NCSC, GCHQ, UK Gov't expunge advice to “use Apple encryption”

then what's them from banning all new iPhones?

The torches and pitchforks that are soon to follow? You might get away with that in oppressive “some countries”, but I just can’t imagine it ending well in someplace like the UK.

Bread and circuses is what stops them. Whoever would get the iPhone banned is guaranteed never to win another election. Like banning beer or football.

It would also be banning Macbooks, imagine what companies would have to say about that.

The reason Apple isn't calling their bluff is not that they're scared the UK will actually ban their products. It's for optical and political reasons.

I don't know how UK electorate feels about this, global backdoor feels like much more unreasonable ask than domestic backdoor. Really takes particular hubris to ask for it in the first place.

Hold the population used iPhones. Wouldn’t be very popular.

> without Apple or the government having power over it

As we are talking about E2EE for cloud storage, governments have very much control over it as in banning the use certain software by law and applying it through ISPs and other means. Not saying I wouldn't prefer a scenario where there was indeed some degree of such choice, but that would not change anything if a government decides it does not want E2EE.

> Apples stance on E2EE is off by default

True E2EE in the context of cloud storage has also certain downsides that one should acknowledge, notably if you lose access to your keys your data is effectively gone. When we talk about a large userbase that includes people who do not have a good understanding of this fact (prob most people) and this choice is not made by themselves in a more conscious manner, this could be a headache for a company (and customer service). Go to subreddits of E2EE encrypted services and notice how often people come up with having forgotten their passwords thus effectively their keys and their data (and that's an audience making a more conscious choice) and not actually understanding that forgetting password + losing any recovery keys = loss of data and that proton cannot give them access back (if they could, there could not be much privacy there). I am not saying that E2EE is bad, but that it is not necessarily the best choice for everybody, and thus I have no issue with apple's opt-in approach.

Apple’s stance is not all E2EE is off by default… Instead there are a set of things which are E2EE when you are using Standard Data Protection and a wider set of things become E2EE when you opt-in to Advanced Data Protection.

This is all clearly documented here: https://support.apple.com/en-us/102651

What’s changing is the UK government is apparently serving a Technical Capability Notice compelling Apple to provide access to their customers data, and the only reasonable way for Apple to comply is to remove ADP as an option in the United Kingdom.

You're suggesting that Apple, a giant publicly traded company with known people that can be summoned to court and assets located in places that can be seized, should ignore lawful orders from a country they are operating in?

Can I ask you how you think that would play out?

>Somehow piracy on the clearnet never really stopped with it being illegal in most countries.

I'm sure you can spot the difference between a small group of people running a piracy site and a multinational company selling physical devices in physical stores.

If you're a company with offices, personnel, and assets in the UK, well your "service" may be beyond the reach, but the rest isn't.

It is absolutely a crazy idea.

Physical analogies don't really work in this situation because of the scale, and the payout.

A physical master key for a building has a few hundred thousand/a few million people that could potentially access it. The payout is low (i.e. the motivation is low on average)

An encryption backdoor to phones has a few billion people that could potentially access it. From anywhere in the world. The payout is huge (access to all iPhones).

Multiple entire governments would dedicate tens of millions of dollars and thousands of people to gain access to a ubiquitous backdoor on something like a phone. The same just isn't true with your building analogy -- they are completely different.

Even the most secure masterkey can just be stolen.

https://en.m.wikipedia.org/wiki/EternalBlue

It's (perhaps not?) well known that locks that are master keyed are inherently less secure than locks that aren't

It requires roughly half the picking effort.

in a lock you have multiple sets of pins. the key pushes pins, and if it pushes all the pins so that the top of the pin is at the boundary of the lock (the shear line), the lock turns.

There is a spring that pushes a connected pin down, which is what actually prevents the lock from turning. These are called driver pins. there is a separate pin(s) that the key actually interfaces with. The key pushes the pins until the driver pin moves past the shear line, when all driver pins and key pins are not interfering with the shear line, you can rotate/whatever the key and it is unlocked.

A master-keyed lock has additional discs inside the keyway, usually below the normal pins (closest to the key.) The discs are added based on the amount of extra movement needed to accept both the non-master, and the master key. So a master keyed lock has two, separate shearing points, the top of the regular pin, and the top of the master disc. This means there are at least two set-points for picking to get the driver pin out of the way - where the driver pin is flush with the shear line (as it would be with a regular, non-master key,) and where the normal pin's lower face is flush with the shear line (as it would be when a master key is inserted).

That master key sounds like a high value target, if it can open so many doors. Are you sure the one who guards that key is storing it securely enough and not just in a keyring together with other "important" keys he sometimes carries around needlessly? Are you sure he can't be coerced into "borrowing" it to someone, or handing it over to the police without first letting a lawyer check the warrants?

Have you considered that the locks need to have a weaker security if a key must exist which can open all the doors in the building?

The ability to steal the master key by virtue of it being a physical object is SEVERAL orders of magnitude lower than a "virtual master key" that is potentially vulnerable to the entire online community.

If you consolidate security into a singular "skeleton key" - you 100% weaken your security.

> it might be possible to use personal cloud storage [...] with E2EE

Which would quickly become illegal if UKGOV is set on getting access to people's iOS backups / cloud storage / etc. Hell, it's already a legal requirement to hand over your keys if UKGOV demands them[0].

[0] "Regulation of Investigatory Powers Act 2000 part III (RIPA 3) gives the UK power to authorities to compel the disclosure of encryption keys or decryption of encrypted data by way of a Section 49 Notice." https://wiki.openrightsgroup.org/wiki/Regulation_of_Investig...

Bit more complicated than that. iCloud isn't passive storage. A fair bit of the logic exists on the server.

Ah, so in the UK or China this could go through a proxy that steals all the keys.

Half the computer crimes in the UK involve illegal access to the PNC (police national computer), how exactly do we think this would go.

For all the checks you put on people who can access this stuff the temptation is too big - just look at the intelligence analysts using systems to stalk Exs etc.

For any system like this to exist you must ask yourself if you would be happy with the worst person you know having a job where they have access to it.

I agree, though with Android an argument can be had that Samsung and other manufacturers can offer alternatives if they want to (they have their own stores and their own platform keys).

I don't think there's a large lobby for the backup app industry but a lawsuit against Apple/Google/Samsung should be easily won here.

One of the hardest problems you can face is getting a community of disparate developers to do the right thing at scale; sometimes the easiest solution for that is a monolithic integrated blob.

How is an exploration of broad spectrum legislative attacks on all forms of encryption regardless of hosting and corporate ownership and data communication moot?

That's a pretty naive take imo ; divulging such information leads to change in behaviour of nefarious actors.

I totally get the viewpoint, but there are other perspectives to consider

Not so. Hypocritical positions tell you an error exists, but not which of the two contradictory positions is the wrong one.

I don't. I was merely pointing out the hypocrisy, not understanding that he meant it as a blanket statement for both/all countries with secret courts.

> Do we really need Reform in power for common sense to flourish in the UK to any degree?!

No. You've mistaken demagoguery for common sense I'm afraid. That's one of their favourite tricks though, so you could be forgiven for the mistake.

If you think Reform are likely to be in favour of anything other than the most authoritarian implantation of whatever law enforcement suggests they want, I don’t think you’ve been paying attention to who Reform are.

Apple is not planning to fight for the UK citizens over encryption.

It's a job for the democracy and voters.

It's also understandable why services opt to use a Cloudflare proxy, what with the growing threat that is DDoS attacks from large botnets.

I feel we should build an extension to HTTPS to allow Cloudflare / other reverse proxy services to proxy web requests without circumventing the SSL guarantees between the user and the host. It should be trivially possible.

That said, the cynical side of me worries that it works this way by design.