How has this not happened in the US yet?
this post was submitted on 07 Feb 2025
28 points (100.0% liked)
Privacy
0 readers
80 users here now
Everything about privacy (the confidentiality pillar of security) -- but not restricted to infosec. Offline privacy is also relevant here.
founded 1 year ago
MODERATORS
It is worse than that. They could demand the cloud data for anyone, anywhere.
May be safer to not have an iPhone.
And Five Eyes means that they then share it all with the US.
It won’t be global. Apple keeps servers and app stores in country to comply with local laws and regulations.
I doubt Apple is going to comply with this. It will be interesting to see how they work around it.
@[email protected] I don't think Apple can even comply with this sort of request. They have never wavered on this and in fact have continued to make it even progressively more difficult with every major and even minor releases. One of my iCloud accounts (I created one for my former employer) is entirely self-managed via u2f/fido2 tokens, it doesn't use Apple's MFA at all, and i disable imessage in the cloud so they're not decrypted there. now what, guvner?
nothing stops them from doing police work does it?
@[email protected] They already capitulated to China by storing iCloud data locally. I’m pretty sure China didn’t ask for that because they wanted data they couldn’t read stored closer to home.
@[email protected] data governance and sovereignty requirements for businesses or orgs isn't unusual, in higher ed for example you need to store data in the US; china probably has a ton of requirements like that. google has been doing it almost as long as yahoo i think.
@[email protected] do you believe that china can gain unauthorized access to iCloud account data without cooperation or the user providing their credentials? i thought they could use fido2 keys in china?
https://readwise.io/reader/shared/01jkkc4eamhvefmcexe5es8pfn
@[email protected] TBH the leak is the problem. If Apple could make credible in private that they would leave the UK market, the government could back down, in private.
That's just how diplomacy works. This isn't regulation but international relations between states.
But now it is public, neither side can back down without serious consequences.
Apple's investors want a backdoor.
https://www.businessinsider.com/saudi-arabia-crown-prince-visits-apple-google-2018-4
The House of Saud often uses American or UK proxies to preserve their interests & pursue dissidents
https://www.middleeastmonitor.com/20241213-saudi-crown-prince-uses-126bn-investment-to-pressure-uk-over-dissidents-case/
https://www.bbc.com/news/articles/c4gz8934wrro
The fossil fuel industry is prepared to do anything to stop climate action.
@[email protected] Given the public nature of the order from UKGov to Apple, I suspect this will mean criminals won't put their data on the platform and find other companies. Well, unless they are dumb ones like Trump.
This is the link to the act:
https://www.legislation.gov.uk/ukpga/2016/25/contents
Il faut impérativement maîtriser soi-même le processus de cryptage de A jusqu'à Z et ne pas laisser faire cela par aucun prestataire de services.
De cette façon il n'y a jamais de nécessité de backdoor.
On prend un algorithme public, tel que Aescrypt, on en prend une implémentation indépendante de tout service web, et on est le seul à connaître la clef.
Le secret doit résider dans la clef et non dans l'algorithme.
@[email protected] I don't get this. If Apple can provide this, it wasn't encrypted to begin with and they are likely already giving the info and this is just a PR campaign to adjust the public's expectations about these things.
If that cannot provide this, because it is encrypted with a key only the consumer can provide, then it's a moot point.
This is why I use @[email protected] and host it myself.
@[email protected] @[email protected] End-to-end encryption is only as reliable as the next software update.
At least now we know why the UK was not hit with any trump trade tariffs this week
@[email protected] I'm willing to bet that it was another five eyes partner, like the US, who damanded the UK request this since we, shockingly, have the legal framework in place for it. I was really hoping that this new government would repeal this god awful law. I guess that is not happening now...
@[email protected] and don't forget the lock picks… Where's no door, one can't pick its locks. Simple. 🤷♂️
@[email protected] The main problem is that they can do it. Encryption keys should be hosted and managed by the client or it can't be and shouldn't be trusted. Of course, that requires user ownership of the client device, which is a big NO-NO for apple.
@[email protected]
I wouldnt trust apple long term
They will huff and puff about the UK demand and make a great show of protecting privacy etc
But as soon as the US govt demands the same ( maybe already have?) , Apple will have a serious weighing up of costs/ benefits to apple, not customers and conclude that maybe they care more about the US govt than about their customers