(Although I was able to access the article in full on the original URL)
The most likely outcome, I would guess, is that Apple just stop offering Advanced Data Protection as a service in the UK rather than create some kind of backdoor.
It's a weak proposition from the government because anyone with something to hide will just move it somewhere else with encryption. Honest UK consumers are the one's getting the shitty end of the stick because we're about to loose protection from criminals.
Daft waste of time.
[1] https://bsky.app/profile/matthewdgreen.bsky.social/post/3lhl...
Democracies without free speech and privacy are not really democracies.
Agreed.
> Apple previously made its stance public when it formally opposed the UK government's power to issue Technical Capability Notices in testimony submitted in March 2024 and warned that it would withdraw security features from the UK market if forced to comply.
https://arstechnica.com/tech-policy/2025/02/uk-demands-apple...
As for Apple, their daily/hourly/whatever fines might be less than cost of a major ad campaign if they were to buy that publicity directly. Sounds like a good deal for them to refuse to honor the request.
I suppose there are people in the camp advocating for back doors who still think it’s worth the tremendous downsides to be able to catch that group of criminals (there are certainly plenty of idiot criminals), but anybody can just use plain GPG emails for free, or deploy some open source encrypted chat server on a $20 a month cloud instance… and I assume operators in places like Russia or China won’t mind hosting easy services for less nerdy criminals willing to pay in crypto.
First, these are the same thing.
Second, ADP is already off by default so approximately nobody uses it. It is irrelevant from a privacy standpoint whether or not they offer it.
Although it's worth wondering why anyone would use any type of corporate cloud backup, anyway. Certainly if you had anything worth hiding, you would disable that first. That just makes this whole endeavor that much more dubious.
This. Whether it is an app to install on your phone or desktop or simply a website to use. People who need encryption to make sure their communication is private will _easily_ find ways around any kind of government snooping.
Sufficiently advanced "escalating fines until they comply" is indistinguishable from "putting them out of business".
How could this even be enforced if Apple pulls out cloud services of the UK ?
It's such a ridiculous request, the British Intelligence agencies must be bored coming up with new ways to make Apple look good.
Looking at the market size that might be a decision that Apple is willing to make as it would most likely be a temporary stick. The government can spin it anyway they want, but Apple devices do not work basically at all without the deep integration of their services. A geoblock would effectively mean UK citizens would be left with unusable devices and I can't see the resulting outrage being directed exclusively at Apple.
It'll be interesting to see how this plays out for sure.
We know they collude with US intelligence serviceUS
I am not a lawyer, but I think that this would be illegal under EU privacy law.
Frankly, the arrogance is appalling.
I suppose this is _good_ but more competent and well funded groups out of Israel, Israeli military complex, Cyprus don’t need to “ask” for a back door.
Honest question, how Apple is doing it in China? Maybe the exact same scheme will work for UK.
No, that does not suggest none exists, it only says they don’t have access to it. They could have chosen or have been ordered to give the keys to the government agency but not keep one themselves. I’m not saying that’s likely, just that it’s important to not take these statements as saying more than they do. They wouldn’t hesitate to use “technically correct” as a defence and you have to take that into account.
The UK has reportedly served Apple a document called a technical capability notice. It’s a criminal offense to even reveal that the government has made a demand. Similarly, if Apple did cede to the UK’s demands then it apparently would not be allowed to warn users that its encrypted service is no longer fully secure.
The whole definition of "end-to-end encrypted" is that only the two ends have the keys. If anyone or anything other than the two ends (the one sending and the one receiving) has access to the keys, it's not end-to-end encrypted.
In most cases it requires a court order as well.
As mentioned in the article, Salt Typhoon and the recency of this request by the UK. At this point they should know better.
My pet theory is anytime the US wants to do something illegal under US law, they simply ask the UK to do it and vice versa. That's why Salt Typhoon isn't and never will be a lesson learned.
[1] Susan Landau and Alan Rozenshtein Debate End-to-End Encryption (Again!) https://www.lawfaremedia.org/article/lawfare-daily--susan-la...!)
Participants spy on each other's citizens on the other's behalf and share data, to avoid the legality of doing so to their own citizens.
edit: typo
Overall i agree with you, it is really disheartening. That being said, i've made progress with my family on valuing privacy and the dangers of surveillance. I think people might be changing their minds slowly but still lots of work to do.
A breakthrough with my sisters was when abortion was threatened here in the states. Mentioned to them that it would be easy for authorities to enforce abortion punishments by subpoenaing data from menstruation cycle tracker apps. This kind of "clicked" for them and they became more open to the other parts (not given ratukan or whatever their purchase history, etc. etc.)
I think we are perhaps the lowest point ever in terms of anti-surveillance efforts. There seems to be bipartisan effort among many (most?) western governments that the government should have unfettered access to all data, regardless of any reasonable expectation of privacy.
Encryption seems barely tolerated these days. Governments are insisting on backdoors, they are making it illegal in some cases for companies to even discuss what is going on or that monitoring is happening.
We barely know what is going on with the programs and efforts that get leaked to the media, much less the programs that operate in total secret.
If you voted for this Tory-lite government, then you can stop voting for any future Tory-lite governments. If you did not, there's not much you can do in practice without devoting your life to it.
What lead to to believe that? The Conservatives and Conservative-Continuity governments both agree that our data simply must be in the hands of the police, DEFRA, and your local council.
RIPA will never be repealed and only strengthened.
It's always through the appearance of good intentions and a public that pushes for whatever narrative they're fed that they normalize this.
People love and want more of this, not less.
And stop making excuses for parties that don't (i.e. Labour, Lib Dems and Conservatives).
At the moment, the UK public (and media) considers it a sport to disparage and smear parties like Reform, whose leaders want to shrink the power and over-reach of the state.
We are so concerned with appearing virtuous and internationally generous, we cannot be seen to align with a party that wants to put UK citizens first (border security? deporting dangerous criminals back to their home nation? gasp, how could we be so ghastly!)
This self-defeating attitude needs to change if we want a better future for our children.
Just old people making bad laws about stuff they don't understand - or are straight up citizen hostile, sometimes hard to tell which it is.
Sadly, the EU is trying very hard and very persistently to pass the Chat Control bill. So far the EU hasn't succeeded, but I would be surprised if EU politicians didn't keep trying until it is finally codified into law.
(disclosure: brit)
I was wondering whether this is about Advanced Data Protection, which encrypts almost all data end-to-end on iCloud. It’s only later in this report that it gets into this key detail:
> At issue is cloud storage that only the user, not Apple, can unlock. Apple started rolling out the option, which it calls Advanced Data Protection, in 2022.
Before stating this, the article says:
> Rather than break the security promises it made to its users everywhere, Apple is likely to stop offering encrypted storage in the U.K., the people said.
This means Apple would be prevented from providing Advanced Data Protection to users in the U.K.
Not making Advanced Data Protection available is made worse by this requirement:
> One of the people briefed on the situation, a consultant advising the United States on encryption matters, said Apple would be barred from warning its users that its most advanced encryption no longer provided full security.
Apple can appeal, but is forced to comply meanwhile (until the appeal is heard) anyway:
> Apple can appeal the U.K. capability notice to a secret technical panel, which would consider arguments about the expense of the requirement, and to a judge who would weigh whether the request was in proportion to the government’s needs. But the law does not permit Apple to delay complying during an appeal.
I believe we should increasingly turn to steganography as a way to ensure our privacy (obviously, combined with encryption). Something that provides simple plausible deniability but lots of data to use as a carrying medium should become the default selection (like "personal videos" — a great use for our phone cameras to build an extensive collection), so even if "identified" as potential carrier for the data, it would be impossible to convict someone over it.
I can imagine a scheme where your secret passphrase defines what bits of data in a video to use to carry actual data and yet avoid changing the output too much. Obviously, coming with a non-reversible algorithm that takes into account different lossy video encoding schemes is non-trivial, though I am sure there is some (plenty?) prior art to build off of.
"Plausible deniability" is cute, but in practice, who cares?
> impossible to convict someone over it.
Yeah, sure, tell me how well that works for you. "Your honor, the data is mathematically indistinguishable from random bytes so you can't convict me" -> "The witness saw you type in a password to view data from that image, give us the password or you're going to prison. Even if you don't give us the passphrase, the police officer says you might be using something called 'steganography', and that's already enough to convict you"
The court and legal system does not care about clever logical tricks or cryptographic tricks or any of that.
Not only that, but also trying to ban platforms that don't follow their censorship guidelines (TikTok in the US, X under scrutiny in UE) and even voiding elections when the result is not good (Romania) under very slim technology-related pretense (somehow a few ads are deemed enough to cancel an election, but 24/7 oriented news from every established newspapers in another country like France is totally OK). It's becoming harder and harder to believe in said democracy when the methods are all but looking like the ones used in non-democracies.
Yes. Democracies around the world are increasingly stopping being democracies.
No. I want all of my data end-to-end encrypted. In transit, at rest, everywhere and at all times. Privacy is a human right. Security of their citizens is what these governments vowed to protect. If they can't, these governments should be changed.
In the US, after Salt Typhoon compromised telecom networks—including court-authorized wiretap systems—the FBI has now (somewhat reluctantly, I think) started advising government officials to use end-to-end encrypted apps like Signal and WhatsApp to protect themselves. [1]
I think the UK government is running a bit behind wrt Encryption.
[1] https://www.npr.org/2024/12/17/nx-s1-5223490/text-messaging-...
> So much for personal liberties. I'd like to give Labour the benefit of the doubt and assume this is a holdover from the last government knowing how fast the civil service actually works but given the Tory 3.0 plan they are going with I wouldn't put it passed them.
>We didn't vote for this.
You very much did vote for this, you voted for Labour under Keir Starmer and he did not particularly hide his being tory-lite. If one is surprised by this they must not have paid any attention before voting.
Labour was behind:
- forced key disclosure (Regulation of Investigatory Powers Act 2000), still in force
- 72 day detention without charge (Terrorism Act 2006), defeated before it became an Act
- national identity register and mandatory id cards (Identity Cards Act 2006), ripped up by the next Tory government
- various attempts at removal of ancient right to trial by jury (partially successful)
The US may suck every now and then, but the US constitution is one of the best things in human history. It protects us from governments like the UK that don't think they have any limits to control their citizens.
This is not true, both because it’s not the only one[1], and because the constitution hasn’t prevented state censorship in the US[2-4].
> It protects us from governments like the UK that don't think they have any limits to control their citizens.
How would it do that? The US constitution has no power over the UK.
[1]: https://worldpopulationreview.com/country-rankings/countries...
[2]: https://journals.ala.org/index.php/jifp/article/view/7208/10...
[3]: https://historycollection.com/10-situations-in-history-when-...
[4]: https://en.m.wikipedia.org/wiki/Censorship_in_the_United_Sta...
Without men and women willing to stand by it and defend it, it is useless. And what we are seeing is that there are increasing number of people who have taken an oath to defend the constitution but have chosen not to do so.
History is full of cases where a well written constitution is ignored by the ruling government.
No, its not. Plenty of other countries have written constitutions with codified rights against the government. Many of them are more explicit about how the conflict between explicit grants of power to the government and explicit rights of the people balance in conflict, which may make them seem superficially less strong; OTOH, the fact that the US Constitution has both unqualified grants of power and unqualified enumerated rights has led to that conflict being resolved by the courts, by...qualifying the rights based in large part on the grants of power.
> Every other country has rights given by the government to their citizens.
That's no more true of “every other country” than it is of the US. The Constitution itself is a deal negotiated between representatives of and ratified by state governments, so all of the rights it protects are, ipso facto, granted by government.
For example, in the Dutch constitution, freedom of speech, religion, privacy et cetera are all qualified “except as restricted by law.” [0] That is to say: if the government passes a law restricting your speech, religion or privacy, that will typically be Constitutionally acceptable. Meanwhile, in the US, the Constitution is absolute, to rather extreme ends. The Dutch constitution is of course rather obvious in its weaknesses, but there are other signs for other countries aside from the text itself. One good method is to take a look at the mechanisms of enforcement of the Constitution and measures of Constitutionality. For a good laugh: https://www.advocatie.nl/nieuws/rechter-mag-wetten-langs-de-...
[0] https://wetten.overheid.nl/BWBR0001840/2023-02-22 For example: “Ieder heeft, behoudens bij of krachtens de wet te stellen beperkingen, recht op onaantastbaarheid van zijn lichaam.” or “Everyone has, subject to restrictions under the law, the right to inviolability of his body.” Most other rights include such a provision.
For example, Germany's Basic Law (Grundgesetz) was created after World War II to ensure the protection of human rights, including freedoms of speech, assembly, and religion, among others. In Canada, the Charter of Rights and Freedoms is part of the Constitution Act of 1982 and guarantees a range of civil liberties. India's Constitution, too, contains an extensive list of fundamental rights that are designed to restrict arbitrary government action, such as the rights to equality, freedom of expression, and personal liberty. South Africa's Constitution is also highly regarded for its strong emphasis on human rights protections.
Even in the United Kingdom, where there is no single written constitution in the US sense, many rights are protected by statutes (such as the Human Rights Act 1998) and established common law principles that limit government power.
Many democracies enshrine rights in law, reflecting the widely accepted idea that such rights are inherent and must be protected against undue governmental interference, rather than merely being granted as privileges.
The next 4 years will certainly prove or disprove this statement!
It's a worthwhile read for anyone.
We elect our politicians. We demand they stop serious crime and terrorism. When they have bad ideas about how to do that, we let them know that it's a bad idea. Or we don't elect them again. This works.
The only way to prevent this is to avoid this huge, massive, centralisation. Of course, Apple wouldn’t want this.
If we had lots of smaller scale hosting providers around the world (potentially dozens per country), the scope of attacking each one with such an order is much smaller.
"The USA fought a war in part because they did not like the use of general writs of assistance to allow agents of the British King to search peoples houses and papers where their suspicion chanced to fall. The UK lost that war so no way!"
I wouldn't characterize the rest of the world as not obsessed, really.
From the article, discussing the idea of Apple stopping offering encryption in the U.K.
“Yet that concession would not fulfill the U.K. demand for backdoor access to the service in other countries, including the United States”
You could probably make an ECHR argument about it, but even Germany who are most paranoid about Stasi-like behavior have some sort of rights carveout for law enforcement purposes.
/j
Therefore you know this is not about chasing the bad guys. It's about keeping the Average Joe under the thumb.
There absolutely is a balance between Average Joe's right to privacy and privacy restrictions for fighting crime. Without undermining the former, I'm astounded how HN discounts the latter 100%. It is real.
Which is not to say I approve of more surveillance. Just that surveillance of convenient modes of communication (iMessage) is useful to serious crime fighting.
That's a very bold assumption after EncroChat and SkyECC.
> Apple says it will remove services such as FaceTime and iMessage from the UK rather than weaken security if new proposals are made law and acted upon.
Where does this problem start? Is it a basic education thing that valuing one's own and others' privacy needs to be taught to kids from a young age?
For instance, in the meetings in which these ideas are proposed, why are they not considered a serious, fireable offence, like bringing up racist or sexist comments?
Hate to tell ya, those aren't fireable offenses at the highest offices anymore either.
It starts with UK citizens buying iPhones and expecting their data to be private at all.
As a solution to never have unencrypted files in iCloud.
I follow the same procedure with my Android phone, no google cloud.
BTW anything I upload to Dropbox is encrypted first.
I thought we had grown ups running the show now. Clearly that was optimistic.
1. https://support.apple.com/en-us/111754 says you can change your country to opt-out of GCBD.
2. https://www.bbc.com/news/business-42631386 says "iCloud accounts registered outside of China are not affected."
We have had a number of bad laws over the last ten years that have entrenched state surveillance and presumption of guilt.
The only party I can see taking a principled stance on civil liberties is Reform UK, whose policy document states:
> A British Bill of Rights
> Our freedoms must be codified and guaranteed. Never again can our entire country be locked down on shoddy evidence and lies. Our data and privacy must be protected. Surveillance of the public must be limited and those monitoring us held to account.
https://assets.nationbuilder.com/reformuk/pages/253/attachme...
Recent polls show Reform is currently the most popular party. So there is hope.
What’s this about? Is it some mad “covid was a hoax” thing?
- that’s silly - they can’t do that legally - this makes no technical sense - this is a bad idea - this will never happen
The entire globe becomes Xi Jinpeng’s China with American Characteristics after the iCloud encryption system is neutered and a court warrant is no longer needed.
> The law, known by critics as the Snoopers’ Charter, makes it a criminal offense to reveal that the government has even made such a demand. An Apple spokesman declined to comment.
* https://www.washingtonpost.com/technology/2025/02/07/apple-e...
* https://archive.is/https://www.washingtonpost.com/technology...
> The Investigatory Powers Act 2016 (c. 25) (nicknamed the Snoopers' Charter)[1] is an Act of the Parliament of the United Kingdom which received royal assent on 29 November 2016.[2][3] Its different parts came into force on various dates from 30 December 2016.[4] The Act comprehensively sets out and in limited respects expands the electronic surveillance powers of the British intelligence agencies and police.[4] It also claims to improve the safeguards on the exercise of those powers.[5]
* https://en.wikipedia.org/wiki/Investigatory_Powers_Act_2016
Not just "see also." Your link is the original reporting.
Without journalists and organizations like these doing hard, expensive work like this no one -- not even on HN -- would know about it.
It's a shame that the link being used for the HN entry is to a blog re-writing other people's work, and not doing any of that work or sharing any of that expense themselves.
Correct link:
https://www.washingtonpost.com/technology/2025/02/07/apple-e...
No, I don't care if there's a paywall. Credit where credit is due is something your mom should have taught you when you were five.
1: https://x.com/elonmusk/status/1876174862747930717?lang=en
iMessage is barely used in the UK, WhatsApp is the default messaging platform here
DOGE was recently unable to obtain data on Americans (https://www.msn.com/en-us/news/politics/elon-musks-doge-deal...), maybe related...
They had read/write data for a few days before being denied access https://www.wired.com/story/elon-musk-associate-bfs-federal-...
Does Apple lose much, in future revenue if people buy out of the ecology in the UK market? At scale, sure. But then again no. It's a 3.8 trillion dollar company. This is almost noise.
I don't think there will be a rush to the door. Set against overall revenue targets, they can comply and weather the storm.
America used to push the rest of the world to give their people those rights. Used to....
I felt an obligation to excessively site stuff here, because I find it bemusing anybody in tech can take such articles or topics at face value.
[1] - https://en.wikipedia.org/wiki/PRISM
[2] - https://en.wikipedia.org/wiki/Five_Eyes
[3] - https://en.wikipedia.org/wiki/Parallel_construction#By_the_U...
If Apple can be compelled to keep shut about Push Notifications being bugged, who knows what else they're obligated to keep under the covers. Caveat emptor.
Even if you ignore the above points, Apple's software is closed source. You cannot change OS or install any unapproved app on your own phone. Apple phones are Orwellian's wet dream. If people still trust bigtech then society is doomed.
This is completely false. It has been shown time and time again that Apple will bend to whatever data requests the US government ask for.
You may think they care about your privacy, because they tell you they do. But they are legally bound to say that. Every surveilance program they have ever been part of has had a legal requirement to lie publicly about its existance. Then when it becomes public through a leak, they are able to say 'Sorry we lied, we had to by law'.
Heres just one example: https://www.macrumors.com/2023/12/06/apple-governments-surve...
Naive implication. They're authoritarian henchmen.
If you're holding out on Apple, a company that has proven to betray every principle they claim to stand for, to defend privacy when money is on the line, then you've been fooled. I don't know how many times Hacker News has to say it before you chumps learn, but Apple is not a privacy-committed company. Being able to point at whitepapers is not the same as knowing how your device functions.
[0] https://www.macrumors.com/2023/12/06/apple-governments-surve...
I should emphasize that 'I personally don't care'. I find it more interesting that people believe there is some safety in Apple products because their marketing says so.
When I was younger, I used to care about these people getting taken advantage of. Today, I wonder how I can replicate the formula. Sorry pals, Apple did it and people were happy about it. I'll make people happy too, its a Noble lie... err Paternal lie :)
It all begs the question, what else have they requested, and of those which requests were accepted secretly?
Truly a pathetic example of a democracy.
iCloud Backup is not end to end encrypted. iCloud Photos is not end to end encrypted.
Apple can read all of your iMessages and see all of your photos.
The governments where they operate can compel them to turn over this data. They can and do. Often.
Operationally this doesn’t really change much.
It can just order to a third party do so. Wait, why does a third party have access to peoples' private communications. That is the Apple design. The company wants people to use their servers.
Cloaking mass privacy violations under "operational matters" is the most doublespeak bullshit I've ever heard.
If you do not control the keys and the software that controls the keys, then you are not using end to end encryption.
In my honest opinion, in this specific context UK should be treated with the same scrutiny we treat China.
Through Five Eyes the US agencies could, via the UK, get global access to iCloud accounts
No need to change US law
Anyone with a fundamental understanding of online privacy and security would encrypt any files prior to uploading them to the cloud rendering any back doors and access to those files useless and toothless.
I dont use any of these services. I have never understood the thinking around uploading your private life to some server in the cloud when they are more secure on an external hard drive at home.
And the next day this or blocking DeepSeek (in Italy).
https://news.ycombinator.com/item?id=42975170
They're not exactly the same, but you should have similar feelings about forcing a company to hand over data to researchers and forcing a company to install a back door for law enforcement.
Here we are, though, at the point where the government overreach for these "beacons of democracy" such as US and UK do this often and by design and we're all supposed to pretend "thing are fine, trust us". Next they'll push some other overreach using children, terrorism, drugs or some other usual excuse and people will defend it pretending the government has good intentions and largely works for the people.
Why is it tho ? The government has something to hide ? i mean it's complete bullshit, citizen have the right to privacy and government has the obligation of transparency and being accountable to its citizens.
When did the UK turned into a middle east dictatorship ?
> Google has enforced default encryption for Android phone backups since 2018. When asked by The Post whether any government had requested a backdoor, Google spokesman Ed Fernandez did not provide a direct answer but suggested none exist: "Google cannot access Android end-to-end encrypted backup data, even with a legal order," he stated.
That is absolutely laughable. If the uk government couldn't access google data, they would have ordered google the same thing they did with apple.
Apple theoretically can't access their user data when e2e encryption is enabled yet the uk government doesn't care. how does that differ from google ?
once again, if you want your data to be safe from google, apple, and the others you got to avoid all cloud and resort to use good old hard drive with encryption.
the only ones getting fcked are once again the average people who don't have much to hide in the first place, the pedophiles and terrorist they are much more aware than the old fart at the government on how to stay hidden.
(I suppose the silver lining is that Starmer is merely sidling towards Trump as his new best mate rather than the full-throated slobbering that Johnson/Truss/Sunak would have given him.)
[0] I know this is primarily the fault of the last lot but this shower of onions haven't done anything to roll it back and/or clarify WTF is going on.
"No."
Sounds like quite the conspiracy theory, but if the USA were not OK with this, the UK surely wouldn’t dare to take on a crown jewel in the US tech sector, potentially causing them serious problems.
Hence why Trump was cheering on Starmer the other day, despite all that has gone on between them.
Americans need to wake up and realise their state uses uk/israel to do what they don't want to be seen to be doing.
as a side note, its really baffling what this capability would actually provide for? Any serious criminal isn't using icloud backup or even an iPhone in the first place. So this is just a shit outcome for the general population.
If this goes through, I look forward to the news of the world expose on some cabinet members personal details
UK Law Enforcement can suck my dick.
Encryption works people. Use it.