UK demands access to Apple users' encrypted data

UK demands access to Apple users' encrypted data

Author
Discussion

andyb28

909 posts

133 months

Sunday 23rd February
quotequote all
Why is it just Apple?

Do they already have access to other platforms or is this just the first?

Evanivitch

24,392 posts

137 months

Sunday 23rd February
quotequote all
andyb28 said:
Why is it just Apple?

Do they already have access to other platforms or is this just the first?
Google drive (file storage) and photos are not E2EE.

Murph7355

40,248 posts

271 months

Sunday 23rd February
quotequote all
768 said:
It's tech nerds understanding that you have a zero or one.
It's not though, is it.

Apple opening this up is not the same as "nobody anywhere ever can have heavily encrypted data".

People who genuinely need it for non-nefarious reasons (or even authorised nefarious ones) can have it. Kiddie porn peddlers from 22 Acacia Avenue (other addresses exist) should have it made more difficult for them.

Zaichik said:
Strangely Brown said:
Please tell me this post is satire.
no, but to illustrate to the government how poorly thought out their plans are and what the consequences could be.
The reality is though, that the Alibaba encrypted cloud would be more secure than Apple iCloud now.
You go get em V for Vendetta man.

Because if you think Chinese sanctioned storage places are "safe" then you're even more of a loon than your posts above suggest biggrin

camel_landy said:
Weeelll... This is what happens when you play the "Won't you think of the children?" card all the time, instead of having the balls to push back and ask "What are the parents doing?" instead.

M
It shouldn't be a case of one or the other. Not binary again.

Evanivitch said:
This shows your ignorance. Bad laws that fix nothing only erode the freedoms of law abiding citizens.

This literally fixes nothing for the reasons explained to you time and time again, it's unbelievably easy to circumvent.
No, it shows that I have a different opinion to you. It is not ignorance simply because people have a different view point to you. And until you, and people with the same attitude, grasp this, you will always be fighting a losing battle.

I have repeated to you time and again that it is not intended to be the silver bullet that stops all such crimes. No such silver bullet exists, but if you want to keep looking for one, knock yourself out. I honestly couldn't care less. I'm comfortable with the move. If you want to stop it, you're the one that needs to put up a better argument.

Ask yourself - do you think all peddlers of horrible st on the internet are Blofeld level masterminds with your undoubted technical know how and wizardy who can keep every known security analyst at bay? Or is it far more likely that there will be a small number of people like that, and the vast majority of people doing it are oiks using a secondhand iPhone in their bedsit who without vendor provided easy clicks will trip themselves up far more readily...and maybe even open up breadcrumbs to the Blofelds?

Murph7355

40,248 posts

271 months

Sunday 23rd February
quotequote all
andyb28 said:
Why is it just Apple?

Do they already have access to other platforms or is this just the first?
I would imagine things like WhatsApp will come under a lot of scrutiny soon if they aren't already.

And as an ignoramus who likes getting the debaters on these threads going, I hope the govt keep going. One massive thing I'd like to see changed is the whole "platform" v "publisher" angle sorted out legally (in favour of "publisher" for the likes of social media not-platforms).

Evanivitch

24,392 posts

137 months

Sunday 23rd February
quotequote all
Murph7355 said:
No, it shows that I have a different opinion to you. It is not ignorance simply because people have a different view point to you. And until you, and people with the same attitude, grasp this, you will always be fighting a losing battle.
And yet you're happy to insult others that have different opinions to you laugh

Murph7355 said:
I have repeated to you time and again that it is not intended to be the silver bullet that stops all such crimes. No such silver bullet exists, but if you want to keep looking for one, knock yourself out. I honestly couldn't care less. I'm comfortable with the move. If you want to stop it, you're the one that needs to put up a better argument.
No one has suggested it"s a silver bullet, only you. It's the collateral that's the concern, but you seem to have no concerns for privacy or security so doesn't bother you.

At a time when identify fraud is endemic that's blatant ignorance.

Murph7355 said:
Ask yourself - do you think all peddlers of horrible st on the internet are Blofeld level masterminds with your undoubted technical know how and wizardy who can keep every known security analyst at bay? Or is it far more likely that there will be a small number of people like that, and the vast majority of people doing it are oiks using a secondhand iPhone in their bedsit who without vendor provided easy clicks will trip themselves up far more readily...and maybe even open up breadcrumbs to the Blofelds?
Do I think idiots can use an AES256 zip app? Err, yeah. Do you think that's difficult to drag and drop!?

.:ian:.

2,535 posts

218 months

Sunday 23rd February
quotequote all
Is it me or are they misusing the phrase "end to end encryption"?
This is just encryption, unless the files are being decrypted at the other end...


https://en.m.wikipedia.org/wiki/End-to-end_encrypt...

wikipedia said:
Some encrypted backup and file sharing services provide client-side encryption. This type of encryption is not referred to as end-to-end encryption because only one end has the ability to decrypt the data. However, the term "end-to-end encryption" is sometimes incorrectly used to describe client-side encryption.[29]
That means you Apple biggrin

Evanivitch

24,392 posts

137 months

Sunday 23rd February
quotequote all
.:ian:. said:
Is it me or are they misusing the phrase "end to end encryption"?
This is just encryption, unless the files are being decrypted at the other end...


https://en.m.wikipedia.org/wiki/End-to-end_encrypt...

wikipedia said:
Some encrypted backup and file sharing services provide client-side encryption. This type of encryption is not referred to as end-to-end encryption because only one end has the ability to decrypt the data. However, the term "end-to-end encryption" is sometimes incorrectly used to describe client-side encryption.[29]
That means you Apple biggrin
Isn't the whole argument that bad-actors are using the file sharing facility to share bad things with eachother.

Fits the definition of E2EE, no?

768

16,686 posts

111 months

Sunday 23rd February
quotequote all
Murph7355 said:
768 said:
It's tech nerds understanding that you have a zero or one.
It's not though, is it.

Apple opening this up is not the same as "nobody anywhere ever can have heavily encrypted data".

People who genuinely need it for non-nefarious reasons (or even authorised nefarious ones) can have it. Kiddie porn peddlers from 22 Acacia Avenue (other addresses exist) should have it made more difficult for them.
The protection provided by encryption is binary, yes. You either have it, or you don't.

There's nothing about messing around with ADP that targets CP while leaving it available to people who genuinely need it, because that isn't a thing. All users either get the protection, or they don't.

768

16,686 posts

111 months

Sunday 23rd February
quotequote all
.:ian:. said:
Is it me or are they misusing the phrase "end to end encryption"?
This is just encryption, unless the files are being decrypted at the other end...


https://en.m.wikipedia.org/wiki/End-to-end_encrypt...

wikipedia said:
Some encrypted backup and file sharing services provide client-side encryption. This type of encryption is not referred to as end-to-end encryption because only one end has the ability to decrypt the data. However, the term "end-to-end encryption" is sometimes incorrectly used to describe client-side encryption.[29]
That means you Apple biggrin
AIUI, Apple uses ADP to allow users to share content with each other (and without Apple seeing the keys or content in the clear), hence E2EE beyond merely client-side encryption.

Monsterlime

1,329 posts

181 months

Sunday 23rd February
quotequote all
What Murph7355 is clearly ignoring, and as I have said on the NPE thread, is this is just the start. They WILL (and it is in the legislation to do this), ban/block services that fail to provide these imaginary back doors.

It will result in only those 'authorised' services being available in the UK, and others being banned/leave the UK. Yes, those technically adept will be able to get around this, but your average user will not. And once those 'authorised' services are compromised, which they will be, that's it, all your data is out there.

For example, years ago everyone thought SHA-0/1 was the business. By 2008, it would take a standard home PC 1 hour to break SHA-0 - https://en.wikipedia.org/wiki/SHA-1. If you stick a 'back door' into AES256, it WILL be found and will be exploited and then EVERYONE, globally, is fked.

Utilising properly encrypted and secured cloud solutions for backups is significantly more cost effective than trying to maintain this at home. Who really wants to have an LTO tape drive in their house? Or hundreds of HDD's? Local backups are important, offsite are even more important especially as much of our information is digital now.

This isn't about Apple per se, it is about all the other services that will eventually be impacted. They will either withdraw from the UK or become effectively useless. And yes, I will be fine because I am not an average user, but your average user is going to find out very quickly that storing ID docs, mortgage information etc in a Government approved service is a bad idea.

Maybe, Murph, if you think everyone being able to access your stuff is fine, then send us your ID details, passport, driving license, address etc and then watch your credit score.

Griffith4ever

5,566 posts

50 months

Sunday 23rd February
quotequote all
Murph7355 said:
andyb28 said:
Why is it just Apple?

Do they already have access to other platforms or is this just the first?
I would imagine things like WhatsApp will come under a lot of scrutiny soon if they aren't already.

And as an ignoramus who likes getting the debaters on these threads going, I hope the govt keep going. One massive thing I'd like to see changed is the whole "platform" v "publisher" angle sorted out legally (in favour of "publisher" for the likes of social media not-platforms).
We don't know who else - largely because its illegal to tell anyone that the UK government have demanded you open your data to them. If anyone thinks that's an "OK" use of law then.......


Edited by Griffith4ever on Sunday 23 February 17:32

Griffith4ever

5,566 posts

50 months

Sunday 23rd February
quotequote all
Monsterlime said:
but your average user is going to find out very quickly that storing ID docs, mortgage information etc in a Government approved service is a bad idea
This is the key takeaway.

bitchstewie

58,715 posts

225 months

Sunday 23rd February
quotequote all
If people use Google Drive or Dropbox or OneDrive the provider already manages the keys.

That means they can access the data.

Should people stop using them?

Murph7355

40,248 posts

271 months

Sunday 23rd February
quotequote all
Evanivitch said:
And yet you're happy to insult others that have different opinions to you laugh
I am responding in kind - you were the one calling people ignorant because they disagree with you.

I'd call that pretty ignorant. YMMV.

Murph7355

40,248 posts

271 months

Sunday 23rd February
quotequote all
Monsterlime said:
What Murph7355 is clearly ignoring, and as I have said on the NPE thread, is this is just the start. They WILL (and it is in the legislation to do this), ban/block services that fail to provide these imaginary back doors.
....
Maybe, Murph, if you think everyone being able to access your stuff is fine, then send us your ID details, passport, driving license, address etc and then watch your credit score.
I am not ignoring anything.

If the govt want to apply scope creep to the point I think they are crossing the line and becoming all North Korea on our asses, I'll join you in donning the tinfoil hat and start writing to your MP.

You don't not take any action on anything just because in your mind it might lead to many different things happening at some undetermined point in the future. You'd still be trying to light fires with sticks if you did.

As for my stuff, have at it. I use what I am comfortable using for the purposes I need it for. If you want to tell me my life's most sordid secrets and empty my bank account or hurt my credit score (ooooooooooooooooh), please do so and let me know when you've finished wink

Murph7355

40,248 posts

271 months

Sunday 23rd February
quotequote all
Griffith4ever said:
Monsterlime said:
but your average user is going to find out very quickly that storing ID docs, mortgage information etc in a Government approved service is a bad idea
This is the key takeaway.
Do you chaps really, really think the govt/"da man" don't already have full access to your meaningful ID docs (clue - they provide these wink) and mortgage information (should they require it)?

Seriously?

Griffith4ever

5,566 posts

50 months

Sunday 23rd February
quotequote all
Murph7355 said:
Griffith4ever said:
Monsterlime said:
but your average user is going to find out very quickly that storing ID docs, mortgage information etc in a Government approved service is a bad idea
This is the key takeaway.
Do you chaps really, really think the govt/"da man" don't already have full access to your meaningful ID docs (clue - they provide these wink) and mortgage information (should they require it)?

Seriously?
They don't have access to any of my passwords for any of my private information, including banking, savings, email, website logins, and the likes. ("mortgage information", btw, is a bad example and fairly meaningless)

Its not about the minutia of what info on us they have access to, its about who we trust to hold our private information (including passwords and private/personal information), and history has shown us again and again that there are hacks / security leaks / data breaches in even the most "secure" organisations - then we all have to run around changing all of our passwords and guarding against scams where our private information is used to help people present themselves as bona fide.

To trust the same data in the hands of government organisations is, frankly, laughable.

It's nothing to do with "'da man" (fk me, that's weak and patronising at the same time), nor tin foil hats (to save you throwing that one in). It's just bloody obvious. Inept government departments are not the people I want holding access to my personal data that can be used to access my money.

I don't use encrypted cloud storage btw - certainly not purposefully. All my passwords are stored in Keepass, backed up on Dropbox. Makes no odds if you have access - the master password is, currently, uncrackable.

Edited by Griffith4ever on Sunday 23 February 21:00

Evanivitch

24,392 posts

137 months

Sunday 23rd February
quotequote all
Murph7355 said:
Evanivitch said:
And yet you're happy to insult others that have different opinions to you laugh
I am responding in kind - you were the one calling people ignorant because they disagree with you.

I'd call that pretty ignorant. YMMV.
Mr think skin laugh

Murph7355 said:
It's tech nerds admiring the problem and an innate desire for perfection when perfection doesn't exist (even and especially in the arguments put forward not to progress).

768

16,686 posts

111 months

Monday 24th February
quotequote all
Murph7355 said:
Do you chaps really, really think the govt/"da man" don't already have full access to your meaningful ID docs (clue - they provide these wink) and mortgage information (should they require it)?

Seriously?
Not just the government. Weaken encryption for the government and you weaken it for every bad actor.

Strangely Brown

11,968 posts

246 months

Monday 24th February
quotequote all
768 said:
Murph7355 said:
Do you chaps really, really think the govt/"da man" don't already have full access to your meaningful ID docs (clue - they provide these wink) and mortgage information (should they require it)?

Seriously?
Not just the government. Weaken encryption for the government and you weaken it for every bad actor.
I do wish people would stop saying that. The encryption is NOT being "weakend". The encryption is exactly as strong now as it was before and without the key it would still take just as long to break... or not. The data stored in iCloud IS still encrypted. The only thing that has changed/is changing is that for some classes of data Apple is removing the ability for that data to be stored without Apple holding a copy of the key. For other classes of data it IS still stored such that Apple do not have access to the key. It is held only by the data owner.

The whole argument and the reason ADP has been withdrawn in the UK is because Apple refused to "weaken the encryption".

Yes, I'm being picky over language because it's important. Different words have different meanings especially in technical discussions.

Anyway, the big problem here is not the encryption of the data but RIPA, or IPA as it is now known. It is a truly godawful piece of legislation that was passed by authoritarian morons with the sum total of fk all knowledge of the technicalities behind it. If you want to rail against someone or something then that would be a target far more beneficial to all.