UK demands access to Apple users' encrypted data
Discussion
768 said:
It's tech nerds understanding that you have a zero or one.
It's not though, is it.Apple opening this up is not the same as "nobody anywhere ever can have heavily encrypted data".
People who genuinely need it for non-nefarious reasons (or even authorised nefarious ones) can have it. Kiddie porn peddlers from 22 Acacia Avenue (other addresses exist) should have it made more difficult for them.
Zaichik said:
Strangely Brown said:
Please tell me this post is satire.
no, but to illustrate to the government how poorly thought out their plans are and what the consequences could be.The reality is though, that the Alibaba encrypted cloud would be more secure than Apple iCloud now.
Because if you think Chinese sanctioned storage places are "safe" then you're even more of a loon than your posts above suggest

camel_landy said:
Weeelll... This is what happens when you play the "Won't you think of the children?" card all the time, instead of having the balls to push back and ask "What are the parents doing?" instead.
M
It shouldn't be a case of one or the other. Not binary again.M
Evanivitch said:
This shows your ignorance. Bad laws that fix nothing only erode the freedoms of law abiding citizens.
This literally fixes nothing for the reasons explained to you time and time again, it's unbelievably easy to circumvent.
No, it shows that I have a different opinion to you. It is not ignorance simply because people have a different view point to you. And until you, and people with the same attitude, grasp this, you will always be fighting a losing battle.This literally fixes nothing for the reasons explained to you time and time again, it's unbelievably easy to circumvent.
I have repeated to you time and again that it is not intended to be the silver bullet that stops all such crimes. No such silver bullet exists, but if you want to keep looking for one, knock yourself out. I honestly couldn't care less. I'm comfortable with the move. If you want to stop it, you're the one that needs to put up a better argument.
Ask yourself - do you think all peddlers of horrible s

andyb28 said:
Why is it just Apple?
Do they already have access to other platforms or is this just the first?
I would imagine things like WhatsApp will come under a lot of scrutiny soon if they aren't already.Do they already have access to other platforms or is this just the first?
And as an ignoramus who likes getting the debaters on these threads going, I hope the govt keep going. One massive thing I'd like to see changed is the whole "platform" v "publisher" angle sorted out legally (in favour of "publisher" for the likes of social media not-platforms).
Murph7355 said:
No, it shows that I have a different opinion to you. It is not ignorance simply because people have a different view point to you. And until you, and people with the same attitude, grasp this, you will always be fighting a losing battle.
And yet you're happy to insult others that have different opinions to you 
Murph7355 said:
I have repeated to you time and again that it is not intended to be the silver bullet that stops all such crimes. No such silver bullet exists, but if you want to keep looking for one, knock yourself out. I honestly couldn't care less. I'm comfortable with the move. If you want to stop it, you're the one that needs to put up a better argument.
No one has suggested it"s a silver bullet, only you. It's the collateral that's the concern, but you seem to have no concerns for privacy or security so doesn't bother you.At a time when identify fraud is endemic that's blatant ignorance.
Murph7355 said:
Ask yourself - do you think all peddlers of horrible s
t on the internet are Blofeld level masterminds with your undoubted technical know how and wizardy who can keep every known security analyst at bay? Or is it far more likely that there will be a small number of people like that, and the vast majority of people doing it are oiks using a secondhand iPhone in their bedsit who without vendor provided easy clicks will trip themselves up far more readily...and maybe even open up breadcrumbs to the Blofelds?
Do I think idiots can use an AES256 zip app? Err, yeah. Do you think that's difficult to drag and drop!?
Is it me or are they misusing the phrase "end to end encryption"?
This is just encryption, unless the files are being decrypted at the other end...
https://en.m.wikipedia.org/wiki/End-to-end_encrypt...

This is just encryption, unless the files are being decrypted at the other end...
https://en.m.wikipedia.org/wiki/End-to-end_encrypt...
wikipedia said:
Some encrypted backup and file sharing services provide client-side encryption. This type of encryption is not referred to as end-to-end encryption because only one end has the ability to decrypt the data. However, the term "end-to-end encryption" is sometimes incorrectly used to describe client-side encryption.[29]
That means you Apple 
.:ian:. said:
Is it me or are they misusing the phrase "end to end encryption"?
This is just encryption, unless the files are being decrypted at the other end...
https://en.m.wikipedia.org/wiki/End-to-end_encrypt...

Isn't the whole argument that bad-actors are using the file sharing facility to share bad things with eachother.This is just encryption, unless the files are being decrypted at the other end...
https://en.m.wikipedia.org/wiki/End-to-end_encrypt...
wikipedia said:
Some encrypted backup and file sharing services provide client-side encryption. This type of encryption is not referred to as end-to-end encryption because only one end has the ability to decrypt the data. However, the term "end-to-end encryption" is sometimes incorrectly used to describe client-side encryption.[29]
That means you Apple 
Fits the definition of E2EE, no?
Murph7355 said:
768 said:
It's tech nerds understanding that you have a zero or one.
It's not though, is it.Apple opening this up is not the same as "nobody anywhere ever can have heavily encrypted data".
People who genuinely need it for non-nefarious reasons (or even authorised nefarious ones) can have it. Kiddie porn peddlers from 22 Acacia Avenue (other addresses exist) should have it made more difficult for them.
There's nothing about messing around with ADP that targets CP while leaving it available to people who genuinely need it, because that isn't a thing. All users either get the protection, or they don't.
.:ian:. said:
Is it me or are they misusing the phrase "end to end encryption"?
This is just encryption, unless the files are being decrypted at the other end...
https://en.m.wikipedia.org/wiki/End-to-end_encrypt...

AIUI, Apple uses ADP to allow users to share content with each other (and without Apple seeing the keys or content in the clear), hence E2EE beyond merely client-side encryption.This is just encryption, unless the files are being decrypted at the other end...
https://en.m.wikipedia.org/wiki/End-to-end_encrypt...
wikipedia said:
Some encrypted backup and file sharing services provide client-side encryption. This type of encryption is not referred to as end-to-end encryption because only one end has the ability to decrypt the data. However, the term "end-to-end encryption" is sometimes incorrectly used to describe client-side encryption.[29]
That means you Apple 
What Murph7355 is clearly ignoring, and as I have said on the NPE thread, is this is just the start. They WILL (and it is in the legislation to do this), ban/block services that fail to provide these imaginary back doors.
It will result in only those 'authorised' services being available in the UK, and others being banned/leave the UK. Yes, those technically adept will be able to get around this, but your average user will not. And once those 'authorised' services are compromised, which they will be, that's it, all your data is out there.
For example, years ago everyone thought SHA-0/1 was the business. By 2008, it would take a standard home PC 1 hour to break SHA-0 - https://en.wikipedia.org/wiki/SHA-1. If you stick a 'back door' into AES256, it WILL be found and will be exploited and then EVERYONE, globally, is f
ked.
Utilising properly encrypted and secured cloud solutions for backups is significantly more cost effective than trying to maintain this at home. Who really wants to have an LTO tape drive in their house? Or hundreds of HDD's? Local backups are important, offsite are even more important especially as much of our information is digital now.
This isn't about Apple per se, it is about all the other services that will eventually be impacted. They will either withdraw from the UK or become effectively useless. And yes, I will be fine because I am not an average user, but your average user is going to find out very quickly that storing ID docs, mortgage information etc in a Government approved service is a bad idea.
Maybe, Murph, if you think everyone being able to access your stuff is fine, then send us your ID details, passport, driving license, address etc and then watch your credit score.
It will result in only those 'authorised' services being available in the UK, and others being banned/leave the UK. Yes, those technically adept will be able to get around this, but your average user will not. And once those 'authorised' services are compromised, which they will be, that's it, all your data is out there.
For example, years ago everyone thought SHA-0/1 was the business. By 2008, it would take a standard home PC 1 hour to break SHA-0 - https://en.wikipedia.org/wiki/SHA-1. If you stick a 'back door' into AES256, it WILL be found and will be exploited and then EVERYONE, globally, is f

Utilising properly encrypted and secured cloud solutions for backups is significantly more cost effective than trying to maintain this at home. Who really wants to have an LTO tape drive in their house? Or hundreds of HDD's? Local backups are important, offsite are even more important especially as much of our information is digital now.
This isn't about Apple per se, it is about all the other services that will eventually be impacted. They will either withdraw from the UK or become effectively useless. And yes, I will be fine because I am not an average user, but your average user is going to find out very quickly that storing ID docs, mortgage information etc in a Government approved service is a bad idea.
Maybe, Murph, if you think everyone being able to access your stuff is fine, then send us your ID details, passport, driving license, address etc and then watch your credit score.
Murph7355 said:
andyb28 said:
Why is it just Apple?
Do they already have access to other platforms or is this just the first?
I would imagine things like WhatsApp will come under a lot of scrutiny soon if they aren't already.Do they already have access to other platforms or is this just the first?
And as an ignoramus who likes getting the debaters on these threads going, I hope the govt keep going. One massive thing I'd like to see changed is the whole "platform" v "publisher" angle sorted out legally (in favour of "publisher" for the likes of social media not-platforms).
Edited by Griffith4ever on Sunday 23 February 17:32
Monsterlime said:
What Murph7355 is clearly ignoring, and as I have said on the NPE thread, is this is just the start. They WILL (and it is in the legislation to do this), ban/block services that fail to provide these imaginary back doors.
....
Maybe, Murph, if you think everyone being able to access your stuff is fine, then send us your ID details, passport, driving license, address etc and then watch your credit score.
I am not ignoring anything.....
Maybe, Murph, if you think everyone being able to access your stuff is fine, then send us your ID details, passport, driving license, address etc and then watch your credit score.
If the govt want to apply scope creep to the point I think they are crossing the line and becoming all North Korea on our asses, I'll join you in donning the tinfoil hat and start writing to your MP.
You don't not take any action on anything just because in your mind it might lead to many different things happening at some undetermined point in the future. You'd still be trying to light fires with sticks if you did.
As for my stuff, have at it. I use what I am comfortable using for the purposes I need it for. If you want to tell me my life's most sordid secrets and empty my bank account or hurt my credit score (ooooooooooooooooh), please do so and let me know when you've finished

Griffith4ever said:
Monsterlime said:
but your average user is going to find out very quickly that storing ID docs, mortgage information etc in a Government approved service is a bad idea
This is the key takeaway.
Seriously?
Murph7355 said:
Griffith4ever said:
Monsterlime said:
but your average user is going to find out very quickly that storing ID docs, mortgage information etc in a Government approved service is a bad idea
This is the key takeaway.
Seriously?
Its not about the minutia of what info on us they have access to, its about who we trust to hold our private information (including passwords and private/personal information), and history has shown us again and again that there are hacks / security leaks / data breaches in even the most "secure" organisations - then we all have to run around changing all of our passwords and guarding against scams where our private information is used to help people present themselves as bona fide.
To trust the same data in the hands of government organisations is, frankly, laughable.
It's nothing to do with "'da man" (f

I don't use encrypted cloud storage btw - certainly not purposefully. All my passwords are stored in Keepass, backed up on Dropbox. Makes no odds if you have access - the master password is, currently, uncrackable.
Edited by Griffith4ever on Sunday 23 February 21:00
Murph7355 said:
Evanivitch said:
And yet you're happy to insult others that have different opinions to you 
I am responding in kind - you were the one calling people ignorant because they disagree with you.
I'd call that pretty ignorant. YMMV.

Murph7355 said:
It's tech nerds admiring the problem and an innate desire for perfection when perfection doesn't exist (even and especially in the arguments put forward not to progress).
Murph7355 said:
Do you chaps really, really think the govt/"da man" don't already have full access to your meaningful ID docs (clue - they provide these
) and mortgage information (should they require it)?
Seriously?
Not just the government. Weaken encryption for the government and you weaken it for every bad actor.
Seriously?
768 said:
Murph7355 said:
Do you chaps really, really think the govt/"da man" don't already have full access to your meaningful ID docs (clue - they provide these
) and mortgage information (should they require it)?
Seriously?
Not just the government. Weaken encryption for the government and you weaken it for every bad actor.
Seriously?
The whole argument and the reason ADP has been withdrawn in the UK is because Apple refused to "weaken the encryption".
Yes, I'm being picky over language because it's important. Different words have different meanings especially in technical discussions.
Anyway, the big problem here is not the encryption of the data but RIPA, or IPA as it is now known. It is a truly godawful piece of legislation that was passed by authoritarian morons with the sum total of f

Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff