U.K. orders Apple to let it spy on users’ encrypted accounts
1098 comments
·February 7, 2025Lio
I don't think the UK government would try to put Apple out of business if they don't comply it's more likely that they would just get heavily fined until they do so.
The most likely outcome, I would guess, is that Apple just stop offering Advanced Data Protection as a service in the UK rather than create some kind of backdoor.
It's a weak proposition from the government because anyone with something to hide will just move it somewhere else with encryption. Honest UK consumers are the one's getting the shitty end of the stick because we're about to loose protection from criminals.
Daft waste of time.
matthewdgreen
You're assuming that turning off ADP in the U.K. is sufficient to appease the British Government. The Investigatory Powers Act can also be interpreted to give the U.K. the right to ask for encrypted data from users outside of the U.K. (see Apple making this exact point in a filing here [1].) Turning off ADP in the U.K. doesn't end the controversy if that's what's at stake.
[1] https://bsky.app/profile/matthewdgreen.bsky.social/post/3lhl...
TechnicalVault
It creates a nasty precedent doesn't it? If Apple can provide the UK government with foreign data, what's to stop Russia or China making them provide data on UK minister's phones, or more likely dissidents in exile? I can't see on what basis the government thinks they're going to get to be exceptional here?
RobotToaster
It's also worth noting that one of the ways the five eyes get around domestic spying laws is to spy on each other's citizens. So the CIA spy on British citizens the UK government want to spy on, and GCHQ spy on American citizens the US government want to spy on. So this would indirectly allow the US government to spy on US citizens (even more than it already does, anyway)
aunty_helen
Why are you using Russia and China as examples of the bad guys here. They're not asking for global access to everyones data, the UK is. The UK are the bad guys.
bayindirh
The thing is, most people think that governments wants new tools for surveillance. The fact is, they had this power for a very long time (see Crypto A.G. and history of NSA and others), and practical and verifiable E2EE took these capabilities away.
Now they want their toys back. This is why the push is so hard and coming from everywhere at once.
oneplane
What stops them is one of two things:
Option 1: they operate a separate shard in that country and that shared is only accessible by that country. Companies like Apple, AWS, Cloudflare etc. have been doing it this way in China for a while now. Result: they can spy on the stuff in their country, but the only stuff in their country is their own stuff.
Option 2: no longer operate in an official capacity in that country. Have no people and no assets. Mostly works when the country is not a significant market. This usually means some things are only available grey market, black market or not at all. This is why certain products have lists of "supported countries" - it's not just ITAR stuff but also "we don't want to deal with their regime" stuff. Result: country gets nothing, no matter how loud they ask. Side-effect: you can't really risk your employees visiting such a country as they will be "leveraged".
dathinab
> If Apple can provide the UK government with foreign data, what's to stop Russia or China making them provide data on UK minister's phones, or more likely dissidents in exile?
nothing
the first precedence of not-draft law here was Cloud Act I think
through I would be surprised if China doesn't "de-facto" requires Chineese companies operating outside of China (including Subsidiaries) to cooperate with their secret service in whatever way they want
and if we go back to the "crypto wars" of the ~2000th then there is a lot of precedence of similar law _ideas_ by the US which where turned down
similar we can't say for sure that there aren't secret US court orders which already did force apple to do "something like that" for the FBI or similar, SURE there is a lot of precedence of Apple pushing back against backdoor when it comes to police and offline device encryption, but one thing is in the public and the other fully in secret with gag orders and meant for usage in secret never seeing the light of courts so while it's somewhat unlikely it would be foolish to just assume it isn't the case, especially if we go forward one or two years with the current government...
Anyway UK might realize that now they have left the US they have very little power to force US tech giants to do anything _in the UK_ not even speaking about regulation which is a direct attack on the sovereignty of other states to own/control/decide about their population(s data).
IMHO ignoring the US for a moment because they are in chaos the EU, or at least some key EU states should make a statement that a UK backdoor allowing UK to access EU citizen data would be classified as espionage and isn't permittable if Apple wants to operate in the EU (but formulated to make it clear it's not to put pressure on Apple but on the UK). Sadly I don't see this happening as there are two many politcans which want laws like that, too. Often due to not understanding the implications undermining encryption has on national security, industry espionage and even protection of democracy as a whole... Sometimes also because they are greedy corrupt lobbyist from the industry which produces mass surveillance tools.
JusticeJuice
There are tangentially similar precedents already, such as the American FACTA law. It is obviously a quite different context, as it just relates to financial information, not all information - but it's a law from the US government, that demands foreign companies send information back to the US.
The wild thing is that foreign companies actually do it. To avoid annoying the US, a lot of other governments ensure that the data is reported.
https://en.wikipedia.org/wiki/Foreign_Account_Tax_Compliance...
palmotea
> what's to stop Russia or China making them provide data on UK minister's phones, or more likely dissidents in exile?
Realistically: Apple is a US company (with lots of foreign entanglements) with US leaders, and the US and UK are close allies with extradition treaties and the like. I'd expect the US government to put lots of pressure on Apple to prevent it from acting on such requests from Russia or China, and I wouldn't be surprised if Apple execs would get slapped with espionage charges if they didn't head the warnings (especially if they "provide data on UK minister's phones").
unyttigfjelltol
We are watching the redefinition of the idea of territorial sovereignty that emerged from the Peace of Westphalia in 1648. We in the US see our expectations of privacy shaped in the UK, and the reverse.
arghwhat
They might have to settle for it. The power of a government is not equal to what legislation they pass - they are heavily limited by the economic and publicity consequences of decisions.
As such, any outcome where this is enforced will be a compromise.
niemandhier
That’s probably the reason apple is resisting. They are currently certified as moderately trust worthy for government operations in Germany. Giving in would invalidate that.
https://support.apple.com/en-bh/guide/certifications/apc37da...
Spoom
I mean, "Apple refuses to hand over private data to government at cost of UK business" is a pretty good headline.
lenerdenator
Give me that sort of commitment to privacy and translucent colorful cases for future Macs and Tim Apple's got my money for the next five years at least.
docmars
Give Apple a big enough incentive to negotiate with and they may very well cave. If I've learned anything about corporations, it's that money and incentives always speak louder than their purported values.
snapcaster
Yes, this would be something i would love to read
ExoticPearTree
If Apple sticks to their guns, they can just stop doing business in the UK. And the UK government will have zero rights to demand anything from Apple.
bmelton
In China, Apple limits end to end encryption and stores user data on state-owned servers. The Chinese app stores censors apps like the New York Times and Washington Post, disallows privacy apps like Signal, or any VPN that might bypass the great firewall.
I think the odds that they quit trying to earn the ~$100B annual revenues they get from the UK over this is closer to zero than 1
IshKebab
They obviously don't care about privacy enough to fully withdraw from the UK! That would be insane.
gist
Guess what? Trump will (hopefully) come to the rescue here. Don't laugh at that. I'd imagine he will be helpful possibly even with some of the EU rules such as in particular the one which makes even small US companies liable (as I recal) for notifying users of cookies on a website.
coolspot
Tim Apple has been on inauguration, so very possible.
kurikuri
It’s odd, I wonder how that will interact with apple’s existing FIPS 140-2/3 certifications.
hackernewds
I will stop using a service or hardware that could grant peaking rights into my folders to a possible administration like the one currently in the US. On day 1, zero hesitation
ForHackernews
I have bad news for you...
mark_l_watson
What is up with the UK? I have always loved my British friends and appreciated England’s history (setting aside their brutality during the British Empire). I just don’t understand where they went wrong on curtailing free speech rights of their citizens, privacy rights, etc. I just hope we in the USA don’t follow their lead.
Democracies without free speech and privacy are not really democracies.
DrBazza
We're governed by the most technically inept people possible.
The Peter Principle writ large.
I'm pretty sure there was a story on here recently when UKGOV / GCHQ were recruiting for a 'senior something something tech/developer/code breaker', offering about the same as a typical entry-level graduate job.
Sell off ARM to foreign interests? Check.
Tell AI data centres where they must be built? Check.
Various inept age checking and backdoor access plans? Check.
That's where the UK is.
pfoof
So at least we don't have to worry about anything. Apple can give them access to LLM generated SQLite rows and call it a day. Nobody would notice.
switch007
The USA strongarming us after 9/11 didn't help. You don't have to look beyond the borders of the US to answer "what's up with the UK" when it comes to eg terrorism legislation
But yes historically we have been pretty brutal. Look up history the past 600 years. We didn't get a huge empire by asking nicely for their land and resources
kridsdale1
> I just don’t understand where they went wrong on curtailing free speech rights of their citizens, privacy rights, etc.
Isn’t this precisely the set of causes that precipitated The Declaration of Independence?
trompetenaccoun
Yes but no, post WW2 the UK was one of the most liberal places in the world. Somehow things took a turn in the past two decades or so. And then around the 2020s the decline started to rapidly accelerate. The stories that have come out lately are really insane.
throwaway48476
They wanted to execute Thomas Paine so I'd say about then
Aetheridon
all started after our guns were taken
sethd
Perhaps. Another possibility is that the same societal shift that drove the UK to give up the right to be armed also pushed them in the direction of giving up other rights.
EVa5I7bHFq9mnYK
They broke Enigma code, and since then their spy agencies have overweight influence?
defrost
Poland broke the Enigma code .. and built the first Bombes.
Maybe you're thinking of William Thomas Tutte breaking the Tunny (sawfish) code?
michaelg7x
> I just don’t understand where they went wrong on curtailing free speech rights of their citizens, privacy rights, etc.
Security establishment's innate desire to read and listen to absolutely everything. Blair/Bush's war on terror. Id card proposals. Smart phone use sky rockets. Supposed E2E comms. Hate speech. Something must be done! Right wing policies on pretty much everything cause more protest. Tories criminalise (*some types of) protest. Labour government raises TCN to Apple.
leoc
The war on terror was a big thing in the UK long before 2001—largely because there was in fact quite a lot of terrorism going on there, to be clear.
dead_gunslinger
[dead]
GeekyBear
> The most likely outcome, I would guess, is that Apple just stop offering Advanced Data Protection as a service in the UK
Agreed.
> Apple previously made its stance public when it formally opposed the UK government's power to issue Technical Capability Notices in testimony submitted in March 2024 and warned that it would withdraw security features from the UK market if forced to comply.
https://arstechnica.com/tech-policy/2025/02/uk-demands-apple...
caycep
I feel like the UK always tries to do this w/ encryption. I don't know if it's a cultural sway GCHQ has on legislators and such but it happens w/ every generation of cryptography. Weren't they the one that neutered GSM encryption such that it was essentially ineffective from the get go?
tatersolid
> Weren't they the one that neutered GSM encryption such that it was essentially ineffective from the get go?
The A5 cipher used in GSM came from France, but supposedly the Brits were also happy to have it be weak.
reverendsteveii
You're assuming people's actual motivations match up with their stated motivations. If your motivation is to be re-elected to a government post by appearing to be tough on terrorism and drugs, every possible outcome of this course of action benefits you. Apple leaves? They were terrorist enablers and you're better off without them. Apple acquiesces? You're the David who took on Apple's goliath and won safety for everyone (again, regardless of whether this actually improves safety for anyone). Apple ignores you? You have an ongoing feud with Dangerous Big Tech that you can campaign and fundraise on for as long as it lasts.
altairprime
The UK government can’t put Apple out of business; Apple can easily afford to simply exit all business in the UK. The UK is betting that Apple’s greed outweighs their principles. Long odds.
brundolf
It's betting that the size of Apple's UK market is larger than the impact Apple's privacy marketing has on its worldwide market. Those odds aren't obvious to me
quacksilver
Curious about what would happen if Apple withdrew from the UK and locked all devices with a message saying 'Your device has been disabled following the decision of the UK government to introduce new laws which mean service can no longer be offered in the UK', or something similar. They could base it on GPS or detected MCC codes.
I wonder if you would get anarchist riots until the law was removed. Many of the young with an expensive bricked iPhone (or parents whose kid's iPad was disabled) would probably side with Apple over already unpopular politicians...
reaperducer
The UK is betting that Apple’s greed outweighs their principles. Long odds.
Three weeks ago, I would have agreed with you.
Then Tim Cook wrote a check for $1,000,000.00 to help pay for Donald Trump's inauguration party.†
In spite of what they led us to believe over the last couple of decades, Tim Cook and Apple are no different than any of the other tech companies genuflecting before the new emperor, whose stated goals are the opposite of the "mission, vision and values" lies we were fed by the tech industry.
† In case you (or anyone else) missed it: https://variety.com/2025/biz/news/apple-ceo-tim-cook-donates...
altairprime
As Apple isn’t based in the UK and owes no fealty to their government. I don’t agree that your citation is relevant here. Apple is a US company. Bribing local officials to overlook the gay founder is sensible corporate practices, however uncomfortable that is to consider. Revoking privacy guarantees globally, reversing years of public opinion gains overnight, is not. The UK cannot do anything to materially harm Apple in any way that Apple can’t afford short of sending a double-oh to Cupertino.
Miraste
Of course Apple doesn't have principles, they're a for-profit company. What's in question here is whether they believe the UK is financially worth opening this can of worms. Following US government whims is good business for them in almost all cases, but that math isn't the same for the UK.
ustad
For $1 million, you’re promised intimate access to Trump and his inner circle. This isn’t just about tradition or unity-it’s about buying influence and maintaining power. In a world where we’re supposedly pushing for fairness, equality, and transparency, this feels incredibly hypocritical. It’s as if we’re endorsing a system where money talks louder than public interest or ethical considerations. It makes you wonder where the line is between modern capitalism and a system that operates more like an oligarchy.
IshKebab
> Apple can easily afford to simply exit all business in the UK.
Apple has shareholders, so no it can't (or more precisely, Tim Cook can't).
hollerith
Google had shareholders in 2005 too or thereabouts when they publicly decided to abandon the Chinese search market for soft, fuzzy reasons (i.e., not because they were losing money on Chinese operations).
And as far as I know, they're still absent from the Chinese search market.
lakjsljlkj
Sounds like you're assuming that UK's goal is to stop criminals. I don't think that's their goal. I think that's their cover story.
As for Apple, their daily/hourly/whatever fines might be less than cost of a major ad campaign if they were to buy that publicity directly. Sounds like a good deal for them to refuse to honor the request.
chrisjj
So what is the goal?
mtillman
A backdoor for one is an opportunity for many. Given the UK is completely incapable of outspending most of the world on compute, this effectively hands their enemies that data they’re looking for.
pentel-0_5
Yep. It's the creation of an artificial Hobson's choice: "do this, or I'm breaking up with you."
bilekas
> requires that Apple creates a back door that allows UK security officials unencumbered access to encrypted user data worldwide
How could this even be enforced if Apple pulls out cloud services of the UK ?
It's such a ridiculous request, the British Intelligence agencies must be bored coming up with new ways to make Apple look good.
TrueDuality
As long as Apple has a business presence in the UK, they are subject to the laws the UK imposes on them even if they're vastly overreaching and impose on other government's citizens. Not supporting cloud services wouldn't be sufficient to avoid the compliance requirement, they would have to formerly stop doing business in the UK.
Looking at the market size that might be a decision that Apple is willing to make as it would most likely be a temporary stick. The government can spin it anyway they want, but Apple devices do not work basically at all without the deep integration of their services. A geoblock would effectively mean UK citizens would be left with unusable devices and I can't see the resulting outrage being directed exclusively at Apple.
It'll be interesting to see how this plays out for sure.
bilekas
I think this is the most solid answer I’ve seen so far that makes any sense. Could they still go through with it , I’m not sure, they want to project some influence but I still feel this is like haggling for half price to get cost.
Someone else here said something spot on for me, we’re all focusing on how bat sh*t this is because it’s global without even considering how human privacy obligations are just ignored.
Humans have a right to privacy, feels unbelievably pretentious and privileged to even say that. But it’s still true
hx8
Imagine weighing the right of privacy of everyone in the world against the right of safety of 0.8% of the world population.
VWWHFSfQ
> As long as Apple has a business presence in the UK, they are subject to the laws the UK imposes on them even if they're vastly overreaching and impose on other government's citizens.
I wonder if this means that Apple would ultimately take the same approach that they have in China, where the iCloud data and services are entirely localized within China and allows the Chinese government unrestricted access.
aucisson_masque
one can't compare china and the uk.
china had leverage because of the manufacturing happening over there and the incredible market opportunity, UK doesn't have much.
technically i believe apple could get out of the UK market to provoke a backslash on the government.
If they concede, other government will use the exact same blackmailing technique and one can say it will be the absolute end of their "privacy" marketing campaign they spent so much money into.
dwaite
Apple offers the same escrowed key and non-escrowed key (advanced data protection) features in China as far as I'm aware. The extra capability GCBD has would be access to protected at rest data like iCloud email.
afro88
The decision wouldn't involve just market size, but their Irish tax haven as well. They're not going to pull out of the UK entirely.
eric_h
Their Irish tax haven is rather specifically _not_ in the UK.
afro88
Apologies for any offense given. Total brain fart moment. If I could delete this comment I would
martinsnow
Go ahead and call someone from Ireland, British.
lakis
Ireland is in EU. UK is not in EU anymore
cmsj
Apple still has legal entities in the UK. Pulling out cloud services would be insufficient to prevent the UK authorities from interfering with their activities.
bilekas
> prevent the UK authorities from interfering with their activities
I'm still missing how this could be enforced ? To my layman understanding, this reads the same as if China said : "Meta, Tesla, Valve etc has entities in China therefore we get to see all data they store in the EU and the US.
The UK has Zero jurisdiction in Ireland for example where a lot of EU data may be stored.
elashri
I have lived to the day that we give an example on china not doing something stupid a western democracy does about rights and freedom. Wild times to be alive. I am also surprised that they demand worldwide access and not just UK users data or all the data stored in UK jurisdiction. But this is going too far.
pmontra
It can be enforced in this way: police raids the local headquarters and jail a bunch of people because their company didn't comply with the law.
The only way to prevent that is not having any local office, no employees, nothing. Sell physical objects only by the means of local 3rd party resellers which will import goods. Same thing for services. Of course they can ban imports and services or go after those 3rd parties. It depends how nasty they want to be.
insane_dreamer
> I'm still missing how this could be enforced ?
By banning Apple from doing business in the UK.
The US used a similar strategy decades ago to break Swiss Bank Secrecy laws (either Swiss banks had to give up the info or they were going to be kicked out of the US).
piltdownman
Sadly jurisdiction has nothing to do with it.
https://www.irishtimes.com/business/technology/uk-spy-base-g...
This is not just a case of the British intelligence services secretly “tapping into” Irish telephonic and internet traffic via land and maritime cables. Rather in most cases they are being provided free (or commercial) access to the information by companies associated with the use, ownership or maintenance of these cables.
Post-Snowden the Irish government retroactively legalised it...
amelius
> I'm still missing how this could be enforced ?
Basically by saying that if they don't comply, they can't do business in the UK.
hedora
The US CLOUD act says something similar to your straw man (though it doesn't ban E2E encryption like the UK is attempting to do):
https://en.wikipedia.org/wiki/CLOUD_Act
Note that it the bar is having the ability to access the server, so this law is completely incompatible with most GPDR solutions: It's illegal to store European user data and then refuse to hand it over to US law enforcement, regardless of whether the data is stored in Europe or the request breaks European law.
RobotToaster
I imagine they would fine apple a large sum of money. If apple refuse to pay they send high court sheriffs to confiscate any property they have in the UK to pay the debt.
mattlondon
The opposite is happening all the time - i.e. US demanding access to European data from Facebook and Google et al. It is not one-sided.
sandworm101
More importantly, apple has customers in the UK. The business from captured apple users is more valuable than apple's privacy reputation.
This all seems very similar to RIM and the aftermath of the riots in the UK. The backdoors became too obvious for customers to ignore. Did not go well for RIM in the market afterwards.
thewebguyd
> More importantly, apple has customers in the UK. The business from captured apple users is more valuable than apple's privacy reputation.
Is it though? I wonder how much of Apple's revenue is from the UK, probably around 5-6%? Apple isn't exactly as popular in the rest of the world as they are in the US.
Would damaging their privacy reputation globally be more valuable than the UK market? I honestly don't know, but my hunch says no - they are likely to want to keep their reputation and dump the UK market. I think more likely is Apple is going to be able to get the UK to cave in. Apple is extremely competent with PR, and would be able to spin any kind of pull-out or degraded service in the UK as the government's choice and fault, to the ire of UK citizens.
wqaatwt
Who has more to lose though? I mean any government that would do something as stupid as banning Apple because Apple didn’t allow it to spy on its citizens wouldn’t be very popular or last that long..
I mean this would be even more stupid than Partygate and the whole Truss debacle put together.
bnjms
> the British Intelligence agencies must be bored coming up with new ways to make Apple look good.
We know they collude with US intelligence serviceUS
scarface_74
But as far as we know there is no encryption back door
tacomagick
"As far as we know" is the most important part.
spiderfarmer
We know.
hk1337
By collude, you mean responding to subpoenas they are legally obliged to respond to?
thinkingtoilet
Of course that's a thing. However, anyone who's ever read a history book has a pretty good reason to be suspicious it ends there.
null
mrighele
That's not even the main issue in my opinion: how can Apple do this without breaking laws in other countries ?
I am not a lawyer, but I think that this would be illegal under EU privacy law.
tokioyoyo
The same way it operates in China? I guess, China is much bigger market, so it’s worth the effort. Not sure how it’ll go in the UK.
mrighele
> a back door that allows UK security officials unencumbered access to encrypted user data worldwide
As far as I can tell, China is asking to keep Chinese data in China and have access to it, but it is not asking to access data of American or European citizen and if it did we would be pissed off.
Chance-Device
I think it’s a cultural issue. The British have an inflated sense of national self worth as a result of being the world’s largest power during the British empire. While this has not been the case for some time now (since Suez in 1948? Longer?) the people still carry the memory and national myth of great importance. This is likely what drives a sense of entitlement that British demands should bypass the laws of every other country in the world and give them unfettered access to everyone’s data. Think about that, literally everyone who has an Apple device!
Frankly, the arrogance is appalling.
xyst
MI6 probably gutted the cybersec division. Probably don’t have many viable sploits in their cache against Apple.
I suppose this is _good_ but more competent and well funded groups out of Israel, Israeli military complex, Cyprus don’t need to “ask” for a back door.
philipwhiuk
Cyber-related stuff is GCHQ (black/greyhat) or NCSC (whitehat)
guappa
Probably a manouver to make them look good but also privately complying anyway.
simion314
>How could this even be enforced if Apple pulls out cloud services of the UK ?
Honest question, how Apple is doing it in China? Maybe the exact same scheme will work for UK.
latexr
> When asked by The Post whether any government had requested a backdoor, Google spokesman Ed Fernandez did not provide a direct answer but suggested none exist: "Google cannot access Android end-to-end encrypted backup data, even with a legal order," he stated.
No, that does not suggest none exists, it only says they don’t have access to it. They could have chosen or have been ordered to give the keys to the government agency but not keep one themselves. I’m not saying that’s likely, just that it’s important to not take these statements as saying more than they do. They wouldn’t hesitate to use “technically correct” as a defence and you have to take that into account.
em500
Before people immediately think the worst of Google or other corporate representatives, be aware that people working in these companies need to weight their words carefully. From The Verge's article on the issue:
The UK has reportedly served Apple a document called a technical capability notice. It’s a criminal offense to even reveal that the government has made a demand. Similarly, if Apple did cede to the UK’s demands then it apparently would not be allowed to warn users that its encrypted service is no longer fully secure.
latexr
Which is exactly why I’m making this point. If no government had requested a backdoor, they could’ve simply answered “no”. When you have to weight your words, it means you’re not at liberty to say whatever you want. That is itself a signal, and why warrant canaries are a thing.
bloppe
Simply answering "no" when that's the truth could be illegal too. The ability to say no creates the ability to say yes as well. If I ask Apple whether they got an order and they say "no", then a year later they say "we cannot confirm nor deny", well then that's a yes.
Kinda depends on judicial interpretations of free speech, but that's how warrant canaries work. Are warrant canaries legal in the UK? They seem to be in the US but idk how well established that is.
lysace
That concept has always sounded like tech people trying to hack the law without the proper real-world legal knowledge, IMO.
Bruce Schneier wrote in a blog post that "[p]ersonally, I have never believed [warrant canaries] would work. It relies on the fact that a prohibition against speaking doesn't prevent someone from not speaking. But courts generally aren't impressed by this sort of thing, and I can easily imagine a secret warrant that includes a prohibition against triggering the warrant canary.
Lots of similar discussion on HN already, e.g. in https://news.ycombinator.com/item?id=5871541.
derbOac
You're right to point out how carefully worded these statements are. But I suspect it's rare for companies of Google's status to not have been asked for a backdoor. It's not really an informative question to ask Google.
free_bip
How does this work wrt false advertising laws? If I relied upon their end to end encryption and it turns out to be false advertising because there's a secret backdoor, who do I sue?
grayhatter
no one, you'll be in secret prison before you somehow gain standing
atonse
But they can still notify the public, through those canary statements. (I forgot the name commonly used).
For example (a simplistic one), you can have a statement like "we do not have any backdoors in our software" added to your legal documents (TOS, etc). But once a backdoor is added, you are compelled by your lawyers to remove that statement. So you aren't disclosing that you have added a backdoor. You're just updating your legal documents to make accurate claims.
null
SkyBelow
Such actions, even just the act of deleting text, conveys a message you were ordered to not convey and the government is not likely to take too kindly to that.
thewebguyd
> if Apple did cede to the UK’s demands then it apparently would not be allowed to warn users that its encrypted service is no longer fully secure.
One would think this runs afoul of other laws though, truth in advertising and similar.
Its such a legal minefield, and the UKs request borders on violating the sovereignty of other nations I can't see Apple complying, but maybe that's hopium talking.
highcountess
[dead]
cesarb
> No, that does not suggest none exists, it only says they don’t have access to it. They could have chosen or have been ordered to give the keys to the government agency but not keep one themselves.
The whole definition of "end-to-end encrypted" is that only the two ends have the keys. If anyone or anything other than the two ends (the one sending and the one receiving) has access to the keys, it's not end-to-end encrypted.
bux93
Whatsapp has had end-to-end encryption since 2016. But it only added encryption to cloud backups in 2021. They didn't share any key material with Google, just backed up the messages and media without any encryption to begin with.
kccqzy
Yes exactly. Google is very careful to say that "Google cannot access Android end-to-end encrypted backup data" and notice it doesn't say that all Android backups are end-to-end encrypted. For what we know, Google could have decided to use non-end-to-end backups in the UK and end-to-end backups everywhere else.
chrisjj
I think that's the implication, not the definition. Data remains encrypted even when a third party gets access a key.
null
JW_00000
But if they could give a key to the government agency, it wouldn't be end-to-end encrypted, right? Or are you thinking they would have a copy of users' keys that they gave out? (Which I guess is technically possible.)
aqme28
They could also cripple user key-generation. E.g. they choose random primes from a known subset. It would make communication crackable while also being difficult to detect.
jonhohle
It would be no different from how multiple devices and users access the same content (chat, shared data, etc.). The government’s keys would always be included in set which encrypts the real key. They don’t need the users’ key, Apple doesn’t need their private keys. So technically still end to end encrypted, just with a hidden party involved. Users have no way of knowing this doesn’t already happen.
And when their key leaks, it’s as good as no encryption, but still end-to-end encrypted.
null
theshrike79
If the other end is the government, then it's kinda valid? =)
marcosdumay
You can not use a DH key exchange, and create the symmetric key by some procedure that is predictable, or encode the symmetric key with the government's public key and send it to them.
It doesn't stop being end-to-end when you add another end. We often do group chats that way.
Or you can create a side-channel and send al the data there. That would stop it from being end-to-end.
null
arccy
if google were to transfer the keys elsewhere, they would have (temporary) custody of the keys, granting them access, and invalidating the statement.
jonhohle
My layman’s understanding is that a user’s private key is used to decrypt a random key, which is then used to protect data. Shared files then only require adding key access to that small secret by someone who knows the original key. If one of the original public keys is always one held by authorities, Google never needs to have custody of the private key and can’t access the data themselves making the statement true, but misleading.
latexr
> they would have (temporary) custody of the keys
No, they would have had custody of the keys. Meaning it would still be true they cannot (now) access the data.
negus
Not surprised, considering UK's ridiculous key disclosure law (United Kingdom The Regulation of Investigatory Powers Act 2000 (RIPA), Part III, activated by ministerial order in October 2007, requires persons to decrypt information and/or supply keys to government representatives to decrypt information without a court order.) that makes anyone with high-entropy random data (which is undistinguishable from the crypto-container) a criminal for "not providing the keys to decrypt"
Chance-Device
This is the way that the UK has passed laws for a while now, make them so broad that they potentially criminalise everyone, then selectively prosecute. This is a very obvious setup for future totalitarianism. I’m surprised that the British public stands for it, but I guess they must not care.
filcuk
People here are very passive and used to being pulled around. It's insane how far people's rights have eroded already. No right to protest, no right for privacy - what's next on the chopping block?
the_other
The impression I have is that (some) people in the UK protest but are ignored, vilified, or punished for it. And then nothing changes.
The last time I wrote to my MP, I got a form letter back basically saying "Don't bother contacting us, only The Party matters". (I mean, those weren't the words at all; but having had lame-but-bespoke messages back from them in the past, this was a noticeable and disheartening change).
varispeed
No right to own money. That will be taken away when cash is phased out.
curtisblaine
No right to be mean on social media, too.
yesco
Future totalitarianism? Is the UK's government restricted in anyway right now? What line have they not crossed yet?
Chance-Device
As far as I know they haven’t started murdering political opponents yet, so that’s something. But I take your point, the UK is today not a serious country for a variety of reasons.
varispeed
This is fuelled by notion that law enforcement is incompetent and doesn't work.
If law enforcement won't catch criminal even if you had them all the details, evidence, witnesses, then average person thinks there laws are dead anyway as there is no one competent to enforce them.
doublerabbit
> I’m surprised that the British public stands for it, but I guess they must not care.
I can educate people but it always comes back to "I've not got anything to hide". What are we suppose to do, go out to the streets and protest? Start a petition, right to a PM who has no idea what encryption is?
Mentioning Linux to my family opens a can of worms. We are naive to think protesting actually changes something, it's old fashion. Those with power just don't care so unless people attack with their wallets nothing will come from.
It's not 1995 so unless you have £ for lobbying surrounded by people in suites there is nothing public of any nation can do against anyone in power.
63
They have this power precisely because you have given up. Government power is derived from the consent of the goverened. Collective action does work and always will, but it needs to be coordinated. If enough people in the UK stopped going to work, they could affect change pretty quickly I reckon.
Chance-Device
Don’t you think maybe this attitude is part of the problem?
trallnag
I'm not surprised at all
tim333
Brit here. Yeah from my experience people don't care. Hardly anyone gets prosecuted and those who do have often done something bad.
Most day to day complaints are they don't prosecute enough, often related to the bastard that snatched your phone. We have approximately zero people sitting in jail for failing to decrypt and similar.
>This is a very obvious setup for future totalitarianism.
No it really isn't. If they are planning a totalitarian takeover they are being very sneaky about it. There is a strong anti totalitarianism tradition here including elections since 1265, writing books like 1984 and bombing nazis.
kypro
Brit here.
> Hardly anyone gets prosecuted and those who do have often done something bad.
Perhaps often they've done something bad, but sometimes they haven't, that's the point. Obviously this is wrong and you shouldn't be so passive about it.
> If they are planning a totalitarian takeover they are being very sneaky about it. There is a strong anti totalitarianism tradition here including elections since 1265, writing books like 1984 and bombing nazis.
I'd argue people in the UK today like to adopt the label of being anti-authoritarian and anti-totalitarian, but in reality most people here, including our politicians, quite like authoritarianism.
For example, people here often argue things like "I support free speech, but obviously insulting someone for their identity is wrong". So in the UK we apparently have free speech and I can apparently criticise religious people, but at the same time just this week someone in the UK was arrested for burning a bible.
You see this hypocrisy constantly in the UK... "I'm not an authoritarian, but smoking is bad". "I'm not an authoritarian, but you can't be saying that". "I'm not an authoritarian, but if you're worried about mass surveillance you probably have something to hide". "I"m not authoritarian, but you can't just let people have private data on an encrypted device which the government can't access".
The UK is very authoritarian these days, but unlike other parts of the world people here deny it while arguing in favour of more of it.
There's nothing necessarily wrong with being authoritarian and wanting the government to have more control either. Clearly many countries find this type of government appealing, but lets at least be honest about it. We don't want kids on social media. We don't want people smoking. We don't want people being about to call people names on Twitter. We don't want people burning religious texts. We don't want people being free from government surveillance.
Chance-Device
Today, maybe, even so it probably depends on who you ask.
The thing about giving your rights away is that it’s very difficult to get them back, and you never know who “they” are going to be in the future.
fdb345
Plenty of people have been jailed in the uk for not providing pins or passwords.
cbeach
I've tried to explain the issues with the UK government's stance on digital privacy to my friends. The responses I get:
* I have nothing to hide, I don't care
* Oh come on, our government doesn't care what I'm up to
* The UK will never be totalitarian. I'm not scared of the government
* The UK civil service is incompetent and could never pull this off (fair point, although I worry about the safety of my personal data in the hands of such people)
Let's not forget we had a hard-left (Corbyn) socialist regime come close to power, whose cabinet members called for "direct action" against political opponents, just a few years ago.
https://www.spectator.co.uk/article/watch-john-mcdonnell-s-c...
I don't think people realise how quickly things could go wrong with these surveillance mechanisms in place, and spiteful, authoritarian politicians taking power.
zfg
> and spiteful, authoritarian politicians taking power.
Or spiteful, authoritarian non-politicians taking power, spreading misinformation, and censoring free speech:
https://www.techdirt.com/2025/02/03/musk-shows-us-what-actua...
varispeed
It seems like perfect case to make multi-container encryption as default. That is different data will be revealed using different key and there is no way of knowing how many containers there are in the blob of data and not possible to prove someone is hiding a key.
wuschel
Not if the state can access your super secret containers while you access them with your software. Because state backdoor either in hardware or in OS level
globular-toast
You could try but you might find it/you get "disappeared" like Truecrypt.
ChrisKnott
It's incumbent on the prosecution to prove that you know the key they are claiming you are withholding. It is a defence to say you forgot it, or that the data is random. The prosecution would have to prove that you didn't forget it and that the data is not random.
In most cases it requires a court order as well.
ninalanyon
> It is a defence to say you forgot it,
Do you have a source for that assertion?
ChrisKnott
It's only an offence if you "knowingly fail" to provide it - https://www.legislation.gov.uk/ukpga/2000/23/section/53
s3 makes it clear that if you plausibly claim you have forgotten it, then the prosecution must prove this is not the case (i.e. you still know it) beyond reasonable doubt.
cpymchn
What's new here?
As mentioned in the article, Salt Typhoon and the recency of this request by the UK. At this point they should know better.
My pet theory is anytime the US wants to do something illegal under US law, they simply ask the UK to do it and vice versa. That's why Salt Typhoon isn't and never will be a lesson learned.
cpymchn
I recommend Susan Landau as the goto person on this. She recently spoke with Lawfare on the current state of play.
[1] Susan Landau and Alan Rozenshtein Debate End-to-End Encryption (Again!) https://www.lawfaremedia.org/article/lawfare-daily--susan-la...!)
EdwardCoffin
Formatting in link is broken. This is a direct link to the youtube version: https://www.youtube.com/watch?v=AWBFXiOcR88
banku_brougham
It's not a pet theory, it's exactly how the Five-Eyes system is meant to work. I remember when Total Information Awareness was announced and they even had a cool badge designed for the new govt department. It wasn't a popular idea.
lern_too_spel
It is a pet theory. It is illegal for the US to access its citizens' and residents' data without a warrant, and asking somebody else to do it doesn't magically make it legal.
ok_dad
It’s illegal but they do it anyways. Recall there was a man named Snowden who revealed the NSA does collect USA citizens’ data.
isaacremuant
It's not a pet theory when there's proof they have engaged in it through five eyes. We're not saying it respects the constitution or its intent. We're saying it's what happens.
Black CIA sites weren't legal either, nor was torture.
cess11
Why would they "access [their] data", instead of a report from a foreign intelligence agency?
eptcyka
It is actually Australia where the US goes to test out far-out legislative ideas before implementing them at home.
y-curious
Australia does a great job of enacting wacky authoritarian policies in the last 5 years; It would make sense to use them as a staging ground. Does any specific legislation come to mind?
fukawi2
Social media ban for under 16s is the latest half witted idea enacted by the government here.
throwaway290
Any specific whacky examples?
thewebguyd
It's exactly how the five-eyes information sharing works.
Participants spy on each other's citizens on the other's behalf and share data, to avoid the legality of doing so to their own citizens.
sitkack
That is exactly what this is.
botanical76
This is so disheartening. I thought we were making progress in the anti-surveillance privacy narrative, but this says otherwise. As a UK citizen, is there anything I can do to dissuade this?
edit: typo
snapcaster
In my mind, the only way to beat these efforts for good is to win hearts and minds of the larger public. Currently because only weirdos like us care about this stuff, we have to constantly be on top of these things and writing letters making posts etc.
Overall i agree with you, it is really disheartening. That being said, i've made progress with my family on valuing privacy and the dangers of surveillance. I think people might be changing their minds slowly but still lots of work to do.
A breakthrough with my sisters was when abortion was threatened here in the states. Mentioned to them that it would be easy for authorities to enforce abortion punishments by subpoenaing data from menstruation cycle tracker apps. This kind of "clicked" for them and they became more open to the other parts (not given ratukan or whatever their purchase history, etc. etc.)
scarface_74
Thought experiment: let’s say that Trump said that he thinks Apple is helping hide illegal immigrants because they are communicating with each other over channels that ICE can’t decrypt, how much pressure do you think he could put on legislatures to pass a law here?
Now let’s say that some Republican Senators and Representatives were ethically opposed to but then threatened to be primaried and President Musk said he would throw all of his money behind a potential opponent, how long do you think it would take a law to be passed?
Even without a law, we already see that Cook will willingly bend a knee to Trump as will Google.
Right now in my home state the governor was trying to get a law passed banning Western Union from allowing illegal immigrants from sending money overseas.
aqueueaqueue
> legislatures
He will just do an executive order. He is an authoritarian, basically a king. "But but but it's illegal". The system can't keep up with speed he is dismantling it.
snapcaster
I'm not sure what the hypothesis is in your experiment, i agree that all that stuff is really bad
brandon272
> I thought we were making progress in the anti-surveillance privacy narrative, but this says otherwise.
I think we are perhaps the lowest point ever in terms of anti-surveillance efforts. There seems to be bipartisan effort among many (most?) western governments that the government should have unfettered access to all data, regardless of any reasonable expectation of privacy.
Encryption seems barely tolerated these days. Governments are insisting on backdoors, they are making it illegal in some cases for companies to even discuss what is going on or that monitoring is happening.
We barely know what is going on with the programs and efforts that get leaked to the media, much less the programs that operate in total secret.
maeil
> As a UK citizen, is there anything I can do to dissuade this?
If you voted for this Tory-lite government, then you can stop voting for any future Tory-lite governments. If you did not, there's not much you can do in practice without devoting your life to it.
briandear
Wait. The Tories aren’t in power yet you want to attribute this to “Tory-lite?” It’s the Labour Party that is in charge, so why not put the blame on the actual perpetrators? Is it because you don’t want Labour getting blamed? I am confused. The Labour Party is the one jailing people for speech, so it follows that they would want backdoors into iCloud so they can better investigate ThoughtCrime.
The director of public prosecutions of England and Wales, Stephen Parkinson (appointed by the Labour Attorney General), warned against "publishing or distributing material which is insulting or abusive which is intended to or likely to start racial hatred. So, if you retweet that, then you’re republishing that and then potentially you're committing that offense [incitement to racial hatred]."
He added further, "We do have dedicated police officers who are scouring social media. Their job is to look for this material, and then follow up with identification, arrests, and so forth."
This isn’t “Tory-lite,” this is Labour.
Sources: https://freespeechunion.org/labours-war-on-free-speech/
madeofpalk
Parent seems to be attempting to discredit, not protect, Labour by calling them "Tory-lite".
tim333
This stuff started from the Online Safety Act 2023 passed under Rishi Sunak's Tory government.
For some reason Americans, including Musk, go all partisan and feel the need to blame speech restriction on the lefty party but it's not what happened.
Lio
Which party, with a realistic chance of being first past the post, could you vote for that wouldn't bring this in?
This is Hobson's choice as far as I can see.
I don't think there's anyone you could currently vote for that wouldn't do this.
maeil
You know the answer, of course with FPTP there's only two parties with a realistic chance. But why do they? Because you keep voting on them. Your votes made e.g. Corbyn lose but Starmer win. What signal does this give off? A very different signal than if both would've lost. Would another Tory government would have been even worse? In the short term, maybe. But this kind of short-termism is what has got Labour (and all of the other similar parties all over Europe) in this exact predicament. Better to make them lose for picking an awful candidate that's a Tory-lite and bite the bullet. It's not like the Tories would have kept winning for decades on end with the way things were going.
rvz
> If you voted for this Tory-lite government
If you agree that Brexit happened under the Tories and not Labour, then we can also agree that THIS order is happening under the newly elected "Labour Party" and not the "Tories", or so-called "Tory-lite" names.
It's completely pointless trying to remove accountability of this government's illogical actions and then to immediately resort to blaming the previous government for bad decisions like this one.
Just admit that this is under the Labour government.
zahllos
RIPA and key disclosure law came in under Tony Blair's labour government as well, along with https://en.m.wikipedia.org/wiki/Communications_Data_Bill_200..., arguably the precursor idea to the IPA that this notice was issued under.
maeil
Huh? You completely misunderstood what I meant by that moniker. In no way at all does it absolve them of blame - quite the opposite, it's calling them nearly as bad, so close that the difference doesn't really matter.
chgs
The government is a reflection of the people. It might not be perfect, but if 80% of the country didn’t want this type of surveillance we wouldn’t see any government pushing it.
You have to change the view of the country as a whole, and for generations the U.K. has been a country of curtain twitchers.
galangalalgol
Coupd protest on weekends and holidays as a hobby, bring a Bluetooth speaker and blast the kinks.
gambiting
Well, in the UK just planning a non-violent protest can get you 5 years in prison as many people have already discovered. Protesting has been pretty much made illegal by a very broad legislation that defines any protest that causes "disruption" as illegal - what "disruption" means is up to interpretation of course.
wkat4242
But the Tories are not in power. Can't labour just repeal it?
bluehatbrit
Labour have no problem with it, just the same as the Online Safety Act which is causing chaos right now. They're fine with the legislation and have never expressed a desire to see it repealed. They didn't even do much to prevent it in the first place.
This is what the parent comment is getting at when they say "Tory-lite".
yunruse
"Tory-lite" is a pejorative for Labour, the implication being that they are almost identical in behaviour.
(I very much agree with the sentiment...)
Jigsy
Which party do you think passed the "Tell us your password or go to prison law" to begin with?
(Hint: It certainly isn't Tory.)
It's also one of the reasons why I will never vote Labour as long as I live.
alt227
Are you still under the impression that different political parties will actually do diffrent things? It even sounds like you think Labor are 'good' and the Tories are 'bad'. I think you may change this opinion after the next 4 years.
isaacremuant
My sweet summer child. It's a false dichotomy, like most of these types of issues, it has actual bipartisan support.
Same thing happens in many other countries no matter how strongly HN users want to tell you A is literally hitler and B is great.
briandear
Labour caused it. Why would they repeal what they want?
InTheArena
Yeah know, at some point a historical review would suggest that the constant stream of labour led initiatives to end privacy might indicate that the problem is not just the tories.
HamsterDan
"Don't blame me. I voted for Kodos"
csmattryder
> I thought we were making progress in the anti-surveillance privacy na[rra]tive
What lead to to believe that? The Conservatives and Conservative-Continuity governments both agree that our data simply must be in the hands of the police, DEFRA, and your local council.
RIPA will never be repealed and only strengthened.
snapcaster
I don't disagree with your analysis but i wouldn't be so fatalistic. This stuff _isn't_ inevitable and i think it's possible to win people over to our side. Things can change for the better, but they won't unless people who care don't give up
csmattryder
Ahh, I used to have that opinion, but I've encountered too many "It's fine if they want it, I've got nothing to hide" people. (They never give you their Facebook password if you ask, though. Funny, that.)
Change what you can, I say, VPN on the network device.
isaacremuant
Probably helps if the next time they try to remove the rights of large segments of the populace based on medical choices, lock people down, track them and propose vaccine passports, that you realize where everything is headed and oppose it vocally.
It's always through the appearance of good intentions and a public that pushes for whatever narrative they're fed that they normalize this.
People love and want more of this, not less.
buyucu
vote for people who are anti surveillance.
kandesbunzler
so right wing?
buyucu
no idea, UK is not important enough to follow their politics. vote for whoever supports privacy.
cbeach
Let's start supporting parties that have principles.
And stop making excuses for parties that don't (i.e. Labour, Lib Dems and Conservatives).
At the moment, the UK public (and media) considers it a sport to disparage and smear parties like Reform, whose leaders want to shrink the power and over-reach of the state.
We are so concerned with appearing virtuous and internationally generous, we cannot be seen to align with a party that wants to put UK citizens first (border security? deporting dangerous criminals back to their home nation? gasp, how could we be so ghastly!)
This self-defeating attitude needs to change if we want a better future for our children.
rvz
> Let's start supporting parties that have principles.
The problem is that there are none.
The correct assessment of all these political parties is that by default, they all cannot be trusted. Especially both labour and the conservatives.
> This self-defeating attitude needs to change if we want a better future for our children.
Yes. The second problem is that the United Kingdom is incapable to changing itself historically and is fundamentally destined to never be open to change.
TacticalCoder
[dead]
Havoc
UK tech laws seem to consistently be the worst of both worlds. Not rights centric like the EU and not business supportive like the US.
Just old people making bad laws about stuff they don't understand - or are straight up citizen hostile, sometimes hard to tell which it is.
eagleislandsong
> Not rights centric like the EU
Sadly, the EU is trying very hard and very persistently to pass the Chat Control bill. So far the EU hasn't succeeded, but I would be surprised if EU politicians didn't keep trying until it is finally codified into law.
alkonaut
There's always competing interests, but I like to look at it as a glass half full. It's the focus on rights that has ensured it's still not passed.
throwaway127353
[dead]
marcosdumay
The EU has one extremely corrupt legislative body, yes. But they are usually not a problem due to them not having any formal power.
andyjohnson0
Successive UK governments consistently fail to understand the UK's place in the modern world. Insisting on access to encrypted data in all jurisdictions globally is just another example of them thinking small and acting big. Its the digital equivalent of sending a gunboat to put-down the troublesome "natives". Meanwhile its 2025, not 1925.
(disclosure: brit)
77pt77
This was even warranted in 1925, more like 1875.
aqueueaqueue
It would be like demanding a lock up in NYC open a locker in your name and seize all contents.
wyclif
I'd like to think that we've reached the point now that there will be mass resistance to threats to privacy and freedom of speech in the UK, but Britons are such a docile, accepting, and pliant people when it comes to standing up to Big Brother.
globular-toast
Why now? I gave up on this at least 10 years ago. If you can't even get techy people to think about the ethical ramifications of encryption etc then it's a lost cause. What makes you think now it's different? They said it couldn't get much worse 10 years ago, as did they 20. Do you really think the UK population has a breaking point where they will suddenly understand privacy and why it's important?
The UK population generally wants to put their fingers in their ears and pretend everything is ok. Remember we're all descended from people who didn't go to the colonies to try to get a better life.
wyclif
Why now? Well FWIW I also don't have much hope it will happen. But maybe the needle will be moved if Apple doesn't back down and it affects UK iPhone users.
HPsquared
It's pretty standard for the UK gov to take a "worst of both worlds" approach.
harvey9
Ignorant rather than old. Alan Turing was born more than 100 years ago.
tim333
I looked them up and they are not terribly old but did Ancient and Modern History at Oxford - the guy who did the law and philosophy, politics and economics at Oxford - Home Secretary. I doubt they are very up on tech.
kandesbunzler
What are you talking about? I'm a german and the surveillance here is crazy. The EU is pushing for more surveillance. I always love the left wing echo chambers like reddit/HN who pretend like the EU is some kind of utopia.
newscracker
Archive link: https://archive.is/3Pp0U
I was wondering whether this is about Advanced Data Protection, which encrypts almost all data end-to-end on iCloud. It’s only later in this report that it gets into this key detail:
> At issue is cloud storage that only the user, not Apple, can unlock. Apple started rolling out the option, which it calls Advanced Data Protection, in 2022.
Before stating this, the article says:
> Rather than break the security promises it made to its users everywhere, Apple is likely to stop offering encrypted storage in the U.K., the people said.
This means Apple would be prevented from providing Advanced Data Protection to users in the U.K.
Not making Advanced Data Protection available is made worse by this requirement:
> One of the people briefed on the situation, a consultant advising the United States on encryption matters, said Apple would be barred from warning its users that its most advanced encryption no longer provided full security.
Apple can appeal, but is forced to comply meanwhile (until the appeal is heard) anyway:
> Apple can appeal the U.K. capability notice to a secret technical panel, which would consider arguments about the expense of the requirement, and to a judge who would weigh whether the request was in proportion to the government’s needs. But the law does not permit Apple to delay complying during an appeal.
_Algernon_
If they had some balls, they would just stop offering icloud altogether in the UK until they have appealed. Let's see how the judge feels when half the country can't access their files anymore and Apple points to this decision as the reason.
bArray
Not just most of the judges, but most of the MPs who voted on this. Let them eat their own cake.
I think they could do something like what Tik Tok did, by letting users know why they can no longer provide the service.
I would personally give Apple money to see them actually stand-up to this. What's probably more concerning is the number of companies not complaining about this at all.
ben_w
UK judges are not elected, and don't do things on the basis of what the public thinks.
This headline comes to mind: https://en.wikipedia.org/wiki/Enemies_of_the_People_(headlin...
HPsquared
Judges only interpret the law as laid down by parliament. And, in theory at least, parliament cares about public opinion.
Someone
> when half the country can't access their files anymore and Apple points to this decision as the reason.
Governments are extremely powerful. They may issue a gag order (https://en.wikipedia.org/wiki/Gag_order) that makes it illegal for Apple to do that.
_Algernon_
Even in that case, Apple could withdraw from the market.
If push comes to shove and apple actually called their bluff and withdrew completely from the UK market, I'd bet that that government would become so unpopular that they would not be elected again for quite some time.
donohoe
Gag orders affect information, not whether they continue to provide a service or not.
Marsymars
I expect everyone would read between the lines if Apple simply offered "no comment".
echelon_musk
> the law does not permit Apple to delay complying during an appeal.
Seems absurdist. They have to implement the backdoor, appeal, and only if the appeal is successful can they disable it.
_Algernon_
Apple can't offer icloud with encryption. It doesn't force them to offer the service at all afaict? Forcing a company to offer service at all seems like a gigantic judicial overstep IMO.
eterm
Apple doesn't have the same dominance in the UK than it does in the US, so the UK would probably just tough that one out.
MortyWaves
I have zero clue where you’re getting this from. iPhone is incredibly popular and every politician has one.
CSSer
Then it sounds like they don’t have much to lose ¯\_(ツ)_/¯
chrisjj
> Apple points to this decision as the reason.
Unlikely. That's illegal.
null
coretx
Roll out the change in the city of London first and watch the finance sector crash :D The rest of the UK probably won't have to follow suit.
necovek
Democracies around the world are increasingly looking to surveil and expose private data of their citizens, and introducing laws where simple act of defiance will become criminal.
I believe we should increasingly turn to steganography as a way to ensure our privacy (obviously, combined with encryption). Something that provides simple plausible deniability but lots of data to use as a carrying medium should become the default selection (like "personal videos" — a great use for our phone cameras to build an extensive collection), so even if "identified" as potential carrier for the data, it would be impossible to convict someone over it.
I can imagine a scheme where your secret passphrase defines what bits of data in a video to use to carry actual data and yet avoid changing the output too much. Obviously, coming with a non-reversible algorithm that takes into account different lossy video encoding schemes is non-trivial, though I am sure there is some (plenty?) prior art to build off of.
TheDong
Clever technological tricks are not the solution to political problems.
"Plausible deniability" is cute, but in practice, who cares?
> impossible to convict someone over it.
Yeah, sure, tell me how well that works for you. "Your honor, the data is mathematically indistinguishable from random bytes so you can't convict me" -> "The witness saw you type in a password to view data from that image, give us the password or you're going to prison. Even if you don't give us the passphrase, the police officer says you might be using something called 'steganography', and that's already enough to convict you"
The court and legal system does not care about clever logical tricks or cryptographic tricks or any of that.
necovek
When you've been observed doing something (esp with evidence), "plausible deniability" falls through.
But when you haven't (eg. if you had your data that way in an Apple Cloud, and Apple was required to provide blanket access to everything), nobody can come and claim you've got there anything other than videos.
Obviously, a sufficiently motivated actor won't be stopped (see torture), but your data is not out in the open.
tsumnia
Obligatory XKCD: https://xkcd.com/538/
necovek
As I responded in a sibling comment, that is true when you are being targeted: for blanket surveillance of innocent citizens, it will work wonders.
The problem with just doing encryption is that it can be made illegal and it's obvious when you are using it with a cloud platform. The same is true for steganography (you can make it illegal), but someone would have to know you are using it to apply the same tactic.
tokinonagare
> Democracies around the world are increasingly looking to surveil and expose private data of their citizens, and introducing laws where simple act of defiance will become criminal.
Not only that, but also trying to ban platforms that don't follow their censorship guidelines (TikTok in the US, X under scrutiny in UE) and even voiding elections when the result is not good (Romania) under very slim technology-related pretense (somehow a few ads are deemed enough to cancel an election, but 24/7 oriented news from every established newspapers in another country like France is totally OK). It's becoming harder and harder to believe in said democracy when the methods are all but looking like the ones used in non-democracies.
tremon
voiding elections when the result is not good (Romania)
Downvoting for this claim. Stop spreading misinformation.
1) it wasn't the government voiding the election, it was the courts
2) it wasn't because they disagreed with the results, it was because an existing law was broken (undisclosed campaign financing)
wqaatwt
Also because the candidate who won the first round and was almost guaranteed to win (not the nut job TikTok guy who came second) didn’t belong to any of the major parties. So the government wasn’t particularly excited about that…
rolisz
2) why wasn't the person/party that broke the law penalized then? PNL was found to have paid for the TikTok ads for Georgescu. Did they get even a slap on the wrist?
marcosdumay
> Democracies around the world are increasingly looking to surveil and expose private data of their citizens, and introducing laws where simple act of defiance will become criminal.
Yes. Democracies around the world are increasingly stopping being democracies.
rollcat
> Something that provides simple plausible deniability but lots of data to use as a carrying medium should become the default selection (like "personal videos" — a great use for our phone cameras to build an extensive collection) [...]
No. I want all of my data end-to-end encrypted. In transit, at rest, everywhere and at all times. Privacy is a human right. Security of their citizens is what these governments vowed to protect. If they can't, these governments should be changed.
necovek
What I am suggesting is embedding encrypted data in innocent-looking files using steganography to avoid it being obvious you are using encryption in the first place.
This protects you even if we — as citizens — fail to stop governments from going rogue and forbidding encryption (some of us remember US export controls on strong encryption that was only lifted 2 decades or so ago).
Kim_Bruning
For years, law enforcement pushed for encryption backdoors, arguing they were necessary to combat crime and terrorism.
In the US, after Salt Typhoon compromised telecom networks—including court-authorized wiretap systems—the FBI has now (somewhat reluctantly, I think) started advising government officials to use end-to-end encrypted apps like Signal and WhatsApp to protect themselves. [1]
I think the UK government is running a bit behind wrt Encryption.
[1] https://www.npr.org/2024/12/17/nx-s1-5223490/text-messaging-...
pmlnr
No, the government is always exempt. Citizens shouldn't be allowed e2e, the government, that's ok.
selendym
The problem with this line of thinking is that the government is, of course, composed of... individual citizens.
pmlnr
I don't want them to be, they make themselves exempt.
It's bad. It's one of the causes that triggered the French Rebellion in 1793: one rule for them, one for us?
Kim_Bruning
They do seem to think that way sometimes, don't they?
But the counter-argument here is: if the civilian E2E apps had also/already been backdoored, they'd be entirely out of options now.
maeil
From the macrumors thread:
> So much for personal liberties. I'd like to give Labour the benefit of the doubt and assume this is a holdover from the last government knowing how fast the civil service actually works but given the Tory 3.0 plan they are going with I wouldn't put it passed them.
>We didn't vote for this.
You very much did vote for this, you voted for Labour under Keir Starmer and he did not particularly hide his being tory-lite. If one is surprised by this they must not have paid any attention before voting.
blibble
quite why Labour deserve the benefit of the doubt on anything authoritarian I don't know
Labour was behind:
- forced key disclosure (Regulation of Investigatory Powers Act 2000), still in force
- 72 day detention without charge (Terrorism Act 2006), defeated before it became an Act
- national identity register and mandatory id cards (Identity Cards Act 2006), ripped up by the next Tory government
- various attempts at removal of ancient right to trial by jury (partially successful)
zahllos
As I posted under another comment, https://en.m.wikipedia.org/wiki/Communications_Data_Bill_200... - communications data bill 2008 / interception modernisation programme. A precursor to what became the IPA.
scrlk
Have people forgotten the authoritarian tendencies of the 1997–2010 Labour governments? This is nothing new.
alt227
Its crazy how people still think one political party will be 'better' than another! I guess they must be young. After you have seen 10 or so government terms play out you soon learn.
mistercheph
Yeah yeah vote for the other clowns next time, they'll definitely roll back these totalitarian policies :)
physicsguy
Labour are social democrats, not classical liberals…
https://archive.is/3Pp0U
(Although I was able to access the article in full on the original URL)