Secret order requires blanket access to protected cloud backups around the world, which if implemented would undermine Apple’s privacy pledge to its users.

https://archive.ph/E6l15#selection-539.0-539.60

Security officials in the United Kingdom have demanded that Apple create a back door allowing them to retrieve all the content any Apple user worldwide has uploaded to the cloud, people familiar with the matter told The Washington Post.
The British government’s undisclosed order, issued last month, requires blanket capability to view fully encrypted material, not merely assistance in cracking a specific account, and has no known precedent in major democracies. Its application would mark a significant defeat for tech companies in their decades-long battle to avoid being wielded as government tools against their users, the people said, speaking under the condition of anonymity to discuss legally and politically sensitive issues.

Rather than break the security promises it made to its users everywhere, Apple is likely to stop offering encrypted storage in the U.K., the people said. Yet that concession would not fulfill the U.K. demand for backdoor access to the service in other countries, including the United States.

The office of the Home Secretary has served Apple with a document called a technical capability notice, ordering it to provide access under the sweeping U.K. Investigatory Powers Act of 2016, which authorizes law enforcement to compel assistance from companies when needed to collect evidence, the people said.

The law, known by critics as the Snoopers’ Charter, makes it a criminal offense to reveal that the government has even made such a demand. An Apple spokesman declined to comment.

Apple can appeal the U.K. capability notice to a secret technical panel, which would consider arguments about the expense of the requirement, and to a judge who would weigh whether the request was in proportion to the government’s needs. But the law does not permit Apple to delay complying during an appeal.

In March, when the company was on notice that such a requirement might be coming, it told Parliament: “There is no reason why the U.K. [government] should have the authority to decide for citizens of the world whether they can avail themselves of the proven security benefits that flow from end-to-end encryption.”

The Home Office said Thursday that its policy was not to discuss any technical demands. “We do not comment on operational matters, including for example confirming or denying the existence of any such notices,” a spokesman said.

Senior national security officials in the Biden administration had been tracking the matter since the United Kingdom first told the company it might demand access and Apple said it would refuse. It could not be determined whether they raised objections to Britain. Trump White House and intelligence officials declined to comment.

One of the people briefed on the situation, a consultant advising the United States on encryption matters, said Apple would be barred from warning its users that its most advanced encryption no longer provided full security. The person deemed it shocking that the U.K. government was demanding Apple’s help to spy on non-British users without their governments’ knowledge. A former White House security adviser confirmed the existence of the British order.

At issue is cloud storage that only the user, not Apple, can unlock. Apple started rolling out the option, which it calls Advanced Data Protection, in 2022. It had sought to offer it several years earlier but backed off after objections from the FBI during the first term of President Donald Trump, who pilloried the company for not aiding in the arrest of “killers, drug dealers and other violent criminal elements.” The service is an available security option for Apple users in the United States and elsewhere.

While most iPhone and Mac computer users do not go through the steps to enable it, the service offers enhanced protection from hacking and shuts down a routine method law enforcement uses to access photos, messages and other material. iCloud storage and backups are favored targets for U.S. search warrants, which can be served on Apple without the user knowing.

Law enforcement authorities around the world have complained about increased use of encryption in communication modes beyond simple phone traffic, which in the United States can be monitored with a court’s permission.
The U.K. and FBI in particular have said that encryption lets terrorists and child abusers hide more easily. Tech companies have pushed back, stressing a right to privacy in personal communication and arguing that back doors for law enforcement are often exploited by criminals and can be abused by authoritarian regimes.

Most electronic communication is encrypted to some degree as it passes through privately owned systems before reaching its destination. Usually such intermediaries as email providers and internet access companies can obtain the plain text if police ask.
But an increasing number of tech offerings are encrypted end to end, meaning that no intermediary has access to the digital keys that would unlock the content. That includes Signal messages, Meta’s WhatsApp and Messenger texts, and Apple’s iMessages and FaceTime calls. Often such content loses its end-to-end protection when it is backed up for storage in the cloud. That does not happen with Apple’s Advanced Data Protection option.

Apple has made privacy a selling point for its phones for years, a stance that was enhanced in 2016 when it successfully fought a U.S. order to unlock the iPhone of a dead terrorist in San Bernardino, California. It has since sought to compromise, such as by developing a plan to scan user devices for illegal material. That initiative was shelved after heated criticism by privacy advocates and security experts, who said it would turn the technology against customers in unpredictable ways.

Google would be a bigger target for U.K. officials, because it has made the backups for Android phones encrypted by default since 2018. Google spokesman Ed Fernandez declined to say whether any government had sought a back door, but implied none have been implemented. “Google can’t access Android end-to-end encrypted backup data, even with a legal order,” he said.

Meta also offers encrypted backups for WhatsApp. A spokesperson declined to comment on government requests but pointed to a transparency statement on its website saying that no back doors or weakened architecture would be implemented.

If the U.K. secures access to the encrypted data, other countries that have allowed the encrypted storage, such as China, might be prompted to demand equal backdoor access, potentially prompting Apple to withdraw the service rather than comply.

The battle over storage privacy escalating in Britain is not entirely unexpected. In 2022 U.K. officials condemned Apple’s plans to introduce strong encryption for storage. “End-to-end encryption cannot be allowed to hamper efforts to catch perpetrators of the most serious crimes,” a government spokesperson told the Guardian newspaper, referring specifically to child safety laws.

After the Home Office gave Apple a draft of what would become the backdoor order, the company hinted to lawmakers and the public what might lie ahead.

During a debate in Parliament over amendments to the Investigatory Powers Act, Apple warned in March that the law allowed the government to demand back doors that could apply around the world. “These provisions could be used to force a company like Apple, that would never build a back door into its products, to publicly withdraw critical security features from the UK market, depriving UK users of these protections,” it said in a written submission.

Apple argued then that wielding the act against strong encryption would conflict with a ruling by the European Court of Human Rights that any law requiring companies to produce end-to-end encrypted communications “risks amounting to a requirement that providers of such services weaken the encryption mechanism for all users” and violates the European right to privacy.

In the United States, decades of complaints from law enforcement about encryption have recently been sidelined by massive hacks by suspected Chinese government agents, who breached the biggest communications companies and listened in on calls at will. In a joint December press briefing on the case with FBI leaders, a Department of Homeland Security official urged Americans not to rely on standard phone service for privacy and to use encrypted services when possible.

Also that month, the FBI, National Security Agency and the Cybersecurity and Infrastructure Security Agency joined in recommending dozens of steps to counter the Chinese hacking spree, including “Ensure that traffic is end-to-end encrypted to the maximum extent possible.”
Officials in Canada, New Zealand and Australia endorsed the recommendations. Those in the United Kingdom did not.

I thought they ended this type of invasion. No, wait, that was just the movie Spectre.

Every Apple user should sue the U.K. into oblivion.

Or better yet, send out an update that bricks every Apple device in the U.K.

Let’s see if I read this right. The U.K. is demanding an American company gives them access to all encrypted data worldwide.
I can’t wait for the response.
Let me get some popcorn.

I demand the Home Secretary gives me a new Aston Martin every other year until I die!
What color should I go with first?

quote:

Originally posted by 400m:
Let’s see if I read this right. The U.K. is demanding an American company gives them access to all encrypted data worldwide.
I can’t wait for the response.
Let me get some popcorn.

yup. It ought to be something along the lines of “Go buy yourself a rope, string it vertically, then go piss up it you totalitarian bastards^H^H^H^H^H^H^H^H uh, I mean tossers.”

I think this was settled about 250 years ago…

What is it with that island? Inbreeding? Vitamin D deficiency?

Side effect of beans on toast?

Time for another revolution?

On a more practical note, individuals can frustrate the UK by securely encrypting their information before it is backed up to the cloud. Most modern OS's have the ability to encrypt entire disk volumes, and there is plenty of third-party software that enables routine encryption of files themselves. Perhaps some inconvenience every time you want to reboot or open a file, or have to renew keys that have aged out, but not impossible for someone who is committed.

Similarly, there is S/MIME or PGP/GPG for secure exchange of e-mail messages.

Apple would have nothing to do with these styles of encryption and no way to defeat it even if they wanted to, the data is secured before they ever see it.

Of course, if you are the only one in the mix that is using these techniques, guess who the Govt. spies will look at hardest. Much of the effectiveness of encryption technology is boosted if everyone uses it, and uses it routinely. There has to be a critical mass of users who are accustomed to protecting their information, and I suspect we are very far from that point. In fact, I'd suspect that even including the technerds among us that few are even set up to do so. The number of unsolicited encrypted e-mails I've received in the more than three decades these techniques have been standardized can be counted on the fingers of one hand.

Perhaps these increased efforts to penetrate everyone's privacy will lead to achieving this critical mass. If so, about time!

Simple solutions to this totalitarian overreach.

1. Don't put anything "on the cloud."
2. Don't use Apple products.

I demand that Charlotte McKinney spend a weekend in the Bahamas with me.

My only hurdles would be my bride okaying it, the fact that I am not a billionaire and I am not Hollywood handsome.

But otherwise I think my chances are roughly the same as the UK's request, almost.


.

Well, I just turned on Advanced Data Protection.

quote:

Originally posted by Sig2340:
Simple solutions to this totalitarian overreach.

1. Don't put anything "on the cloud."
2. Don't use Apple products.

Don't use Apple products? I’d bet that the UK is doing the same with the android equivalent.

quote:

Originally posted by Pipe Smoker:

quote:

Originally posted by Sig2340:
Simple solutions to this totalitarian overreach.

1. Don't put anything "on the cloud."
2. Don't use Apple products.

Don't use Apple products? I’d bet that the UK is doing the same with the android equivalent.

See 1.

quote:

Originally posted by Sig2340:
Simple solutions to this totalitarian overreach.

1. Don't put anything "on the cloud."
2. Don't use Apple products.

I’m using Apple products because I loathe Microsoft with all my being. If you could organize a shoot and shoot PC’s with Windows installed I’d pay. I spent so much time troubleshooting that God awful OS, reformatting disks, that I never want to buy anything from that company for life.

I do agree on the cloud however. The “cloud” has always been an absolute bullshit term. We used to call that “hosted” services. And that’s all it is. Using cloud vs. hosted = marketing. I’ve never used hosted services for storage of my shit. Hook phone up to my desktop, make backup. Hook external hard drive up to desktop, make backup. And it’s getting to the point now I’d rather just print shit out, on the printer. Then put that in some fire safe document holder thing and throw it into the gun safe. I’m tired of the internet and phones dominating our lives.

External hard drives are cheap. Zip drives are really cheap. Store your data that way. Quit trusting the overlords to maintain your shit.

quote:

Originally posted by 400m:
I demand the Home Secretary gives me a new Aston Martin every other year until I die!
What color should I go with first?

Careful what you ask for, your funeral might happen before your 1st Aston is built.

quote:

Originally posted by Prefontaine:

quote:

Originally posted by Sig2340:
Simple solutions to this totalitarian overreach.

1. Don't put anything "on the cloud."
2. Don't use Apple products.

I’m using Apple products because I loathe Microsoft with all my being. If you could organize a shoot and shoot PC’s with Windows installed I’d pay. I spent so much time troubleshooting that God awful OS, reformatting disks, that I never want to buy anything from that company for life.

I do agree on the cloud however. The “cloud” has always been an absolute bullshit term. We used to call that “hosted” services. And that’s all it is. Using cloud vs. hosted = marketing. I’ve never used hosted services for storage of my shit. Hook phone up to my desktop, make backup. Hook external hard drive up to desktop, make backup. And it’s getting to the point now I’d rather just print shit out, on the printer. Then put that in some fire safe document holder thing and throw it into the gun safe. I’m tired of the internet and phones dominating our lives.

External hard drives are cheap. Zip drives are really cheap. Store your data that way. Quit trusting the overlords to maintain your shit.

At 78 I’ve never been on Facebook or X, don’t have a cell phone and never used the cloud service on any device I’ve ever owned but that’s just me.

Absent a warrant, searches and seizures are forbidden.

https://www.gov.uk/government/...ions/search-warrants

But this is the UK...

I don't know who the frack these jokers think they are, but I suspect they're soon going to find out they're just petty tyrants with little power save over the sheep who had the bad sense to put them in power.

I predict Apple's going to tell them to go piss up a rope. I expect they'll remove iCloud encrypted storage from the UK before they'll accede to this outrageous demand.

One of Apple's main claims to fame is their personal data privacy and protection. Giving into this thoroughly unreasonable demand might be suicide for the brand.

As for not using iCloud: Paranoid as I am: Even I don't find that necessary. iCloud has excellent data protection and Apple has excellent privacy provisions in their ToS. Probably the best in the business.

Sorry I can’t find the link right now.
What I read is that Apple threatens to cut off service to UK customers rather than comply.
Oh, and because of the Official Secrets Act, Apple can’t even publicly complain about this!
I asked Grok, and Grok told me:

quote:

Apple has historically been very vocal about its commitment to user privacy and security, explicitly stating in the past that it would not comply with government requests to insert backdoors into their products. Here are some key points based on recent developments and Apple's public stance:

Historical Stance: Apple has repeatedly stated that it has "never worked with any government to insert a backdoor into any Apple product and never will." This was echoed in posts on X from 2023, where Apple's position was reaffirmed.
UK Request: Recent reports, including those from The Washington Post, indicate that the UK government has demanded Apple create a backdoor into its encrypted cloud storage system. This demand was made under the UK's Investigatory Powers Act, which gives the government the authority to order companies to assist in providing evidence. However, the specifics of this request are under a gag order, meaning Apple cannot legally confirm or deny the existence of such a request.
Potential Actions: If Apple were to comply, it would significantly undermine its privacy pledges to users globally. Instead, there are indications from various sources that Apple might choose to stop offering encrypted storage services in the UK rather than create a backdoor. This was suggested in discussions about previous legislative changes in the UK that could force Apple's hand.
Global Implications: Complying with one government's demand could set a precedent, potentially leading to similar demands from other countries. Apple's global user base, estimated at over 2 billion, would be at risk if such a backdoor were implemented.
Public and Expert Opinion: Posts on X suggest a sentiment among users and experts that Apple should resist these demands due to the security implications. There's also mention of other platforms like Signal and WhatsApp potentially pulling out of the UK rather than compromising their encryption.

Given these points, it seems highly unlikely that Apple would cave to this UK request without significant pushback or alternative actions like withdrawing encryption services from the UK market. However, the situation is complex and evolving, and Apple's official response (if any) would be under legal constraints due to the secretive nature of the request. Any definitive action by Apple would likely involve legal appeals or strategic withdrawal of services to maintain their privacy standards.

quote:

Originally posted by Pipe Smoker:

quote:

Originally posted by Sig2340:
Simple solutions to this totalitarian overreach.

1. Don't put anything "on the cloud."
2. Don't use Apple products.

Don't use Apple products? I’d bet that the UK is doing the same with the android equivalent.

I'd bet Google was willing to go right along and comply with the tyranny now openly festering in the UK, so we simply may not have heard about it...yet!