BBC News - Apple pulls data protection tool after UK government security row
- “In a statement Apple said it was “gravely disappointed” that the security feature would no longer be available to British customers.”
Washington post - Apple yanks encrypted storage in U.K. instead of allowing backdoor access
I guess removing access for the uk is better than backdooring it in silence. But still, not great.
Also, it is interesting comparing compliance on this with complying with the EU on sideloading apps.
Original title: ‘Apple caved and pulled end-to-end encrypted backups in the uk’ - record of bad take title
This is frightening.
They do not have the ability to just remove e2e back-ups in the UK alone and walk away from this, that’s not how the law is written as I understand it.
The snooper’s charter gives the UK government the RIGHT to DEMAND access to encryption keys of any user GLOBALLY. The law is that they can force the cooperation of Apple to decrypt the account of an American user, of a German user, of a Russian user, of a South African user, of a Brazilian user, of a Japanese user who have never stepped foot in the UK.
So they’re claiming that this protects their users, that they haven’t complied but the only way to avoid complying with these secret gag orders for compromising encryption GLOBALLY at the demand of the UK government is to remove themselves entirely from the jurisdiction of the UK. Is to remove all executives and technical personnel from UK soil, to not hire such people who live in or are citizens of the UK as technical personnel as they could be gag ordered and compelled to cooperate. To basically entirely pull out of any presence but maybe storefronts in the UK and take steps to prevent the arrest and pressuring of their executives and key technical people with access from being subject to UK coercion.
That they haven’t done that means all users globally are still at risk. This may be a big PR stunt to convince people they haven’t caved when in fact they have in secret and will hand over data of global users to the UK which shares it via eyes agreements with the US, with France, Australia, etc. This has the added benefit of allowing the UK to keep such access secret by acting annoyed with Apple but not actually pressing any case. If they try and actually prosecute or pressure Apple that’s a sign that they haven’t cooperated globally, if they only offer angry words to the press IMO that’s a sign that in secret they’ve given access globally and only informed UK users that their cloud data isn’t protected.
They are not allowed to just share data from users in other countries where privacy laws exist. It depends a bit on how GDPR is written in the specific country you reside and it it is enough, but generally they should be asking for censent if they try and access it.
Sadly we won’t have any idea when they try and access it, but this is the exact reason why businesses in NL like accounting firms (not bookkeeping firms) need to have their data in datacenter in NL to precent morons like this to access your data.
Pretty sure either Google E2E is non existent or it is alreayd opened up for the UK government or it is being opened in the future. I wonder if Proton is going to need to comply with this.
Pretty sure Apple has a few lawyers
They’re not handing over keys though. They’re just not offering ADP in that region anymore(?) I doubt they would be allowed to hand out keys (which they do not hold) to another government that would compromise American businesses, agencies, etc. The US was already noticing the dangers in this demand and I’m hoping that this was an attempt at a compromise. I guess we’ll never know though, since this included a gag order as well
Um, yes they would. The very point of eyes agreements is they allow countries intelligence agencies which aren’t allowed to spy on their own people to spy on each other’s people then pass each other the data. Snowden revealed this all a decade ago.
The CIA and FBI do not store classified sensitive info on iPhones that are backed up anywhere. At least not anything that would come as a surprise to the British or be a risk. Nothing they wouldn’t have access to via the existing intelligence sharing.
The UK and the US are thick as thieves and have been since the end of WW2.
Still good to keep in mind: not your keys, not your data.