back to article Apple's alleged UK encryption battle sparks political and privacy backlash

US politicians and privacy campaigners are calling for the private hearing between Apple and the UK government regarding its alleged encryption-busting order to be aired in public. Reports suggest that Apple planned to appeal the demand at a behind-closed-doors High Court hearing of the Investigatory Powers Tribunal (IPT) this …

  1. m4r35n357 Silver badge

    US trying to push other countries around?

    Well that IS a surprise!

    1. Handy Plough

      Re: US trying to push other countries around?

      Ordinarily, I'd agree. However, they are bang to rights here. This law, as has been pointed out since its inception, is not only harmful, it is arrogantly foolish and impossible to implement securely. The UK government has been told this many times, but have their heads up their assholes,

      1. Paul Herber Silver badge

        Re: US trying to push other countries around?

        Excuse me, but in the UK we they are arseholes.

      2. Scotech

        Re: US trying to push other countries around?

        I agree 100%, but that said, this lot can f*** off until such a time as the US has abolished its own secret court hearings and national intelligence meddling in encryption tech.

    2. Alf Garnett

      Re: US trying to push other countries around?

      Read the article again. You seem to have missed the point where it says the UK government is trying to force Apple to give the government access to everyone's encrypted files. Apple is trying to defend the rights of people in the UK to encrypt their files so that they can't be accessed by people who shouldn't have access. You know as well as the rest of us that government employees are capable of using data for nefarious purposes. For example: a policeman accessing his ex wife's Apple cloud storage so he can find out where she lives so he can go there and do her harm. Also if Apple was forced to put in a back door, criminals would immediately target it to steal data from people who have done nothing illegal.

      Seems to me that a solution to this if Apple loses is to change the relevant software so that users can choose their own encryption scheme and cloud storage platform. That way users in the UK could use Proton drive or some other platform.

      1. collinsl Silver badge

        Re: US trying to push other countries around?

        And let people out of the Apple walled garden? They're even less likely to do that - they were forced to by the EU for app stores, but they 100% won't do it voluntarily for any reason.

    3. Gordon 10 Silver badge
      Meh

      Re: US trying to push other countries around?

      Your point may have been better framed by pointing out that the US has been guilty of identical behaviour multiple times before, not the least with the Patriot act which forbids discussing the existence of a Data Seizure subpoena.

      As well intentioned as the US congresscritters are, I wonder how many of them have protested against the Patriot act clauses?

  2. mark l 2 Silver badge

    Don't you love how its American senators that are actually trying to stick up for privacy, where as ive not yet heard any UK politician speak up against it?

    I am far from a legal expert but I believe parliamentary privilege means a UK MP could acknowledge the existence TCN against Apple if they mentioned it in the house of commons and not be subject to any further ramifications for breaching a court order.

    Eg when the Ryan Giggs super injunction was mentioned by MP John Hemming.

    1. Dan 55 Silver badge
      Black Helicopters

      Don't you love how its American senators that are actually trying to stick up for privacy...

      That's only because the US has the keys to everything in the first place.

    2. Greybearded old scrote
      FAIL

      But the news orgs couldn't then say any more than, "The MP made a statement that we can't report." Followed by a big row about whether Hansard (Parliament's official newspaper) was allowed to do its legal duty.

      I don't know if that happened in the Ryan Giggs case, but I recall one super injunction case that went that way.

      1. Scotech

        It's complicated. They can quote Hansard or other sources, and then they can discuss the wider ramifications of the statement being categorically true. But they can't plainly state that it is true, that's still subject to the injunction.

      2. heyrick Silver badge

        "But the British news orgs couldn't then say any more than"

        There, fixed that for you.

        I knew who it was before the MP said it because the super injunction only applies in the UK. Over here in Europe, not only was he named when the story broke, but some media sources ridiculed the super-injunction - nothing says guilty quite like a celebrity trying to silence the story, right?

    3. Blazde Silver badge

      parliamentary privilege means a UK MP could acknowledge the existence TCN against Apple

      Some of the cabinet no doubt have heard better rumours than us plebs but there's no reason more than 2-3 actual MPs know for sure of the existence or have seen the text

    4. Anonymous Coward
      Anonymous Coward

      Ha. Watch the US senators go quiet when it relates to American spying and privacy breaking... Snowdon, anyone?

      1. Anonymous Coward
        Anonymous Coward

        I'm looking at Snowwdon (eryri) at the moment.

        But Snowden is probably the one you wanted to name,

        Where is Mark Thomas these days (try https://www.youtube.com/results?search_query=mark+thomas+comedy+product for starters)

        And has anybody seen the former Manchester Guardian these days? The one that revealed the Trafigura story in

        The Grauniad has recently managed to top its historic market leading adoption of Phorm years ago, and slightly more recently its ridiculously anti democratic AnyoneButCorbyn campaigning, by turning into the ReachPlc-style version of its former self. Look how well Starmer seems likely to work out ....

        And along the way they sacked steve bell: https://pressgazette.co.uk/publishers/nationals/guardian-steve-bell-cartoons-sacked-israel/

        Which of those showed any kind of intelligence, artificial or otherwise.

        1. tiggity Silver badge

          Re: I'm looking at Snowwdon (eryri) at the moment.

          The same Mark Thomas who threatened to use his ex wife Jenny Landreth when she wanted to publish a book * expose what a **** he was?

          He used his wealth to stop her (as she could not afford the risk of losing teh legal battle)

          So much for Mark Thomas being a fan of free speech...

    5. Bebu sa Ware
      Windows

      Further Ramifications

      "they [MP] mentioned it in the house of commons and not be subject to any further ramifications for breaching a court order."

      Vaguely recall an MP might be compelled to front the bar of the parliament or privileges committee which might have serious ramifications.

      Don't know about "the unrepresentative swill"† of the Lord's. :)

      † used to describe the Australian Senators by former Australian PM, Paul Keating, I believe

    6. phy445

      Pretty sure Parliamentary privilege is a convention that has no legal basis. Equally pretty sure that 99% of those MPs that use it do not realise this. It would be interesting to see it tested properly...

  3. KittenHuffer Silver badge
    Coat

    The problem I see .....

    ..... is that the USA would no longer have any Federal cybersecurity personnel left to be able to argue that the TCN is a bad idea!

  4. Tron Silver badge

    GAFA may have the upper hand here.

    Apple can simply go nuclear and temporarily brick every Apple device and system in the UK to stay within the letter of the law. Next move would be the UKG's. They could stop emulating the Chinese regime and everyone's tech could work again, or face the public backlash. And all buy new phones, because the large wages they pay themselves pretty much ensure that most of them will have an iPhone.

    MS and Google can follow suit.

    There has been no dissent from UK MPs because the political classes are 'all in it together'. They consider themselves the farmers and UK citizens to be the livestock.

    Come July when they start gating the internet with idiot ID requirements 'to protect the children', the Labour government may as well start packing their suitcases anyway. Big backlash, a few hacks and they will be lucky to make it until the next election, when they will be on the wrong end of a straight battle between the Tories and Reform. Some indication of the lack of talent in British politics and the wretched choices we have at elections.

    1. Roj Blake Silver badge

      Re: GAFA may have the upper hand here.

      In fairness, the Lib Dems did put in a written question regarding TCNs a short while after this all came to light.

    2. Long John Silver Bronze badge
      Pirate

      Re: GAFA may have the upper hand here.

      Don't count on that. National Socialists stick around until physically ejected.

      1. Anonymous Coward
        Anonymous Coward

        Re: GAFA may have the upper hand here.

        Labour are NAZI's now?

        I seem to have missed that memo.

        1. Tron Silver badge

          Re: GAFA may have the upper hand here.

          quote: I seem to have missed that memo.

          Wait until July when the ID checking requirements begin. Passport scans to iffy 3rd parties running outsourced crapware etc. Social media and online pron is the opiate of the masses. An entire nation going cold turkey overnight and blaming it on Starmer.

    3. heyrick Silver badge
      Stop

      Re: GAFA may have the upper hand here.

      "Come July when they start gating the internet with idiot ID requirements 'to protect the children', the Labour government may as well start packing their suitcases anyway."

      Excuse me - that's part of the Online Safety Act. The legislation started in the May government and given royal assent during the Sunak government. In other words, this is yet another Tory shitshow.

      1. Anonymous Coward
        Anonymous Coward

        Re: GAFA may have the upper hand here.

        But the populace only remember who was there when it happened, not who made it happen.

        See Trump blaming everyone else for things that happened when he was in charge, and also deliberately leaving poison pills, like the tax cuts and then hikes after his term ended as an incentive to re-elect him the first time.

  5. 0laf Silver badge
    Pirate

    turnaround

    It's a sad state of affairs when we have the US lecturing us about privacy concerns. That in itself might give an indication of just how stupid the UK government is being.

    Not that it'll make them back down, I#m sure they'd rather we all burned in fire than they admit a mistake.

    1. Mike 137 Silver badge

      It's a sad state of affairs when we have the US lecturing us about privacy concerns"

      Actually not unexpected. The supposedly robust privacy that the GDPR promised was a European, not British, venture, as indeed was the driving force behind the original UK Data Protection Act. The UK has a long history of dirty tricks -- including suppression of information1, intrusions into privacy and secret tribunals.

      1: Ian Cobain, The history thieves, London, Portobello Books 2016 [ISBN 978 1 84627 583 8]

      .

  6. Omnipresent Silver badge

    If I remember right

    icloud has had several major break ins, which exposed very personal information. Ask them to explain those incidents.

    1. Fonant

      Re: If I remember right

      That's part of the point of E2EE for your iCloud data. Even if there is a break-in, or rogue employee, no-one can read your data.

      The UK Government seem to think that it's worth the potential exposure of everyone's personal data just to be able to read the personal data of "bad people". Where the definition of "bad people" is a function of time.

      1. Alf Garnett

        Re: If I remember right

        I agree. One ting to consider is that the UK now arrests people for mean posts on facebook. If they can access your data if they think you did something illegal, they just lower the standard of what's illegal until they get to a point it's legal for them to spy on you.

        1. tiggity Silver badge

          Re: If I remember right

          .. Well, it's easier than catching people committing theft / burglary.

          .. Sure I'm not the only person who has received a crime number when reporting an incident over the phone & that was the end of it, no follow up (be it via phone, email, in person) - "low level" theft (from a garage in this case) seems a crime that is no longer investigated (other areas of UK may differ obv.)

          1. collinsl Silver badge

            Re: If I remember right

            It's not easier as it happens, it takes much more police time to deal with online crime due to the difficulty in getting hold of information, plus the sheer bulk of cases they get of "My friend Stacey said that Doreen's eldest, Cindy, was a fat cow who needs to have botox and fillers and I want her arrested for harrassment" etc.

            That, coupled with the lack of resources per head of population given to the police by successive governments means that there aren't enough officers any more to deal with work which has such a low prospect of conviction. Burglary can really only be solved if you catch the crim climbing out of a window holding the TV, or find stolen jewellery on them later on, or at their house whilst looking for drugs etc.

            Don't get me wrong, it's a sad state of affairs, but it's not due to lack of effort or willingness to care, it's down to lack of resources. In fact it would be great if the police could adopt the "broken windows" model of policing which cleaned up New York in the 90s (I.E. tackle low-level anti-social behaviour to stop bigger crimes occurring) however there simply aren't enough resources.

    2. DS999 Silver badge

      Re: If I remember right

      That was a decade ago, before they even had 2FA. You could access iCloud's web interface and reset their iCloud password if you had access to their email account - and it isn't that hard to find people using really dumb passwords on their email or they were on the haveibeenp0wned lists.

      That's how people "broke in" for stuff like celebgate. It had nothing do with the encryption of the iCloud data itself.

      With the E2EE (advanced data protection) set, you can't access iCloud data AT ALL via the web (not even your own) so even if you knew their password and could bypass their 2FA you couldn't get squat.

  7. Anonymous Coward
    Anonymous Coward

    I'm just glad we are nothing like China with secretive demands on companies that the company can tell no one about.

  8. Doctor Syntax Silver badge

    "a behind-closed-doors High Court hearing"

    You know what they keep saying: "If you've nothing to hide, you've nothing to fear."

  9. Adair Silver badge

    The UK Govt has a long and ignoble history in this area of 'secrecy', going right back to the 'Star Chamber' and earlier. It is really a paternalistic feudal hang-over; the idea that 'our betters' should be able to 'do what is good for us' without having to explain or justify themselves because: 'national security'.

    Occasionally, in specific cases, 'secrecy for the sake of 'national security' really is a thing. But, in this case I would suggest it's utter bollocks (in the technical sense of 'bollocks'). This is people trying to hide their blushes because they know they are pursuing a bit of rank stupidity and haven't got the will, guts, or job security to admit that 'the emperor has no clothes on'.

    1. Anonymous Coward
      Anonymous Coward

      See also - lets destroy the social security system further by going after the disabled, a group where even the DWP admits that fraud is effectively non existent (and what alleged fraud remains is generally due to DWP incompetence and malfeasance) and trying to take away the support that keeps many in work or at least warm and as well as they can be given their health conditions to coerce them towards a hostile workplace that won't hire them in the first place, that the originally floated number of £3Billion that the Office of Budget Responsibility said WILL make large numbers suffer extreme poverty, suffering, worse ill health and possible death and will result in a tiny number actually entering the workplace. So instead Sturmer and Thieves have decided to double the cuts to £6 Billion and try to claim its a "moral necessity"

      The alternative - a minimal wealth tax on unearned income (we are talking rounding error for many) which would raise upwards of £25 Billion - that wont even be entertained, could it be that benefactors like Waheed Ali have made it clear how unacceptable this idea is to them? (Given that apparently the ban on foreign political donations was dropped like a hot potato after Waheed Ali had a word with Sturmer who then ordered the policy immediately dropped - something stinks to high hell of autocratic corruption here....

      1. Mike007 Silver badge

        You haven't been paying attention well enough. They never talk about fraud, or cutting fraud, or reducing fraud, or anything along those lines. Pay attention to the next press release, they are trying to deal with "fraud and errors".

        Then ask why they refuse to separate out fraud statistics from government incompetence when they are trying to convince everyone that the public are the problem.

        1. Blazde Silver badge

          Silly, benefit error is never the government's fault. It's the legal duty of every recipient to flawlessly navigate the convoluted rules and meticulously scrutinise all the impenetrable paperwork within the proscribed 30 day limit to make certain they're not receiving any erroneous benefit and squarely the claimant’s fault if they do.

          The government's duty is to keep claimants honest by frequently sending spurious and conflicting paperwork, losing forms, closing Jobcentres, keeping court backlogs as long as possible to dissuade clever shenanigans by those who 'know their rights', and occasionally finding a grey area in the law that allows them to distribute thousands of pounds to many recipients and then unilaterally decide to claw it back 10 years later.

      2. Excused Boots Silver badge

        Although I can’t really disagree with the bulk of what you posted, tell me, what exactly is ‘unearned income’. Proceeds of crime, a lucky bet on a horse race, a fiver I happened to find while out walking?

        1. Blazde Silver badge

          'Unearned income' is any income that's not 'earned income'. It's a pretty well hashed out tax/legal term. A fiver you found while out walking might be 'theft by finding' proceeds, but otherwise it's tax free I believe (whoever lost it would still be required to pay any tax on it though.. that's come up in the US where people lose vast hoards of cryto-currency).

          A wealth tax on unearned income isn't a wealth tax though.. it's an income tax that already exists (though of course could be increased).

        2. heyrick Silver badge

          I'm not a money or legal person, but my guess is that unearned income is money that you effectively get for free.

          I have some money in the bank. That little cushion gained a couple of hundred extra at the end of the year. That's interest, and what I would call unearned income.

          Now imagine if you had tens or hundreds of millions, what sort of interest would be paid on that. Potentially more than people earn in good level jobs.

          1. dvd

            But that couple of hundred is classed as income and is taxed already (unless it's in some sort of tax efficient plan like an ISA).

      3. Long John Silver Bronze badge
        Pirate

        Shame on you

        You dare suggest that our communal resources should not be whittled to the bone in order to sustain the brave Mr Zelensky and his noble compatriots in their efforts to prevent Russia from reaching its high tide mark in Southern England.

    2. martinusher Silver badge

      Its a matter of knowing your place in the world. The UK still has a hangover from when it was at the center of a huge empire. Those days are long gone -- the UK's a smallish island but the memory of greatness lingers. Now the UK government's trying to control a technology that they have absolutely no control over because that's the way they've always done things. They might threaten fines and other sanctions but they just don't have the power to force Apple to provide what they want (and what is technically impossible). If the country had a robust industry that was a potential competitor -- or even some key industry that could be a bargaining chip -- then it might have some leverage (and it would certainly have a better understanding of what it was doing). But it doesn't so its limited to creating meaningless regulations on (imported) computers and sending that information to (imported) printers along an (imported) network infrastructure.

      (They're not alone in using specious National Security arguments to justify dumb decisions, though.)

    3. Bebu sa Ware
      Coat

      'The emperor has no clothes on'

      Then his utter bollocks ought to be on open display.

      Unsurprisingly Empresses are rather attached to their attire. Couldn't imagine QV1 going for a stroll in Regent's Park in her birthday garments. In her later years I am not sure I would wish to. ;)

  10. Tubz Silver badge

    Funny that the USA a country notorious for secret courts and dodgy silencing laws, should be displeased with another countries attempts to do the same, because it's an American company! You think they would be supportive, as they can ask MI6 to tap an US citizens phone, tell nobody and no laws broken?

    1. MrTuK

      Two wrongs don't make a right !

      Tho wrongs don't make a right and even though if Apple were the only Smart (Definitely not) phone producer on the planet I would still never purchase one or accept one for personal use buit in this oone instance I personally back Apple and the UK Gov (The future CCP of the UK) should take a long all off a short pier ASAP !

      What gets me is that Two Tier Starmer has said he wants the UK to be the AI Capital of the World - OMG please please help us, why not just invite all of the CCP into the UK so we can do their bidding !

    2. Scotech
      Thumb Up

      Precisely. People in glass houses shouldn't throw stones. Perhaps these politicians should concentrate on getting their own country's grubby encryption backdoors and secret subpoenas under control, then they can start preaching to others about privacy rights and open justice. I in no way support this law or the my government's actions here, but I also don't think that we should be taking lectures from the US on these matters!

      1. Missing Semicolon Silver badge

        Curious complicity

        You've got to ask why every MP of all colours seem to be silent on the issue. Has a private word been had with them *all*? "Well, you could disagree, but are you confident that there's not a career- or life-changing thing in your history we can find?"

        1. collinsl Silver badge

          Re: Curious complicity

          It's because they do mostly agree on it - the Tories wrote the law when they were in Government, and now Labour are going to push it through. Most MPs who disagree don't want to say anything because they'll immediately be hit with a barrage of criticism from the tabloids and the masses of "but the kiddies!" and "what about child abuse images?" and "so you're against us locking up perverts then?"

          And since it's going through anyway, and dissenting will only bring negative consequences, they don't dissent.

          1. amanfromMars 1 Silver badge

            Re: Curious complicity

            And since it's going through anyway, and dissenting will only bring negative consequences, they don't dissent. ..... collinsl

            So what you are saying is ..... Parliament houses, entertains and supports a nest of cuckolds and cowards, collinsl? I suppose there will be a few who would beg to differ and be disagreeable about it and even think it is worth their while to make some noise. Most of them certainly appear to like doing that a lot for the cameras and media outlets.

            Whenever such as the aforementioned is the case, goodness knows what makes them think they are the right stuff to be leading anything with the sharing of their thoughts for others to blindly accept without the answering of awkward pertinent questions.

            :-) Unfortunately ,whenever you realise who votes them into office, how can one complain whenever such is so richly deserved?

    3. Julz

      No

      That's the job of GCHQ.

  11. Anonymous Coward
    Anonymous Coward

    Theatre.............

    (1) It is likely that some (all?) E2EE deployed by big internet service providers is already broken!! (Apple, Meta, Signal, Telegram........)

    (2) NIST is famous for recommending WEAK encryption protocols.

    (3) So.......this is all just theatre and misdirection of the public.

    (4) You know......"We are doing something"......endlessly emitted from London SW1.

    What to do? Well..................

    .......get together with your friends and write your own (private) encryption scheme.

    Hints:

    (5) Steve Schneier has published plenty of help for designs where there are absolutely no published or persistent keys (see "Diffie/Hellman)

    (6) Daniel Bernstein has published lots of designs and code (Curve25519, samba20, chacha20.....)

    Pluses:

    (7) There are three or four targets for snoops to break (Apple, Meta, Signal, Telegram....) If a hundred groups write their own encryption, the snoops get 104 targets to break!!!!

    1. Anonymous Coward
      Anonymous Coward

      Re: Theatre.............

      Steve Schneier

      I'm not sure that substituting Steve for Bruce is the kind of encryption that will keep the snoops at bay for long. Encryption is hard and, when people rush to do it themselves, they often end up unintentionally with exactly this kind of solution.

      1. Long John Silver Bronze badge
        Pirate

        Re: Theatre.............

        The security wallahs are so obsessed by complicated algorithms that a simple letter-substitution code could pass-by unbroken.

        That is a joke, I think.

  12. BadRobotics

    Can someone explain this...

    If I am a non-UK citizen, not living in the UK and have the encryption set on my iCloud data, then go to the UK for holiday or a longer stay...could Apple then disable the encryption to comply with UK law?

    1. Excused Boots Silver badge

      Re: Can someone explain this...

      As I understand it, no they can’t. Just as I, a UK citizen, living in the UK and has had ADP turned on since the day it launched (no not because I have something really bad to hide, but more, no it’s my data, you don’t get to see it at will), and it still appeared to be working. Because of the way it works, Apple literally can’t turn it off and decrypt your existing backups. At best they could disable iCloud backups for users in the UK - but they seem to have little enthusiasm to do this.

      I think, regardless of any action, they will simply drag their feet.

    2. gnasher729 Silver badge

      Re: Can someone explain this...

      No, your data was always encrypted and is always encrypted.

      Before all this palaver started, you had iCloud encryption but not end-to-end encryption. There were two copies of the encryption keys: One on your iPhone or iPad or Mac, and one with Apple. On the positive side, if you are a numpty who loses his encryption keys, Apple could get your data back for you. On the negative side, Apple could steal your data (which they wouldn't because they don't care about your data, and it would be such bad publicity if they got caught). A rogue Apple employee could steal your data (which they wouldn't because they would be fired and totally unemployable). Hackers could steal your data (but Apple is probably ten times better at keeping your data safe than you are). And the government could come with a search warrant and ask for your data, and then they would get your data.

      Then Apple introduced end-to-end encryption. Same encryption, except Apple doesn't have a copy of your key. Disadvantage is that if you are stupid and lose your key, the data is gone forever. The positive is that Apple, rogue Apple employees, hackers and the government cannot possibly get your data from iCloud. Because of the disadvantage, you need to turn this feature on yourself.

      And then this rumoured secret order appeared that Apple needs the ability to give access to your data to the government. And this is only possibe if Apple secretly keeps a second key. That is if Apple tells you your data is end to end encrypted, but lies to you and it's not end to end encrypted at all, but just plain encrypted. So Apple CANNOT legally tell you that your data is end to end encrypted without lying. So Apple decided that they will NOT lie to you and tell you your data is E2EE when it isn't but instead disable E2EE in the UK.

      Now if you are say an Italian with E2EE turned on and travel to the UK: It's not clear at all what Apple will do and must do. Since they don't have the second key, they cannot turn E2EE off. Deleting your encrypted data would be massively damaging to you obviously, and it wouldn't achieve what the UK government wants: They want to READ your data. They can't do that if it is deleted. Apple _might_ disable reading or writing to iCloud while you are in the UK which would be very dubious, but if they do, it would be turned on again with nothing damaged when you leave the UK. Or they could ask you politely to turn E2EE off while in the UK, and if you don't, then remove access to your data temporarily.

      1. Missing Semicolon Silver badge

        Re: Can someone explain this...

        It would not be implemented by key management, but by compromising the client. Either it leaks the key, or it leaks decrypted data.

  13. Barrie Shepherd

    I think that it was Australia who first enacted the TCN concepts into law - some years ago.

    What has Apple done in AUS?

    Given that we have only heard of this TCN by the substifuge of Apple removing a product - is it now reasonable to accept that others (WhatsApp etc.) have already received such notices and have complied?

    It needs some smart guys to unravel the recent SW updates on those platforms to see what has been sneaked in while we aren't looking.

    1. Sam Shore

      Turns out, that law, if everyone simply ignores it, does not make things happen!

      https://www.theguardian.com/australia-news/2024/apr/29/australias-big-encryption-busting-laws-have-done-little-more-than-give-authorities-the-power-to-ask-nicely

    2. DS999 Silver badge

      is it now reasonable to accept that others (WhatsApp etc.) have already received such notices and have complied?

      There's no way to know. That's the problem with secret orders. Major internet companies all need to have per country canary notices on the web somewhere, that they update each month. If the canary for a certain country stops being updated, then you know something is afoot even if they are legally barred from saying anything about it.

      They'd have to stretch the law a lot further to require not only silence but to take specific action to untruthfully update their web site to claim that nothing is happening when there is something happening.

      1. Scotech

        Not really. I've mentioned this before elsewhere, but the way those laws are worded, they deal with the communication of the existence of the TCN, not the specific means of communication. So a deliberate omission can still count if the courts can construe from the circumstances that the intent was to convey the existence of the TCN, which in the case of a canary notice, would be pretty difficult to defend. You have to remember that under common law, the letter of the law isn't the be all and end all of things, judges have significant latitude to interpret the actual intent of the law, and apply it as such, so acts of malicious compliance such as canary notices carry a lot more risk than it might initially seem.

        1. Fido

          If I understand what end-to-end encryption is, there is no way to add a backdoor without an observable change to the software running on the user's device. As criminals and spy agencies constantly reverse engineer software updates to look for security related patches, actually adding a backdoor to UK phones would be a much more noticeable canary compared to making no changes in the code that implements the encryption.

          From this point of view the least malicious form of compliance could be disabling the feature rather than spelling out in code exactly what was asked for.

      2. Woodnag

        I suspect canaries are only at best only reliable in countries like USA where the freedom of speech law means that the gov cannot compel speech or silence.

        1. Blazde Silver badge

          Surely in the US you'd be charged under the Espionage Act for communicating the existence of backdoors. We know there have been some, and suspect many more, and yet no US company as far as I know has ever revealed being even approached by US intelligence agencies to provide access. So whatever coercive mechanism there is works, in spite of free speech.

  14. Long John Silver Bronze badge
    Pirate

    Nations that overreach merit contempt

    The article mentions several sound reasons why some judicial proceedings should be held in camera. This instance is untenable.

    The UK has a long history of invoking excessive secrecy. Some readers may recollect the 'Clive Pontin case'. More recently, in a differing context, the (deliberately?) loosely worded Section 12 of the Terrorism Act has been used as a means to intimidate people who have been ordered not to disclose details of their questioning; that under the pain of various penalties; moreover, the Sword of Damocles remains over their heads, sometimes for months pending a decision on charges; meanwhile their 'good behaviour' regarding restrictions is guaranteed.

    The Apple TCN clearly is overreach. The matter under discussion is a policy decision of far-flung consequences. A decision affecting UK citizens, perhaps beyond too. The fact of the proposed 'backdoor' being nonsense, something GCHQ and other agencies are aware of, is irrelevant; it would suit just as well, better even, if service providers not fully under UK jurisdiction are forced to abandon robust encryption lest they lose the entire UK market.

    Apple first and, doubtless, many more to follow. The instigators of this plan revel in the prospect of all privately held communication devices, including PCs, being rendered incapable of running secure encryption protocols. The downside will be passed to industry and commerce. Consequently, the cost of security breaches, as with banks, will fall to customers.

    Bad laws, or those inappropriately applied, must be disobeyed. Individuals and organisations in receipt of TCN orders should immediately reveal the full content. It can be arranged for designated 'whistle-blowers' to spill the beans when outside UK jurisdiction and to remain there until the fuss blows over. It shouldn't take many 'snooks' cocked at authority to drive the point home. Also, should prosecutions arise, 'jury nullification' like that in the Pontin case could occur. However, the prospect of 'nullification' may be much less these days as a result of dumbed-down education, the stultifying effects of long-standing 'austerity', plus the population being cowed by the grossly mishandled Covid-19 epidemic.

    Perhaps if Britain's dual-party (national) socialist government succeeds in meeting all expectations of its WEF masters, there no longer will be jury trials. Just think of the money saved, which can be added to the UK's long-term commitment of funding Ukraine's benevolent and scrupulously honest leaders.

    1. Anonymous Coward
      Anonymous Coward

      Re: Nations that overreach merit contempt

      This issue is a valid concern. It doesn't need your conspiracy theory Nazi bollocks.

    2. Blazde Silver badge

      Re: Nations that overreach merit contempt

      The Apple TCN clearly is overreach

      I think it's better described as a test of the constraints Parliament put on the law. I wouldn't actually be surprised if Apple are the only ones who've been served a TCN specifically as a highest-profile 'go big or go home' application of the powers.

      It's regrettable if it gets decided in private because there isn't any justification for that but even that isn't certain at this point, and before we go all foaming at the mouth like you're doing we should stop and be thankful the courts do decide these things and that Parliament saw fit to make the law diplomatically ambiguous in the first place in order to punt the ultimate decision to the courts. Many societies throughout history - including the UK in less enlightened times - haven't been so lucky wrt this kind of law. That we are even aware it's going on is ground-breaking in a way.

  15. Groo The Wanderer - A Canuck

    So the UK has Nazi's to match Drumpf, eh?

    My blunt opinion on "backdoors for encryption?:" GO FUCK YOURSELF!

  16. Anonymous Coward
    Anonymous Coward

    They Tell Me That "Do-It-Yourself" Encryption Is Fraught With Peril..........

    OK....snoops on any payroll are welcome to post their take on this!

    ====

    Gb0TCNQtiZQZoPs9EPkZU70FWHgTqhejAXKbsH2nuzKVeJitWZMNK5KxEFCfI5ytCX6nmTmd8Bsf

    qXSFoR6vqnUByFWRq9aVKpwDohgdoVUXExAHGpgHwXqj0vafS5Ab2BOVILgzAxYTmRA3aX25GNez

    u7anGv8dqBah8lGzoxCj2fMJk1GTqHYt2xufopolODO7gvQbYjqfm3ergVmPU7Ovc1wjAN6ne5Ct

    iLYT4Fc7mFyh81YD0NWDobA3gTKLmx2hKZ4JwJWXyVwpWb8lGD0f

    ====

    No.....it isn't Diffie/Hellman. No....Curve25519 is not involved!

    Clue: multiple passes though dictionary shifting.....keys "secret", "honey", "badger"......if that helps!

    And of course the value of the plain text message declines SHARPLY with time!

  17. martinusher Silver badge

    Does that TCN come with a deadline?

    Obviously given the secrecy that's supposed to be surrounding this we won't know for sure but....

    To comply with the TCN all Apple has to do is say "Yes, but we'll have to work on it". Their solution is going to be contingent on finding an encryption schema that allows both secure end to end encryption and a guaranteed secure backdoor, one that can only be compromised and not breached that has a secure mechanism of being updated if compromised. Naturally Apple will accept any help from the experts at GCHQ -- if they come up with a scheme that works, great (although by the rules of encryption the mechanism can't rely on secrecy to ensure security).

    Timelines will be vague, of course. Unless GCHQ is already pushing something naff on them, something that's too valuable to publish. Then Apple -- and by extension, the rest of us -- have a bit of a problem.

  18. spold Silver badge

    Becomes rather moot in physical possession of a device

    There are various digital forensics tools out there commonly used by law enforcement that can read out your locked Apple iThingy in an hour or two (e.g. Exterro FTK as a popular example). Lose physical possession of your device and your information is pretty much toast without secondary encryption. Store your darkest secrets on a separate storage device with strong encryption using an open source encryption tool with a good master passphrase (unfortunately that is what any bad person who isn't thick as a brick will probably do anyway).

    1. gnasher729 Silver badge

      Re: Becomes rather moot in physical possession of a device

      On which devices does this work? Apple seems quite good at closing vulnerabilities very quickly.

    2. Andrew Scott Bronze badge

      Re: Becomes rather moot in physical possession of a device

      From an article in the NY post they hadn't broken into Eric Adams Iphone after possessing it for a year. Poor guy changed the password and now can't remember it. :-(

      1. gnasher729 Silver badge

        Re: Becomes rather moot in physical possession of a device

        To be honest, Eric Adams would be a big enough and small enough fish to convince criminals they can’t decrypt iPhones even if they can.

  19. Inkey
    Headmaster

    My undersatanding

    Was that the spooks had all the access they needed to coms...and if a mark wasn't online mi5 would break in and bug the home/office etc... so not sure what this is about.

    E2EE is all wel and good but in the uk you can be compelled to unlock a device or jailed. And then there's all the nso types that sell goverments snooping software/platforms. (Seem to recall some outrage from uk ministers at journolist's phones been hacked, so what is this about really)

    M$ is basicly a data hoover, ibm, amd, broadcom and lets not forget cisco the swiss cheese of switches are all mandated by law or can be subpoened to hand over data.... and sadly there is this ...

    https://youtu.be/7gRsgkdfYJ8?si=W_GFTPusajtT5ZXR

    So can someone please tell me why does the uk hone office want to make coms less secure?

  20. Anonymous Coward
    Anonymous Coward

    Sources for Courses

    If you live in country A, and want the most-accurate reporting about bad things happening in country A, you look at news sources in country B, where country B is a country which has no horses in that particular race.

  21. amanfromMars 1 Silver badge

    You’re Missing the Much Bigger Picture which has .Gov Systems Terrified of Spooky ACTivIT

    It is not encryption utilised for information and secrets to remain generally unknown which is both a fascist wet dream and nightmare but also sensitive and extremely inconvenient and honestly truthful intelligence freely shared everywhere, both from and for internetworking forces and special operational sources effectively anonymous and virtually autonomous, and over which there is no possible extraneous third party remote command and control.

    Rapidly evolving universal and cyber developments with AI and LLLLMachines [Advancing IntelAIgents and Learned Large Language Learning Machines] provide at least all of that novel facility/utility ...... and to any and all daring to share and bare all to peer gaze and forensic scrutiny ........ ie happy to enjoy the consequences and opportunities in Brave New Clear More Orderly World Orders .... Trialing and Trailing Pioneering NEUKlearer HyperRadioProACTivated IT Projects and Programs ..... for Alien Virtual Realities ‽

    And the hiding of such news and its dogged non-appearance in popular mainstreaming multi media channels as it progresses and spreads ever deeper and further and wider in the shade of the shadows cast be that and/or those in desperate opposition and clueless competition, be proof positive of the proposition and situation for publishing.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like