UK demands access to Apple users' encrypted data

This aged well.

Well, in fairness I was referring to apple ceding to the UK government requests to add backdoors. Which has not happened and never will. So, yes, it has aged well.

I would imagine they'll tell you to keep doing what you're doing because they'll have access to the keys for your work stuff and with all the vetting the risks of you having kiddie porn or other illegal stuff on your work device are likely small?

Of course if you're using similar for nefarious means, I imagine they might have different words with you?

(Am also assuming you're not using Apple devices and their built in security to rely on solidity for your work. But then with the muppets in govt, maybe they do?)

Which of my data has to be encrypted by law under GDPR is impacted by what Apple have been asked to do? Is all my banking data now unencrypted? And, pretty importantly in the circumstances, can the authorities go and ask my bank manager for ALL my details and respond with a shrug saying "sorry copper, no can do, we don't have the ability to do this".

Righto.

Indeed. Though for the data categories this applies to, so what?

Plus, one assumes Apple take great care over such things and won't ever let things get compromised with their super-good value devices and services..... (Applies to all the big providers btw, I'm not anti-Apple. I'm sure the same will apply to Google)

Adding friction to those who will do dodgy things with it isn't an issue I'm bothered about. As I noted, I know it won't stop the worst of it. I don't think that's anybody's aim tbh. Stopping some will do.

I also suspect that any legal case will be (marginally or not) easier if the person being investigated is found to be encrypting things before sending via an encrypted channel...it's an affirmative action to hide rather than a "ooh sorry, I didn't know it was all encrypted for me when I lost the key, I'd have loved to help".

Maybe we should just open up gun laws then? Or allow people to make their own still? Or any number of other things that people cannot unsee? (I am facetiously using the North Korea argument in reverse here).

I very much doubt the hardcore kiddie fiddlers are relying on Apple's devices and infrastructures to do the worst of their trade. So this does not cover them, and I doubt it's intended to.

It's not beyond logic that a lot of the casual st that goes on may well be, due to the ubiquitous nature of the devices. (WhatsApp's another, non-Apple focused, example). And this may make that much easier to prosecute. Happy days.

Maybe there is a case for licensed 256-bit tools. (After all, defence contractors need them ). And whilst open-source exists, maybe there's a case for if you're found to be using it/unlicensed tools it will see you in deep st (more than a few weeks away) should your collar ever be felt. After all, if there's a licensed and legal need to use it (just like guns) then there's an avenue for that. But it's not one that allows you to do anything you damn well like without consequence. (And yes, criminals still do bad things with guns. I know).

Why are you assuming this stops at apple? What part of the legislation says "Apple"?

Apple have avoided this by simply turning off the option of protection and not providing a backdoor. So when people start using secondary encryption, where does the government go next? Winzip? Bitlocker?

This isn't paranoia, it's the natural progression of a policy that started in 2013.

And to add, no the governent doesn't have access to the keys of the stuff that is sent using encryption.

https://www.gov.uk/government/publications/industr...

https://www.google.com/url?sa=t&source=web&amp...

How are they going to know? That only works if the encryption is useless.

This stuff is binary, we can protect confidentiality using encryption, or we can't.

What are they going to do about it when some widely installed software, or a worm, whatever, decides to encrypt some data on every machine and delete the key? Arrest everyone that then has backups switched on? Arrest you when it's embedded in an image on this forum?

No, encrypted twice. Although that's not an unreasonable point; how can you tell if you're looking at encrypted data for which someone must have a key, or a file with random noise?

It's tech nerds understanding that you have a zero or one.

I wonder if these guys will update their guidance?

https://www.ncsc.gov.uk/guidance/cyber-security-ti...

This is very bad and we only know about Apple. The fact the government can make these blanket requests to weaken our security in secret is appalling.

What's worse is the obvious lack of any technical knowledge on behalf of the government. Having met government 'experts' in this field from certain shady departments professionally I was dismayed at their total lack of knowledge but thought that was a one off - clearly not.

I have sent the following to my MP:

I am writing to express my deep concern over the UK government’s insistence that Apple weaken the encryption and data security protections provided to its customers. As you are no doubt aware, this has led Apple to announce that it will remove certain security features entirely for UK users rather than compromise the integrity of its global security standards.

This decision is a direct consequence of the UK government’s legislative overreach in demanding access to private communications under the Investigatory Powers Act. The notion that tech companies should build deliberate weaknesses into their security systems in order to facilitate government surveillance is not only an attack on privacy but also a reckless move that jeopardises the personal and financial security of UK citizens.

As a result of this development, I am reluctantly considering moving my data storage and encryption needs to a provider that offers robust, government-inaccessible security—such as Alibaba Cloud's encryption services, which operates under the jurisdiction of the Chinese government and therefore remains out of reach of UK authorities. It is deeply ironic that, in seeking to protect my privacy, I now find myself contemplating moving my data to a foreign government rather than one that is supposed to represent my interests.

I would like you to raise this matter with the Home Secretary and obtain a response on the following points:

Why is the UK government undermining the security of its own citizens in this way, while other democratic nations allow strong encryption to remain intact?
Has the government considered the long-term consequences of pushing UK citizens toward foreign encryption services beyond its jurisdiction?
How does the government justify forcing companies like Apple to make UK users less secure while criminals and bad actors simply move to alternative encryption methods beyond its control?

The UK should be leading the way in digital rights and security, not forcing companies to roll back protections that keep citizens safe from cybercriminals and other threats. I would appreciate your response on this matter and look forward to hearing the Home Secretary’s justification for prioritising mass surveillance over individual security.

no, but to illustrate to the government how poorly thought out their plans are and what the consequences could be.
The reality is though, that the Alibaba encrypted cloud would be more secure than Apple iCloud now.

Weeelll... This is what happens when you play the "Won't you think of the children?" card all the time, instead of having the balls to push back and ask "What are the parents doing?" instead.

M