Apple Caved
-
This is frightening.
They do not have the ability to just remove e2e back-ups in the UK alone and walk away from this, that's not how the law is written as I understand it.
The snooper's charter gives the UK government the RIGHT to DEMAND access to encryption keys of any user GLOBALLY. The law is that they can force the cooperation of Apple to decrypt the account of an American user, of a German user, of a Russian user, of a South African user, of a Brazilian user, of a Japanese user who have never stepped foot in the UK.
So they're claiming that this protects their users, that they haven't complied but the only way to avoid complying with these secret gag orders for compromising encryption GLOBALLY at the demand of the UK government is to remove themselves entirely from the jurisdiction of the UK. Is to remove all executives and technical personnel from UK soil, to not hire such people who live in or are citizens of the UK as technical personnel as they could be gag ordered and compelled to cooperate. To basically entirely pull out of any presence but maybe storefronts in the UK and take steps to prevent the arrest and pressuring of their executives and key technical people with access from being subject to UK coercion.
That they haven't done that means all users globally are still at risk. This may be a big PR stunt to convince people they haven't caved when in fact they have in secret and will hand over data of global users to the UK which shares it via eyes agreements with the US, with France, Australia, etc. This has the added benefit of allowing the UK to keep such access secret by acting annoyed with Apple but not actually pressing any case. If they try and actually prosecute or pressure Apple that's a sign that they haven't cooperated globally, if they only offer angry words to the press IMO that's a sign that in secret they've given access globally and only informed UK users that their cloud data isn't protected.
They’re not handing over keys though. They’re just not offering ADP in that region anymore(?) I doubt they would be allowed to hand out keys (which they do not hold) to another government that would compromise American businesses, agencies, etc. The US was already noticing the dangers in this demand and I’m hoping that this was an attempt at a compromise. I guess we’ll never know though, since this included a gag order as well
-
BBC News - Apple pulls data protection tool after UK government security row BBC
"In a statement Apple said it was "gravely disappointed" that the security feature would no longer be available to British customers."
kinda horrible to read all these "this big tech company is a rebel and my best friend" comments.
apple allowed this for the usa before many times. this time it had to be publicly announced, cause the orange sleeper agent told them to undermine the uk gov in order to allign the MEGA endeavour.
-
They’re not handing over keys though. They’re just not offering ADP in that region anymore(?) I doubt they would be allowed to hand out keys (which they do not hold) to another government that would compromise American businesses, agencies, etc. The US was already noticing the dangers in this demand and I’m hoping that this was an attempt at a compromise. I guess we’ll never know though, since this included a gag order as well
Still good to keep in mind: not your keys, not your data.
-
BBC News - Apple pulls data protection tool after UK government security row BBC
"In a statement Apple said it was "gravely disappointed" that the security feature would no longer be available to British customers."
In the process of self hosting everything anyways. This just sped things up for me
-
@Strawberry Governments and corporations are powerless to E2EE employed by the users themselves, such as GPG/GnuPG/PGP. What could/will UK gov do against GPG and similar tools, especially those which are open-source and freely available?
I'm rooting for British people to defy their government and create their own pair of public and private keys using GPG/PGP or similar suite (preferably open-source, because they can be easily forked, adapted to easier UX/UI to any end-user, etc), sharing their public keys with each other so they can send enciphered messages, rendering useless such anti-E2EE British law.
When the corporation controls the hardware and the OS it can easily break any encryption running there. Just include key loggers, break RNG entropy, extract keys from memory, or just capture any data before they are encrypted. Or just let the governments into the OS so they can do all that.
-
Here in the UK, many typical phone users already assume that their data is shared anyway. Every person that i spoke to about this today asked why I think it's a problem as they have nothing to hide. A worrying position.
"If you have nothing to hide you have nothing to say"
-Edward Snowden -
This is frightening.
They do not have the ability to just remove e2e back-ups in the UK alone and walk away from this, that's not how the law is written as I understand it.
The snooper's charter gives the UK government the RIGHT to DEMAND access to encryption keys of any user GLOBALLY. The law is that they can force the cooperation of Apple to decrypt the account of an American user, of a German user, of a Russian user, of a South African user, of a Brazilian user, of a Japanese user who have never stepped foot in the UK.
So they're claiming that this protects their users, that they haven't complied but the only way to avoid complying with these secret gag orders for compromising encryption GLOBALLY at the demand of the UK government is to remove themselves entirely from the jurisdiction of the UK. Is to remove all executives and technical personnel from UK soil, to not hire such people who live in or are citizens of the UK as technical personnel as they could be gag ordered and compelled to cooperate. To basically entirely pull out of any presence but maybe storefronts in the UK and take steps to prevent the arrest and pressuring of their executives and key technical people with access from being subject to UK coercion.
That they haven't done that means all users globally are still at risk. This may be a big PR stunt to convince people they haven't caved when in fact they have in secret and will hand over data of global users to the UK which shares it via eyes agreements with the US, with France, Australia, etc. This has the added benefit of allowing the UK to keep such access secret by acting annoyed with Apple but not actually pressing any case. If they try and actually prosecute or pressure Apple that's a sign that they haven't cooperated globally, if they only offer angry words to the press IMO that's a sign that in secret they've given access globally and only informed UK users that their cloud data isn't protected.
Pretty sure Apple has a few lawyers
-
"If you have nothing to hide you have nothing to say"
-Edward SnowdenWasn't it something more similar to "saying that you don't care about privacy because you have nothing to hide is like saying that you don't care about free speech because you have nothing to say"?
-
BBC News - Apple pulls data protection tool after UK government security row BBC
"In a statement Apple said it was "gravely disappointed" that the security feature would no longer be available to British customers."
Apple can claim that they never built backdoor. But talk is cheap without showing the code for people to audit.
-
Here's my response to this line of thinking:
"Would you be okay if I fucked your spouse/partner/etc? No? Why not? You're already having sex with them. What's the difference?"
Consent. That's the difference.
Both of you to assume I’m having sex with them.
-
That's the point isn't it?
They would say "that's different" without elaborating why exactly.
-
I've got an android
And that helps how exactly?
-
America can't legally spy on its own people
The UK can
And the UK is in an intelligence cooperation with America
America does it anyways. Have you not heard from Snowden? Or Wikileaks?
-
Copy of my comment in c/apple:
Honestly I think this is the right move.
Pull the feature and tell the public that the government won't permit the public to secure their own data.
"I have security and privacy features for you, but your government won't let you use them"
Set the public against this overreach.
If your government wants to look, we want to look as well
-
Copy of my comment in c/apple:
Honestly I think this is the right move.
Pull the feature and tell the public that the government won't permit the public to secure their own data.
"I have security and privacy features for you, but your government won't let you use them"
Set the public against this overreach.
I think it's the right move by Apple.
I don't think it's the right move by my Government to be ordering this.
Like most governments, the UK's has a poor record on understanding technical standards (They're still trying to implement age-restriction on porn sites, something that's been ongoing for a decade) Backdoor or lack of encryption - both make data security impossible and make the lives of criminals a whole lot easier. We simply cannot have safe data this way.
-
In the process of self hosting everything anyways. This just sped things up for me
The UK government has you that way too - you are legally compelled to reveal any passcodes if ordered by a court, and you'll stay in prison until you do. (Regulation of Investigatory Powers Act 2000)
But it at least does remove them from third party exposure (phone company, their AI, massive breaches etc), you just have to be sure your own security is good.
-
BBC News - Apple pulls data protection tool after UK government security row BBC
"In a statement Apple said it was "gravely disappointed" that the security feature would no longer be available to British customers."
So what's Google doing? I assume they're impacted by the same regulation.
-
BBC News - Apple pulls data protection tool after UK government security row BBC
"In a statement Apple said it was "gravely disappointed" that the security feature would no longer be available to British customers."
Go all the way, remove ALL iPhone services from the UK saying the government will not allow users to have privacy. The government will go back on it within a week.
-
Apple can claim that they never built backdoor. But talk is cheap without showing the code for people to audit.
Basically every phone manufacturer has its own layer on top of AOSP that is closed source so…
-
Copy of my comment in c/apple:
Honestly I think this is the right move.
Pull the feature and tell the public that the government won't permit the public to secure their own data.
"I have security and privacy features for you, but your government won't let you use them"
Set the public against this overreach.
Apple doea not allow other competing security and privacy features.
If apple was opening up, the gov couldn't do anything in the first place
