I don't think the UK government would try to put Apple out of business if they don't comply it's more likely that they would just get heavily fined until they do so.
The most likely outcome, I would guess, is that Apple just stop offering Advanced Data Protection as a service in the UK rather than create some kind of backdoor.
It's a weak proposition from the government because anyone with something to hide will just move it somewhere else with encryption. Honest UK consumers are the one's getting the shitty end of the stick because we're about to loose protection from criminals.
You're assuming that turning off ADP in the U.K. is sufficient to appease the British Government. The Investigatory Powers Act can also be interpreted to give the U.K. the right to ask for encrypted data from users outside of the U.K. (see Apple making this exact point in a filing here [1].) Turning off ADP in the U.K. doesn't end the controversy if that's what's at stake.
It creates a nasty precedent doesn't it? If Apple can provide the UK government with foreign data, what's to stop Russia or China making them provide data on UK minister's phones, or more likely dissidents in exile? I can't see on what basis the government thinks they're going to get to be exceptional here?
They might have to settle for it. The power of a government is not equal to what legislation they pass - they are heavily limited by the economic and publicity consequences of decisions.
As such, any outcome where this is enforced will be a compromise.
That’s probably the reason apple is resisting. They are currently certified as moderately trust worthy for government operations in Germany. Giving in would invalidate that.
Guess what? Trump will (hopefully) come to the rescue here. Don't laugh at that. I'd imagine he will be helpful possibly even with some of the EU rules such as in particular the one which makes even small US companies liable (as I recal) for notifying users of cookies on a website.
I will stop using a service or hardware that could grant peaking rights into my folders to a possible administration like the one currently in the US. On day 1, zero hesitation
What is up with the UK? I have always loved my British friends and appreciated England’s history (setting aside their brutality during the British Empire). I just don’t understand where they went wrong on curtailing free speech rights of their citizens, privacy rights, etc. I just hope we in the USA don’t follow their lead.
Democracies without free speech and privacy are not really democracies.
We're governed by the most technically inept people possible.
The Peter Principle writ large.
I'm pretty sure there was a story on here recently when UKGOV / GCHQ were recruiting for a 'senior something something tech/developer/code breaker', offering about the same as a typical entry-level graduate job.
Sell off ARM to foreign interests? Check.
Tell AI data centres where they must be built? Check.
Various inept age checking and backdoor access plans? Check.
The USA strongarming us after 9/11 didn't help. You don't have to look beyond the borders of the US to answer "what's up with the UK" when it comes to eg terrorism legislation
But yes historically we have been pretty brutal. Look up history the past 600 years. We didn't get a huge empire by asking nicely for their land and resources
> I just don’t understand where they went wrong on curtailing free speech rights of their citizens, privacy rights, etc.
Security establishment's innate desire to read and listen to absolutely everything. Blair/Bush's war on terror. Id card proposals. Smart phone use sky rockets. Supposed E2E comms. Hate speech. Something must be done! Right wing policies on pretty much everything cause more protest. Tories criminalise (*some types of) protest. Labour government raises TCN to Apple.
UK probably went wrong when they left the EU, which since then has done some work on data protection laws. Leaving the EU will probably turn out a mistake, but they could have, in some areas made it a positive thing. They could have made even stronger data protection and privacy laws for their citizen. They could have enforced them more than the EU enforces GDPR. These things do not happen because of uninformed and corrupt politicians. Trade is of course another area, where they could have tried to ensure, that they stick to EU quality and safety controls, to avoid lots of drama and headache. But it was difficult anyway, because if you stick to all things EU, then why leave in the first place? They would have to uphold standards and improve upon them, while being in a weaker position to negotiate with outside of EU partners.
> The most likely outcome, I would guess, is that Apple just stop offering Advanced Data Protection as a service in the UK
Agreed.
> Apple previously made its stance public when it formally opposed the UK government's power to issue Technical Capability Notices in testimony submitted in March 2024 and warned that it would withdraw security features from the UK market if forced to comply.
I feel like the UK always tries to do this w/ encryption. I don't know if it's a cultural sway GCHQ has on legislators and such but it happens w/ every generation of cryptography. Weren't they the one that neutered GSM encryption such that it was essentially ineffective from the get go?
You're assuming people's actual motivations match up with their stated motivations. If your motivation is to be re-elected to a government post by appearing to be tough on terrorism and drugs, every possible outcome of this course of action benefits you. Apple leaves? They were terrorist enablers and you're better off without them. Apple acquiesces? You're the David who took on Apple's goliath and won safety for everyone (again, regardless of whether this actually improves safety for anyone). Apple ignores you? You have an ongoing feud with Dangerous Big Tech that you can campaign and fundraise on for as long as it lasts.
The UK government can’t put Apple out of business; Apple can easily afford to simply exit all business in the UK. The UK is betting that Apple’s greed outweighs their principles. Long odds.
It's betting that the size of Apple's UK market is larger than the impact Apple's privacy marketing has on its worldwide market. Those odds aren't obvious to me
Curious about what would happen if Apple withdrew from the UK and locked all devices with a message saying 'Your device has been disabled following the decision of the UK government to introduce new laws which mean service can no longer be offered in the UK', or something similar. They could base it on GPS or detected MCC codes.
I wonder if you would get anarchist riots until the law was removed. Many of the young with an expensive bricked iPhone (or parents whose kid's iPad was disabled) would probably side with Apple over already unpopular politicians...
The UK is betting that Apple’s greed outweighs their principles. Long odds.
Three weeks ago, I would have agreed with you.
Then Tim Cook wrote a check for $1,000,000.00 to help pay for Donald Trump's inauguration party.†
In spite of what they led us to believe over the last couple of decades, Tim Cook and Apple are no different than any of the other tech companies genuflecting before the new emperor, whose stated goals are the opposite of the "mission, vision and values" lies we were fed by the tech industry.
Sounds like you're assuming that UK's goal is to stop criminals. I don't think that's their goal. I think that's their cover story.
As for Apple, their daily/hourly/whatever fines might be less than cost of a major ad campaign if they were to buy that publicity directly. Sounds like a good deal for them to refuse to honor the request.
A backdoor for one is an opportunity for many. Given the UK is completely incapable of outspending most of the world on compute, this effectively hands their enemies that data they’re looking for.
Yes, encryption is one of the most “cat’s out of the bag” situations - even assuming every company worldwide is cowed into submission by governments to add back doors, all they’re going to be catching is the dumb and unsophisticated criminals and even that will diminish as even the dummies realize every text and call is wiretapped once people start seeing their private communiques come out in court.
I suppose there are people in the camp advocating for back doors who still think it’s worth the tremendous downsides to be able to catch that group of criminals (there are certainly plenty of idiot criminals), but anybody can just use plain GPG emails for free, or deploy some open source encrypted chat server on a $20 a month cloud instance… and I assume operators in places like Russia or China won’t mind hosting easy services for less nerdy criminals willing to pay in crypto.
This appears to be majority of them if Brian Krebs is to be trusted. Very few have proper OPSEC, fewer still are disciplined enough to prevent cross contaminating their virtual identities.
Even if you keep your communications airtight, boneheaded decisions when they move the money from cyberspace into meatspace are quite common: people living way beyond their means, 22 y/o's buying $200K+ cars without proper income records get caught quickly once people start looking.
> The most likely outcome, I would guess, is that Apple just stop offering Advanced Data Protection as a service in the UK rather than create some kind of backdoor.
First, these are the same thing.
Second, ADP is already off by default so approximately nobody uses it. It is irrelevant from a privacy standpoint whether or not they offer it.
ADP is a relatively new thing. it makes sense to roll it out gradually both from engineering POV as well as marketing.
Further, as all other forms of e2ee, it makes you responsible for the encryption keys.
As a user on the platform I am quite happy it is offered. Considering that these days it is quite difficult not to have a mobile device associated with “you” (you open links sent to “you” on your mobile device? consider that device compromised from privacy perspective), id rather it be on the platform with stronger protections.
Apple should and can just sever its relationship with the British public and let them reap the consequences of submitting to their nanny state.
Although it's worth wondering why anyone would use any type of corporate cloud backup, anyway. Certainly if you had anything worth hiding, you would disable that first. That just makes this whole endeavor that much more dubious.
"It's a weak proposition from the government because anyone with something to hide will just move it somewhere else with encryption."
This. Whether it is an app to install on your phone or desktop or simply a website to use. People who need encryption to make sure their communication is private will _easily_ find ways around any kind of government snooping.
>I don't think the UK government would try to put Apple out of business if they don't comply it's more likely that they would just get heavily fined until they do so.
Sufficiently advanced "escalating fines until they comply" is indistinguishable from "putting them out of business".
I honestly don't even think we'd fine them real money, it would be too unfriendly to business. So what's this? I think political posturing or at worst the worlds weakest bargaining chip.
Maybe USG will now stand behind American companies and push back on this sort of thing? Enough of the EU or UK fining US companies over bullshit. In this case it's also better for the UK consumers too.
As long as Apple has a business presence in the UK, they are subject to the laws the UK imposes on them even if they're vastly overreaching and impose on other government's citizens. Not supporting cloud services wouldn't be sufficient to avoid the compliance requirement, they would have to formerly stop doing business in the UK.
Looking at the market size that might be a decision that Apple is willing to make as it would most likely be a temporary stick. The government can spin it anyway they want, but Apple devices do not work basically at all without the deep integration of their services. A geoblock would effectively mean UK citizens would be left with unusable devices and I can't see the resulting outrage being directed exclusively at Apple.
It'll be interesting to see how this plays out for sure.
I think this is the most solid answer I’ve seen so far that makes any sense. Could they still go through with it , I’m not sure, they want to project some influence but I still feel this is like haggling for half price to get cost.
Someone else here said something spot on for me, we’re all focusing on how bat sh*t this is because it’s global without even considering how human privacy obligations are just ignored.
Humans have a right to privacy, feels unbelievably pretentious and privileged to even say that. But it’s still true
> As long as Apple has a business presence in the UK, they are subject to the laws the UK imposes on them even if they're vastly overreaching and impose on other government's citizens.
I wonder if this means that Apple would ultimately take the same approach that they have in China, where the iCloud data and services are entirely localized within China and allows the Chinese government unrestricted access.
Apple still has legal entities in the UK. Pulling out cloud services would be insufficient to prevent the UK authorities from interfering with their activities.
> prevent the UK authorities from interfering with their activities
I'm still missing how this could be enforced ? To my layman understanding, this reads the same as if China said : "Meta, Tesla, Valve etc has entities in China therefore we get to see all data they store in the EU and the US.
The UK has Zero jurisdiction in Ireland for example where a lot of EU data may be stored.
More importantly, apple has customers in the UK. The business from captured apple users is more valuable than apple's privacy reputation.
This all seems very similar to RIM and the aftermath of the riots in the UK. The backdoors became too obvious for customers to ignore. Did not go well for RIM in the market afterwards.
I think it’s a cultural issue. The British have an inflated sense of national self worth as a result of being the world’s largest power during the British empire. While this has not been the case for some time now (since Suez in 1948? Longer?) the people still carry the memory and national myth of great importance. This is likely what drives a sense of entitlement that British demands should bypass the laws of every other country in the world and give them unfettered access to everyone’s data. Think about that, literally everyone who has an Apple device!
MI6 probably gutted the cybersec division. Probably don’t have many viable sploits in their cache against Apple.
I suppose this is _good_ but more competent and well funded groups out of Israel, Israeli military complex, Cyprus don’t need to “ask” for a back door.
> When asked by The Post whether any government had requested a backdoor, Google spokesman Ed Fernandez did not provide a direct answer but suggested none exist: "Google cannot access Android end-to-end encrypted backup data, even with a legal order," he stated.
No, that does not suggest none exists, it only says they don’t have access to it. They could have chosen or have been ordered to give the keys to the government agency but not keep one themselves. I’m not saying that’s likely, just that it’s important to not take these statements as saying more than they do. They wouldn’t hesitate to use “technically correct” as a defence and you have to take that into account.
Before people immediately think the worst of Google or other corporate representatives, be aware that people working in these companies need to weight their words carefully. From The Verge's article on the issue:
The UK has reportedly served Apple a document called a technical capability notice. It’s a criminal offense to even reveal that the government has made a demand. Similarly, if Apple did cede to the UK’s demands then it apparently would not be allowed to warn users that its encrypted service is no longer fully secure.
Which is exactly why I’m making this point. If no government had requested a backdoor, they could’ve simply answered “no”. When you have to weight your words, it means you’re not at liberty to say whatever you want. That is itself a signal, and why warrant canaries are a thing.
How does this work wrt false advertising laws? If I relied upon their end to end encryption and it turns out to be false advertising because there's a secret backdoor, who do I sue?
But they can still notify the public, through those canary statements. (I forgot the name commonly used).
For example (a simplistic one), you can have a statement like "we do not have any backdoors in our software" added to your legal documents (TOS, etc). But once a backdoor is added, you are compelled by your lawyers to remove that statement. So you aren't disclosing that you have added a backdoor. You're just updating your legal documents to make accurate claims.
> if Apple did cede to the UK’s demands then it apparently would not be allowed to warn users that its encrypted service is no longer fully secure.
One would think this runs afoul of other laws though, truth in advertising and similar.
Its such a legal minefield, and the UKs request borders on violating the sovereignty of other nations I can't see Apple complying, but maybe that's hopium talking.
> No, that does not suggest none exists, it only says they don’t have access to it. They could have chosen or have been ordered to give the keys to the government agency but not keep one themselves.
The whole definition of "end-to-end encrypted" is that only the two ends have the keys. If anyone or anything other than the two ends (the one sending and the one receiving) has access to the keys, it's not end-to-end encrypted.
Whatsapp has had end-to-end encryption since 2016. But it only added encryption to cloud backups in 2021. They didn't share any key material with Google, just backed up the messages and media without any encryption to begin with.
Yes exactly. Google is very careful to say that "Google cannot access Android end-to-end encrypted backup data" and notice it doesn't say that all Android backups are end-to-end encrypted. For what we know, Google could have decided to use non-end-to-end backups in the UK and end-to-end backups everywhere else.
But if they could give a key to the government agency, it wouldn't be end-to-end encrypted, right? Or are you thinking they would have a copy of users' keys that they gave out? (Which I guess is technically possible.)
They could also cripple user key-generation. E.g. they choose random primes from a known subset. It would make communication crackable while also being difficult to detect.
It would be no different from how multiple devices and users access the same content (chat, shared data, etc.). The government’s keys would always be included in set which encrypts the real key. They don’t need the users’ key, Apple doesn’t need their private keys. So technically still end to end encrypted, just with a hidden party involved. Users have no way of knowing this doesn’t already happen.
And when their key leaks, it’s as good as no encryption, but still end-to-end encrypted.
You can not use a DH key exchange, and create the symmetric key by some procedure that is predictable, or encode the symmetric key with the government's public key and send it to them.
It doesn't stop being end-to-end when you add another end. We often do group chats that way.
Or you can create a side-channel and send al the data there. That would stop it from being end-to-end.
My layman’s understanding is that a user’s private key is used to decrypt a random key, which is then used to protect data. Shared files then only require adding key access to that small secret by someone who knows the original key. If one of the original public keys is always one held by authorities, Google never needs to have custody of the private key and can’t access the data themselves making the statement true, but misleading.
Not surprised, considering UK's ridiculous key disclosure law (United Kingdom
The Regulation of Investigatory Powers Act 2000 (RIPA), Part III, activated by ministerial order in October 2007, requires persons to decrypt information and/or supply keys to government representatives to decrypt information without a court order.)
that makes anyone with high-entropy random data (which is undistinguishable from the crypto-container) a criminal for "not providing the keys to decrypt"
This is the way that the UK has passed laws for a while now, make them so broad that they potentially criminalise everyone, then selectively prosecute. This is a very obvious setup for future totalitarianism. I’m surprised that the British public stands for it, but I guess they must not care.
People here are very passive and used to being pulled around.
It's insane how far people's rights have eroded already. No right to protest, no right for privacy - what's next on the chopping block?
This is fuelled by notion that law enforcement is incompetent and doesn't work.
If law enforcement won't catch criminal even if you had them all the details, evidence, witnesses, then average person thinks there laws are dead anyway as there is no one competent to enforce them.
> I’m surprised that the British public stands for it, but I guess they must not care.
I can educate people but it always comes back to "I've not got anything to hide". What are we suppose to do, go out to the streets and protest? Start a petition, right to a PM who has no idea what encryption is?
Mentioning Linux to my family opens a can of worms. We are naive to think protesting actually changes something, it's old fashion. Those with power just don't care so unless people attack with their wallets nothing will come from.
It's not 1995 so unless you have £ for lobbying surrounded by people in suites there is nothing public of any nation can do against anyone in power.
Brit here. Yeah from my experience people don't care. Hardly anyone gets prosecuted and those who do have often done something bad.
Most day to day complaints are they don't prosecute enough, often related to the bastard that snatched your phone. We have approximately zero people sitting in jail for failing to decrypt and similar.
>This is a very obvious setup for future totalitarianism.
No it really isn't. If they are planning a totalitarian takeover they are being very sneaky about it. There is a strong anti totalitarianism tradition here including elections since 1265, writing books like 1984 and bombing nazis.
I've tried to explain the issues with the UK government's stance on digital privacy to my friends. The responses I get:
* I have nothing to hide, I don't care
* Oh come on, our government doesn't care what I'm up to
* The UK will never be totalitarian. I'm not scared of the government
* The UK civil service is incompetent and could never pull this off (fair point, although I worry about the safety of my personal data in the hands of such people)
Let's not forget we had a hard-left (Corbyn) socialist regime come close to power, whose cabinet members called for "direct action" against political opponents, just a few years ago.
I don't think people realise how quickly things could go wrong with these surveillance mechanisms in place, and spiteful, authoritarian politicians taking power.
It seems like perfect case to make multi-container encryption as default. That is different data will be revealed using different key and there is no way of knowing how many containers there are in the blob of data and not possible to prove someone is hiding a key.
Not if the state can access your super secret containers while you access them with your software. Because state backdoor either in hardware or in OS level
It's incumbent on the prosecution to prove that you know the key they are claiming you are withholding. It is a defence to say you forgot it, or that the data is random. The prosecution would have to prove that you didn't forget it and that the data is not random.
As mentioned in the article, Salt Typhoon and the recency of this request by the UK. At this point they should know better.
My pet theory is anytime the US wants to do something illegal under US law, they simply ask the UK to do it and vice versa. That's why Salt Typhoon isn't and never will be a lesson learned.
It's not a pet theory, it's exactly how the Five-Eyes system is meant to work. I remember when Total Information Awareness was announced and they even had a cool badge designed for the new govt department. It wasn't a popular idea.
It is a pet theory. It is illegal for the US to access its citizens' and residents' data without a warrant, and asking somebody else to do it doesn't magically make it legal.
Australia does a great job of enacting wacky authoritarian policies in the last 5 years; It would make sense to use them as a staging ground. Does any specific legislation come to mind?
This is so disheartening. I thought we were making progress in the anti-surveillance privacy narrative, but this says otherwise. As a UK citizen, is there anything I can do to dissuade this?
In my mind, the only way to beat these efforts for good is to win hearts and minds of the larger public. Currently because only weirdos like us care about this stuff, we have to constantly be on top of these things and writing letters making posts etc.
Overall i agree with you, it is really disheartening. That being said, i've made progress with my family on valuing privacy and the dangers of surveillance. I think people might be changing their minds slowly but still lots of work to do.
A breakthrough with my sisters was when abortion was threatened here in the states. Mentioned to them that it would be easy for authorities to enforce abortion punishments by subpoenaing data from menstruation cycle tracker apps. This kind of "clicked" for them and they became more open to the other parts (not given ratukan or whatever their purchase history, etc. etc.)
Thought experiment: let’s say that Trump said that he thinks Apple is helping hide illegal immigrants because they are communicating with each other over channels that ICE can’t decrypt, how much pressure do you think he could put on legislatures to pass a law here?
Now let’s say that some Republican Senators and Representatives were ethically opposed to but then threatened to be primaried and President Musk said he would throw all of his money behind a potential opponent, how long do you think it would take a law to be passed?
Even without a law, we already see that Cook will willingly bend a knee to Trump as will Google.
Right now in my home state the governor was trying to get a law passed banning Western Union from allowing illegal immigrants from sending money overseas.
> I thought we were making progress in the anti-surveillance privacy narrative, but this says otherwise.
I think we are perhaps the lowest point ever in terms of anti-surveillance efforts. There seems to be bipartisan effort among many (most?) western governments that the government should have unfettered access to all data, regardless of any reasonable expectation of privacy.
Encryption seems barely tolerated these days. Governments are insisting on backdoors, they are making it illegal in some cases for companies to even discuss what is going on or that monitoring is happening.
We barely know what is going on with the programs and efforts that get leaked to the media, much less the programs that operate in total secret.
> As a UK citizen, is there anything I can do to dissuade this?
If you voted for this Tory-lite government, then you can stop voting for any future Tory-lite governments. If you did not, there's not much you can do in practice without devoting your life to it.
Wait. The Tories aren’t in power yet you want to attribute this to “Tory-lite?” It’s the Labour Party that is in charge, so why not put the blame on the actual perpetrators? Is it because you don’t want Labour getting blamed? I am confused. The Labour Party is the one jailing people for speech, so it follows that they would want backdoors into iCloud so they can better investigate ThoughtCrime.
The director of public prosecutions of England and Wales, Stephen Parkinson (appointed by the Labour Attorney General), warned against "publishing or distributing material which is insulting or abusive which is intended to or likely to start racial hatred. So, if you retweet that, then you’re republishing that and then potentially you're committing that offense [incitement to racial hatred]."
He added further, "We do have dedicated police officers who are scouring social media. Their job is to look for this material, and then follow up with identification, arrests, and so forth."
If you agree that Brexit happened under the Tories and not Labour, then we can also agree that THIS order is happening under the newly elected "Labour Party" and not the "Tories", or so-called "Tory-lite" names.
It's completely pointless trying to remove accountability of this government's illogical actions and then to immediately resort to blaming the previous government for bad decisions like this one.
Just admit that this is under the Labour government.
The government is a reflection of the people. It might not be perfect, but if 80% of the country didn’t want this type of surveillance we wouldn’t see any government pushing it.
You have to change the view of the country as a whole, and for generations the U.K. has been a country of curtain twitchers.
Yeah know, at some point a historical review would suggest that the constant stream of labour led initiatives to end privacy might indicate that the problem is not just the tories.
> I thought we were making progress in the anti-surveillance privacy na[rra]tive
What lead to to believe that? The Conservatives and Conservative-Continuity governments both agree that our data simply must be in the hands of the police, DEFRA, and your local council.
RIPA will never be repealed and only strengthened.
I don't disagree with your analysis but i wouldn't be so fatalistic. This stuff _isn't_ inevitable and i think it's possible to win people over to our side. Things can change for the better, but they won't unless people who care don't give up
Probably helps if the next time they try to remove the rights of large segments of the populace based on medical choices, lock people down, track them and propose vaccine passports, that you realize where everything is headed and oppose it vocally.
It's always through the appearance of good intentions and a public that pushes for whatever narrative they're fed that they normalize this.
Let's start supporting parties that have principles.
And stop making excuses for parties that don't (i.e. Labour, Lib Dems and Conservatives).
At the moment, the UK public (and media) considers it a sport to disparage and smear parties like Reform, whose leaders want to shrink the power and over-reach of the state.
We are so concerned with appearing virtuous and internationally generous, we cannot be seen to align with a party that wants to put UK citizens first (border security? deporting dangerous criminals back to their home nation? gasp, how could we be so ghastly!)
This self-defeating attitude needs to change if we want a better future for our children.
> Let's start supporting parties that have principles.
The problem is that there are none.
The correct assessment of all these political parties is that by default, they all cannot be trusted. Especially both labour and the conservatives.
> This self-defeating attitude needs to change if we want a better future for our children.
Yes. The second problem is that the United Kingdom is incapable to changing itself historically and is fundamentally destined to never be open to change.
Sadly, the EU is trying very hard and very persistently to pass the Chat Control bill. So far the EU hasn't succeeded, but I would be surprised if EU politicians didn't keep trying until it is finally codified into law.
Successive UK governments consistently fail to understand the UK's place in the modern world. Insisting on access to encrypted data in all jurisdictions globally is just another example of them thinking small and acting big. Its the digital equivalent of sending a gunboat to put-down the troublesome "natives". Meanwhile its 2025, not 1925.
I'd like to think that we've reached the point now that there will be mass resistance to threats to privacy and freedom of speech in the UK, but Britons are such a docile, accepting, and pliant people when it comes to standing up to Big Brother.
Why now? I gave up on this at least 10 years ago. If you can't even get techy people to think about the ethical ramifications of encryption etc then it's a lost cause. What makes you think now it's different? They said it couldn't get much worse 10 years ago, as did they 20. Do you really think the UK population has a breaking point where they will suddenly understand privacy and why it's important?
The UK population generally wants to put their fingers in their ears and pretend everything is ok. Remember we're all descended from people who didn't go to the colonies to try to get a better life.
I looked them up and they are not terribly old but did Ancient and Modern History at Oxford - the guy who did the law and philosophy, politics and economics at Oxford - Home Secretary. I doubt they are very up on tech.
What are you talking about? I'm a german and the surveillance here is crazy. The EU is pushing for more surveillance.
I always love the left wing echo chambers like reddit/HN who pretend like the EU is some kind of utopia.
Readit News
(Although I was able to access the article in full on the original URL)
The most likely outcome, I would guess, is that Apple just stop offering Advanced Data Protection as a service in the UK rather than create some kind of backdoor.
It's a weak proposition from the government because anyone with something to hide will just move it somewhere else with encryption. Honest UK consumers are the one's getting the shitty end of the stick because we're about to loose protection from criminals.
Daft waste of time.
[1] https://bsky.app/profile/matthewdgreen.bsky.social/post/3lhl...
As such, any outcome where this is enforced will be a compromise.
https://support.apple.com/en-bh/guide/certifications/apc37da...
Democracies without free speech and privacy are not really democracies.
The Peter Principle writ large.
I'm pretty sure there was a story on here recently when UKGOV / GCHQ were recruiting for a 'senior something something tech/developer/code breaker', offering about the same as a typical entry-level graduate job.
Sell off ARM to foreign interests? Check.
Tell AI data centres where they must be built? Check.
Various inept age checking and backdoor access plans? Check.
That's where the UK is.
But yes historically we have been pretty brutal. Look up history the past 600 years. We didn't get a huge empire by asking nicely for their land and resources
Isn’t this precisely the set of causes that precipitated The Declaration of Independence?
Security establishment's innate desire to read and listen to absolutely everything. Blair/Bush's war on terror. Id card proposals. Smart phone use sky rockets. Supposed E2E comms. Hate speech. Something must be done! Right wing policies on pretty much everything cause more protest. Tories criminalise (*some types of) protest. Labour government raises TCN to Apple.
Dead Comment
Agreed.
> Apple previously made its stance public when it formally opposed the UK government's power to issue Technical Capability Notices in testimony submitted in March 2024 and warned that it would withdraw security features from the UK market if forced to comply.
https://arstechnica.com/tech-policy/2025/02/uk-demands-apple...
The A5 cipher used in GSM came from France, but supposedly the Brits were also happy to have it be weak.
I wonder if you would get anarchist riots until the law was removed. Many of the young with an expensive bricked iPhone (or parents whose kid's iPad was disabled) would probably side with Apple over already unpopular politicians...
Three weeks ago, I would have agreed with you.
Then Tim Cook wrote a check for $1,000,000.00 to help pay for Donald Trump's inauguration party.†
In spite of what they led us to believe over the last couple of decades, Tim Cook and Apple are no different than any of the other tech companies genuflecting before the new emperor, whose stated goals are the opposite of the "mission, vision and values" lies we were fed by the tech industry.
† In case you (or anyone else) missed it: https://variety.com/2025/biz/news/apple-ceo-tim-cook-donates...
Apple has shareholders, so no it can't (or more precisely, Tim Cook can't).
As for Apple, their daily/hourly/whatever fines might be less than cost of a major ad campaign if they were to buy that publicity directly. Sounds like a good deal for them to refuse to honor the request.
I suppose there are people in the camp advocating for back doors who still think it’s worth the tremendous downsides to be able to catch that group of criminals (there are certainly plenty of idiot criminals), but anybody can just use plain GPG emails for free, or deploy some open source encrypted chat server on a $20 a month cloud instance… and I assume operators in places like Russia or China won’t mind hosting easy services for less nerdy criminals willing to pay in crypto.
This appears to be majority of them if Brian Krebs is to be trusted. Very few have proper OPSEC, fewer still are disciplined enough to prevent cross contaminating their virtual identities.
Even if you keep your communications airtight, boneheaded decisions when they move the money from cyberspace into meatspace are quite common: people living way beyond their means, 22 y/o's buying $200K+ cars without proper income records get caught quickly once people start looking.
First, these are the same thing.
Second, ADP is already off by default so approximately nobody uses it. It is irrelevant from a privacy standpoint whether or not they offer it.
Further, as all other forms of e2ee, it makes you responsible for the encryption keys.
As a user on the platform I am quite happy it is offered. Considering that these days it is quite difficult not to have a mobile device associated with “you” (you open links sent to “you” on your mobile device? consider that device compromised from privacy perspective), id rather it be on the platform with stronger protections.
Although it's worth wondering why anyone would use any type of corporate cloud backup, anyway. Certainly if you had anything worth hiding, you would disable that first. That just makes this whole endeavor that much more dubious.
This. Whether it is an app to install on your phone or desktop or simply a website to use. People who need encryption to make sure their communication is private will _easily_ find ways around any kind of government snooping.
Sufficiently advanced "escalating fines until they comply" is indistinguishable from "putting them out of business".
Dead Comment
Dead Comment
How could this even be enforced if Apple pulls out cloud services of the UK ?
It's such a ridiculous request, the British Intelligence agencies must be bored coming up with new ways to make Apple look good.
Looking at the market size that might be a decision that Apple is willing to make as it would most likely be a temporary stick. The government can spin it anyway they want, but Apple devices do not work basically at all without the deep integration of their services. A geoblock would effectively mean UK citizens would be left with unusable devices and I can't see the resulting outrage being directed exclusively at Apple.
It'll be interesting to see how this plays out for sure.
Someone else here said something spot on for me, we’re all focusing on how bat sh*t this is because it’s global without even considering how human privacy obligations are just ignored.
Humans have a right to privacy, feels unbelievably pretentious and privileged to even say that. But it’s still true
I wonder if this means that Apple would ultimately take the same approach that they have in China, where the iCloud data and services are entirely localized within China and allows the Chinese government unrestricted access.
I'm still missing how this could be enforced ? To my layman understanding, this reads the same as if China said : "Meta, Tesla, Valve etc has entities in China therefore we get to see all data they store in the EU and the US.
The UK has Zero jurisdiction in Ireland for example where a lot of EU data may be stored.
This all seems very similar to RIM and the aftermath of the riots in the UK. The backdoors became too obvious for customers to ignore. Did not go well for RIM in the market afterwards.
We know they collude with US intelligence serviceUS
https://youtu.be/eW-OMR-iWOE
I am not a lawyer, but I think that this would be illegal under EU privacy law.
Frankly, the arrogance is appalling.
I suppose this is _good_ but more competent and well funded groups out of Israel, Israeli military complex, Cyprus don’t need to “ask” for a back door.
Honest question, how Apple is doing it in China? Maybe the exact same scheme will work for UK.
No, that does not suggest none exists, it only says they don’t have access to it. They could have chosen or have been ordered to give the keys to the government agency but not keep one themselves. I’m not saying that’s likely, just that it’s important to not take these statements as saying more than they do. They wouldn’t hesitate to use “technically correct” as a defence and you have to take that into account.
The UK has reportedly served Apple a document called a technical capability notice. It’s a criminal offense to even reveal that the government has made a demand. Similarly, if Apple did cede to the UK’s demands then it apparently would not be allowed to warn users that its encrypted service is no longer fully secure.
https://en.wikipedia.org/wiki/Warrant_canary
For example (a simplistic one), you can have a statement like "we do not have any backdoors in our software" added to your legal documents (TOS, etc). But once a backdoor is added, you are compelled by your lawyers to remove that statement. So you aren't disclosing that you have added a backdoor. You're just updating your legal documents to make accurate claims.
One would think this runs afoul of other laws though, truth in advertising and similar.
Its such a legal minefield, and the UKs request borders on violating the sovereignty of other nations I can't see Apple complying, but maybe that's hopium talking.
Dead Comment
The whole definition of "end-to-end encrypted" is that only the two ends have the keys. If anyone or anything other than the two ends (the one sending and the one receiving) has access to the keys, it's not end-to-end encrypted.
Deleted Comment
And when their key leaks, it’s as good as no encryption, but still end-to-end encrypted.
It doesn't stop being end-to-end when you add another end. We often do group chats that way.
Or you can create a side-channel and send al the data there. That would stop it from being end-to-end.
Deleted Comment
No, they would have had custody of the keys. Meaning it would still be true they cannot (now) access the data.
If law enforcement won't catch criminal even if you had them all the details, evidence, witnesses, then average person thinks there laws are dead anyway as there is no one competent to enforce them.
I can educate people but it always comes back to "I've not got anything to hide". What are we suppose to do, go out to the streets and protest? Start a petition, right to a PM who has no idea what encryption is?
Mentioning Linux to my family opens a can of worms. We are naive to think protesting actually changes something, it's old fashion. Those with power just don't care so unless people attack with their wallets nothing will come from.
It's not 1995 so unless you have £ for lobbying surrounded by people in suites there is nothing public of any nation can do against anyone in power.
Most day to day complaints are they don't prosecute enough, often related to the bastard that snatched your phone. We have approximately zero people sitting in jail for failing to decrypt and similar.
>This is a very obvious setup for future totalitarianism.
No it really isn't. If they are planning a totalitarian takeover they are being very sneaky about it. There is a strong anti totalitarianism tradition here including elections since 1265, writing books like 1984 and bombing nazis.
* I have nothing to hide, I don't care
* Oh come on, our government doesn't care what I'm up to
* The UK will never be totalitarian. I'm not scared of the government
* The UK civil service is incompetent and could never pull this off (fair point, although I worry about the safety of my personal data in the hands of such people)
Let's not forget we had a hard-left (Corbyn) socialist regime come close to power, whose cabinet members called for "direct action" against political opponents, just a few years ago.
https://www.spectator.co.uk/article/watch-john-mcdonnell-s-c...
I don't think people realise how quickly things could go wrong with these surveillance mechanisms in place, and spiteful, authoritarian politicians taking power.
In most cases it requires a court order as well.
Do you have a source for that assertion?
As mentioned in the article, Salt Typhoon and the recency of this request by the UK. At this point they should know better.
My pet theory is anytime the US wants to do something illegal under US law, they simply ask the UK to do it and vice versa. That's why Salt Typhoon isn't and never will be a lesson learned.
[1] Susan Landau and Alan Rozenshtein Debate End-to-End Encryption (Again!) https://www.lawfaremedia.org/article/lawfare-daily--susan-la...!)
Participants spy on each other's citizens on the other's behalf and share data, to avoid the legality of doing so to their own citizens.
edit: typo
Overall i agree with you, it is really disheartening. That being said, i've made progress with my family on valuing privacy and the dangers of surveillance. I think people might be changing their minds slowly but still lots of work to do.
A breakthrough with my sisters was when abortion was threatened here in the states. Mentioned to them that it would be easy for authorities to enforce abortion punishments by subpoenaing data from menstruation cycle tracker apps. This kind of "clicked" for them and they became more open to the other parts (not given ratukan or whatever their purchase history, etc. etc.)
Now let’s say that some Republican Senators and Representatives were ethically opposed to but then threatened to be primaried and President Musk said he would throw all of his money behind a potential opponent, how long do you think it would take a law to be passed?
Even without a law, we already see that Cook will willingly bend a knee to Trump as will Google.
Right now in my home state the governor was trying to get a law passed banning Western Union from allowing illegal immigrants from sending money overseas.
I think we are perhaps the lowest point ever in terms of anti-surveillance efforts. There seems to be bipartisan effort among many (most?) western governments that the government should have unfettered access to all data, regardless of any reasonable expectation of privacy.
Encryption seems barely tolerated these days. Governments are insisting on backdoors, they are making it illegal in some cases for companies to even discuss what is going on or that monitoring is happening.
We barely know what is going on with the programs and efforts that get leaked to the media, much less the programs that operate in total secret.
If you voted for this Tory-lite government, then you can stop voting for any future Tory-lite governments. If you did not, there's not much you can do in practice without devoting your life to it.
The director of public prosecutions of England and Wales, Stephen Parkinson (appointed by the Labour Attorney General), warned against "publishing or distributing material which is insulting or abusive which is intended to or likely to start racial hatred. So, if you retweet that, then you’re republishing that and then potentially you're committing that offense [incitement to racial hatred]."
He added further, "We do have dedicated police officers who are scouring social media. Their job is to look for this material, and then follow up with identification, arrests, and so forth."
This isn’t “Tory-lite,” this is Labour.
Sources: https://freespeechunion.org/labours-war-on-free-speech/
https://x.com/skynews/status/1821178852397477984?s=46
This is Hobson's choice as far as I can see.
I don't think there's anyone you could currently vote for that wouldn't do this.
If you agree that Brexit happened under the Tories and not Labour, then we can also agree that THIS order is happening under the newly elected "Labour Party" and not the "Tories", or so-called "Tory-lite" names.
It's completely pointless trying to remove accountability of this government's illogical actions and then to immediately resort to blaming the previous government for bad decisions like this one.
Just admit that this is under the Labour government.
You have to change the view of the country as a whole, and for generations the U.K. has been a country of curtain twitchers.
Dead Comment
What lead to to believe that? The Conservatives and Conservative-Continuity governments both agree that our data simply must be in the hands of the police, DEFRA, and your local council.
RIPA will never be repealed and only strengthened.
It's always through the appearance of good intentions and a public that pushes for whatever narrative they're fed that they normalize this.
People love and want more of this, not less.
And stop making excuses for parties that don't (i.e. Labour, Lib Dems and Conservatives).
At the moment, the UK public (and media) considers it a sport to disparage and smear parties like Reform, whose leaders want to shrink the power and over-reach of the state.
We are so concerned with appearing virtuous and internationally generous, we cannot be seen to align with a party that wants to put UK citizens first (border security? deporting dangerous criminals back to their home nation? gasp, how could we be so ghastly!)
This self-defeating attitude needs to change if we want a better future for our children.
The problem is that there are none.
The correct assessment of all these political parties is that by default, they all cannot be trusted. Especially both labour and the conservatives.
> This self-defeating attitude needs to change if we want a better future for our children.
Yes. The second problem is that the United Kingdom is incapable to changing itself historically and is fundamentally destined to never be open to change.
Dead Comment
Dead Comment
Just old people making bad laws about stuff they don't understand - or are straight up citizen hostile, sometimes hard to tell which it is.
Sadly, the EU is trying very hard and very persistently to pass the Chat Control bill. So far the EU hasn't succeeded, but I would be surprised if EU politicians didn't keep trying until it is finally codified into law.
(disclosure: brit)
The UK population generally wants to put their fingers in their ears and pretend everything is ok. Remember we're all descended from people who didn't go to the colonies to try to get a better life.