UK May Backtrack on Controversial Demand for Backdoor to Encrypted Apple User Data

[H2SO4]

good. I’m british and our government is going in the wrong direction in so many ways. Thanks USA for putting UK government in its place.

Hopefully Apple will enable ADP again.


Feels weird I’m siding with the US gov here but it shows how silly my goverment is being.

You really believe that the US government sat down and convinced the UK government that this was best for them?
After the level of covers up and corruption in the news regarding a certain somebody and a former friend of his with a name that sounds like a genius. You trust them?

 

[Will Tisdale 🎗]

Advanced Data Protection is still enabled for me, and I’m in the UK.

Yeah, mine is still on too and I’ve not been told I needed to turn it off.

The UK government has been incredibly moronic and naive about encryption and general understanding of how the internet works for years now.

The Investigatory Powers Act never made any sense when it was passed by the Tories as much of it is impossible for a provider to comply with if encryption exists. I did write to my (sadly Tory) MP at the time and explain the numerous issues with it and got a response back pretty much saying “shut up little person, the government knows what it’s doing”. Clearly not!

 

[SpotOnT]

Demanding a backdoor for your own citizens is bad enough, but demanding access to everyone’s data across the globe is just nuts!

Not even China demands that tech companies give them the data from foreign citizens who never set foot in China. I have absolutely no idea what the UK thought was gonna happen here….

 

[Smartuser]

My instinctive reaction is "good", because what the government was asking for sounds bad.

But realistically, how do any of us actually know that such backdoors don't already exist? I'd assume anybody with genuinely sensitive data isn't simply trusting Apple on this, and has taken steps of their own to secure their backups elsewhere.

If they would already exist, these governments wouldn't pester companies for "backdoors" (doors really, because anyone could use them).

 

[Mega ST]

I agree that if they give up this demand there might be another way to get access. Formally demanding "backdoors" like this might just be used to masquerade the fact that the government has hidden backdoors already. I would not trust cloud data to be safe. But I have "nothing to hide" anyway.

 

[Will Tisdale 🎗]

Demanding a backdoor for your own citizens is bad enough, but demanding access to everyone’s data across the globe is just nuts!

Not even China demands that tech companies give them the data from foreign citizens who never set foot in China. I have absolutely no idea what the UK thought was gonna happen here….

Well that is one of the ridiculous things about the Investigatory Powers Act. It can’t apply directly to foreign companies with no UK operations as there’s no jurisdiction.
But by nature of many companies being global with UK operations it will undoubtedly affect non-UK citizens. It’s a far reaching, poorly thought out, extremely invasive law.

 

[Squuiid]

ahhh I wondered if it would be active for previous users... I disabled and turned all mine off and now I regret it.

I did the opposite and turned it on as soon as they announced it would be removed. Glad I did now. Hopefully the decision does indeed get reversed and the upside of all this ends up being that it creates greater awareness and increased adoption of the feature.

 

[Dr McKay]

Would be good to see this go away. I'm not in the UK but govts demanding backdoors into encryption is a pretty much never a good thing.

It’s a good reaction to have even if it’s not happening in your country, given how governments around the world seem to be nearly constantly toying with the idea of outlawing encryption entirely or mandating government backdoors, you can bet they’d be watching this closely and be salivating at the thought of demanding the exact same of Apple if it turned out successful for the British government.

 

[Radeon85]

I never want a backdoor into any system because anyone could find a way in. I wouldn't trust the government with my house key let alone anything private.

This is a government that left Classified Ministry of Defence documents containing details about HMS Defender and the British military at a bus stop not that long ago in 2021

I certainly don't want these idiots access to any backdoor.

 

[H2SO4]

Yeah, mine is still on too and I’ve not been told I needed to turn it off.

The UK government has been incredibly moronic and naive about encryption and general understanding of how the internet works for years now.

The Investigatory Powers Act never made any sense when it was passed by the Tories as much of it is impossible for a provider to comply with if encryption exists. I did write to my (sadly Tory) MP at the time and explain the numerous issues with it and got a response back pretty much saying “shut up little person, the government knows what it’s doing”. Clearly not!

Don't get it twisted. Plenty in the government know how it works. In detail.
The rules are made to cover all bases and give them as much plausible deniability as possible even if they appear non sensical.
This thinking that the government doesn't know needs to stop.

 

[iPay]

There is no such thing as a back door

This is math. Numbers don’t lie

A back door for one is a back door for all and any back doors for specific governments will eventually be decrypted, rendering the encryption useless for everyone

Liked the comment because ot its honesty & intention, but some parts can be discussed, such as:
> A back door for one is a back door for all
Not quite. You can even implement selective backdoors in plain sight by carefully picking constants in an algorithm, with proven advantage to designer only. Other practices include:
- hide unreleased attacks (very dangerous as they can be discovered independantly)
- set unsafe default parameters (will apply in most implementations)
- exploit protocol flaws around algorithms (quietly add _YourFriendFromAgencyXXX_ to group discussions)
- soften up implementations to get forensic or remote key access
NSA/NIST has an extensive record of such practice, to the point that crypto scientists (encryption, not bitcoins) published simpler, clearer and honest algorithms (like the WireGuard suite).
Nowadays, even democraties challenge the right to private communication. They claim it must be forfeited in order to fight crime & terrorism. Among the risks: (1) collusion of state powers and political agendas with tech interests, and (2) listening to the whole population (innocent & culprits alike) for even better efficiency, Pre-Crime style.

 

[Will Tisdale 🎗]

Don't get it twisted. Plenty in the government know how it works. In detail.
The rules are made to cover all bases and give them as much plausible deniability as possible even if they appear non sensical.
This thinking that the government doesn't know needs to stop.

Some requirements within the Investigatory Powers Act are basically impossible to comply with as written. It was pointed out at the time. Hence my comment regarding naivety.

What they think is practicable and the realities of what is practicable are two very different things.

 

[Deej]

This may be a stupid question, but is there any way of replicating the services that iCloud provides but at home for the consumer? Some kind of local NAS providing iCloud-like backup services, or have I completely missed the point??

 

[Plutonius]

I think this probably came up during tariff discussions.

 

[nnoble]

I'm British and I really hope the plan will be dropped. Yet another **** up by that Nazi Starmer and his shower of 💩 government.

Fatboy: do you have any genuine knowledge or understanding of ‘Nazi’? Two sentences is all I know of you but that tells me a lot.

 

[nnoble]

Any government that tries to finalize a backdoor deal will no longer have smart phones.

Why? I genuinely don’t understand this assertion.

 

[dannys1]

"they don't want us messing with their tech companies."

It's not "big tech" you're clamping down on though, it's their users.

This is a terribly misguided step by my government, they never understand technology.

 

[DougieS]

Why? I genuinely don’t understand this assertion.

The assertion is that smart phone manufacturers would rather fully pull out of a market, rather than provide a backdoor to their products within that market.

 

[jdawgnoonan]

Apple did the right thing and told the UK government to screw off on this and took the feature away. I used to think that the UK had a vibe that I liked, but it is nothing but a surveillance state of Orwellian level today and anything attractive about it other than the historic buildings is gone for me. I think that western world is coming closer and closer to needing to reenact some French style revolutions, if such things are still possible in today's dystopia.

 

[Smartuser]

You really believe that the US government sat down and convinced the UK government that this was best for them?
After the level of covers up and corruption in the news regarding a certain somebody and a former friend of his with a name that sounds like a genius. You trust them?

Yeah, sure, we trust them 200% because we happen to end up on the same side with them on exactly one issue, and only because the other government is even more moronic on it.

I'm sure neither government really cares about what's best for their countries on the matter, but that's not relevant.

 

[dannys1]

I’m amazed that some company hasn’t seen this as a business opportunity. I’ve mentioned a few times on here how I think that some sort of HomePod x Time Capsule device that primarily backs everything up locally (and optionally uses the cloud for redundancy) would be a big seller. Chuck a 128gb SSD into the HomePod Mini for people on as budget and then a larger 2Tb into the regular HomePod.

I mean it's VERY easy to do this with any network connected drive. You can buy any off the shelf NAS and let TimeMachine backup to it (and copy whatever else you want over to it...locked and encrypted if you want)

 

[DougieS]

This is a terribly misguided step by my government, they never understand technology.

Exactly. Especially with the recent news of the Afghanistan leaks too…

 

[Smartuser]

Don't get it twisted. Plenty in the government know how it works. In detail.
The rules are made to cover all bases and give them as much plausible deniability as possible even if they appear non sensical.
This thinking that the government doesn't know needs to stop.

Baseless appeal to authority.

 

[dannys1]

Doesn't matter, Apple already disabled encryption for UK users (not that many had it enabled). You don't need a back door to access unencrypted data.

The data is still encrypted - the difference is that both the user and Apple have decryption keys now. The full paranoia mode made it that only your device had the decryption key.

Personally I left it off as I thought it was OTT.

Technically if someone does something illegally enough to warrant looking at their files (eg terrorism) they can with a court order ask Apple to use their key to unlock it and by law Apple would need to comply - the other method made it so that Apple couldn't comply as they had no ability to.

The problem I found with the full method is that you could also never rescue if you lost access yourself, it was impossible.

 

[Smartuser]

This may be a stupid question, but is there any way of replicating the services that iCloud provides but at home for the consumer? Some kind of local NAS providing iCloud-like backup services, or have I completely missed the point??

I'd suggest looking up the benefits of off-site backups.