As a believer in equal protection under the law, it is never a win when a powerful company or government lobbies for a specific carve out for only it's customers or its country. Human rights like privacy don't belong to those who bought the right phone or were born on the right piece of soil.
This isn't a win, this is solidifying and reinforcing the idea that different laws should exist for different classes of people - those who can afford to make the government look the other way and those that can't.
Congratulations to Apple on lobbying for its own money. Very noble.
>it is never a win when a powerful company or government lobbies for a specific carve out for only it's customers or its country.
This wasn't an "Apple only" law -- it would have affected all platforms with data on customers that live outside the UK.
>This isn't a win, this is solidifying and reinforcing the idea that different laws should exist for different classes of people - those who can afford to make the government look the other way and those that can't.
Corporations are not people. The people can afford to vote out politicians making laws that go against the will of the people.
As far as I know, the blue/green mentality is a cultural issue for Apple. They would be fine if Android users had their data read by the government, because that injustice is a market differentiator for them they can then sell.
I'm not saying they shouldn't lobby for what they believe in, but Apple always stops short of making the world a better place and seems to care only if their walled garden is secure.
> Apple always stops short of making the world a better place and seems to care only if their walled garden is secure.
succinctly summed up why I dislike Apple (despite using their products). If you value privacy (against third parties), E2EE, and the tight device coupling then Apple is literally the only choice unless you have the time, knowledge and desire to piecemeal together your own solutions and that really sucks. I have permanent cognitive dissonance because I won't give up the small quality of life features Apple gives me, but I also don't have the time nor skill to replicate their whole ecosystem with Linux, GrapheneOS, writing BLE scripts for watch unlock, fussing with KDE connect for universal clipboard, hosting my own nextcloud instance, etc.
I wish there was another choice of mobile + accessories that was both privacy respecting and actively using open standards for the betterment of all, not just their own profits.
> I wish there was another choice of mobile + accessories that was both privacy respecting and actively using open standards for the betterment of all, not just their own profits.
That's the rub. If you look at Android handset financials, there's almost no money in making Android phones unless the company making them is Samsung, and only certain models sell. Where are all of these profits going to come from?
I wonder if you'd get farther with a USB SIM adapter under desktop Linux in that regard. I think you'd be hard pressed to end up where you want to in anything more portable than a laptop, since phones themselves are designed to be glorified containers for your mobile ad ID.
It's Apple's fault. They abandoned principled security a long, long time ago if you were paying attention. Chinese iCloud users have no protection against state-authorized backdoors since Apple removed the hardware security modules[0] that protect user encryption keys (at the PRC's request). Apple doesn't care about protecting their users above and beyond the reach of the state, state surveillance is an inevitability.
When you start down a slippery slope like this, you burn trust and make people demand transparency. It's impossible for me to say that I'm any more secure as an American user - no trusted third-parties actually audit Apple's American iCloud servers for such backdoors. Users trusting Apple for security are (unfortunately) fish in a barrel, same as ever.
I find the snark in your comment very weird and misplaced... Consider what the alternative is - Apple isn't allowed to talk about this, so they would have just had to silently backdoor their encryption for all their users all around the world so the UK intelligence organisations could access anyone Apple user's data...
Honestly probably nobody would have noticed that, and it would have been the path of least resistance to just comply. Some informed technical people might abandon Apple's platform, but the masses wouldn't have noticed... So how is this "Apple on lobbying for its own money"?
Honestly that last line just comes across as unhinged... Trying to read your comment in the most generous light but it's not close to reality...
>it is never a win when a powerful company or government lobbies for a specific carve out for only it's customers or its country.
I don't think that is the case here. It's a "secret order" so it's never sure, but there aren't a lot of global tech companies who will comply to give a single government their worldwide data.
This is an obvious win when fewer people are under the boot even if some people remain they're. It's not a universal win, for sure, but let not perfect be the cause to ignore the good.
You have a good point. Privacy is a human right, but nobody should be able to fight for it. People or organizations trying to influence the governments that they live or operate under is wrong, as governments (all of them, globally) should simply do the right thing automatically, all the time.
Sadly every time I’ve tried to explain this to people they always say “you are bleeding a lot” and “dude you just fell down so many stairs. I have never seen anyone fall down that many stairs” or “your head sustained the entire impact of your full bodyweight when you finally reached the bottom of those stairs, how are you even standing?” so I don’t think this is a conversation a lot of people are ready to have
If the UK had 'won' again Apple, do you not think that the Android ecosystem would be next? If the UK had 'won', do you not think that Turkey, India, China, etc, would not be lining up as well?
But surely it is only a ChatGPT signal because it was a strong signal in the training data. You need more than one strong signal with that sort of potential for false positives to make a reasonably accurate identification.
If it is, it's one I've neither heard others mention before nor seen often enough myself to consider it a tell (but for the latter, I do use ChatGPT's customisation options).
Dude, half my stuff on here is downvoted. I am not a good writer, but I do my best. My opinions and thoughts are my own and I am not using ChatGPT to make hot takes on hacker news, but I do use ChatGPT and have conversations with it.
Sometimes when I talk to British people, I start to do an accent a little bit. I think I just chameleon my tone to recent conversations, but I can't convince you otherwise.
Unrelatedly, there is a upended tortoise outside my house struggling in the heat. I am not sure why I refuse to help him, can you tell me why?
Yup, and constituent apathy killed it. if people can't hold their reps accountable over even the most obvious BS, and re-elect them anyway, why would reps bother trying to hide it?
The other concerning thing is that it took the otherwise awful Trump administration to push back, while the Biden administration was reportedly going to look the other way (and have been accused of knowing about it but hiding it from Congress) [1].
See this is the kind of lying I expect from politicians - misleading people about their policy decisions. Not the constant challenging of recorded fact.
Well, Google and Co. are trying to push it worldwide anyway under the ruse of UK law, regardless of administration. I don't see them countering all this AI ID stuff.
I feel this is more of an "Earth isn't yours to conquer" move rather than one really aimed at protecting US Citizen's data. Governments is simply fighting over who can control how we navigate our tech.
The backdoors might still go ahead. What if backing down is just for show?
In the end they don't have to let public know, but this information serves a purpose - potential suspects might now think it is okay to use now and fall right into the trap.
I am all for laws designed to protect children, and stop terrorism. But these 'back door' laws are nearly always very poorly thought out and offers new avenues for 'normal' people to come to harm.
This isn't true on the whole in this context. How does the UK's OSA target journalists, activists and whistleblowers?
I think this conspiratorial view of these laws is doing more harm than good and ignores the entire issues that these laws are designed to address.
The problem is we create overly broad laws because:
- There is a problem with child predation / terrorism
- There is a lack of understanding on how technology works
- There is faith that the system works and won't ever be abused
- There are too few people in community self policing these issues.
Addressing any one of these in a different way will negate the need for laws like the UK were trying to implement.
Creating broad gives the police more ability to enforce their spirit. I think that's generally a bad thing when the laws are to do with civil liberties. But maybe a good thing when dealing with, for example, domestic abuse.
>How does the UK's OSA target journalists, activists and whistleblowers?
The general context is it targets "anyone who angers the government". Being able to ban your entire internet if this becomes widespread becomes a very powerful deterrent to opposition. \
>Creating broad gives the police more ability to enforce their spirit. I think that's generally a bad thing when the laws are to do with civil liberties.
Given the histories of "enforcing spirits" for both the US and the UK police forces, I'm not sure how or why you'd have faith in their interpretations.
The police can bring up your info themselves without needing the ability to cut off someone's entire digitial landscape.
The article is talking about the UK's RIPA and demanding backdoors into encryption. My comment was not in response to anyone else's, and I never mentioned OSA, although that is also problematic as a censorship vector.
As an aside, all this demonstrates the UK's lack of a Bill of Rights. And no, the ECHR is not one due to the pernicious doctrine of Parliamentary as opposed to popular sovereignty, and the lack of independence of the Judiciary. No Parliament can bind future Parliaments, which could abolish the Human Rights Act 1998 with a single vote, and indeed many UK politicians are calling for precisely this, versus the complex and deliberately cumbersome procedure the US Constitution has to amend itself. Any Bill of Rights that is subject to the forbearance of the legislative body it is supposed to protect you from is not worth the paper it is written on.
Obviously, if journalists cannot have encrypted conversations with their sources and whistleblowers don't have anonymous channels to blow the whistle, considering the draconian penalties of the Official Secrets Act (another OSA, coincidence much?) neither will happen, which is exactly by design. Ironically, when the boot was on the other foot like revelations about Boris Johnson or Rishi Sunak's own illegal use of WhatsApp to hide activities covered by public records laws, they backed off.
Unfortunately, I'm highly confident that 90% of the intelligence community looks at us insisting that crypto standards be inviolable, and thinks we're all as infuriatingly naïve as a ChatGPT comment.
I don't know the true risks of terrorist organisations. I doubt I ever will, because the intelligence community wants to keep its methods secret in order to avoid mildly competent terrorists from avoiding stupid (from MI5/6's POV) mistakes. The counter-point is that such secrecy makes the intelligence organisations themselves a convenient unlit path for a power-hungry subgroup to take over a nation.
Regarding sexual abuse, the stats are much easier to find, and are much much worse than most people realise to the extent that most people either don't understand what those numbers mean or don't believe them: If you're an American, on your first day in high school, by your second class you have more than even odds of having met a pupil who had already been assaulted, most likely by someone close to the victim such as a relative.
I don't see how any level of smartphone surveillance will do anything to stop that. Or indeed, any surveillance that isn't continuous monitoring of every kid to make sure such acts don't find them.
I think the problem with terrorism is it's simultaneously more and less than they think. More from the groups they don't expect, and less from the ones they expect it to come from and are surveillance and infiltrating.
For example, looking back over the history from what has been declassified in my country, the intelligence services spent a huge amount of time and resources infiltrating and surveillance communist groups and university socialist clubs, and then seemed to be completely blind-sided by the rise of Islamic terrorism when 9/11 rolled around... In a similar vein I think to how the UK is spending all this time going after people waving signs supporting Palestinians - they probably honestly think there's a real threat there, and it will turn out to be a huge waste of time and the next real terror threat will come out of some other unexpected group.
As for assault - yes, it's usually someone they know. Which is why it's ridiculous the resources they spend trying to backdoor private messaging etc. in the name of "protecting the children" when much of it's happening in person...
>If you're an American, on your first day in high school, by your second class you have more than even odds of having met a pupil who had already been assaulted, most likely by someone close to the victim such as a relative.
You're saying that the rate of sexual assault is.. a few percent?
Too high! I agree. But it's bad form to give convoluted examples in order to give the impression that the actual number is worse than it is.
> Unfortunately, I'm highly confident that 90% of the intelligence community looks at us insisting that crypto standards be inviolable, and thinks we're all as infuriatingly naïve as a ChatGPT comment
Until they can prove this is the case, and not just fear mongering to justify their massive budgets, overreach and assaults on civil liberties, I am happy to continue being considered naïve by them.
I am very much against laws designed to protect children and stop terrorism.
By now, "think of the children" is a tired cliche of anti-freedom laws. If "protecting children" requires sacrificing freedom for everyone, then children should not be protected.
Every time I come across another anti-freedom law wrapped in an excuse of "think of the children", I question whether the worshippers of Moloch had the right idea after all.
> If "protecting children" requires sacrificing freedom for everyone, then children should not be protected.
Agreed. It all goes back to the famous quote "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." (granted, the quote was about taxation but the principle applies here)
Much like cybersecurity, it's always a trade off between absolute freedom and absolute safety. You don't get both. Every "safety" measure that gets put in place reduces your level of individual freedom. Go to far in the safety direction and you lose all your freedoms, and that trade off IMO is not worth it.
> I am very much against laws designed to protect children and stop terrorism.
This can't be true. You're against a law that says a convicted child rapist cannot work in schools? You're against a law that says people can't take bombs onto planes?
I think you're being dishonest in your statements, or do not care about anyone else in society.
>You're against a law that says a convicted child rapist cannot work in schools?
I'll be the devil's advocate: for how long and in what way? You can be on the child predator list because a minor caught you peeing on the side of a road. Do they deserve to be blocked out of an industry because of bad luck over something many people have done?
>You're against a law that says people can't take bombs onto planes?
Well that led to me not being able to bring a normal stick of deoderant in my bags. So maybe we should review the TSA oversight after 20 years.
>I think you're being dishonest in your statements, or do not care about anyone else in society.
and I think you're arguing in bad faith comparing the ability for government to track society's entire digital footprint to imprisoning a convicted criminal.
I do think that both TSA and modern airport security in general should be dismantled. And that any law that claims to "protect children" or "stop terrorists" should be scrutinized as if it was written by Satan himself, with assumed malicious intent.
This is true for existing laws, and true twice over for anything that's being proposed. It's long overdue for the "safety" plague of "think of the children" to die.
Cold logic dictates otherwise. The UK is part of Five Eyes: total data sharing between intelligence agencies. If that were the case, why would the UK need a law to get data it already has?
It wouldn’t need the law, but putting the proposal up and then, after the predictable backlash, retract it could be a ploy to make the criminals/us think they don’t have access to the data now.
WW2, the Allies used all sorts of fake outs to lead the Germans to believe that the Enigma machine remained secure. Many people died for the sake of the secret.
Given the lengths the government has gone to monitor its citizens, I could believe the technology stack has already been compromised.
Upvote from me. Your point is completely valid and simply stated, and yes, I agree that they very possibly could do exactly this sort of thing for the sake of play-acting a government blindness that doesn't really exist as such.
Truly this site is crawling with anal-retentive man-children who downvote over any silly self indulgent bullshit they can think of.
It’s not really a secret; it’s by design and it’s public. iCloud is not end to end encrypted by default. Apple and the state can read the on-by-default iCloud Backup which contains your iMessage sync keys and all your historical iMessages and attachments. iCloud Photos, Contacts, and Mail are all similarly not e2ee and trivially readable by Apple, DHS/FBI, and anyone else under FAA702 (aka PRISM, aka the #1 most used US intel source) without a warrant.
Apple processes FAA702 orders on upwards of 80,000 Apple IDs per year per their own annual transparency report.
Snowden himself said that they see so many nudes that they got desensitized to it.
This clever setup allows them to claim iMessage is e2ee while still escrowing keys in effective plaintext to Apple in the iCloud Backup, rendering the e2ee totally ineffective.
I think “backdoor” is probably an appropriate term for it, but they have made no secret whatsoever of it.
It’s terrifying to think that the US federal government can read every iMessage in the entire world across a billion devices (except China, where the CCP can do the same) in effectively realtime. The power that that enables (if only in blackmail ability) is staggering.
I don' think so, but, even with advanced data protection on - if you communicate with someone via iMessage, for example, that does not use advanced data protection, and then they use iCloud backup, then it nullifies it essentially. Feds could get your messages via the recipients iCloud backup.
Advanced Data Protection needs to be turned on for both you, and everyone you communicate with if you want the full chain to be E2EE. Your communications are only ever as secure as its recipient.
Also, what regular criminal, let alone terrorist, would leave iCloud backup turned on after all the hacks and leaks over the years. I assume that most in the HN community, like myself, have iCloud backup turned off.
“As a result, the UK has agreed to drop its mandate for Apple to provide a ‘back door’ that would have enabled access to the protected encrypted data of American citizens and encroached on our civil liberties.”
The reason the UK dropped the demand is because they already have backdoor access to personal data using multiple methods, and to make the topic disappear for the time being.
Never use a mobile for anything that requires privacy or security. It's the intelligence agencies favourite tool.
Governments generally use special procedures for securing secret information, which makes this a non-issue for government use, assuming government employees follow the procedures, which apparently the Trump administration doesn’t.
This isn't a win, this is solidifying and reinforcing the idea that different laws should exist for different classes of people - those who can afford to make the government look the other way and those that can't.
Congratulations to Apple on lobbying for its own money. Very noble.