UK Home Office silent on alleged Apple backdoor order The UK's Home Office refuses to either confirm or deny reports that it recently ordered Apple to create a backdoor allowing the government to access any user's cloud data. Such a mechanism would enable the government to independently access and read encrypted data, both within the UK and potentially for users worldwide. The …
UK have had powers to force individuals and companies to snoop and prevents them from talking about the request for many years.
Even before the snoopers charter.
I'm supprised this request has leaked.
only new thing here is that Apple customers are rich people, shock horror.
Trouble is that the newer messaging services are end to end encrypted, so the government cannot snoop unless they have access to at least the hardware at one end of the link.
The new requirement appears to be asking for a backdoor in the middle so that everyone can be snooped on at will, without oversight. Much as they want for Bank Accounts.
As Apple have been asked it's a dead cert. that Google/Meta/Facebook/TikTok et'all will also have been served but are being 'good' and not telling us.
I've got plenty to hide, such as my flabby belly, so I don't post it, or more precisely pictures of it, to third party online servers. Only because I'm easily embarrassed.
If you've got nothing to hide, frankly you must be a bit weird.
For the rest of us, blindly sharing stuff on "social media" is clearly asking for trouble. Needlessly putting personal stuff on cloud platforms, whether or not ostensibly privately, is simply daft. I'm less worried about HMG's fishing trips, egregious as they are, than ordinary commercial security breaches, which seem to come with an inevitable and increasing cadence.
Get a NAS. Maybe one or two USB hard drives. They're dirt cheap.
-A.
"I mean, I've lived for half a century without ever taking a photo of my privates so how hard can it be?"
And I've lived even longer without doing so. But you're missing the point. For half a century or more we could have taken photos of our privates with the reasonable expectation that the British bunglement wouldn't be able to grab the pics without a warrant granted on reasonable suspicion and with due process. This is the ineffectual bastards of government granting themselves an in-perpetuity right to check everything we do. Obviously Yvette Cooper wishes she'd been born in East Germany in the days when the Stasi offered good career prospects.
Human rights law as a specialism generally doesn't seem to attract anyone who actually cares in any meaningful way about human rights as others understand it.
Mostly it seems to attract personality-free narcissists who love endless argument over the minutiae and lack the talent for anything genuinely challenging in the field of law, with the 'human rights' label providing a convenient fig leaf to hid their utter disinterest in anything except the technical challenge of the argument.
There are some truly talented, passionate advocates for rights out there, but I've yet to find anyone like that working a full time professional 'human rights' lawyer.
You won't hear much from either the lawyers or the politicians because for all their strident claims about 'rights' they have a very narrow idea of what those are and who deserves them and it certainly doesn't include *you*.
utter disinterest in anything except the technical challenge of the argument
Because that's the role of a lawyer. It's useless them arguing about something they're passionate about if it has no basis in law. You may as well be calling out dentistry for making no contribution to fine dining.
It's the job of politicians, campaigners and perhaps philosophers, to make good human rights law in the first place. The current breed of politician is sadly inclined to care about much more shallow topics, with very few precious exceptions. Thank god for those who came immediately after the war and set the standards that are now being undermined. Without them the whole world would already be heading rapidly in the same direction China is.
Labour could theoretically have stopped this, but the snooper's charter has been law since 2016, and has been around in various forms for years before that.
The security services have long wanted to have access to all encrypted communications, and while the conspiracy theories about all Home Secretaries being under the thumb of the security services is probably bunk, it is true that every Home Sec for a couple decades, has tried to push some form of the snooper's charter.
It's not supposed to be implemented if it's not feasible so why would they demand it now.
If they think it is feasible to implement a secure back door all they have to do is commission a proof of concept to be picked over by industry-recognised experts. If they can do that and get approval of the experts then they've proved it is feasible. Until they've demonstrated that it is so it remains infeasible.
We know the answer to this. When there was a leak of a massive international Government spying programme- including things like the US spying on Brits and then passing the intel to the Brits to avoid our limits on domestic spying- we saw about 20 minutes of outrage from a few dozen people.
The rest cared to little that pointing to articles about it today gets you labelled a conspiracy theorist.
As long as they're told it'll catch paedos and terrorists a good 90% of the British public will accept just about anything.
It's both ways, it has been for years. That way neither country is doing anything illegal, but still gets the data they need.
I wouldn't be surprised if the same happens with the other five eyes members TBH, but some of their governments may possibly have a slight shred more... nope can't bring myself to say it.
Actually both countries are doing something illegal, spying on Americans in the USA is illegal regardless of your nationality. The point is when caught the host country can hurrummpppphhh and garrummppphh expel somebody and the elected officials can pretend they are as clean as fresh snow.
Trump and minions already do see the PATRIOT act.
They also have rights to all of the rest of our data stored with US companies (like Apple) thanks to the CLOUD act.
But all of these Acts are against the International treaty of the Universal Declaration of Human Rights, which is a fundamental treaty of the UN, that all countries had to sign up to:
Article 12 is a doozie:
"No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks."
so not only are they not allowed to do it, they even have to prevent it from being done in law
Clearly Apple could copy your key at the time of its creation and storage on your device. You only have to break maths if you don't go to the source of the key generation
I'm presuming that Apple is using PKI asymmetric encryption using personal certificates, as it's pretty much an industry standard. If that's the case, then Apple would have copies of both your encryption key and decryption key when decoding your data. The absolute fundamental basis of PKI encryption is that your private (decryption) key never leaves your device, so while the maths isn't broken, if someone else has a copy of your private key the encryption algorithm can be considered to be fundamentally broken (which is why anyone who knows how this stuff works is up in arms about politicians thinking they can magically get access to your data without compromising your security.)
The way Apple has implemented it makes it rather hard to export the private key as it's generated and held in a separate chip. You access that key via whatever password you set, but the actual key that encrypts your data is a heck of a lot longer than your password. That would make your password the weak point if it wasn't for the fact that you only have a few tries before it locks up. I'm not sure this can be charged with a firmware patch (no, that's not an update, if anything it's a downgrade).
You kinda DO have a backdoor if you agree to have a device password reset via iCloud, but you get asked if you actually want that when you set up your Apple ID on an Apple device (and I can think you can change that, but as I never allow it I have no idea how to enable it :) ).
Backdoors are utterly daft ideas that fully deserve the derision heaped upon them..
True, but immaterial.
MPs vote the way that their parties instruct them to. Sometimes manifesto commitment provides cover, but usually it's simply because the hopeless intermingling of Executive and Legislative functions in the British parliamentary system gives them no choice but to do the leadership's bidding.
This is hardly a secret.
-A.
>They expect to complete Rishi Sunak's iCloud account in approximately five million years, then they'll start on Kier Starmer's if the law still exists then.
Remember when Trump's twitter password was "Maga2020"?
Rishi's is probably "I-heart emoji-Thatcher" and ironically so is Starmer's
Start with Yvette Cooper's.
In fact, she and the rest of the government should publish their own encryption keys, and access credentials for any other online services they use, including banking. And no politicians to use the likes of Whatsapp. Anything else is hypocrisy.
It's perfectly feasible, they've done it in China. The only difference is the UK won't pay up for datacentre for UK iCloud accounts.
That's basically what China has in place - Apple has to store iCloud content for Chinese users on Chinese servers, using encryption keys shared with the government. That lets the Chinese government get access to every Chinese user's iCloud data without having to go through the "hassle" of a warrant, and thus without any way for the company to know what is being snooped.
If the UK was satisfied with being able to access user data with a warrant, then "all" Apple would be required to do would be to stop allowing UK citizens to enable/use Advanced Data Protection, which encrypts iCloud backups using a key provided by the user that Apple has no access to. Apple can't respond to a warrant for information if you have that enabled, because they can't read it. Apparently the UK was not happy with that, so they must be wanting to force Apple to treat UK citizens the same way China forces Apple to treat Chinese citizens.
Now if they'd go so far as this with Apple, they aren't going to stop there. They'd make Google do the same, along with Meta for WhatsApp. Signal would be a problem - they'd have to outlaw it entirely and force Apple/Google to block that app in their app stores similar to the US situation with Tik Tok. The open question is what do they do if you simply refuse to use iCloud, and using your own PC for backups? If a lot of iPhone users turn to that as a way of "protest" against the UK government's action, maybe that's where they try to demand Apple do the impossible and provide a "backdoor" for the UK. If Apple/Google stand united against that and tell the UK to get stuffed, what could they do?
After several weeks of watching Trump start his Project 2025 dismantling of the constitution, there is some solace they aren't trying to do this. Yet, at least.
Except that only applies to locals.
When I go to China my phone still uploads to my own account (through my corporate VPN - I'm not stupid).
So this wouldn't keep out foreign terrorists phones from Ireland, North Korea or America - it would only allow the government to spy on their own citizens
That's what China wants, they want to be able to spy on their OWN citizens. If the UK wants to spy on everyone in the world that's nice, but its simply not going to happen. Apple/Google/Meta are not going to give that kind of backdoor access to them, and if they say "do it or we'll ban your company from doing business here" they'll say "OK fine enjoy losing your next election by 90% margins when you take away your voters' iPhone, Android, and Facebook".
It's entirely feasible to reverse ROT13 encryption, and so Apple shall be required to implement reversible encryption, and provide the means by which to reverse it.
Apple, feeling that their methods are dubious, will then report to the public that, despite being encrypted, their backups are "unencrypted". It's all a lie! All of it! From start to finish!! </poe>
Taxes up, growth down, criminals free, privacy invaded.
No you cannot have access to all my data because I very clearly cannot trust you with it. Apple may hand over the keys to the kingdom but much of what I store in their cloud is encrypted elsewhere first. All this will do is see some very dodgy people sideload 3rd party messaging apps that neither Apple nor your Telecoms provider can see, while the rest of us enjoy a fappening moment courtesy of Mrs Balls.
A bit before Blair. March 1997, Ian Taylor Conservative Minister for Science & Technology
"These proposals - aimed at facilitating the provision of secure electronic commerce .. at the same time are aimed at striking a balance with the need to protect users and the requirement to safeguard law enforcement, which encryption can prevent." in short, licensed '3rd party' escrow of encryption keys
( https://www.cl.cam.ac.uk/archive/rja14/dti.html )
The USA has a procedure where anything ordered in the last 100 (?) days of the outgoing president can be overturned by the new guy
Perhaps a policy where all laws in the last 'n' days before an election is inverted and then automatically becomes law if they lose .
It will certainly add an element of strategy to politics.
This is a Tory law
The amendment in question was remarkably cross-party. Yvette Cooper in opposition spoke passionately about the need for it. Minor fuss was kicked up by SNP, Lib Dems, and by David Davis but they all, perhaps tactically, limited their battles to particular technical topics. There were no divisions (votes).
For the original 2016 bill Labour abstained knowing it would pass, in typical Corbyn fence-sitting fashion. Only Lib Dems, Plaid, Greens voted against it.
This post has been deleted by its author
so this tells me...either that they cannot decrypt currently or that they cannot decrypt at the scale they now require.
I always assumed they could gain access to specific target devices....even by attacking the end device (attacking the device is easier than breaking the maths). iykyk.
or...just maybe, they now want to go trawling with a much wider net...rather than targetting just those individuals that they have reason to be interested in.
and ofc, anything the UK can do, it can also do as a favour to our allies.
we live in quite disturbing times.
Of course the 'won't anyone thing of the children' brigade will say anyone who doesn't support backdoors in encryption is just supporting child abusers and terrorists. As they don't seem to understand that even if the government wanted to they can't stop bad actors using encryption, and this will just mean the crims won't rely on the big tech encryption to protect their message and use PGP or similar instead.
are using things like Telegtam and for the really serious ones, the Dark Web. Double or even Triple encryption is probably standard these days.
If I encrypt what I hold in iCloud then good luck to them finding filth amongst all the cat pictures that I'll upload to put you off the scent. There is nothing nasty, in my iCloud, it is not my thing.
The Home Office is a mini state within the UK. Along with the DWP. court orders are advisory and even when they say they will comply, a check a year later finds they haven't.
Who remembers all that data they illegally collected for years and were told to destroy only to come up with the wonderful excuse "But that's too hard" ?
You can change the person in the driving seat, but until the civil service / deep state / blob <delete as appropriate> is flushed away, nothing changes.
That seems to be what's happening across the pond and I hope, for the rest of us, it's successful.
"You can change the person in the driving seat, but until the civil service / deep state / blob <delete as appropriate> is flushed away, nothing changes."
Well, in my day job I'm part of that group. It may surprise you to learn that regardless of my personal views, I (and colleagues) work to deliver the will of the secretary of state, no matter how misguided, malformed, or simply stupid their wishes are. If they come up with an idea that's bad and simply won't work, our job is to propose options that will work (even if we still think the outcome is bad). There certainly is inertia in government (as Labour using a Conservative law they voted against shows) but that's not about the establishment, it's because it is what the Labour politicians now want to do.
A sceptic might argue that this shows how there isn't actually much difference between Lab/Lib/Con, and that's pretty true. But there is your "establishment". Not the blob of the civil service, but in the lightweight, think-a-likes of parliament, where the public are easily distracted by the theatre of differentiation.
"I (and colleagues) work to deliver the will of the secretary of state, no matter how misguided, malformed, or simply stupid their wishes are"
Th HO's core competence seems to be house training Home Secs (apart from the few that don't need it). So effective was it that one of them wrote an account of it in the Times, quite oblivious of what had really happened to him.
"Th HO's core competence seems to be house training Home Secs "
I don't think that's so much the HO, as the police and security agencies, who continually peddle stories of blood curdling threats to the country, that can only be stopped by ever increasing surveillance powers accompanied by declining transparency and oversight. Given that the police have failed miserably in the war on drugs, have failed to keep on top of shoplifting, failed to control car theft, have failed to properly address crimes by the powerful, and have had a good number of thieves and rapists in their ranks, a bit of common sense ought to tell the Home Secretary that the agencies wanting more powers have yet to demonstrate their fitness to have those powers.
> I (and colleagues) work to deliver the will of the secretary of state, no matter how misguided, malformed, or simply stupid their wishes are.
I was only following orders.
Although only orders signed in triplicate, sent in, sent back, queried, lost, found, subjected to public inquiry, lost again, and finally buried in soft peat for three months and recycled as firelighters.”
You really have no clue what's going on in America.. Is this the success you want? https://www.youtube.com/watch?v=sHAq1yP57rk
Seems that even Apple can't fix this if you lose the email or access to it eg for the heinous 'crime' of whatever mail provider inactivating the account after a year.
I have yet to see any workaround to this, despite certain companies (Cellebritie) claiming to have a fix it seems that this rarely works.
People have expressed concern that there should really be two *independent* addresses or some other method tied to the original bank account used for the purchase
so that someone has to prove access on at least two of the three for an unlock.
The T&Cs say they can close your account/takedown your video/do whatever they like if they think you're breached the T&Cs or you're doing something vaguely harmful. If you ask them for any details on this process they'll refuse because it might help others defeat their harm detection processes.
And because it would reveal those harm detection processes are utterly incompetent, crudely automated, and that nobody at Google cares about that.
That the UK government's attempt to make this power grab secretly has been blown by the US press. Does of course show that the Home Office and government ministers are quite simply idiots to think that they could do this quietly. But that's government for you.
I'm sure it's a breach of the Official Secrets Act, but I'll let you in on the recipe for government in the UK: Take a stupid idea, try and hide it. When it doesn't work, double down on it, because it wasn't the idea was shit, all that's needed is more bureaucracy and more government interference to make things good. When that still doesn't work, don't admit it, don't repeal the crap legislation, just look round for another stupid idea, because all that's important is to offer the appearance of doing something about the issue du jour.
I think the secret policy was leaked by the BBC in the 1970s
Sir Humphrey: Well, Minister, in practical terms we have the usual six options. One, do nothing. Two, issue a statement deploring the speech. Three, lodge an official protest. Four, cut off aid. Five, break off diplomatic relations; and six, declare war.
Hypothetically, and of course it’s all speculation up to now but assume it is true and Apple have been ‘ordered’ to do xyz; what happens if they simply ignore the instruction?
Now honestly, I am a great believer in the ‘rule of law’; but this was always a stupid law that eventually was absolutely going to run into the 'brick wall of reality’!
Quote: "...Home Office silent on alleged Apple backdoor..."
So.....all the stuff I send through Apple is triple encrypted BEFORE I send it.....
You know....Diffie/Hellman, Curve25519, then three passes (with different keys) of chacha20...............
Ha.....Home Office backdoor.....the snoops get megabytes back from Apple (or Signal, or Telegraph, or Meta.....).....and all they see is......MORE ENCRYPTION!!!
Enjoy!!!!
I personally believe Western companies shouldn't be doing business in China and we shouldn't allow China access to our markets.
The CCP forced Volkswagen to set up factories in the Uighur province to make them (and therefore the entire Western world) accomplices to the human-rights abuses there. IMHO VW should've walked instead of complying, but they didn't. Shareholder value and profits took precedence.
The same has happened with Apple. Several dissidents were exposed and jailed when the company handed over information related to their iMessage usage.
The relationship is mutual. Apple is one of China's largest exporters. Do you really think they'd shut down a company with a trillion dollar revenue just to make a point? Doing so would hurt China just a much as the U.S.
If one of the dissidents gets the death penalty Apple will have blood on its hands. What's that going to do for Tim Cook's night-rest, eh?
If they are talking to Apple, that's either just one of the companies they're talking to or the first on the list. It wouldn't do them any good to go after Apple alone with such "requests" while Android and WhatsApp (among others) were still operating as normal.
They'd have to get them all to comply with whatever laws they want, and if their wants are too extreme then they'll be told no. And you can bet that all the CEOs of affected or potentially affected companies would be talking with each other to put up a united front if the UK's demands were too extreme. So they could say "fuck you" in unison and leave the UK left to decide whether they want the massive blowback from banning all three, or to quietly back down.
Can we please stop being naïve? Not most people on here but the main stream press and stuff.
"we put funky encryption in place so even we can't access your data"
Can you reset or access the password on the account or not?
No matter what funky encryption you tell users you put in place that simple fact means they have access to the data.
I digress though. This is all for retrospective access they have already had for years and years. Now they can make it legal. Prism would like a word.
What happens when I upgrade my apple device? How on earth do I access my data on my new device? What if I purchase a new apple device? Can I not access my data? Wait a second. What if Apple added a new device? Would that be able to access my data? What if they replaced my biometrics and MFA in the database? They are the admins over the whole system after all.
Too many people drinking the Apple Koolaid here unless Apple have actually come up with some magical system that even they themselves can't access. Have they perfected the one time pad without the pad?
Tell me how I am wrong. Tell me how it's completely safe.
Your iCloud backups are ALWAYS encrypted. What ADP does is it encrypts with a key YOU control. If you don't have ADP enabled your iCloud backups are encrypted with a key that APPLE controls. That means without ADP enabled Apple can (and legally must) respond to a warrant that might say "give us all of rob miller's iCloud photos" and since Apple has the key they can decrypt them to provide your photos to the cops/government. If you have ADP enabled Apple can't access them.
Now you might ask "if ADP offers better security why not enable it by default?" and the reason is because if you lose access to the key you lose access to those backups - so that if you lost or broke your phone you'd be SOL and have to start from scratch. There are a couple key recovery solutions one where you manage the plaintext key yourself in some manner another where you can designate a trusted person like your spouse as your "recovery contact". But that's all a bit complicated for the typical consumer, and people get upset about losing all their stuff even if you warn them that can happen.
Now sure Apple probably ALSO didn't want to aggravate the "authorities" like the FBI and so forth in such a direct manner as enabling warrant proof encryption on every iPhone would, even if they decided consumers could handle the downsides of being responsible for their own ability to recover their data if necessary.
There's another option if you want backups secure from the government - don't use iCloud at all. You can use iTunes on a PC or Mac to backup your iPhone, though that's subject to the same issues as ADP - if you lose those backups or forget the password that in this case is used to encrypt the backup you're SOL.
As an old guy that's been called a paranoid delusional and laughed at for the last 20 years because I refused to use siri, icloud, what ever windowz girlfriend ai was called, one drive, cookies, scripts, and have run several of the more secure browsers at the same time... let me return the favor....
ahahahahahhaahahhahaaa....
wow that felt good. Not so paranoid NOW am I?
Apparently the UK governmental machinery is demanding access to *anyone's* iCloud data through this back door. It's not just aimed at UK citizens.
So some poor granny sitting on a beach 20000 light years away, using their iPhone, is now subject to scrutiny by HM Government.
Crazy?
Anonymous because I don't want my front door putting-in at 5am tomorrow morning
One good reason (I use the word 'good' advisedly) for the UK getting access to every iThing account is that it's already perfectly legal for UK spies to go sniffing through the knicker-drawer of anyone who's not a British citizen. Thus, if you're going to force your access into British accounts, it's a no-brainer to make sure you get it for the rest of the world while you're about it.
Once you have it, fire up a big AI model and point it at Apple's servers. It reports back on anything it decides is worthy of investigation (insert a suitably flexible definition of 'worthy') and then you can figure out which of your friendlies you need to alert: US, Germany, etc. Of course, China can do it now - but only for Chinese data and they're not swapping their findings with anyone: this move is a land-grab that ultimately puts the UK on the map as THE primary source of mined consumer-generated data in the western world. And, as we already know, whoever has the data, has the power.
Of course, anyone who knows they have to hide their comms. will be looking to double-encrypt, use alternative tech, etc - so the vast majority of crims. they'll catch with this will be the ones who are borderline at best. In the meantime, anyone else better not post or store anything that they would not be happy printing out, self-addressing and flyposting around town.
I don't understand why they can't be open and honest about this. We know how it goes, thanks to what Snowden revealed. They demand backdoors and at the same time tell the companies they can not reveal that these back doors exist. Just be open and honest for god's sake. If the government believes back doors are needed and legitimate then why not tell the people?
Wonderland?
“Alice laughed. 'There's no use trying,' she said. 'One can't believe impossible things.'
I daresay you haven't had much practice,' said the Queen. 'When I was your age, I always did it for half-an-hour a day. Why, sometimes I've believed as many as six impossible things before breakfast. There goes the shawl again!”
The Home office is asking for a back-door to data which has been secured by Apple's encryption. Does this mean that all data on Apple's cloud will be insecure and that big brother could look at anything he wants to? No, of course not. Data will only be insecure if users only rely on Apple's encryption. If users are willing to think outside the Apple ecosystem there is no security issue. If they have data they need to secure on the Apple cloud all they need to do is encrypt it with an alternative encryption scheme that Apple does not control.
I would imagine most serious criminal would know this. So the government's proposed action is not going to be particularly effective. It will only catch dumb criminals who can't imagine using a product that Apple does not control.
@John_Brown_(no_body)
Quote: "....you must give up your encryption key..."
Really? I've been using Diffie/Hellman (you know.....huge prime numbers or Curve25519)....where the two parties to an encrypted transaction share DH tokens.
The point is that the ACTUAL encryption key is calculated when needed by the software.....and then thrown away!
An encryption key only exists in software twice, and then only for a fraction of a second each time.
The user (the human being) NEVER sees or knows the key!!!!
Now......in what world can it be "an offense" to fail to disclose something a person has never seen or known?
The Diffie/Hellman key exchange sets up an encrypted channel used to transfer data from you to the remote server. It does not encrypt the data at rest, for that you need a symmetric key or asymmetric keypair which you retain to able to decrypt the data again at a later date.
@druck
You are confused. There are indeed four DH tokens involved in a DH transaction.....but these tokens ARE NOT THE ENCRYPTION KEYS!
Anyone wanting to decrypt a message will be unable to do anything useful with the DH tokens.
In fact, knowledge of the DH tokens is also useless in understanding what encryption algorithm has been used......it might be one pass AES, or multiple pass some other algorithm.....Samba, Chacha....
So.....no knowledge of encryption keys....no knowledge of encryption algorithms.......Good luck to third parties who ONLY KNOW two of the four the DH tokens!!!!!
@druck
Quote: "...at rest..."
Thanks for your reply!!
Sensible designers would leave the ENCRYPTED MESSAGE "at rest"........at both ends.........
.....with the plain text message available only on a GUI, when required......and then destroyed.......
.....and of course snooping would be difficult.....whether in transit or "at rest".......
.....not least because the encryption keys are a) generated uniquely for each message, and b) only calculated when needed, and c) never stored anywhere.
"It will only catch dumb criminals who can't imagine using a product that Apple does not control."
Not quite. The insecurity inherent in any back door makes every innocent users' data accessible to any agency, criminal ot nation state, that finds it. That is what the US discovered only a few weeks ago but what with moving fast and breaking things that lesson has already been forgotten - to the extent that it was ever learned.
We have to assume the UK sent similar orders to all the major cloud storage companies, that the companies complied, and that all of our cloud drives have been fed into an AI. Best we we can do now is client-side encryption before storing any future files in the cloud.
Paper + Pencil + Envelope + Stamp
Write message (young ones might need help). Insert into envelope, address to destination, place stamp and seal. Drop into nearest official receptacle (again, guide the young ones on this, may involve going outside)
Wait (young ones may not understand this part either)
If recipient detects that seal is broken, deny all knowledge of message. Otherwise, enjoy your government subversion.
Inform all UK users their kit will now be bricked. Inform rest of world users that if they take their kit to the UK it will also be bricked.
I think Apple could afford that - it wouldn't need to last very long. The Home Office would be buried under attacks from a lot of people with huge-mungus financial means.
Time to use the canary technique again.
_Either_ Apple ID not required to hand out keys when asked, of they _are_ required to hand them out and not allowed to tell anyone. But the cannot be required to lie.
So you ask them “do you keep track of keys”. If they answer “no, we don’t” then they don’t. You ask every day. If they answer “no comment” then you know they do.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
