Could Apple Pull iCloud Services From the UK Market?

[tennisproha]

Apple should stop all services in the UK. Let them eat cake.

Most definitely will set off mass protests against the government.

 

[delsoul]

Let Apple, and everyone else, abandon the UK. For a small group of countries that wanted to go it alone, let them really be alone. The UK government is in no position to make such demands about gaining private backdoor access to Apple’s infrastructure. I better not publish this post, or else the British police will arrest me for words. Oh, wait…they lost 1776 so I don’t have to worry about that. Tyrants 👍

 

[seek3r]

China requires iCloud access and Apple complied. Why wouldn't they with the UK?

Well, for one thing the UK request is broader, it’s for all users everywhere.

For another, practically speaking, size of the market. The UK is a much smaller market to care about.

Issue 1 is probably the main problem though, China only forces this on things in China, the UK trying to enforce this for Apple’s entire global presence is a much bigger problem.

 

[Le0M]

I

They did actually. All E2EE encrypted Apple services store keys on a server hosted in China with government access.

Outside of China Apple doesn’t store keys at all.

Apple officially moves its Chinese iCloud operations and encryption keys to China

Experts say the move could force Apple to obey various government requests to access Chinese iCloud data.

www.theverge.com

I read the article.
There is one thing I don't understand: If iCloud data is end-to-end encrypted, and there are no backdoors, how can anyone apart from the user access that data?
Am I missing something?

 

[DCIFRTHS]

So basically the UK government wants global access to anyone's data without our knowledge…

Someone please explain to me how the UK can demand access to my data when I’m a citizen of another country, and don’t plan on setting foot on their territory? Sounds like madness to me.

 

[urnotl33t]

And… the UK isn’t even part of the EU. I think the EU will follow. I don’t mind because I’ve nothing to hide.

Sigh. Yes you do.

Bank accounts, shopping info, credit cards, conversations between people who asked you to keep their info between you and them, that thing you talked to your doctor about… military movements, undercover agents, covert operations… badge access to the room where the nuclear weapons are held…

Encryption is encryption. Breaking one breaks them all.

 

[SnowCrocodile]

It's not unprecedented. China has backdoor access to iCloud data since they are in control of Apple's datacenters.

As I understand it, Apple didn't create any global backdoors, but rather just created a special setup for customers in China. They don't get ADP / E2EE.

 

[delsoul]

Someone please explain to me how the UK can demand access to my data when I’m a citizen of another country, and don’t plan on setting foot on their territory? Sounds like madness to me.

Well, the police in the UK think they can come arrest Americans for posting negative things online about them. Still bitter over 1776, I see…

 

[SpotOnT]

I love how the west continues to shame a certain country in the far east for doing this.

One country is not “the west”….

 

[SnowCrocodile]

And the U.S. too, right?

President Donald Trump and the nation’s top law enforcement official are facing off against Apple, the most valuable American company.

The fight started because the FBI says it cannot extract data from two iPhones used by Mohammed Saeed Alshamrani, who is suspected of killing three people last month in a shooting at a Navy base in Pensacola, Florida. Attorney General William Barr and Trump want Apple to help by unlocking the phones it manufactured.

Although the current fight is over these two password-protected phones, it’s only the latest skirmish in a long-running battle over whether technology companies should give law enforcement special access to customers’ data.

Barr and other law enforcement officials call it the “going dark” problem and argue that all data should be accessible with a warrant. Apple and techies tend to call the concept a “backdoor” and argue that it would hurt security for everyone who uses that device.

The way things work in the US, good luck to FBI. They've already lost this battle at least once.

 

[SpotOnT]

I don’t mind because I’ve nothing to hide.

Great!

Would you be so kind and post your credit card and bank account information? Also, please provide a photo of your drivers license, passport, social security card, and last three years of taxes filings!

Thank you in advance!

 

[seek3r]

I

I read the article.
There is one thing I don't understand: If iCloud data is end-to-end encrypted, and there are no backdoors, how can anyone apart from the user access that data?
Am I missing something?

I would assume they escrow the key in china, same way a corp managed mac would escrow the filevault key for IT.

 

[SnowCrocodile]

They're both seeking access through legal means. One is through a warrant while the other is through the UK Investigatory Powers Act.

Judges rarely deny warrant requests.

Summary data on requests for delayed-notice search warrants and extensions for fiscal year 2022 appear in Table 1. A total of 18,229 warrant requests were reported. Of these warrant requests, 18,157 were granted


That's a 99.61% approval rate.

If I am not mistaken, the US is asking for the data stored in iCloud. If some of that data is protected by E2EE and if Apple doesn't have the encryption keys, the US gov't can't do much with that data, unless they are able to break the encryption themselves. All they get is an encrypted blob.

The UK is requesting Apple to provide a backdoor to defeat their own encryption. This is bad on a completely new level. Not only is this infinitely more intrusive, but it would also create a channel that can - and will, eventually - be abused by cybercriminals.

 

[SnowCrocodile]

I

I read the article.
There is one thing I don't understand: If iCloud data is end-to-end encrypted, and there are no backdoors, how can anyone apart from the user access that data?
Am I missing something?

Apple users in China don't get the E2EE that we get in the rest of the world.

 

[urnotl33t]

Thing is no one is able to have a sensible conversation about the impact of encrypted communications on society. I can fully understand privacy but if you're trying to investigate and shut down criminal operations like drug cartels and child sexual abuse gangs which is enabled by these protections what exactly do you suggest?

Detective work. This is what detectives do.

A tool with multiple purposes cannot be outlawed just because one of those purposes is to cause harm or “infringing activity”. Vis à vis: knives, guns, the VCR, dinner fork, rope, your fist, encryption (admittedly, this is a US-based perspective; SCOTUS 1984, Sony v. Universal Studios).

Where does it end? How far will that line get drawn? Do we all have to live being held at gunpoint by “the authorities” to ensure we aren’t engaging in “infringing activity”?

Granted, we don’t get the government we want, but rather the government we deserve. Elections have consequences.

 

[SnowCrocodile]

Well, for one thing the UK request is broader, it’s for all users everywhere.

For another, practically speaking, size of the market. The UK is a much smaller market to care about.

UK had about 3.6% of total worldwide iPhone sales in 2023. While this is not a minuscule percentage, it's certainly not enough to give up one of the main selling points of ecosystem.

Issue 1 is probably the main problem though, China only forces this on things in China, the UK trying to enforce this for Apple’s entire global presence is a much bigger problem.

The Chinese gov't didn't ask Apple to provide a backdoor to encryption used worldwide. They asked Apple to completely remove the encryption for users in China. Essentially Apple provides different service in China than in the rest of the world.

 

[Poisednoise]

Given this is a universal request for access to data from all users worldwide, I don’t see that Apple have any choice but to withdraw iCloud services from the UK. However, again given it’s a universal request, I’m unclear whether that would be enough to mean they would not have to comply, or would they need to withdraw entirely from the UK market: cease selling all Apple products in the UK? It’s quite a mess.

 

[alexhardaker]

Straight up Fascism in the UK.

Please refrain from using words that you don’t understand.

I’ve got a friend who keeps telling me that the current government is communist too, so which is it?! (I’m not actually asking)

 

[urnotl33t]

is there a how to guide of how to live off the cloud!

It’s been so long I forgot how!

I’m trying to think how emails were stored before the cloud.. was it just locally? Then we had the hassle of moving mail boxes over to new machines etc?

Yep. And we had to make backups manually on floppy disks. It was the best of times, it was the worst of times.

 

[verdi1987]

If I am not mistaken, the US is asking for the data stored in iCloud. If some of that data is protected by E2EE and if Apple doesn't have the encryption keys, the US gov't can't do much with that data, unless they are able to break the encryption themselves. All they get is an encrypted blob.

The UK is requesting Apple to provide a backdoor to defeat their own encryption. This is bad on a completely new level. Not only is this infinitely more intrusive, but it would also create a channel that can - and will, eventually - be abused by cybercriminals.

And at least in the U.S. case, the one cited by sw1tcher occurred before Apple offered E2EE, and E2EE is still not enabled by default.

 

[Shirasaki]

That’s something I really like to know too 😊

That’s something I have assumed all along: privacy protection is mere corporate slogan to get some cheap PR. And an easy standout compared to Google, one of their primary competitors. There might not be backdoors in the end, but sophisticated systems that hand over data, we may never know. After all, Apple care about ONLY money, and literally nothing else.
Still a fun story to follow though.

 

[Shirasaki]

Agree completely

The eyes are on Apple very squarely here

Show us who you are

Apple can also introduce UK local companies to manage UK users data, same as how they manage iCloud access in China. For the most part, people will not delve into the complication much, and Apple might be able to get away with this legislation earthquake for now.

I find it particularly funny and puzzling is UK is one of the Five Eye alliance sharing intelligence data across. Why UK wants to copy China? And the precedent is devastating too no matter how it happens. It could lead to the scenario where Apple will be forced to rent/build local data centres so iCloud can be done the same way as iCloud in China.

 

[Shirasaki]

Thing is no one is able to have a sensible conversation about the impact of encrypted communications on society. I can fully understand privacy but if you're trying to investigate and shut down criminal operations like drug cartels and child sexual abuse gangs which is enabled by these protections what exactly do you suggest?

Then following that logic, we should outlaw people as fist fight can cause bodily harm and the very source of such harm is, guess what, people.
Everything, I repeat, EVERYTHING, can be misused for nefarious purposes, including human. Yet supermarkets still sell kitchen knives, hardware stores still sell big scissors for gardening work. It’s all about managing the risk not just avoiding it. Heck, even in your body, there are good germs working hard to help maintaining your health too.

 

[bsolar]

Thanks for the explanation. In your last paragraph did you miss out ADP in the first sentence ?

No, because even without ADP, iCloud still end-to-end encrypts some data. Apple cannot decrypt that data regardless of ADP.

Conversely, note that ADP applies end-to-end encryption to significantly more data, but not all. As example emails are not end-to-end encrypted even with ADP active.

You can find which data is end-to-end encrypted with and without ADP here.

 

[bsolar]

Someone please explain to me how the UK can demand access to my data when I’m a citizen of another country, and don’t plan on setting foot on their territory? Sounds like madness to me.

It would be not surprising to have less legal protections for your privacy as foreign citizen abroad. Not sure about UK law, but take as example the FISA Amendments Act of 2008 in the US:

Section 702 permits the Attorney General and the Director of National Intelligence to jointly authorize targeting of non-US persons reasonably believed to be located outside the United States.