikileaks), etc.
