As a citizen, I don’t understand what the UK government thinks they are getting here - other than the possibility of leaks of the nation’s most sensitive data.
Also is it not possible to set up my Apple account outside of the UK while living here?
> other than the possibility of leaks of the nation’s most sensitive data
Amusing when you consider the National Cyber Security Centre (NCSC, a part of GCHQ), along with the Information Commissioners Office, both publish guidance recommending, and describing how to use, encryption to protect personal and sensitive data.
Our government is almost schizophrenic in its attitude to encryption.
And yet if I steal your money and refuse to give it back, or let you steal it back, you'll call that hypocritical. What does the size of an entity have to do with whether this is idiotic or not?
You're making the argument that the UK government will stop using encryption itself once the information about this becoming illegal makes it through the government.
It won't. The courts will refuse to force them to stop, and even if the courts attempt to force it, some government departments just won't listen, and be protected from the consequences.
This is another case of "the law applies to you, but not to me".
The law is that encrypted comms must be provided to the security services on request. This is not a problem for government agencies. It is not illegal per se.
I went digging a bit. No. You're wrong. You cannot substitute the law we're discussing with something else. If the law truly is that encrypted comms must be provided to the security services upon request, then Apple Encryption is not a problem. Security services simply should ask the owner of the icloud account ...
So that's NOT what the law says.
The law says that private sector entities cannot have effective encryption (so NOT government agencies). Why do I put it like that? Because it MUST be possible for the security services to get access to any data they can intercept in any way WITHOUT telling/alerting the participants. They must be able to ALTER those communications. Or to make it more practical: any software maker MUST be able to provide access to any data the security services physically intercept, encrypted hard drives, ssh capture ... anything. And no, there is no exception for open source software.
ANYONE who puts this in software is criminally liable, as well as any firm (director/...) of any firm that has software doing this:
// we're done with the key for this session, erase the key
key := 0
Obviously this means any government agency that runs a https website is violating this law. Publish an IOS app? Violation! (you're using encryption that is designed not to let anyone, including you yourself, alter the app on the wire). Publish an android app? Same. Publish a fucking rpm package on yum? (the signing code obviously violates this law). A fucking garbage collector violates this law. BUT ...
But there is one VERY specific limitation. Only the government gets to complain about this, and obviously, there is zero plans to enforce this equally. The government sure as hell is not planning to actually put in the effort to make the encryption they use compliant with this law. It's just to get at the contents of confiscated harddrives. It's just to force foreign companies to unlock phones that have been confiscated.
Oh and there's stricter punishments if you tell anyone you're complying with this. This law can be used to arrest Linus Torvalds until he backdoors encrypted loop devices, and threaten him with decades prison if he tells anyone he's done that.
And can I just say? If this law was put, properly explained, to the people of the UK, there's no way it would get 50% of the vote.
>> Of course: it's not a monolithic entity. It's a composite of different parts that have different goals an interests.
> And yet if I steal your money and refuse to give it back, or let you steal it back, you'll call that hypocritical.
That's a bad analogy.
> What does the size of an entity have to do with whether this is idiotic or not?
Because it's not about the size, and I said nothing about the size. It's about it being composed of different minds, organized into different organizations, focused on different goals.
It's just not going to behave like one mind (without a lot of inefficiency, because you'd need literal central planning), because that's not the kind of thing that it is.
I suppose they don't believe certain facts engineers are telling them. With Brexit it was coined "Project Fear". Now they're being told that adding backdoors to an encrypted service almost completely erodes trust in the encryption and, as in the case with Apple here, in the vendor. However, I suppose it is very hard to find objective facts to back this. I'd guess this is why Apple chose to both completely disable encryption and inform users about the cause.
Now we're probably just waiting for a law mandating encryption of cloud data. Let's see whether Apple will actually leave the UK market altogether or introduce a backdoor.
In the US, the NSA has always had both missions (protect our country’s data and expose every other country’s data). Since everyone uses the same technology nowadays, that’s a rather hard set of missions to reconcile, and sometimes it looks a little ridiculous. As of fairly recently, they have a special committee that decides how to resolve that conflict for discovered exploits.
I mean, this is no different than one part of the government suggesting running laundry at night to reduce the environmental impact of energy use, while another suggests only running it while awake to reduce fire hazard. Governments and corporations rarely have complete internal alignment.
Correct me if I'm wrong here, and maybe this is too charged for HN, but looking over at you guys from the US:
The US has problems (don't get me wrong, look at our politics, enough said); but the UK seems to be speedrunning a collapse. The NHS having patients dying in hallways; Rotherham back in the popular mind; a bad economy even by EU standards; a massive talent exodus (as documented even on HN regarding hardware engineers); a military in the news for being too run down to even help Ukraine; and most relevant to this story - the government increasingly acting in every way like it is extremely paranoid of the citizens.
There's a lethargy, but it's hardly speedrunning. Things will be the same or slightly worse in a decade. I'm not sure I can say the same for the US, it seems different this time.
> The NHS having patients dying in hallways
Sadly routine in winter. Nobody wants to spend the money to fix this. Well, the public want the money spent, but they do not want it raised in taxes.
> Rotherham back in the popular mind
The original events were between 1997 and 2013. The reason they're back in the mind is the newspapers want to keep them there to maintain islamophobia. Other incidents (more recently Glasgow grooming gangs) aren't used for that purpose.
> a bad economy even by EU standards
Average by EU standards. But stagnant, yes.
> the government increasingly acting in every way like it is extremely paranoid of the citizens.
They've been like this my entire life. Arguably it was a bit worse until the IRA ceasefire. Certainly the security services have been pushing anti-encryption for at least three decades.
Yes - that is my impression as well as someone currently living in London.
Literally ever single system that I have to interact with seems to be somewhere on the spectrum between barely functioning and complete disfunctionality, with almost very few exceptions that come to mind.
By system in this context I mean every institution, service provider, company, business... everything.
Couple that with low salaries across the board - including the "high paying tech jobs in London" with price increases that are out of control with no reason to believe this is ever going to stop you end up with a standard of living significantly lower than let's say for example the EU countries of Eastern Europe.
Currently trying to figure out where to go next
Well Albanians apparently want to live in Norwich, leading to a bizarre anti-propaganda campaign with bleak black-and-white photography to convince them it's horrible.
It isn't? Huh, you're right, a lot of the Balkans aren't, I did not know that.
I don't think anywhere in the EU really describes itself as Eastern Europe, though. That's Ukraine, Belarus, Moldova. So really just Romania, sometimes.
Literally quite a significant number of EU countries describe themselves as Eastern European, what you said is factually wrong.
At this point I am considering your replies as either trolling or interacting in bad faith.
I'm an immigrant to the UK. I have lived here permanently for 21 successive years, though I was actually in and out of the UK for years before that. My current anecdotal feeling about the UK is at a pretty low point.
If it was an option, I would seriously look to emigrate again, but I honestly don't know where. The most appealing option for me is Australia, but my age works against me. I know everywhere has its issues, but I'm just so worn down by the horrible adversarial political system and gutter press in the UK right now. We seem unable to do anything of note recently. A train line connecting not very much of the UK has cost so much money, and in the end it hasn't even joined up the important part.
I don't know, life is good at a local level. I am privileged and live in a fantastically beautiful town, and life here is safe and friendly. If I ignored everything else for a while it would probably do me good.
Australian law explicitly prohibits requests that have someone "implement or build a systemic weaknesses, or a systemic vulnerability, into a form of electronic protection" - including any request to "implement or build a new decryption capability", anything which would "render systematic methods of authentication or encryption less effective", anything aimed at one person but could "jeopardise the security or any information held by another person", anything which "creates a material risk that otherwise secure information can be accessed by an unauthorised third party".
This UK request as reported would not be legal in Australia.
> Technical Capability Notices (TCNs): TCNs are orders that require a company to build new capabilities that assist law enforcement agencies in accessing encrypted data. The Attorney-General must approve a TCN by confirming it is reasonable, proportionate, practical, and technically feasible.
> It’s that final one that’s the real problem. The Australian government can force tech companies to build backdoors into their systems.
Yes. Since the 'Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018' which I was directly quoting from, and explicitly prohibits systemic backdoors.
That blog's own reference points this out:
> Regular use of encryption as electronic protection, such as online banking or shopping, is not of primary concern in the Act. To reinforce this, the Act includes safeguards between government and industry, such as restricting backdoors and decryption capabilities, preventing the creation of systemic weaknesses, and accessing communication without proper jurisdiction, warrants, or authorisations.
So I can only assume that the author is either too lazy to bother reading their own reference in full (let alone researching the topic of their blog), or is being knowingly dishonest.
I don't know, they've definitely been cracking down on journalists over the past year. Could be an attempt to crack down harder / create a chilling effect
btw, anyone know if this cancels Apple+ Support too? I’ve been resisting switching countries because I don’t want to lose that subscription since you can only subscribe within 60 days of device purchase.
> Also is it not possible to set up my Apple account outside of the UK while living here?
The ability to turn on Advanced Data Protection does seem to be tied to your iCloud region (as of now I can still turn it on, and I’m in the UK but have an account from overseas).
full control on everyone they deem as an opponent. in UK being dimmed and oponent is about posting the wrong meme or even standing in the wrong street at the wrong moment.
I think you would be interested in Google's internal memo[0] that did the rounds here a couple weeks ago. The claim is that OpenAI and all competition is destined to fall behind open-source. All you need is a big model to be released and all fine tuning can be done by a smart, budget, distributed workforce.
But why would a big model be released? LLaMA can't even begin to compete with GPT-4. Fine-tuning won't make it more intelligent. The only entity currently able to compete with OpenAI/Microsoft is Google with their planned Gemini model.
…today. But with the amount of (justifiable, IMO) attention LLMs are now getting, I don't see how this won't change soon. And there's quite a bit of incentive for second- or third-tier companies to contribute to something that could kneecap the bigger players.
Kiev and Kharkov is what we use in Romanian (spelled in a slightly different manner, but pronounced the same), I think I can manage this. Were I to speak or write in Ukrainian (which is a language I don't know, for the time being) I would have used the Ukrainian spelling.
For me writing markdown using VSCode with with Neovim keybindings approaches that rich text and rich code environment.
Of course, when using markdown(/mermaid/tikz/etc.) creating diagrams is severely limited unlike point and click alternatives. I haven’t seen a good solution yet that isn’t too restrictive or slow.
Out of interest, on proposition B why can we not claim that the presence of a Y chromosome in your DNA makes you a "biological male" and the absence makes you a "biological female". That should be a binary division. (Where these terms are only used in the contexts you describe as being useful; no disagreements there).
You absolutely can claim that, and it gives a nice clean division into two classes, that's sometimes useful and usually lines up with other assessments of sex and gender.
But it's not the only way to do it, and if you do that you won't necessarily agree with other people about a person's "biological sex".
For instance, there is a condition called "complete androgen insensitivity syndrome". A person with CAIS has one X and one Y chromosome, just like a typical man, and they produce male sex hormones much like a typical man does. (Maybe exactly the same? I'm not sure whether there are feedback loops that might go wrong.) But the cells in their body that are meant to respond to those hormones don't, and as a result a person with CAIS looks pretty much exactly like a typical woman does. Breasts, mostly-normal-female genitalia, not much body hair, higher-pitched voice, etc. But^2 they don't have a uterus, they aren't fertile (either "as" male or female), and there are internal genital differences that may have adverse consequences for their sex life if nothing is done about them.
If you just go by chromosomes, you will classify people with CAIS as male. But these people are all assigned female at birth, and they usually have no idea until puberty that there is anything at all unusual about their sex or gender. Their gender identity is almost always F rather than M, and they are generally heterosexual in the sense of being attracted to men.
So, what is the "biological sex" of someone with CAIS? I think several answers are defensible, but none is clearly correct or universally agreed. So "biological sex" is not a term with a clear-cut meaning in every case, contrary to "Proposition B".
Also is it not possible to set up my Apple account outside of the UK while living here?
reply