How the UK Is Weakening Safety Worldwide
139 comments
·February 24, 2025PeterStuer
thefz
Apple can state all they want, but since the disclosure of PRISM, I will not believe anything they say. The general population will, however.
AlexandrB
The scariest thing is that PRISM was revealed in 2013 - 12 years ago - thus "the intelligence community" has had 12 years to move this same approach forward. I could be remembering wrong, but the only repercussions for the PRISM leak fell on the leaker: Snowden.
AlgebraFox
Exactly. I have no idea why people trust Apple when they were working with NSA and China for surveillance and censorship. Their software is 100% closed source. You've no idea what it does despite all marketing. They may make great hardware but it's foolish to have trust in their privacy claims.
wseqyrku
Since Private Cloud Computing it's clear how they see their customers.
motbus3
As back in the 90s lots of "pedophiles" will be found in controversial investigations
aleph_minus_one
> "The thing is, Apple has made it abundantly clear in no uncertain terms that they will refuse any request by any government to knowingly insert backdoors into their software."
Jail the responsible managers for fraud.
lupusreal
How could you prove fraud in court, if the government has classified all the evidence and refuses to admit any of it happened? The government has gagged them, making it illegal for those managers to even plead guilty!
aleph_minus_one
> How could you prove fraud in court, if the government has classified all the evidence and refuses to admit any of it happened?
There exist other government than the US government - in this case the UK government.
amelius
Apple built their castle in someone else's kingdom.
So, indeed, there's little they can do about it.
On the other hand, if they are forced to implement a backdoor then many people will have to know about it.
NoMoreNicksLeft
How many people would have to know about it? If they can keep the team that implements it to say, 50 or fewer engineers, it wouldn't be much at all to gag them with an NDA.
AlexandrB
Not just an NDA, but probably an NSL[1]-style non-disclosure requirement. How many are willing to go to jail or exile in a foreign country to reveal this kind of thing?
bartread
I don't suppose Apple run any warrant canaries do they?
literalAardvark
What would the point of that be? They're too big not to have warrants served on a daily basis.
gunian
anything digital (phone, cars with cameras, server) that you didnt build from scratch has a backdoor that feeds a five eyes LLM anyone that thinks otherwise probably believes slavery and feudalism ended and license plates are random :)
the more interesting question is how is global surveillance handled across geopolitical boundaries? do they even need digital devices or have the overlords given nano tech?
nico
> license plates are random
First time I hear about this. What’s up with license plates?
florbnit
> They may say that, and it might even be true, but then again, If they were requested by the US they couldn't speak about it nor refuse without explicit court permission.
They couldn’t in the UK either which is why they completely removed encryption, they could do the same in the US if the government pushed for back doors.
aqueueaqueue
Great article. Something they eluded to but didn't explicitly call out is the "good guys" I.e. the government who use the law to get access can be bad guys for many reasons.
One is individual actors. See recent cases of how MI5 agents covered up DV using their privileges. Bad people love power, and they just need to get the right job.
Another is a bad government, such as a repressive controlling style government gaining control and having everyone's personal data in a lake.
bmenrigh
There are no good governments.
dijit
I think thats the right mindset to have in cases where power increases.
I’m really exhausted with this sovereign citizen crap, but when the government is trying to accrue more powers its worthwhile asking what else can be done with it.
For a prescient example: my mother welcomed policies that made protesting more-or-less illegal. “Just Stop Oil” had been doing a lot of nuisance things and she felt it justified. As did the right wing.
Now, when the far-right started marching[0] she was horrified to learn the extent of the new powers and said it was orwellian.
I use her as an example because I think HN leans left, but it will be the right wing folks who dislike government most. Obviously as a left winger myself- when the right wing government was installing anti-protest measures I was horrified, and was much more keen to point out they it could be used against people like my mum.
The government aren’t your friends, they are either changable- meaning all rules have to be solid enough to be used fairly even if the ruling party changes a lot, or: you’re living in something other than democracy, which is largely considered bad.
[0]: https://en.wikipedia.org/wiki/2024_United_Kingdom_riots
wvh
People are massively choosing sides, colours, flags, identities. It's not about left or right. It's about personal opinions and identity, and one side having the power to violently disagree with you, to the point of no recourse. It does not matter if it's a left or right boot that stomps you in the face.
I see the same thing in my parents, where actions become scary when "the other side" does them. It's a myopic arms race to the bottom of rational understanding.
NoMoreNicksLeft
The trouble, I think, isn't that the left is worried about government power. It's that they're infatuated with its potential to dole out all sorts of entitlements and welfare. It's not so much that you won't want it to have the ability to limit protests, it's just that you want to make sure your guys are in charge first and that they're limiting protests you dislike.
>I’m really exhausted with this sovereign citizen crap,
I couldn't ask for a better example of my assertion above. For the moment, ignore their lunatic legal theories (rarely can one win cases in court by insulting judges and dismissing their powers to adjudicate). Their sentiment, at least, should be something you're sympathetic for. These aren't people who are disposing of liquid mercury in the local river or selling children to the coal mine as slaves. They're goofballs who want to drive down the road with their own homemade license plate. Rarely, if ever, do you read a story where they're doing something dangerous or harmful. Instead, it's always about them flaunting an attitude that the government shouldn't have power over them in the mundane activities of daily life. Despite that, they're among the most-hated of outgroups among the left. Why? Because when the fringe left is in charge, someday in the near future, it will be just as embarrassing to them that the sovereign citizens give them no respect as it is currently to the not-leftist-enoughs in charge now.
ben_w
Prisoner's dilemma is a broader category than the name suggests.
A good government is one that changes the payout matrix in our daily equivalents so people choose cooperation over defection.
(But what prevents the government from defecting?)
speed_spread
There are effective ways for large populations to organize and fairly delegate power amongst themselves with the goal of efficient resource management and maximizing collective benefits. But it first requires that said population understands the working of said organization and have an objective idea of the trade-offs at play.
czzr
There are better and worse governments. Blanket statements like yours only serve to empower the worse governments.
raxxorraxor
I doubt this was the essential point. Even if it is currently well intended and behaves perfectly, the "goodness" of government is irrelevant.
It is that you cannot rely on government to be good. So you need checks and balances and also privacy to shield you from government overreach.
Melab
This is a performative declaration. You don't really believe that.
sph
Democratic governments start good, then, operate through the only hammer they have: legislation. After a few decades, there are more things one cannot do than can do without lawyers, committees and councils breathing down your neck.
So the people get restless, and want to tear it all down, in the hope that we can start again fresh.
But I agree with the gist of it. Right now there are no democratic governments that are good for people. We live in barely disguised oligarchy run by thieves, imbeciles and sociopaths.
As an immigrant to Britain, I am appalled to see how fast inept legislators keep making things worse every time they try to fix them, and how the average voter keeps voting for the parties with the silliest and most destructive of ideas. I am so glad to be out of this place in the next few months. Looking forward to Reform to completely destroy the little that's left; hopefully a better place will rise out of the ashes. See you in 30 years, Britain.
thrance
That's a very wrong reading of history. Our democracies didn't "start good", slavery was legal, workers had very few rights and strikes were brutally broken by a police whose only job was to protect the interests of the aristocracy turned bourgeoisie. The weight of a country's law book is no indication of the freedom of its citizen.
Our period of instability has been brought upon by a discontent stemming from ever increasing economic inequalities. This isn't the first time it happens: look at the 30s. Europe turned to fascism and was demolished by pointless wars, America turned to social democracy with FDR and the new deal, and became the first hyperpower.
Melab
> Democratic governments start good, then, operate through the only hammer they have: legislation.
As opposed to other forms of government that somehow have other tools???
> After a few decades, there are more things one cannot do than can do without lawyers, committees and councils breathing down your neck.
1. We have more freedom now than 200 years ago.
2. "Having lawyers breathing down your neck" is invariant with respect to the amount of freedom we have.
lonelyasacloud
> such as a repressive controlling style government gaining control and having everyone’s personal data in a lake
… and having an AI too mine it and persecute anyone who dissents while they work on their mind reading chips?
sph
https://www.activism.net/cypherpunk/manifesto.html
1993 — feels so far away now. Even us techies have become either posers or corporate lackeys, and no one is left to fight for privacy in the digital space.
aleph_minus_one
> Even us techies have become either posers or corporate lackeys, and no one is left to fight for privacy in the digital space.
I have a feeling that this depends a lot on the country:
In the USA, there is now big money to be made in programming jobs, so a lot of people have become what you call "posers or corporate lackeys". Money makes it easy to look away from mass surveillance.
On the other hand, in Germany, you can live off of being a programmer, but you very likely won't become rich this way. Additionally in Germany there is, based on the experience of two dictatorships on German soil in the 20th century (where the crimes of the GDR have barely accounted for), much more of a privacy culture at least in some circles than I observe in many other countries.
pjmlp
And yet elections went down as they did, because newer generations think it is only fairy tales to scare kids at night.
So many lost lessons.
literalAardvark
They're drowned out by the eternal September, but they're out there.
Expecting most of the population to care about privacy is extraordinary.
mettamage
The crazy thing with allowing for backdoors is that the most capable or trusted advisaries get in first, aka: other nation states and former employees.
kurthr
Yeah, almost makes you wonder who's actually behind it. Wouldn't be a bad political psyop for a UK/democracy adversary to go after.
If the intelligence agencies don't know that their own tools can and will be used against them (and all the data on their own citizens they've kindly gathered for their adversaries) they are willfully ignorant. No excuses.
kypro
It's not that they don't understand it's that they don't care. The UK doesn't really respect the right to privacy generally.
Walk down any street in the UK you see multiple CCTV cams watching you. Buy something at the supermarket and you'll have at least 1 or 2 facial recognition cams put in your face. The police routinely deploy facial recognition software on random passers by in the street and monitor our social media posts to ensure no one is saying anything hurtful. On entering the UK border police can detain you without grounds and force you to answer their questions (you have no right to silence). They can also force you to provide them with access to your personal devices and if you don't cooperate you'll be charged as a terrorist. They can (and do) legally use this power for arbitrary reasons all the time.
In light of this the idea that the UK would be concerned that someone's iPhone data isn't kept completely private is absurd. This just isn't a concern of the UK state. The concern is that people currently have too much privacy and we cannot be trusted with that.
kurthr
It's not the right to privacy, it's the manipulation and subjugation of your own state by what is ostensibly a foreign adversary. Or maybe they're all traitors, who knows.
onionisafruit
> other nation states
The UK might be the country least likely to be confused with a nation-state. It’s an empire, or at least the remnants of one.
troyvit
When I saw the headline I thought, "what click-baity hyperbole is this now?" That was the attitude I had when I went to read the story, then I got to this part:
> and while I always encourage readers to explore other options by privacy-first companies, I (among many other privacy enthusiasts) still touted this as a win for giving the everyday user an easy, effective way to protect their data.
Actual. Nuance. It's been a few weeks since I've seen that in my feeds.
LittleTimothy
I think it's actually valuable to hear from one of the former Tory ministers who was in favour of the bill says[1]. I don't necessarily agree with him, but it's interesting to hear he essentially argues that you don't have the security you think you do. If a bad actor wants to pwn you they'll do it on your device and you can't stop them. I think that's broadly true of some actors. If you personally are being targetted by a motivated opponent then yes, they will likely target your personal device first and then encrypted cloud is essentially moot. It's also an interesting idea to not say "We need this to tackle CSAM" but instead to say "We need this so that these companies can't enable CSAM whilst claiming to be unaware" - I think on a practical level that does hold more water.
At the end of the day though, he doesn't address the clearest problem with these backdoors which is that the payoff value of being able to blanket unencrypted cloud data is of such high value it's extremely likely to get exploited, and for the average person you're more worried about being exposed as part of a broad attack on infrastructure not a targeted attack on your individually.
It's also pretty difficult to give credence to the idea that they need this tool to tackle CSAM or organised crime. The reason you can't believe that is because they don't tackle CSAM or organised crime by and large. The UK government simply hasn't prioritized policing that, so we're not in a context of "we're doing all we can but we need more powers", we're in the context of "We can't be bothered, curtail people's rights so our job is easier". I'm sure Apple is not in favour of CSAM, but Apple isn't a member of the British police responsible for investigating and tackling CSAM, why are we trying to recruit them to be?
matthewdgreen
I don't think that's very persuasive. Targeted compromise of iPhones is incredibly expensive, and relatively hard for mere criminals to access. If that's the only way for a bad actor to access your data, you've instantly taken everyone but the most wildly sophisticated (and wealthy) criminals and state actors off the table.
Meanwhile iCloud backups are available not only to sophisticated folks who can compromise Apple's servers, but also to anyone who can social-engineer a password recovery flow or bribe an Apple customer service agent.
Second, re: CSAM, the iCloud ADP system is focused on backing up your personal devices. It is not designed to share data with other users. So a criminal can have CSAM on their phone and simply turn off iCloud Backup (and thus be "invisible") or they can use ADP. The two things are equivalent, and both assume a sophisticated user. I'm sure there's some bizarre and painful scheme where you could use ADP to distribute CSAM to other folks, but there are many easier ways to do that. Once you grant the CSAM point, you're just saying it's necessary for all personal device data to be constantly available for search by the government. (And while I disagree with that opinion, it is an opinion and should be fully fleshed out.)
rightbyte
> If a bad actor wants to pwn you they'll do it on your device and you can't stop them. I think that's broadly true of some actors.
I mean that is correct in the literal sense. Both Google and probably Samsung can hack my device remotely by remote code execution via targeted updates. So American and South Korean authorities.
But I don't think any "bad actor" could do it?
Like, the Foobarland police. Is that a reasonable take?
marcus_holmes
I flat do not trust that the motivations for the legislation are what the government says.
The UK has a history of covering up child abuse by establishment figures, not least Prince Andrew. They are not actually concerned with preventing child abuse.
Successive UK governments have tried to remove or weaken encryption over the years since the 90's. There have been a succession of excuses, but mostly "think of the children".
The various MI* agencies have said publicly that they cannot carry out their duties (that of spying on UK citizens) while E2E encryption is available.
IF they had the courage of their convictions they would just lay out their case for a society with no privacy, have the argument, and accept the conclusion. But I realise this is politically naive.
sph
Child abuse is an excuse. It is a red herring.
The thing about weaponising child abuse to destroy democracy and privacy, is that no one can openly protest against it, because who the hell is against protecting children from abuse? Especially in Britain, where the spectre of child abuse happening basically in plain sight, is still fresh in anyone's mind (Savile & co.)
Child abuse is the trojan horse. Any resistance and fight for privacy has been on a ticking clock since legislators discovered they have the ultimate weapon to pass any form of anti-democratic regulation. Slap "it's for the children!" on top of it, and the masses will applaud and cheer for more spying and more profiling by the government.
d0gsg0w00f
So what _are_ they supposed to do about the children? The alternative (doing nothing) is not good.
Or do you think that government should shrink their responsibilities and everyone should watch out for their own kids?
Ekaros
Couldn't we ask same thing about financial fraud. That is should government have AI to scan every single message send by everyone to see if they are responding to some scam? Maybe direct those matching certain criteria automatically to teams of people who are allowed to read through that correspondence?
That too would be doing something. And maybe even net benefit for many individuals.
nprateem
On tech forums you're supposed to pretend that child abuse doesn't exist and that it can always be waved away as an excuse. Granted, once they have the ability to snoop they will, but it's a legit reason in this case.
raxxorraxor
First thing would not to vote for Starmer who probably was involved in covering up polically inconvenient child abuse.
Better start with that or few people will believe your intent.
Quarrelsome
> The UK has a history of covering up child abuse by establishment figures, not least Prince Andrew.
Can we please reference Jimmy Saville instead? Jimmy Saville is an entirely deplorable example of what it is that you're getting at and he got away with blatant and horrific acts until he died.
Conversely Prince Andrew is a crap example because what he is accused of (sex with a 17 year old in London in 2001) is actually entirely legal in the UK (age of consent is 16). So to hold him up as a prime example of a problem is just an Americanism.
InkBloomfield
> So to hold him up as a prime example of a problem is just an Americanism.
These girls were trafficked and groomed by Epstein and Maxwell. Even if the woman was older it would still be deeply immoral as these girls/women were trafficked.
null
latentsea
> Can we please reference Jimmy Saville instead? Jimmy Saville is an entirely deplorable example of what it is that you're getting at and he got away with blatant and horrific acts until he died.
His case comes up on Thursday.
raxxorraxor
> They are not actually concerned with preventing child abuse.
Wasn't Starmer even part of the political forces trying to cover abuses up? To not "rock the boat" or something like that?
You don't need to marry Musk, but I think he was on point here. Their surveillance ambitions are clear as well, because negative press is of course unfortunate.
thefz
Child abuse being used here is just to appeal to emotions of the public.
https://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalyp...
InkBloomfield
Even if it isn't child abuse, they will put up someone abhorrent that you have to defend the rights for, these are usually boogiemen like Islamic Extremists, Neo-nazis, Misogynists etc.
GJim
> child abuse by establishment figures, not least Prince Andrew
Citation needed. (That's quite a serious allegation you are making).
InkBloomfield
There is plenty of information available about Prince Andrew's relationship with Jeffrey Epstein and even a photo of Prince Andrew with his arm around the young girl in question. Even the Royal Family have tacitly admitted this by essentially socially ostracising e.g. removing him from official events.
GJim
Having a friend turn out to be (very) dodgy isn't evidence you are a child abuser. Not to mention the lass the accusations surround was 17 and therefore not a child.
Far too much internet hysteria and not enough facts.
Lanolderen
With time privacy is getting more and more difficult to the point where I'm not sure you can/will have real privacy living life normally so releasing the dirty laundry of everyone will even the playing field to where everyone's at least a bit of a freak but we hopefully just accept it since we're also not who we are on Linkedin.
While true privacy is probably optimal I've been quite curious about the idea of a "no privacy society" recently and the more I think about it the less of a terrible idea it seems if it keeps getting more and more difficult to maintain privacy for normal people and especially in the realm of politics.
If you know everything about the people high up they can't really be blackmailed and I'm not really sure anyone would care that big shot X enjoys gambling or some kinky sex once in a while.
tl;dr: If privacy is/gets impossible to maintain for normal people it might be worth just displaying everyone's dirty laundry so no one can pretend they're saints from their elaborate privacy castle. No idea how you'd go about implementing it realistically. It's mostly a shower thought.
Does anyone know any good discussions in that direction?
vv_
> If you know everything about the people high up
This is a law for the peasantry not the nobility. Due to international treaties (e.g. Five Eyes) it'll allow federal agencies in the United States to spy on US citizens using the UK as proxy.
The greatest irony is that Western societies are slowly becoming the dystopia they once accused China of being and evidently nobody cares.
Lanolderen
Yeah. That's the implementation issue. It'd need to go top->down somehow.
And I wouldn't say nobody cares. It's just that a lot of what's happening is quite technical for normal people and in many countries you can't even really do much about it. At this point you're getting bent over by your government, other peoples governments, awkward techbros with visions, weirdos with business plans, etc..
marcus_holmes
I've lived in a small island community where everyone knows each other's business, and it's not too bad. But it does take a certain type of personality to be happy with it. A lot of humans are not comfortable with everyone knowing everything about them.
And it's not everyone else knowing my business that I'm worried about. It's the government. Imagine that the UK ends up with someone like Trump in charge, and they push for a law that says "anyone criticising me or my decisions will be fined". In a world with E2E that is impossible. In the world the UK spy services want to build, this is routine. Privacy is good for democracy
mihaaly
Since ProtonMail was mentioned in a context, I wonder what is the fate of the Proton infrastructure in UK, also having encrypted storage of various items similar to iCloud. And the alike (Tresorit, ...). Are they the next?
Although it is only partially parallel topic but my current pet peeve about the generic true uninterest of data safety in the UK is the practice of property agents requesting full set of data only necessary at the time of contract - or not even then, like the name of your children - just to start talk about viewing a rental property. Not for the viewing, not for applying for tenancy, no, before even talking about if there is available timeslots for viewing. First reply from them: fill this (very long) form. Some even ask for recent credit check reports uploaded on sending in interest for viewing opportunities. And people comply on masses without apparent hesitation. Years of degrading practice (8 years ago it was much different and less privacy intrusive) means several hundrends of thousands (millions?) people's deep personal data is flowing around in unencrypted emails or forms stored in the third party system (not even at the property agents) the agents dedicate for this purpose, very very fragmented in procedure and solutions and granularity. Apparently there is no objection of the masses as this is a practice property agents escalated to this level claiming "industry practice" when trying to complain. Feels like being alone, refusing, then being refused - I know, I am problematic not handing over all my data on first ask. I wonder what the Information Commissioner's Office will say about the matter. I reported one of the many cases. Only out of curiosity as the matter will be mute not only because of the 16 weeks turnaround for comment - 8 are already passed, and by then we will be out of the UK, for other reasons too - which is awfully slow for anyone affected but by the extent of uninterest for privacy from the UK masses. Property agents are just one tiny part of the pattern actually, asking for your data as the first move is a generic thing from almost all services I came accross. A representative example: - How much would this cost? - What is your name, phone number, address and email address? - the question comes instead of an answer despite that the price depends not the slightest on those data. And this is working this way for very long time. I have a bit of scepticism about if the UK population would ever fight back - risking put into the group of pedofiles by public opinion. I can imagine more arguing for it. As 'Good people have nothing to hide' principle. The "Get Involved" links are for the idealistic ones alone.
upofadown
Isn't Apple doing client side encryption? It sounds like there is a key kept in the phone that is used to encrypt the stuff in the cloud. I am not seeing more than one "end" here. What aspect of their scheme causes the article to refer to it as "end to end encryption"?
I think this is important because the UK is effectively cracking down here on the very idea of keeping things private. We don't have to bring messaging into this; this is a case of an individual attempting to keep their personal stuff to themselves. Most people would consider that a perfectly normal thing to be able to do.
florbnit
I feel like Apple should have made a bolder statement and made the iCloud accounts of all politicians in the UK fully publicly accessible. And state that they would keep them such until the courts finished dealing with the appeal. But of cause Apple has cut its activist roots several decades ago and will stay sober in their dealing, which I also appreciate they feel like the only tech giant who’s actually acting like adults when it comes to privacy.
crimsoneer
The Salt Typhoon example doesn't seem relevant, as it looks like it's down to unsecured routers?
One more relevant question on this would be something like internet connection records, which when they were introduced everyone said would definitely get leaked.
https://en.wikipedia.org/wiki/Collection_of_Internet_Connect...
crimsontech
But from their internal position they fully compromised the system used for wiretapping. https://en.wikipedia.org/wiki/2024_United_States_telecommuni...
GuestFAUniverse
Undisclosable backdoors. Very democratic./sarcasm
"The thing is, Apple has made it abundantly clear in no uncertain terms that they will refuse any request by any government to knowingly insert backdoors into their software."
They may say that, and it might even be true, but then again, If they were requested by the US they couldn't speak about it nor refuse without explicit court permission.
In the U.S., gag orders under the Stored Communications Act (SCA) (18 U.S.C. § 2705(b)) and National Security Letters (NSLs) under the USA PATRIOT Act prevent companies from disclosing they were compelled to comply with law enforcement or intelligence agency requests.
Key Regulations: