(Although I was able to access the article in full on the original URL)
The most likely outcome, I would guess, is that Apple just stop offering Advanced Data Protection as a service in the UK rather than create some kind of backdoor.
It's a weak proposition from the government because anyone with something to hide will just move it somewhere else with encryption. Honest UK consumers are the one's getting the shitty end of the stick because we're about to loose protection from criminals.
Daft waste of time.
[1] https://bsky.app/profile/matthewdgreen.bsky.social/post/3lhl...
As such, any outcome where this is enforced will be a compromise.
https://support.apple.com/en-bh/guide/certifications/apc37da...
Democracies without free speech and privacy are not really democracies.
Agreed.
> Apple previously made its stance public when it formally opposed the UK government's power to issue Technical Capability Notices in testimony submitted in March 2024 and warned that it would withdraw security features from the UK market if forced to comply.
https://arstechnica.com/tech-policy/2025/02/uk-demands-apple...
As for Apple, their daily/hourly/whatever fines might be less than cost of a major ad campaign if they were to buy that publicity directly. Sounds like a good deal for them to refuse to honor the request.
I suppose there are people in the camp advocating for back doors who still think it’s worth the tremendous downsides to be able to catch that group of criminals (there are certainly plenty of idiot criminals), but anybody can just use plain GPG emails for free, or deploy some open source encrypted chat server on a $20 a month cloud instance… and I assume operators in places like Russia or China won’t mind hosting easy services for less nerdy criminals willing to pay in crypto.
First, these are the same thing.
Second, ADP is already off by default so approximately nobody uses it. It is irrelevant from a privacy standpoint whether or not they offer it.
Although it's worth wondering why anyone would use any type of corporate cloud backup, anyway. Certainly if you had anything worth hiding, you would disable that first. That just makes this whole endeavor that much more dubious.
This. Whether it is an app to install on your phone or desktop or simply a website to use. People who need encryption to make sure their communication is private will _easily_ find ways around any kind of government snooping.
Sufficiently advanced "escalating fines until they comply" is indistinguishable from "putting them out of business".
How could this even be enforced if Apple pulls out cloud services of the UK ?
It's such a ridiculous request, the British Intelligence agencies must be bored coming up with new ways to make Apple look good.
Looking at the market size that might be a decision that Apple is willing to make as it would most likely be a temporary stick. The government can spin it anyway they want, but Apple devices do not work basically at all without the deep integration of their services. A geoblock would effectively mean UK citizens would be left with unusable devices and I can't see the resulting outrage being directed exclusively at Apple.
It'll be interesting to see how this plays out for sure.
I'm still missing how this could be enforced ? To my layman understanding, this reads the same as if China said : "Meta, Tesla, Valve etc has entities in China therefore we get to see all data they store in the EU and the US.
The UK has Zero jurisdiction in Ireland for example where a lot of EU data may be stored.
This all seems very similar to RIM and the aftermath of the riots in the UK. The backdoors became too obvious for customers to ignore. Did not go well for RIM in the market afterwards.
We know they collude with US intelligence serviceUS
I am not a lawyer, but I think that this would be illegal under EU privacy law.
Frankly, the arrogance is appalling.
I suppose this is _good_ but more competent and well funded groups out of Israel, Israeli military complex, Cyprus don’t need to “ask” for a back door.
Honest question, how Apple is doing it in China? Maybe the exact same scheme will work for UK.
No, that does not suggest none exists, it only says they don’t have access to it. They could have chosen or have been ordered to give the keys to the government agency but not keep one themselves. I’m not saying that’s likely, just that it’s important to not take these statements as saying more than they do. They wouldn’t hesitate to use “technically correct” as a defence and you have to take that into account.
The UK has reportedly served Apple a document called a technical capability notice. It’s a criminal offense to even reveal that the government has made a demand. Similarly, if Apple did cede to the UK’s demands then it apparently would not be allowed to warn users that its encrypted service is no longer fully secure.
For example (a simplistic one), you can have a statement like "we do not have any backdoors in our software" added to your legal documents (TOS, etc). But once a backdoor is added, you are compelled by your lawyers to remove that statement. So you aren't disclosing that you have added a backdoor. You're just updating your legal documents to make accurate claims.
One would think this runs afoul of other laws though, truth in advertising and similar.
Its such a legal minefield, and the UKs request borders on violating the sovereignty of other nations I can't see Apple complying, but maybe that's hopium talking.
The whole definition of "end-to-end encrypted" is that only the two ends have the keys. If anyone or anything other than the two ends (the one sending and the one receiving) has access to the keys, it's not end-to-end encrypted.
And when their key leaks, it’s as good as no encryption, but still end-to-end encrypted.
It doesn't stop being end-to-end when you add another end. We often do group chats that way.
Or you can create a side-channel and send al the data there. That would stop it from being end-to-end.
No, they would have had custody of the keys. Meaning it would still be true they cannot (now) access the data.
If law enforcement won't catch criminal even if you had them all the details, evidence, witnesses, then average person thinks there laws are dead anyway as there is no one competent to enforce them.
I can educate people but it always comes back to "I've not got anything to hide". What are we suppose to do, go out to the streets and protest? Start a petition, right to a PM who has no idea what encryption is?
Mentioning Linux to my family opens a can of worms. We are naive to think protesting actually changes something, it's old fashion. Those with power just don't care so unless people attack with their wallets nothing will come from.
It's not 1995 so unless you have £ for lobbying surrounded by people in suites there is nothing public of any nation can do against anyone in power.
Most day to day complaints are they don't prosecute enough, often related to the bastard that snatched your phone. We have approximately zero people sitting in jail for failing to decrypt and similar.
>This is a very obvious setup for future totalitarianism.
No it really isn't. If they are planning a totalitarian takeover they are being very sneaky about it. There is a strong anti totalitarianism tradition here including elections since 1265, writing books like 1984 and bombing nazis.
* I have nothing to hide, I don't care
* Oh come on, our government doesn't care what I'm up to
* The UK will never be totalitarian. I'm not scared of the government
* The UK civil service is incompetent and could never pull this off (fair point, although I worry about the safety of my personal data in the hands of such people)
Let's not forget we had a hard-left (Corbyn) socialist regime come close to power, whose cabinet members called for "direct action" against political opponents, just a few years ago.
https://www.spectator.co.uk/article/watch-john-mcdonnell-s-c...
I don't think people realise how quickly things could go wrong with these surveillance mechanisms in place, and spiteful, authoritarian politicians taking power.
In most cases it requires a court order as well.
As mentioned in the article, Salt Typhoon and the recency of this request by the UK. At this point they should know better.
My pet theory is anytime the US wants to do something illegal under US law, they simply ask the UK to do it and vice versa. That's why Salt Typhoon isn't and never will be a lesson learned.
[1] Susan Landau and Alan Rozenshtein Debate End-to-End Encryption (Again!) https://www.lawfaremedia.org/article/lawfare-daily--susan-la...!)
Participants spy on each other's citizens on the other's behalf and share data, to avoid the legality of doing so to their own citizens.
edit: typo
Overall i agree with you, it is really disheartening. That being said, i've made progress with my family on valuing privacy and the dangers of surveillance. I think people might be changing their minds slowly but still lots of work to do.
A breakthrough with my sisters was when abortion was threatened here in the states. Mentioned to them that it would be easy for authorities to enforce abortion punishments by subpoenaing data from menstruation cycle tracker apps. This kind of "clicked" for them and they became more open to the other parts (not given ratukan or whatever their purchase history, etc. etc.)
Now let’s say that some Republican Senators and Representatives were ethically opposed to but then threatened to be primaried and President Musk said he would throw all of his money behind a potential opponent, how long do you think it would take a law to be passed?
Even without a law, we already see that Cook will willingly bend a knee to Trump as will Google.
Right now in my home state the governor was trying to get a law passed banning Western Union from allowing illegal immigrants from sending money overseas.
I think we are perhaps the lowest point ever in terms of anti-surveillance efforts. There seems to be bipartisan effort among many (most?) western governments that the government should have unfettered access to all data, regardless of any reasonable expectation of privacy.
Encryption seems barely tolerated these days. Governments are insisting on backdoors, they are making it illegal in some cases for companies to even discuss what is going on or that monitoring is happening.
We barely know what is going on with the programs and efforts that get leaked to the media, much less the programs that operate in total secret.
If you voted for this Tory-lite government, then you can stop voting for any future Tory-lite governments. If you did not, there's not much you can do in practice without devoting your life to it.
The director of public prosecutions of England and Wales, Stephen Parkinson (appointed by the Labour Attorney General), warned against "publishing or distributing material which is insulting or abusive which is intended to or likely to start racial hatred. So, if you retweet that, then you’re republishing that and then potentially you're committing that offense [incitement to racial hatred]."
He added further, "We do have dedicated police officers who are scouring social media. Their job is to look for this material, and then follow up with identification, arrests, and so forth."
This isn’t “Tory-lite,” this is Labour.
Sources: https://freespeechunion.org/labours-war-on-free-speech/
This is Hobson's choice as far as I can see.
I don't think there's anyone you could currently vote for that wouldn't do this.
If you agree that Brexit happened under the Tories and not Labour, then we can also agree that THIS order is happening under the newly elected "Labour Party" and not the "Tories", or so-called "Tory-lite" names.
It's completely pointless trying to remove accountability of this government's illogical actions and then to immediately resort to blaming the previous government for bad decisions like this one.
Just admit that this is under the Labour government.
You have to change the view of the country as a whole, and for generations the U.K. has been a country of curtain twitchers.
What lead to to believe that? The Conservatives and Conservative-Continuity governments both agree that our data simply must be in the hands of the police, DEFRA, and your local council.
RIPA will never be repealed and only strengthened.
It's always through the appearance of good intentions and a public that pushes for whatever narrative they're fed that they normalize this.
People love and want more of this, not less.
And stop making excuses for parties that don't (i.e. Labour, Lib Dems and Conservatives).
At the moment, the UK public (and media) considers it a sport to disparage and smear parties like Reform, whose leaders want to shrink the power and over-reach of the state.
We are so concerned with appearing virtuous and internationally generous, we cannot be seen to align with a party that wants to put UK citizens first (border security? deporting dangerous criminals back to their home nation? gasp, how could we be so ghastly!)
This self-defeating attitude needs to change if we want a better future for our children.
Just old people making bad laws about stuff they don't understand - or are straight up citizen hostile, sometimes hard to tell which it is.
Sadly, the EU is trying very hard and very persistently to pass the Chat Control bill. So far the EU hasn't succeeded, but I would be surprised if EU politicians didn't keep trying until it is finally codified into law.
(disclosure: brit)
I was wondering whether this is about Advanced Data Protection, which encrypts almost all data end-to-end on iCloud. It’s only later in this report that it gets into this key detail:
> At issue is cloud storage that only the user, not Apple, can unlock. Apple started rolling out the option, which it calls Advanced Data Protection, in 2022.
Before stating this, the article says:
> Rather than break the security promises it made to its users everywhere, Apple is likely to stop offering encrypted storage in the U.K., the people said.
This means Apple would be prevented from providing Advanced Data Protection to users in the U.K.
Not making Advanced Data Protection available is made worse by this requirement:
> One of the people briefed on the situation, a consultant advising the United States on encryption matters, said Apple would be barred from warning its users that its most advanced encryption no longer provided full security.
Apple can appeal, but is forced to comply meanwhile (until the appeal is heard) anyway:
> Apple can appeal the U.K. capability notice to a secret technical panel, which would consider arguments about the expense of the requirement, and to a judge who would weigh whether the request was in proportion to the government’s needs. But the law does not permit Apple to delay complying during an appeal.
I think they could do something like what Tik Tok did, by letting users know why they can no longer provide the service.
I would personally give Apple money to see them actually stand-up to this. What's probably more concerning is the number of companies not complaining about this at all.
This headline comes to mind: https://en.wikipedia.org/wiki/Enemies_of_the_People_(headlin...
Governments are extremely powerful. They may issue a gag order (https://en.wikipedia.org/wiki/Gag_order) that makes it illegal for Apple to do that.
Seems absurdist. They have to implement the backdoor, appeal, and only if the appeal is successful can they disable it.
Unlikely. That's illegal.
I believe we should increasingly turn to steganography as a way to ensure our privacy (obviously, combined with encryption). Something that provides simple plausible deniability but lots of data to use as a carrying medium should become the default selection (like "personal videos" — a great use for our phone cameras to build an extensive collection), so even if "identified" as potential carrier for the data, it would be impossible to convict someone over it.
I can imagine a scheme where your secret passphrase defines what bits of data in a video to use to carry actual data and yet avoid changing the output too much. Obviously, coming with a non-reversible algorithm that takes into account different lossy video encoding schemes is non-trivial, though I am sure there is some (plenty?) prior art to build off of.
"Plausible deniability" is cute, but in practice, who cares?
> impossible to convict someone over it.
Yeah, sure, tell me how well that works for you. "Your honor, the data is mathematically indistinguishable from random bytes so you can't convict me" -> "The witness saw you type in a password to view data from that image, give us the password or you're going to prison. Even if you don't give us the passphrase, the police officer says you might be using something called 'steganography', and that's already enough to convict you"
The court and legal system does not care about clever logical tricks or cryptographic tricks or any of that.
Not only that, but also trying to ban platforms that don't follow their censorship guidelines (TikTok in the US, X under scrutiny in UE) and even voiding elections when the result is not good (Romania) under very slim technology-related pretense (somehow a few ads are deemed enough to cancel an election, but 24/7 oriented news from every established newspapers in another country like France is totally OK). It's becoming harder and harder to believe in said democracy when the methods are all but looking like the ones used in non-democracies.
Yes. Democracies around the world are increasingly stopping being democracies.
No. I want all of my data end-to-end encrypted. In transit, at rest, everywhere and at all times. Privacy is a human right. Security of their citizens is what these governments vowed to protect. If they can't, these governments should be changed.
In the US, after Salt Typhoon compromised telecom networks—including court-authorized wiretap systems—the FBI has now (somewhat reluctantly, I think) started advising government officials to use end-to-end encrypted apps like Signal and WhatsApp to protect themselves. [1]
I think the UK government is running a bit behind wrt Encryption.
[1] https://www.npr.org/2024/12/17/nx-s1-5223490/text-messaging-...
> So much for personal liberties. I'd like to give Labour the benefit of the doubt and assume this is a holdover from the last government knowing how fast the civil service actually works but given the Tory 3.0 plan they are going with I wouldn't put it passed them.
>We didn't vote for this.
You very much did vote for this, you voted for Labour under Keir Starmer and he did not particularly hide his being tory-lite. If one is surprised by this they must not have paid any attention before voting.
Labour was behind:
- forced key disclosure (Regulation of Investigatory Powers Act 2000), still in force
- 72 day detention without charge (Terrorism Act 2006), defeated before it became an Act
- national identity register and mandatory id cards (Identity Cards Act 2006), ripped up by the next Tory government
- various attempts at removal of ancient right to trial by jury (partially successful)
The US may suck every now and then, but the US constitution is one of the best things in human history. It protects us from governments like the UK that don't think they have any limits to control their citizens.
This is not true, both because it’s not the only one[1], and because the constitution hasn’t prevented state censorship in the US[2-4].
> It protects us from governments like the UK that don't think they have any limits to control their citizens.
How would it do that? The US constitution has no power over the UK.
[1]: https://worldpopulationreview.com/country-rankings/countries...
[2]: https://journals.ala.org/index.php/jifp/article/view/7208/10...
[3]: https://historycollection.com/10-situations-in-history-when-...
[4]: https://en.m.wikipedia.org/wiki/Censorship_in_the_United_Sta...
Without men and women willing to stand by it and defend it, it is useless. And what we are seeing is that there are increasing number of people who have taken an oath to defend the constitution but have chosen not to do so.
History is full of cases where a well written constitution is ignored by the ruling government.
No, its not. Plenty of other countries have written constitutions with codified rights against the government. Many of them are more explicit about how the conflict between explicit grants of power to the government and explicit rights of the people balance in conflict, which may make them seem superficially less strong; OTOH, the fact that the US Constitution has both unqualified grants of power and unqualified enumerated rights has led to that conflict being resolved by the courts, by...qualifying the rights based in large part on the grants of power.
> Every other country has rights given by the government to their citizens.
That's no more true of “every other country” than it is of the US. The Constitution itself is a deal negotiated between representatives of and ratified by state governments, so all of the rights it protects are, ipso facto, granted by government.
For example, in the Dutch constitution, freedom of speech, religion, privacy et cetera are all qualified “except as restricted by law.” [0] That is to say: if the government passes a law restricting your speech, religion or privacy, that will typically be Constitutionally acceptable. Meanwhile, in the US, the Constitution is absolute, to rather extreme ends. The Dutch constitution is of course rather obvious in its weaknesses, but there are other signs for other countries aside from the text itself. One good method is to take a look at the mechanisms of enforcement of the Constitution and measures of Constitutionality. For a good laugh: https://www.advocatie.nl/nieuws/rechter-mag-wetten-langs-de-...
[0] https://wetten.overheid.nl/BWBR0001840/2023-02-22 For example: “Ieder heeft, behoudens bij of krachtens de wet te stellen beperkingen, recht op onaantastbaarheid van zijn lichaam.” or “Everyone has, subject to restrictions under the law, the right to inviolability of his body.” Most other rights include such a provision.
For example, Germany's Basic Law (Grundgesetz) was created after World War II to ensure the protection of human rights, including freedoms of speech, assembly, and religion, among others. In Canada, the Charter of Rights and Freedoms is part of the Constitution Act of 1982 and guarantees a range of civil liberties. India's Constitution, too, contains an extensive list of fundamental rights that are designed to restrict arbitrary government action, such as the rights to equality, freedom of expression, and personal liberty. South Africa's Constitution is also highly regarded for its strong emphasis on human rights protections.
Even in the United Kingdom, where there is no single written constitution in the US sense, many rights are protected by statutes (such as the Human Rights Act 1998) and established common law principles that limit government power.
Many democracies enshrine rights in law, reflecting the widely accepted idea that such rights are inherent and must be protected against undue governmental interference, rather than merely being granted as privileges.
The next 4 years will certainly prove or disprove this statement!
It's a worthwhile read for anyone.
We elect our politicians. We demand they stop serious crime and terrorism. When they have bad ideas about how to do that, we let them know that it's a bad idea. Or we don't elect them again. This works.
Think so? Perhaps on the surface. Think Yes Minister and Sir Humphrey. No matter how well meaning politicians are they'll be screwed rotten by determined public sector employees and then they'll be finished off by powerful corporate interests, citizens haven't a chance.
What's more you the citizen will likely be the last to know about it. Yes, outwardly all will seem normal as that's the plan but it's only a chimera—appearance is everything. Those in control learned that trick from Vespasian, it has a long lineage of working well.
Can't you see the Investigatory Powers Act wasn't dreamt up by politicans but by nameless but very powerful gnomes in GCHQ, MI6, etc., etc? For starters, politicians wouldn't have had the brains to concoct an Orwellian act on a scale like that on their own. (I've spent too long working in government bureaucracies to know how it works.)
Tragically, democracy, these days, is essentially dead. On the surface it appears alive and functioning and the citizenry still thinks it has say, but in reality it's actually like a cockroach that's been parsitized by a wasp—it's 'alive' in appearance only.
Perhaps because in your FPTP electoral system, you have few avenues to actually "let them know that it's a bad idea". I mean, supposing you don't like this particular law - which party would you vote for to send the signal?
People vote like their dad or what the paper (Murdoch) tells them. If you are lucky to have a thinking voter they only get to choose 1 or 2 issues. Maybe they want lower income tax more than something something privacy.
People won't vote against their interests? "Latinos for Trump" etc. Says otherwise. Brexit people getting kicked out of Spain etc.
The only way to prevent this is to avoid this huge, massive, centralisation. Of course, Apple wouldn’t want this.
If we had lots of smaller scale hosting providers around the world (potentially dozens per country), the scope of attacking each one with such an order is much smaller.
"The USA fought a war in part because they did not like the use of general writs of assistance to allow agents of the British King to search peoples houses and papers where their suspicion chanced to fall. The UK lost that war so no way!"
I wouldn't characterize the rest of the world as not obsessed, really.
From the article, discussing the idea of Apple stopping offering encryption in the U.K.
“Yet that concession would not fulfill the U.K. demand for backdoor access to the service in other countries, including the United States”
You could probably make an ECHR argument about it, but even Germany who are most paranoid about Stasi-like behavior have some sort of rights carveout for law enforcement purposes.
Yes, German law enforcement does have a rights carveout, but not nearly as big of one as in the UK (or the US).
/j
A: Privacy matters! B: Why should you care if you have nothing to hide? A: If you have nothing to hide, then give me the password to your Facebook. B: I don't trust you with that, but I trust my governments and relevant authorities.
The point is that B's faith in authority is flawed as the "powers that be" are an eternally shifting target. By agreeing to government surveillance, you place trust in every subsequent government, even the ones you would rather not.
Every encryption backdoor is a huge vulnerability. Even if we somehow ensure that the powers-that-be remain entirely trustworthy (something that, historically, we can't even manage for a century), they're not the only people who'll have access to the backdoor. It's not possible to make an encryption backdoor that only authorised parties can use: as they say, the laws of mathematics do not respect the laws of Australia.
Therefore you know this is not about chasing the bad guys. It's about keeping the Average Joe under the thumb.
I don't know where the belief that all criminals are tech experts comes from; the popularity of cool-looking "encrypted" phones as opposed to actually encrypted apps like Signal should have long dispelled that myth.
I'd argue that the opposite is probably true, people who think that crime pays are less smart and more impulsive than the average person, and hence less likely to think about things like this.
There absolutely is a balance between Average Joe's right to privacy and privacy restrictions for fighting crime. Without undermining the former, I'm astounded how HN discounts the latter 100%. It is real.
Which is not to say I approve of more surveillance. Just that surveillance of convenient modes of communication (iMessage) is useful to serious crime fighting.
That's a very bold assumption after EncroChat and SkyECC.
> Apple says it will remove services such as FaceTime and iMessage from the UK rather than weaken security if new proposals are made law and acted upon.
Where does this problem start? Is it a basic education thing that valuing one's own and others' privacy needs to be taught to kids from a young age?
For instance, in the meetings in which these ideas are proposed, why are they not considered a serious, fireable offence, like bringing up racist or sexist comments?
Hate to tell ya, those aren't fireable offenses at the highest offices anymore either.
It starts with UK citizens buying iPhones and expecting their data to be private at all.
As a solution to never have unencrypted files in iCloud.
I follow the same procedure with my Android phone, no google cloud.
BTW anything I upload to Dropbox is encrypted first.
Apple says "Encrypted backups can include information that unencrypted backups don't" however the list they give is non-exhaustive. You might find yourself disappointed when trying to restore a non-encrypted backup that you've encrypted yourself in a disaster scenario.
I thought we had grown ups running the show now. Clearly that was optimistic.
1. https://support.apple.com/en-us/111754 says you can change your country to opt-out of GCBD.
2. https://www.bbc.com/news/business-42631386 says "iCloud accounts registered outside of China are not affected."
We have had a number of bad laws over the last ten years that have entrenched state surveillance and presumption of guilt.
The only party I can see taking a principled stance on civil liberties is Reform UK, whose policy document states:
> A British Bill of Rights
> Our freedoms must be codified and guaranteed. Never again can our entire country be locked down on shoddy evidence and lies. Our data and privacy must be protected. Surveillance of the public must be limited and those monitoring us held to account.
https://assets.nationbuilder.com/reformuk/pages/253/attachme...
Recent polls show Reform is currently the most popular party. So there is hope.
What’s this about? Is it some mad “covid was a hoax” thing?
Reform UK believe that the purported efficacy of the mRNA vaccines at preventing transmission was massively exaggerated (we now know it was).
https://www.thelancet.com/journals/laninf/article/PIIS1473-3...
Reform UK believe that the detrimental side effects of lockdown policy outweighed the benefits of lockdown policy (again, there's evidence to support this view)
https://sites.krieger.jhu.edu/iae/files/2022/01/A-Literature...
"While this meta-analysis concludes that lockdowns have had little to no public health effects, they have imposed enormous economic and social costs where they have been adopted. In consequence, lockdown policies are ill-founded and should be rejected as a pandemic policy instrument."
We need more voices that are willing to state these truths in Parliament IMO.
- that’s silly - they can’t do that legally - this makes no technical sense - this is a bad idea - this will never happen
The entire globe becomes Xi Jinpeng’s China with American Characteristics after the iCloud encryption system is neutered and a court warrant is no longer needed.
> The law, known by critics as the Snoopers’ Charter, makes it a criminal offense to reveal that the government has even made such a demand. An Apple spokesman declined to comment.
* https://www.washingtonpost.com/technology/2025/02/07/apple-e...
* https://archive.is/https://www.washingtonpost.com/technology...
> The Investigatory Powers Act 2016 (c. 25) (nicknamed the Snoopers' Charter)[1] is an Act of the Parliament of the United Kingdom which received royal assent on 29 November 2016.[2][3] Its different parts came into force on various dates from 30 December 2016.[4] The Act comprehensively sets out and in limited respects expands the electronic surveillance powers of the British intelligence agencies and police.[4] It also claims to improve the safeguards on the exercise of those powers.[5]
* https://en.wikipedia.org/wiki/Investigatory_Powers_Act_2016
Not just "see also." Your link is the original reporting.
Without journalists and organizations like these doing hard, expensive work like this no one -- not even on HN -- would know about it.
It's a shame that the link being used for the HN entry is to a blog re-writing other people's work, and not doing any of that work or sharing any of that expense themselves.
Correct link:
https://www.washingtonpost.com/technology/2025/02/07/apple-e...
No, I don't care if there's a paywall. Credit where credit is due is something your mom should have taught you when you were five.
1: https://x.com/elonmusk/status/1876174862747930717?lang=en
iMessage is barely used in the UK, WhatsApp is the default messaging platform here
I had a look at the stats though and you're probably correct about WhatsApp being default, although we do have a surprisingly diverse and competitive messenger market:
https://www.statista.com/forecasts/997945/most-used-messenge...
Blue bubble is messages you sent via iMessage.
All incoming messages are grey, regardless of whether they were sent to you via SMS or iMessage.
DOGE was recently unable to obtain data on Americans (https://www.msn.com/en-us/news/politics/elon-musks-doge-deal...), maybe related...
They had read/write data for a few days before being denied access https://www.wired.com/story/elon-musk-associate-bfs-federal-...
Does Apple lose much, in future revenue if people buy out of the ecology in the UK market? At scale, sure. But then again no. It's a 3.8 trillion dollar company. This is almost noise.
I don't think there will be a rush to the door. Set against overall revenue targets, they can comply and weather the storm.
America used to push the rest of the world to give their people those rights. Used to....
I felt an obligation to excessively site stuff here, because I find it bemusing anybody in tech can take such articles or topics at face value.
[1] - https://en.wikipedia.org/wiki/PRISM
[2] - https://en.wikipedia.org/wiki/Five_Eyes
[3] - https://en.wikipedia.org/wiki/Parallel_construction#By_the_U...
If Apple can be compelled to keep shut about Push Notifications being bugged, who knows what else they're obligated to keep under the covers. Caveat emptor.
Even if you ignore the above points, Apple's software is closed source. You cannot change OS or install any unapproved app on your own phone. Apple phones are Orwellian's wet dream. If people still trust bigtech then society is doomed.
This is completely false. It has been shown time and time again that Apple will bend to whatever data requests the US government ask for.
You may think they care about your privacy, because they tell you they do. But they are legally bound to say that. Every surveilance program they have ever been part of has had a legal requirement to lie publicly about its existance. Then when it becomes public through a leak, they are able to say 'Sorry we lied, we had to by law'.
Heres just one example: https://www.macrumors.com/2023/12/06/apple-governments-surve...
Naive implication. They're authoritarian henchmen.
If you're holding out on Apple, a company that has proven to betray every principle they claim to stand for, to defend privacy when money is on the line, then you've been fooled. I don't know how many times Hacker News has to say it before you chumps learn, but Apple is not a privacy-committed company. Being able to point at whitepapers is not the same as knowing how your device functions.
[0] https://www.macrumors.com/2023/12/06/apple-governments-surve...
I should emphasize that 'I personally don't care'. I find it more interesting that people believe there is some safety in Apple products because their marketing says so.
When I was younger, I used to care about these people getting taken advantage of. Today, I wonder how I can replicate the formula. Sorry pals, Apple did it and people were happy about it. I'll make people happy too, its a Noble lie... err Paternal lie :)
It all begs the question, what else have they requested, and of those which requests were accepted secretly?
Truly a pathetic example of a democracy.
I think Apple has a very short window for a powerful response here. It should be re-using the famous Pirate Bay wording for maximum effect.
But Apple has a massive history of complying with government data requests all over the world. They care not for user privacy one bit, and so this request is not that unusual for them.
iCloud Backup is not end to end encrypted. iCloud Photos is not end to end encrypted.
Apple can read all of your iMessages and see all of your photos.
The governments where they operate can compel them to turn over this data. They can and do. Often.
Operationally this doesn’t really change much.
DO NOT SPREAD FUD.
If you could be bothered to spend two microseconds on a search engine, you would find this[1] which states IN THE FIRST PARAGRAPH :
For users who turn on Advanced Data Protection, the total number of data categories protected using end-to-end encryption rises from 14 to 23 and includes iCloud Backup, Photos, Notes and more.
[1] https://support.apple.com/en-gb/guide/security/sec973254c5f/...
It can just order to a third party do so. Wait, why does a third party have access to peoples' private communications. That is the Apple design. The company wants people to use their servers.
If you take the information at face value, they don't.
The government is mandating them to actively infiltrate into people's private communications.
Cloaking mass privacy violations under "operational matters" is the most doublespeak bullshit I've ever heard.
If you do not control the keys and the software that controls the keys, then you are not using end to end encryption.
In my honest opinion, in this specific context UK should be treated with the same scrutiny we treat China.
Through Five Eyes the US agencies could, via the UK, get global access to iCloud accounts
No need to change US law
Anyone with a fundamental understanding of online privacy and security would encrypt any files prior to uploading them to the cloud rendering any back doors and access to those files useless and toothless.
I dont use any of these services. I have never understood the thinking around uploading your private life to some server in the cloud when they are more secure on an external hard drive at home.
I use online services and sync, but my life is so boring (and data breaches have exposed so much) that a disaster that destroys my house and all backups is far more likely that harm from government or private snooping on my cloud files.
I know we’re supposed to stand on principle and make data storage choices as if today’s cat photo were evidence of being the real JFK assassin, but I don’t have the energy.
I agree that cloud services cannot be trusted to do encryption within their clients, but on platforms like iOS it's difficult to do automated backups using independent encryption. It's also quite difficult not to accidentally enable backups to these services because the setup flow for every phone guides you to hitting the "upload everything I do to Apple/Google".
To Apple's credit, while they normally store a copy of the encryption key, making most cloud encryption entirely useless, they do offer setting a custom key at least. GDrive and OneDrive sure don't.
iOS allows you to perform encrypted backups to your local PC or Mac out of the box.
https://support.apple.com/guide/iphone/back-up-iphone-iph3ec...
A phone has to at least tell the nearest tower that it's within range so that the tower can know to send it messages. After that, when it get's a message it sends some sort of acknowledgement. In theory anyone can pick up those messages with a phased array or set of directional antennas and get a directional fix on the phone.
psychopathy is a mental disease who impair people to control their impulses/defected judgment; often these are permanent personality traits, which either will let them sit in a prison for the rest of their lives depending on what they did or they will be liberated if they get caught with a high chance of another incidence... search for papers/work from Kent Kiehl if you are interested in this type of stuff
I learned only much later that her husband was prosecuted for fraud related to government funds. So she had a good reason to have a dumbphone.
It's anecdotal evidence, but still.
You are of very low opinion of people, probably assuming that you are smarter because you are some kind of IT guy.
And you are likely wrong.
Depends on your threat model. If someone unofficial wanted at what you're doing, they'd likely find it easier to go after your home data than what you have in iCloud -- particularly if using Advanced Data Protection for iCloud.
https://support.apple.com/en-us/108756
Also, ask the folks in Los Angeles how those external hard drives at home are working out for them in the fires. There are many types of threats.
So if you ever wonder how they access those WhatsApp messages, when you think that they would be end-to-end encrypted, reality is something else.
Meanwhile, the amount of local news arrests for people getting busted for uploading CSAM to online platforms like Google and Apple is exponentially increasing.
The average "criminal" is an idiot.
Even people concerned with security who know a little seem to be terrible at it.
A local protest group in my area was passing around an image with security tips. They were hilariously bad, suggestions based on very confused understandings of risk. These people weren’t criminals necessarily, but they were motivated and concerned and somehow just terrible at basic security.
Most of the time, people become terrorists, criminals or child abusers because they're stupid, not because they're smart.
This is a well worn path for the CIA gather dirt without needing to break any rules on monitoring US citizens.
"If you want to sell phones in our country, you have to give us access to anyone we say is a criminal using your phones in any country".
"You are asking us to break the law in those other countries."
"Do you want to sell phones in our country, or not? We know you'll blink first."
(Will Apple blink? I don't know. But I am confident that the UK government is filled with people who assume they will).
And the next day this or blocking DeepSeek (in Italy).
https://news.ycombinator.com/item?id=42975170
They're not exactly the same, but you should have similar feelings about forcing a company to hand over data to researchers and forcing a company to install a back door for law enforcement.
All of the sudden people start caring, acting like they never had the chance to regulate their OEM of choice. No, you get exactly what you paid for. You trust Apple, don't you? They're a prestige company, they'd never sell you out. Probably. Oops[0].
[0] https://www.macrumors.com/2023/12/06/apple-governments-surve...
Here we are, though, at the point where the government overreach for these "beacons of democracy" such as US and UK do this often and by design and we're all supposed to pretend "thing are fine, trust us". Next they'll push some other overreach using children, terrorism, drugs or some other usual excuse and people will defend it pretending the government has good intentions and largely works for the people.
Why is it tho ? The government has something to hide ? i mean it's complete bullshit, citizen have the right to privacy and government has the obligation of transparency and being accountable to its citizens.
When did the UK turned into a middle east dictatorship ?
> Google has enforced default encryption for Android phone backups since 2018. When asked by The Post whether any government had requested a backdoor, Google spokesman Ed Fernandez did not provide a direct answer but suggested none exist: "Google cannot access Android end-to-end encrypted backup data, even with a legal order," he stated.
That is absolutely laughable. If the uk government couldn't access google data, they would have ordered google the same thing they did with apple.
Apple theoretically can't access their user data when e2e encryption is enabled yet the uk government doesn't care. how does that differ from google ?
once again, if you want your data to be safe from google, apple, and the others you got to avoid all cloud and resort to use good old hard drive with encryption.
the only ones getting fcked are once again the average people who don't have much to hide in the first place, the pedophiles and terrorist they are much more aware than the old fart at the government on how to stay hidden.
(I suppose the silver lining is that Starmer is merely sidling towards Trump as his new best mate rather than the full-throated slobbering that Johnson/Truss/Sunak would have given him.)
[0] I know this is primarily the fault of the last lot but this shower of onions haven't done anything to roll it back and/or clarify WTF is going on.
"No."
Sounds like quite the conspiracy theory, but if the USA were not OK with this, the UK surely wouldn’t dare to take on a crown jewel in the US tech sector, potentially causing them serious problems.
Hence why Trump was cheering on Starmer the other day, despite all that has gone on between them.
Americans need to wake up and realise their state uses uk/israel to do what they don't want to be seen to be doing.
as a side note, its really baffling what this capability would actually provide for? Any serious criminal isn't using icloud backup or even an iPhone in the first place. So this is just a shit outcome for the general population.
If this goes through, I look forward to the news of the world expose on some cabinet members personal details
UK Law Enforcement can suck my dick.
Encryption works people. Use it.
The Investigatory Powers Act 2016 was one of the big things (before Brexit) that made me realise the UK wasn't a suitable place to run a tech business.
It hasn't noticeably improved.
"Full endorsement" of the electorate isn't how representative democracy works. Given FPTP, the government got a huge majority of seats with 33.7% of the votes, but as there's not universal voting that's only 14% of the actual population, and even with those who did vote it's not clear how many people were voting "not the other lot".
Also the wider part of this order is that Apple would access to the international users data, including US customers, if I understand the article correctly.