
The Apple letter to customers couldn't happen under proposed UK law - J-dawg
https://privacyinternational.org/node/751
======
ikeboy
The court order was public. Apple didn't reveal anything not already known.
This article seems unaware of that fact.

Also, there's NSLs in the US as well.

~~~
madaxe_again
That wouldn't make a difference here in Airstrip One - the court order can be
public, but you're still not allowed to respond, or even mention it, as while
it's a matter of public record, it's also secret.

There's a whole bunch of stuff like this. Turn up at a classified government
site and ask to see the silos, and watch a press officer do impressive mental
gymnastics.

~~~
vidarh
The most hilarious example to me is that the BT Tower (originally Post Office
Tower) did not use to appear on Ordnance Survey maps because its location was
deemed an official secret.

In 1993, an MP finally "revealed" the location to draw attention to the idiocy
by exercising parliamentary privilege and mentioning the location in
parliament.

For those of you who have not been to London, or isn't aware which tower I'm
talking about, this is it (note the pictures showing it in the London
skyline...):

[https://en.wikipedia.org/wiki/BT_Tower](https://en.wikipedia.org/wiki/BT_Tower)

It is rather hard to miss, given that it rises 177 meters above street level
in a part of London where the nearest other highrise is a 117m building about
1km away...

It also had a viewing platform and restaurant _open to the public_ for 15
years while it was still an official secret...

The UK is quite fantastic at this. When you know about stuff like this, it
puts UK comedy like Monthy Python's Dead Parrot Sketch[1] into very different
perspective as a good illustration of behaviour that officialdom in the UK see
as perfectly rational.

[1]
[https://en.wikipedia.org/wiki/Dead_Parrot_sketch](https://en.wikipedia.org/wiki/Dead_Parrot_sketch)

~~~
dazc
To be fair, 1993 is a long time ago. Today, even Menwith Hill and 'the secret
nuclear bunker' are on Google Earth.

[https://en.wikipedia.org/wiki/1993](https://en.wikipedia.org/wiki/1993)

1993 is the year bookmakers cut their odds on the monarchy being abolished by
the year 2000 from 100/to 1 to 50/1

New Teletext service on ITV and Channel 4

Ford unveils its new Mondeo

Unemployment is still just short of the 3,000,000 (no real change there then?)

and

The Bank of England lowers interest rates to 6%

Not having a go, just interesting what was also going back then.

~~~
vidarh
That's true. But since the BT Tower was built, the Official Secrets Act has
gotten stricter, not more lenient (e.g. in the 80's the previous public
interest defence was removed). That they've given up on restricting knowledge
about buildings that are in plain view reduces the comedy effect somewhat, but
they still have occasionally made idiotic attempts to restrict information
that's already public.

E.g. in 2004, a government source leaked a document purporting to show that
Bush discussed plans with Blair to bomb Al Jazeera, and eventually it got into
the hands of Daily Mirror who put it on their front page.

Government officials subsequently tried to threaten the other national papers
with the Official Secrets Act if they republished the information (it didn't
work; the papers ignored the threats).

I'm sure the overall level of idiocy in this respect has fallen as they've
come to terms with a reality where trying to restrict information like this
just makes things worse, but it's not because they wouldn't like to.

~~~
moomin
For those interested, the reason the Official Secrets Act removed the public
interest defence was that someone successfully used it. (Clive Ponting
disclosed details of the sinking of the Belgrano, an hugely controversial
action during the Falklands conflict, unanimously acquitted.)

------
iofj
This is already the case. Wiretapping orders in Europe can come from a large
number of organisations, including any police force, interpol, a few UN
departments, some branches of the EU itself, ... there is no judicial review.
The wiretap orders do not mention a court case, there is no way to appeal
them, and telling anyone about any order, even in general terms, is punishable
by jail time (for the person who does it, not the person responsible for them.
In other words, technically if you're an engineer at a telco and you tell your
boss why you're spending hours without telling anyone anything, technically
that's 2 years). There's no appeal, no information about a court case linked
(because there may not even be a linked court case, e.g. when a kid I knew ran
away I know the police tapped her phone to find her. There never was anything
more than an investigation). And of course, the government is under no
obligation to even pay for the time spent doing the wiretap, nor does it pay
for the equipment and upgrades needed to make them happen (for instance
cisco's "lawful intercept" licences, which run in the thousands of euros per
device, alcatell, lucent, etc. have similar stuff).

The one positive is that it's a huge mess, and many police departments have no
idea how to use these laws. But I find it hard to believe that there aren't a
few police departments that are actually capable and using these rules for
personal gain.

~~~
pascalmemories
In the UK wiretap (and any other surveillance) orders can come from local
council officials (and hundreds of other public and some non-public bodies)
and have been used for such major crimes as dog fouling and placing your child
in the local school [1]. Councils have spent hundreds of thousands of pounds
following innocent people for months using these powers. It did lead to some
changes but did not actually remove these powers from minor petty officials.
The new bill is reintroducing far reaching powers which were originally
rejected from the first RIPA legislation and extending the powers already
there by very significant levels (beyond where they were originally before
being rolled back).

PI are highlighting that in the US, Apple were at least able to publicly
disclose what they believe is an egregious over-reach by a law enforcement
body. In the UK, Apple execs would currently be facing significant jail time
for what they have done.

[1] [http://www.theguardian.com/world/2014/oct/12/police-ripa-
pow...](http://www.theguardian.com/world/2014/oct/12/police-ripa-powers-
journalists-surveillance)

[edit: grammar, sorry]

------
fit2rule
The more the UK slips down the hole of tyranny and fascism, the more
despondent I become - even though I'm not a UK citizen.

The reason is, I just don't know of any way that the British people can claw
their way back up out of this hole - their tyrannical government seems to be
10 steps ahead of every effort to reign it in.

So I feel like I'm witnessing, helplessly, the decline of the UK as a power,
and as a nation of free peoples, and the despair comes from knowing that as
time goes on, the likelihood of non-violent solutions to the oppression of the
British people are ever-more unlikely.

~~~
jelly
My initial response to the IPB was that, when I graduate from my UK
university, I would simply move to some other European state and enjoy less
pervasive surveillance.

However, after giving it more than a seconds thought, I realised most of my
life I've had no reason to pursue a second language so I am limited to the
anglosphere. In addition, 5 of the 6 anglosphere countries form the Five Eyes
alliance, so my data would probably go back to the UK government no matter
what.

~~~
SyneRyder
Language shouldn't be a barrier, especially in western Europe. While people
will appreciate it if you speak their language (and you should try to learn
it), there are so many languages spoken across Europe that English is the
default interchange language. And if I remember correctly, some German
companies even require staff to speak English at work just so employees from
different countries can all understand each other.

If you have the right to live & work in the EU, you're very lucky & years
ahead of some of us. I've been learning German for 5 years & spent a lot of
time looking into the EU Blue Card program.

~~~
k-mcgrady
>> "If you have the right to live & work in the EU"

This might not apply to UK citizens very much longer if the referendum vote
goes the wrong way.

------
DanBC
There's some useful, informed, discussion in the UK Crypto mailing list.

[http://www.chiark.greenend.org.uk/pipermail/ukcrypto/2016-Ja...](http://www.chiark.greenend.org.uk/pipermail/ukcrypto/2016-January/002590.html)

------
geographomics
The purpose of the non-disclosure sections of this law is to prevent the
suspect being wiretapped (or similar) knowing that they're being wiretapped.

It's not exactly very useful if someone under active investigation finds out
that they're being watched, and changes their communications behaviour as a
result.

In this case, it wouldn't need to be applied as the suspect is dead.

~~~
tankenmate
Unfortunately your conjectures are not in the bill; what is in the bill is
broad and vaguely worded as to what applies (just about any security related
request), but very precise and forceful about what is not allowed to be
communicated (nothing is allowed to be said about the request; ever).

------
mmmBacon
The UK lacks a formal Constitution with something like the 1st Amendment.
Instead it has something called the Human Rights Act which includes all kinds
of exceptions to free speech. The US 1st Amendment is not absolute but it's
the closest thing we have to an absolute right here. The infringement of free
speech is possibly the single most controversial aspect of US National
Security Letters. It's generally very difficult to limit a person's free
speech because of the 1st Amendment. While in UK it seems like they can easily
add exceptions like not being able to discuss a court order.

~~~
wfo
The FBI use NSLs fairly freely and nobody really seems to object. The first
amendment doesn't really seem to help us here.

I think the only reason this wasn't done under a gag order is the FBI wants to
use public response to win this case since it's about a terrorist attack
(IIRC, they tried the exact same request about a Meth dealer and it was
refused) so they can set a precedent. You can't set a precedent for open court
and rally the public behind you if it's all secret.

~~~
mmmBacon
Most gag orders can be challenged and have to serve a benefit of some kind and
be of limited duration (like to guarantee a fair trail).

A NSL gag order can be challenged.

 _In December 2008, the Second Circuit Court of Appeals ruled that some of the
NSL gag provisions were unconstitutional, in part because they limited
judicial review of the gag orders and forced courts to defer to the
government’s assertions about the necessity of a gag order and also thwarted
the ability of recipients to challenge a gag order._

[source:] [http://www.wired.com/2010/08/nsl-gag-order-
lifted/](http://www.wired.com/2010/08/nsl-gag-order-lifted/)

And more gag provisions were overturned in 2013.

[https://www.crowelldatalaw.com/2013/04/gagging-the-fbi-
the-u...](https://www.crowelldatalaw.com/2013/04/gagging-the-fbi-the-
unconstitutionality-of-national-security-letters/)

I think the overturning of these provisions of the NSL gag order she the power
of the 1st Amendment a show the US judiciary tend to be skeptical whenever the
government attempts to limit free speech.

------
cmurf
If only it were so easy to use party affiliation to identify adversaries on
this topic.

Those in favor of government power to compel Apple to commission software,
laws to weaken encryption or safeguards such as rate limiting, and spending
public funds to aid closed research to crack encryption have one thing in
common. They are statists. They believe in the absolute authority of the
state.

Guess again if you think it's a dysfunction of government when parties
disagree. Extra scrutiny is required when they agree.

~~~
teacup50
That's a blanket, __incorrect __generalization.

I'm strongly opposed to government crypto backdoors. Cryptography is protected
expression under the first amendment.

However, there's no participation award for weak crypto systems; you don't get
immunity from lawful search under the fourth amendment because you _tried_ (or
_claimed_ ) to implement strong crypto.

If a legal search is _possible_ because you intentionally backdoored your
crypto system by giving yourself access to tamper-resistent key derivation
hardware on the devices your customers own, then that legal search is ...
__still legal __.

The All Writs Act, and this application of it, has been held up by the Supreme
Court. Furthermore, much more demanding requirements have repeatedly been
supported by the courts:

[https://en.wikipedia.org/wiki/Communications_Assistance_for_...](https://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_Act)

The DoJ stated this quite clearly in their response to Apple's public efforts
to obfuscate the issue:

"... iPhones will only run software cryptographically signed by Apple ... Just
because Apple has sold the phone to a customer and that customer has created a
passcode does not mean that the close software connection ceases to exist;
_Apple has designed the phone and software updates so that Apple 's continued
involvement and connection is required_."

If Apple didn't hold keys that trump the owner of the device, Apple couldn't
aid the government. They _do_ hold those keys, however, and the fourth
amendment still applies: they get to assist with a reasonable search.

------
mtgx
You know what this would lead to in the UK? The spy agencies would gag
companies to even tell their customers they got hacked, if it happens to be
because of a vulnerability they created for the spy agencies.

So people will continue to have their accounts hacked more and more and
everyone will keep quiet about it.

------
kevinprince
Probably gone amiss in this whole thing. Apple technically could post this
letter under the proposed legislation because they are not a
"telecommunications provider" which is a specific term in UK law referring to
those companies who provide telecoms services usually mobile operators, BT
etc.

Apple is not a licensed telecoms provider as they would never of been able to
provide iMessage in the UK as it lacks any ability for real-time intercept a
requirement on telecoms providers.

------
formatkid
Are there any precedents where the UK has placed a gag order on a foreign
company, and successfully extradited and imprisoned a CEO for violating said
gag order?

~~~
pjc50
That's a privilege reserved for America, but the nearest I can think of is the
Matrix-Churchill fiasco ( [https://en.wikipedia.org/wiki/Arms-to-
Iraq](https://en.wikipedia.org/wiki/Arms-to-Iraq) ) in which the directors
were very nearly jailed by the customs authorities for doing things which they
were ordered to do by the intelligence services.

~~~
formatkid
That is interesting. I honestly believe America wouldn't extradite or even
convict a CEO like Tim Cook but in this climate who knows.

@pjc50 Could you imagine a trade embargo between tech companies and the UK OR
a ban on the sale of phones that do not adhere to the newly proposed laws?

~~~
pjc50
There was the whole John Delorean weird business, although that was allegedly
plain old cocaine dealing:
[https://en.wikipedia.org/wiki/John_DeLorean#Arrest_and_trial](https://en.wikipedia.org/wiki/John_DeLorean#Arrest_and_trial)
and there's allegations of someone else having their business destroyed for
refusing to cooperate with surveillance but I cannot remember the name.

I can't imagine the UK having a tech embargo that affected iPhones; that's the
kind of stupidity that brings down governments. However, I should note that
the ARM TrustZone technology that's critical to the iPhone security is
developed in the UK...

~~~
formatkid
"that's the kind of stupidity that brings down governments" \- Do you know who
David Cameron is?

That John Delorean is some weird business. Not sure how it pertains to
extradition re: gag orders.

I think when it comes to laws around murder, drugs, and other organised crime
it quickly becomes clear that cooperation is important and most countries
would support a mutual extradition.

I believe that when it comes to laws surrounding political issues; freedom of
speech, privacy, removal of encryption (for all phones without warrant or
guilt) etc., some foreign companies may not feel obligated to partner up as it
were. And rightly so.

You can say 10% of the phone is created in China with 30% of the R&D in Poland
and 5% design in LA and so on. That division of labour doesn't really matter
and it's not really the point. If the company that owns and sells the product
remains outside of the UK then I very much doubt the gag order portion would
be enforceable. In fact, you would just need to schedule technology to prevent
the sale of none compliance. We do that in all other industries and it would
be the easiest way to go.

You could argue that tech companies would still comply with warrants and you
could even argue that the they could eventually add backdoors BUT you can't
say the gag order would be enforceable. Companies like Samsung and Apple sell
to countries other than the UK.

tldr; UK Gov demands a backdoor in the iPhone. Apple reject the gag order and
backdoor. Why should the UK demand foreign companies weaken foreign technology
sold domestically that would globally affect not only the sale of the product
but the trust of consumers in other countries where privacy is paramount. And
how or whom do they arrest when nobody complies? ;)

------
msravi
Apple did not want to make this public, and would have been quite happy to
give the FBI what it wanted under seal. It was the FBI that actively wanted to
make this public, ostensibly to establish legal precedent. See
[https://news.ycombinator.com/item?id=11131866](https://news.ycombinator.com/item?id=11131866)

------
kintamanimatt
Isn't this close to the essence of NSA letters, that have in-built-in gag
orders?

------
Smircio-
I can't believe the USA is being shown up by UK on the topic of government
corruption. We gotta step up our game. Time to vote Trump.

~~~
yummyfajitas
It's not as if the Clinton Dynasty ever attempted to mandate the use of
"clipper chips" (encryption chips with a government backdoor) in mobile
phones, or tried to ban strong encryption.

[https://en.wikipedia.org/wiki/Crypto_Wars](https://en.wikipedia.org/wiki/Crypto_Wars)

[https://www.techdirt.com/articles/20151119/18032932868/hilla...](https://www.techdirt.com/articles/20151119/18032932868/hillary-
clinton-joins-make-silicon-valley-break-encryption-bandwagon.shtml)

FYI, the primary political folks promoting encryption were small government,
libertarian republicans. (These folks mostly don't exist anymore.) John
Ashcroft was fairly prominent among them:

[https://en.wikipedia.org/wiki/John_Ashcroft#As_U.S._Senator_...](https://en.wikipedia.org/wiki/John_Ashcroft#As_U.S._Senator_from_Missouri)

Kids these days don't even remember the 90's.

~~~
grosstacos
Clipper was horrible, that said:

John Kerry and John Ashcroft were two of the most prominent opponents of
clipper. It is dishonest and inaccurate to claim that the Republicans were
against it and the Democrats were for it, both sides were split.

Similarly, it's a bit of a reach to claim that "the Clinton dynasty" tried to
mandate usage. The NSA offered the chip without royalties, and Bill Clinton
endorsed it and proposed it be added to the NIST crypto standards. It was a
strong nudge to make it available for free; but it never really approached the
level of an attempted mandate.

Clipper was a horrible horrible idea; and there were (and still are) members
of both parties who think that these sort of backdoored crypto schemes are a
good idea. Clipper (and similarly flawed proposals) don't typically originate
from a politician; they typically originate from the military-industrial
complex and are expressed through a politician.

Partisans always have trouble remembering history though... they forget when
"their side" does wrong, but they remember clearly the wrongs of the "other"
side. And vice versa for good things.

~~~
yummyfajitas
During the 90's I started off as a Clinton-supporting democrat. At that time,
support for encryption was primarily a position held by the "black helicopter"
crowd. ("Black helicopters" refers to allegedly paranoid fantasies by right
wing militias that federal agents will come for them in black helicopters.)

Note that I'm not attempting to promote any particular party - note that I
said the folks who promote encryption don't really exist anymore.

------
lifeisstillgood
We (and our governments) need to recognise that there is no such thing as
secrecy anymore, just as there is no privacy anymore.

So just as we as individuals need to adjust to a world where our love affairs
are known to our telcos and smartphones before our spouses, we need to require
our governments to adjust to an open-by-default world where most of what they
want to keep secret is just out there.

this is the idea that a city watched over by CCTV is a police state if only
the police can view the cameras.

If everyone can view the cameras it's a free but different society

~~~
GordonS
> So just as we as individuals need to adjust to a world where our love
> affairs are known to our telcos and smartphones before our spouses

Wait, what? Why _should_ we simply accept mass, indiscriminate surveillance
that has an incredible potential for misuse now and in the future?!

~~~
lifeisstillgood
Because the upsides, properly managed, outweigh the down.

My lifestyle, as a piece of anonymised health data, along with my genome can
benefit medical research as well as my own health choices

who I meet or converse with, who is nearby, who is willing and able to
purchase the same product as I locally to gain discounts, who is looking to
hire someone with my skill sets, who is looking for sex.

So many options exist once We all place our digital life up on a publically
readable board that it is hard to imagine we will refuse it.

But there are about four options

1\. Police state. The only people with access to my digital life are the
police. China is currently looking at a digital credit score, incorporating
party loyalty amoungst other things.

2\. Private walled gardens. AOL, Facebook, health insurers, driving insurers.
All of these private companies collect my digital life right now. Some of not
all can or are compelled to give the data secretly to 1. Above. Even if they
were not, the total utility of the data is dramatically reduced in walled
gardens plus why is trusting Facebook more sensible than trusting my
government with the same data.

3\. Anonymised and public. So no walled gardens but lots of open protocols for
sharing data, and anonymising that data. This means my weight and most recent
meal can be used by medical researchers. However, anonymising data sets sucks
- there is little chance I will remain as anonymises as the idea of "privacy"
indicates

4\. Totally open. Just stick the raw data up and let cottage industries come
tell me something interesting.

It's most probable that "good" societies will find a balance between 3 and 4.
Some my even be the societies currently seen as developed democracies, but
there is no guarantee.

The advantages of data are such that a society built around the right precepts
for big data will win big time - like a society that wrote down its precepts
250 years ago, "we hold these rights ..."

The only protection against being blackmailed for being gay in the military is
to not make homosexuality a criminal offence and then have all the gays in the
military come out.

This is the same protection we have against all the mass surveillance - that
we know everyone's business. Is it going to be really hard to manage? Yes, and
that's why some Socities will make it and many won't. Most have not grasped
modern democracy.

~~~
JoeAltmaier
Anonymizing data is a myth. Enough data, and you can guess from only a few
details who its about. There are ways of identifying a computer by what
software/updates are installed. Identify a 50+ male on my street who buys
embedded processors - well, that's only me. See how easy?

~~~
lifeisstillgood
That's what I said. But somewhere between trying to anonymise and totally open
is likely to be the sweet spot of the next 100 years

~~~
JoeAltmaier
No, somewhere between anonymizing and not collecting the data at all, will be
the safe spot. Otherwise, Big Brother.

~~~
lifeisstillgood
We won't avoid collecting the data. It is then just about who has access to
that data - I say that giving everyone access to everything is the "safest",
and that we can pull back from that in a controlled manner towards anonymising
data.

But we cannot avoid this. For example one suggestion is that paving stones
will come embedded with "RPi-level" computing (IoT will be so cheap ...) and
will in essence be used by my local council to assess wear and tear and
potholes etc.

What this means is that my paving stone outside my house will be able to
report every time I leave, and you can tell the difference from me stepping
out or in and someone walking on the preceding flagstones.

Can we complain about the council improving how it handles potholes? But it is
a total loss of privacy at my front door.

This stuff will be everywhere

~~~
isaacremuant
Your theory is thought provoking but it seems to fall under the same problems
as the others.

1\. How do you regulate that companies are actually giving things up? People
will hide things if it's beneficial to them and there's very little you can do
about it short of becoming the police state you said you didn't want.

2\. How do you deal with the fact that some entities will have more resources
than others to make use of that open data? It doesn't seem to level the
playing field as you suggest. If you think that you can force them to level
the playing field because their pursuits will be open as well, go to 1.

3\. Innovation, competition, defense, dealing with other countries who won't
act the same way and a long etc.

While I understand the abstract concept I'm not sure how much thought you've
put into it with regards of the practicality.

~~~
lifeisstillgood
Interesting.

1\. Is very interesting 2\. Well, need to think 3\. I think the upsides to a
strong data-ocracy is so great countries will copy you

But yeah worth thinking on

