The "only used in exceptional cases" argument is the same tired line every government uses before mass surveillance becomes the norm. Once a backdoor exists, it's not just "good guys" using it; it's an open invitation for abuse.
Indeed. During the pandemic, restaurants in Germany were required to track customer's information including addresses, so people could be informed in case of a confirmed CoViD infection of another customer who was there at the same time. Of course, this information was never to be used for any other purpose whatsoever.
In one case, however, there was a capital crime near a restaurant (or similar venue) and police and prosecutor used this information illegally to track down witnesses. They were sued after the fact and lost, but got nothing more than a slap on the wrist.
Once information is available, it will be used for purposes other than the intended one, even by the "good guys".
Oh is it being done by the same genius that built electric cars with no way to get out of the back when the power is out so if there's a fire and you're in the back you'll burn to death?
I used the following query in your favorite ai powered search engine, "what knowledge would I need to able to make an intelligent post similar to <insert above comment>, please give me some high quality reading sources"
Damn, you used an LLM to tell you that to learn more about "hierarchy of hazard controls" you should google "hierarchy if hazard controls" :) Truly a revolutionary technology!
You don't know what you don't know! Did I open myself to a sweet hindsight bias attack, luckily my saving throw worked. I used a search engine in a high dimensional space, not a fax machine.
I remember reading a similar story in Ireland on Reddit, where a guy started receiving newsletters and advertising texts that he only ate at once during the pandemic. Turns out the restaurant were using the contact details for Covid tracking for advertising purposes… diabolical stuff.
>I went through an E-ZPass controlled interstate once as a passenger
>Yet, I received "Pending E-ZPass payment" scam for a year.
I think you're overestimating how precise scammers' targeting are. They're playing a numbers game, so they're going to spam every who might have used ezpass, not carefully curate their spam list by buying real time location data from data brokers. I received phishing texts for banks that I don't have accounts for, so next time I get a phishing text for a bank that I do use, I'm not going to think my bank got breached.
I travel a lot due to work. Generally the destinations are the same, but a new country is added now and then. When I go there and come back, I also start to get spam in that country's language.
I currently have English, Spanish, Dutch and Italian spam regularly in my mailboxes. They all started after I visited respected countries, and continue since I still visit them semi-regularly.
That E-ZPass spam started right after I returned from US, continued for a year, ceased and didn't return.
Spammers have better targeting tools than we know.
>I currently have English, Spanish, Dutch and Italian spam regularly in my mailboxes. They all started after I visited respected countries, and continue since I still visit them semi-regularly.
It's far more likely your email addresses are getting leaked by airlines/hotels (or basically anyone you gave your email to during your travel) than random apps selling your location to data brokers, data brokers being competent enough link those locations back to your email, but somehow too incompetent to know that being in France for a month doesn't mean you're interested in buying French car insurance. The latter isn't impossible, but occam's razor says we should favor the more straightforward explanation.
Exactly. No matter how well-intentioned a system is at the start, once the data exists, it will be accessed for purposes beyond what was originally promised
>restaurants in Germany were required to track customer's information including addresses
Ironic they went along with this considering how chest-pumping Germans are about their government being all about protecting their citizens' "privacy".
>They were sued after the fact and lost, but got nothing more than a slap on the wrist.
Government workers don't care about doing a good job since if they break the rules they won't get fired and the fines are not paid from their pockets but from the taxpayers pockets anyway so there's no incentive to be competent at your job.
The German government, and maybe to a lesser extent the EU more generally, feels that the privacy of citizens from corporations (especially foreign ones, especially American tech ones) is important to preserve and protect. Privacy from the government is a different matter. The government, due to its being duly elected by the people, has an implicit right to pry into people's affairs if such prying can be justified as serving the public interest.
It's quite a different attitude than the USA. The USA is almost unique in being individualist to what some might consider an extremist degree, to the point where if the government intends to violate someone's fundamental rights, they may do so only under very limited circumstances and must document everything and prove that those circumstances had been met. In most of the democratic world, individual rights are just one factor that needs to be balanced against public safety, public order, etc. and the government has much wider latitude to violate even constitutionally protected rights on its own say-so.
This is how you get German prosecutors on 60 Minutes, grinning and laughing as they describe the shock people undergo as they are arrested and their computers confiscated and searched over literal mean tweets. For the Germans, it's normal -- necesssary, even, to have a functional society. To Americans it's abhorrent.
I'm not really all that surprised. Public opinion is easily swayed with good marketing.
The government mandated contact tracing, but not how it was to be implemented. There was a publicly developed open-source app for contact tracing that was perfectly privacy preserving.
Unfortunately, many restaurants instead used a commercial solution that was none of these things. What it did have was support from a mildly famous German musician and great lobbying. Most people didn't care, they just wanted to go to the restaurant.
Well. That's actually a good example. Because contact tracing can (and was) implemented in a completely anonymous way, at a technical level, storing no personally identifiable information.
You can do this, just like you can do e.g. video surveillance, in a secure and privacy-respecting way. There is just no political will.
It probably was. It was also illegal. As much as you, I, or even public opinion may agree that something is right, we can't have public servants knowingly violate the law when it is convenient. To accept that would be to forfeit many of your liberties.
In my state the law said that this checking information could only be used for contact tracing. So when the law says this and the cops drive over it in in a bulldozer, it's a bit shit.
That said, in my state the cops recruited and flipped a criminal lawyer who then back doored her high profile clients and gave confidential and privileged information to them them in order to build cases.
I'd agree that is a good case. But I'd still object to this tracking. It's a slippery slope. Who determines what is worthy?
We might like one government administration and highly expect them to respect the privacy. But what about the next administration? We've just seen Trump say he will withhold funding for universities with "illegal protests". I'd fully expect his administration to abuse this tracking, in the name of law and order.
When these apps were rolled out, they were specifically advertised as private and only used for contact tracking and nothing more on the basis that we as a society want to maximize their use for tracking to be effective. Reneging on this promise will backfire in any future pandemic.
Queensland Police gained access to the Check In Qld app in June through a search warrant after the theft of a police-issued firearm, which led to an officer being stood down.
Western Australian Police has used its data twice without a warrant, which led to the state then banning police from accessing the data, while Victoria Police has tried but been rebuffed on at least three occasions.
The police gained no advantage, no prosecutions were carried through, and in WA Quigley (then WA Attorney-General ) rebuffed the police and strengthened the fines for breaching. He is not (now) a fan of the police, despite having once been the police unions bulldog lawyer of choice .. he's seen too many breaches too close to ignore.
In 2007, his life membership of the Western Australian Police Union was withdrawn after his parliamentary attack on police involved with the Andrew Mallard case, where he named a former undercover policeman who had a role in Mallard's unjust conviction.
He planned to melt down his life membership badge, have it made into a tiepin with the words Veritas Vincit— "Truth Conquers", the motto of the school he attended—and present it to Mallard.
I once naively believed that us "good guys" have little to fear or to lose by yielding a little privacy for the greater good. Then I grew up and realized that governments routinely fail to wield such power responsibly.
It also always lead to the same downward spiral of prosecutors complaining that the data they need to investigate drug trade is right there, but they can only access it for terrorism reasons, so why not add drug trade to the list of exceptions. Repeat with homicide, then fraud, all the way down to traffic infractions.
And I refuse to believe that the politicians behind that travesty don't know that.
Also, if you already go to prison for not handing over your decryption keys when asked, the one purpose left for a backdoor can only be criminal abuse.
"To continue to demonstrate why tools like this are essential to our mission, we need to use them ... I urge everyone to continue to look for ways to appropriately use US person queries to advance the mission"
- 2024 internal email by FBI Deputy Director Paul Abbate
I am very glad they are doing this as a UK based ADP user. Waiting to see how long before they forcibly turn it off for existing users. I will of course just remove everything from iCloud at that point.
The penalty for not giving up keys is max 2 years in prison. Most offences that they're trying to use the encrypted data to use as prosecution evidence (for example, child pornography), have penalties that are way more than 2 years in prison.
If you're genuinely innocent, the 2 years is horrid. If you're actually guilty, it's a cheap way to serve your time.
It's a weird and perverse law that shouldn't exist, but it's likely in time the government will need to move the needle one way or the other, as habitual criminals are getting used to doing the maths.
Is there a academic study of the heuristic of choosing between option A versus option B?
People (even criminals) are not perfectly economic thinkers. That's probably a good thing. I have this terrible thought of a quant rapist: juggling their risk that the victim stays quiet or otherwise acts (police or revenge). Deciding on the Kelly Criterion for losing 20 years in prison.
I'd watch a movie about a killer using statistics properly. It is annoying when muderers are cast as being idiots. I imagine the protagonist runs a hedge fund and gets bored of getting away with white collar crime.
In this modern age, I'm rather interested in the inverse: lawmakers doing proper scientific research, and legislating based on that; attempting to discover the sociological or economical truths rather than chasing slogans and acting on beliefs and agendas.
They do that in many countries. Basically they check the likelihood of being a repeat offender and try to minimize that. Tax crimes become harsher than violent crimes because of it, for example… it is not popular amongst the population though.
>Is there a academic study of the heuristic of choosing between option A versus option B?
I don't know of a paper on that specific question, but for example, Gary Becker got his Nobel prize because he applied economics to a wide range of human behavior including crime and punishment. Here is a famous paper of his on crime:
A behaviorist perspective on justice, punishment, and rehabilitation does not require morality.
1. Pragmatism - Justice can be effectively framed around practical outcomes and societal safety, it requires no moral framework.
2. Remorse and Emotional Response - Feelings of remorse can be understood as conditioned responses shaped by environmental influences rather than as reflections of moral responsibility; remorse does not necessitate moral weight as they can arise from societal conditioning and past experiences.
3. CBT - Cognitive Behavioral Approaches demonstrate that behavioral and emotional changes can occur without delving into moral implications, and requires no moral reflection.
4. Behavioral Accountability - Individuals can be held accountable for their actions based solely on their observable behavior and its consequences, without the need for moral judgments. The focus is on modifying harmful behaviors through interventions and reinforcements rather than assigning moral blame.
So, this framework provides a rational and effective approach to understanding and managing human behavior, focusing on the pragmatic aspects of justice, rehabilitation, and accountability, it does not require an already shaky and subjective moral judgment or moral accountability, and as thus, need not be morally justified.
If you want me to elaborate (with examples, too), I am willing to as my time allows.
I know a woman who was raped by her father. The state is going to release him in a few years, so now her family lives in terror of that day. Where is the justice in that, and what does the rapist bastard being or or not being a ""rational economic actor"" have to do with any of it?
Indeed, a big part of a society's system of justice is "letting most people sleep at night."
Whether there's justice or not in a rapist serving their sentence and going free (given that, one assumes, the sentencing guidelines were decided by dispassionate thinkers trying to reason about society as a whole)... It goes out the window if a family lives in so much fear they decide to "fix" the issue by taking the law into their own hands.
Then the society has to decide whether to jail the family, and so on.
Hammurabi's code seems harsh by modern standards, but at the time it was positively progressive. It was attempting to replace a retaliatory tradition so bloody it could wipe out entire bloodlines. He was trying to impose an upper limit on consequence to allow a society of semi-strangers to reach some meta-stability.
> I'd watch a movie about a killer using statistics properly.
At the start of the movie Heat, one of the hot head robbers kills one of the guards. De Niro, the leader of the robbers, immediately kills the other guard and says something along the lines of 'it's capital murder either way so may as well not leave any witnesses'. Ultimately, it's Di Nero being non-rational and driven by emotion that leads to the final scene in the movie.
> People (even criminals) are not perfectly economic thinkers.
This imperfection feeds into the argument for not punishing rape as harshly as murder: the rapist is likely to misjudge the chances of the murder being discovered and traced back to them, when doing the risk math to decide how to proceed. If their imperfect thinking leads them to overestimate their chance of pulling off the perfect murder (or the perfect coverup after one) then that pushes the chance of equal punishment leading to more murders higher.
"Doing risk math" oversells it for crimes of opportunity, where decisions about how to keep the action quiet after it has happened is going to be very emotion/panic (rather than facts/stats) driven, but for premeditated attacks I suspect things will flip the other way.
> People (even criminals) are not perfectly economic thinkers. That's probably a good thing.
why is that a good thing?
Perfect economic thinkers are good, because they'd be predictable and can be reasoned with. Providing economic incentives to such means you can direct behaviour in an easy and efficient way.
Irrational thinkers cannot be reasoned with via economic rationality. Therefore, either you have to stack the incentives so high that the cost becomes overbearing, or you use some other means of control that's less nice.
Being perfect economic thinkers doesn't mean they are all powerful. How does one go kill one guy without consequence? The only person this perfect economic thinker has access to is himself, and surely, he values his own life at infinity.
Ethics is an agreement between people in society, which cannot be captured via economic rationalism alone, but economic rationalism can take into account current ethics, as well as other actors' propensity for more or less ethics.
Like Germany and the UK?
However, it's no problem at all for them to supply Israel with support in their murder of 18,000+ children. Remote killing good, local killing bad?
agreed, which was also my point, but you seemed to think I was making the mistake, common on this site, that American rules pertain all over the world, which was not even what the discussion was about!
on edit: got confused as to who was whom in the nesting.
on second edit: I also don't know if there is anywhere that has execution for rape, it was a hypothetical as I read it.
Would be rapists and murderers simultaneously aren't deterred from committing their crime in the first place by the threat of execution, but also will escalate their crime in response to the threat of execution. Very curious.
Liberal Europeans and Americans like to say that no civilized country executes criminals, but in fact several developed democratic countries in Asia do, and to say they aren't civilized seems absurd. Executing criminals seems to work well for them. Very curious.
> no civilized country executes criminals, but in fact several developed democratic countries in Asia do, and to say they aren't civilized seems absurd.
If you're saying the first bit, you're saying that it's a disqualifier from the second.
And I'm saying that anybody who claims Japan, South Korea or even Singapore isn't civilized is being absurd. Their own country is almost certainly more dangerous than those, there are very few countries with lower intentional homicide rates than those three.
It is, perhaps, worth observing that one of the stories told about how English law pulled back from death-penalty-for-thievery was that if a thief had their life on the line already, they may as well murder too.
It's an interesting story, but the historical record of how English law changed is, I think, a bit more interesting. Kids in London would steal. They'd go on trial. A jury of Londoners would see what looked like a twelve-year-old in the docket and just flat-out refuse to find them guilty because they couldn't sleep with themselves thinking they'd sent some kid to the gallows. This pattern became such an issue that merchants petitioned the King to pull back the penalties because as the system was implemented, it was going to stop protecting their property from thievery.
When you are released from prison, they can simple ask you to decrypt the data again, and if you refuse or can't, you have broken a law with another 2 years in prison (5 if they think you could have anything to do with 'terrorism').. Its theoretically an infinite prison sentence for forgetting your passwords.
This is correct - but I’d rather my law enforcement had a pre-existing reason to investigate me rather than just stumbling upon something in random hidden searches. Innocent until proven guilty is key here.
I have nothing to hide, but I’m still not giving you access to my photo library.
Those warrants are secret. We don't even know if they're following the rules they lay out.
In the US, the secret FISA court hasn't turned down a single warrant. Either the government is only coming to them with completely justified cases or they're just a rubber stamp. Either way, there's no oversight so we have no way of knowing.
You seem to think that the indexing and searching happens only if there is a reason. Why do you think that? There are all kinds of cases where government agents were found to have abused access to data for reasons that had nothing to do with illegal or immoral behavior by a target.
RIPA notices do indeed assume you’re in possession of the keys of anything encrypted and you must disclose when asked nicely.
You just need an airtight provable way of showing you have a way to destroy that key when you push a button and do that before the notice arrive. I suspect that’s after they seize your stuff.
I was stopped and questioned twice within a span of about ten minutes while walking around near Parliament in the middle of the night because someone _supposedly_ called in some sort of a threat. I was severely jetlagged and had never been to London before, so I figured it wouldn't be any different than walking around NYC but that may have been naive on my part.
You can walk around 99.9% of central London at any time of night and nobody is going to raise any eyebrows no matter how jet-lagged you look. But there's always a chance you're going to attract some attention outside Parliament, or certain embassies, especially if there's an "elevated threat level" or whatever.
First time I was arrested for being next to a fight until I was cleared of any involvement. This required some explaining and the policeman was an idiot.
Second time some busybody reported to the police that I was carrying a knife. This was a Santoku knife that I'd literally bought and was still in the plastic packaging but you could see it through the plastic bag I was carrying it in. We had a bit of a laugh about it and they apologised for wasting my time. They did however arrest me so that they could do a formal search and had right to as they had reasonable suspicion I was carrying it as a weapon. I'm not bothered they were very reasonable and so was I.
In the US both of those would have been handled with an Investigatory detention - same as being pulled over for a traffic stop. Not even remotely an arrest.
> They did however arrest me so that they could do a formal search and had right to as they had reasonable suspicion I was carrying it as a weapon.
What "reasonable suspicion"? They could see the "weapon" that had been reported and at that point it should have been "have a nice day" and then them trundling themselves over to whoever called it in and charged them with making a false report.
I swear, UK police seem generally nicer than US cops but infinitely dumber and the shit you brittons put up with in terms of having your rights violated is astounding.
> In the US both of those would have been handled with an Investigatory detention - same as being pulled over for a traffic stop. Not even remotely an arrest.
I'm not from the UK, but it seems likely that this is just a question of semantics. Many US traffic stops are far more stressful—and handled in a way that is far less conciliatory—than the "arrest" that OP describes. It doesn't sound like they were taken to a police station or even necessarily handcuffed, more just formally detained.
As for US detentions: It doesn't especially matter if they're not technically "arrests" in US parlance, you're still being stopped by the police and you still can't go anywhere until they let you because there's a too-high probability that they'll find an excuse to make your life miserable if you don't cooperate.
"Reasonable suspicion" is the UK equivalent of what Americans call "probable cause" i.e. jargon for when the police are allowed to search you.
The police have to conduct stops in a certain manner, because of the law that gives them the power to stop people: They are legally required to tell the person they're being detained for the purposes of a search, the purpose of the search, the grounds for the search, and the legal power used.
Getting a load of jargon thrown at you about "detained" and "offensive weapon" and "Police and Criminal Evidence Act" sound a bit officious, but once they've stopped you they've got to give you the officious jargon, it's required by law.
Also, while it's rare that the police will have occasion to stop and search a middle class, middle age white guy like myself, when the situation does come up, it's reasonable for them to do it thoroughly and by the book. They should treat a report of me carrying a knife the same as they'd treat a report of a black teenager in a bad neighbourhood carrying a knife.
Because of the increase in knife crimes in the last couple of years the UK police have become incredible aggressive towards anybody in possesion of even small purpose knifes in public. I'm honestly surprised OP got away with it.
Buying a knife and carrying it home is 100% legal, so there's nothing to "get away with" here.
Carrying a Santoku knife in public is only illegal if it's being carried without a "good reason" and carrying a newly purchased knife home is certainly a good reason.
The police have the power to stop and search people when they have "reasonable grounds" to suspect they're carrying a weapon; if the knife is clearly visible that's certainly reasonable grounds. So the search was not illegal.
A stop-and-search means being "detained" in the sense that you are not free to leave until the search is completed, but it's not an "arrest" that would appear on your arrest record. Perhaps there was a miscommunication about the distinction between being 'detained' and being 'arrested' ?
> If they don't like your face they can just decide the good reason is not good enough
The article you linked does not support the claim that the UK police not liking someone's face is sufficient for them to be allowed to stop and search someone.
> A person’s physical appearance [...] cannot be used as the reason for stopping and searching them [...] unless there is information or intelligence giving a specific description of a person suspected of carrying an item for which there is a power to search.
If you are stopped at the border then you don't have such a right. British border force can just demand you give them keys to all your devices and hold them for 7 days, no court order needed.
The part that stood out to me, copying from the automatic transcript:
> they're sitting there with these like blank A4 Bits of Paper writing down everything I'm telling them like you know bits of interest and it's exactly the same thing the Russians did when they interrogated me [...] to be honest interactions with the Russians have been pretty much the same as inter with the British government
I didn't do my research before going to the UK for the first time two months ago and just went with my gut feeling, that is, deleting files from my phone that I don't want to end up in a government system through Cellebrite's "accelerated justice" or whatnot. Never done this for any other country before (I cross borders on a weekly basis). Seeing this video and the Ugandan article from the sibling comment, that was definitely the right move
I get bagged and tagged at least once a week when I go shopping in the UK in the last 50 years. You don’t want to come here at all. I’d rather hang around in Russia these days.
Facetious comment aside the only time I’ve had problems with border security anywhere is getting a large carpet back home from Azerbaijan. This was very interesting and required them to examine every square centimetre of it. China, US, UK, Europe all really boring. Russia was incompetent. They didn’t even check anything at all (2012)
I don’t know of any country where border guards don’t have the authority to seize your device if you’re trying to cross.
I just use devices with ephemeral storage for crossing borders to save myself from having to do any research on any particular country’s device privacy practices.
Then I'm not sure what we're criticizing China for, if no country has such fundamental rights for the people under its control. The warrant system exists for a reason. I'm not more likely to be carrying something illegal when going between countries than within the jurisdiction where my registered place of residence is; less if anything because there might be spot checking indeed
You don't have the right to say no or even stay silent. If you refuse to give up your passwords they will charge you with the whatever the legislation around it is, it's 2 years behind bars for refusing.
Probably not, just a waste of money and time, but hopefully someone can provide a reasonable recourse.
What if you say you forgot? I actually had times (after not having used my phone for a month or two) that I (& my muscles) forgot my PIN (not for the SIM card) and I had to do a factory reset.
Well it's not automatic 2 year prison sentence. The state charges you with a crime, it goes to trial, and then you have to defend yourself - if your argument is that you forgot, then it would be an interesting case - ultimately the prosecutor would need to prove that it's unlikely you forgot, say if they had proof (say CCTV recording at the airport) showing you using your phone 5 minutes before it was confiscated - it would be pretty hard to argue that in the space of those 5 minutes you forgot the password. But if you had a device in your suitcase and could successfully argue that you haven't used it in ages and the password was long and complex then yeah, I guess you'd be found not guilty - up to the judge/magister/jury depending on where exactly in the justice system you end up. But yeah, while stopped at the border saying "I forgot" is not a good card to play.
It probably won't end well but I'm curious what would happen if you give them a password that resets the device. Theoretically it unlocks it, it's just that it takes a minute and it's factory new at that point.
They'd charge you with destroying evidence, or "perverting the course of justice". They aren't stupid, they would know that you gave them a password that wiped the device.
An Immigration Officer may search you until they are satisfied you are a citizen. As long as you have a passport (or emergency travel document) listing you a citizen, this should be straightforward and they're unlikely to have grounds for any further search. At that point, you have been let into the country.
Customs Officers are much more likely to have grounds for a search — if they believe you are bringing prohibited material on the electronic device into the country (and "reasonable grounds" is low, as it typically is for customs — "you're acting kinda sus" is a reasonable ground), they can search your device. It is an offence to refuse a search, so while you've been admitted to the UK, you could be arrested for that offence.
This is all broadly comparable to most other countries immigration and customs laws; the UK is not an outlier here.
The problems with the UK are primarily things that apply to everyone, not just at the border — for example the Terrorism Act 2000 and Regulation of Investigatory Powers Act 2000. But again, in the border case — that's basically all going to be _after_ you are admitted to the UK.
> I will of course just remove everything from iCloud at that point.
The iPhone's backup utility doesn't seem to support anything other than iCloud, so you'd probably have to individually set up some kind of automated scheduling that (no idea how) for your main apps.
Not sure if you'd be able to backup system stuff though. :(
I’m not claiming you’re wrong, but I think the backup includes the list of apps and versions and excludes data that can be easily downloaded from AppStore.
It's not automated but you can certainly still use iTunes to create a local encrypted backup of the entire phone, apps, and data. Works over USB and Wirelessly on the same network. People who decide not to use iCloud can certainly still keep their data safe.
I wonder how the metadata comes into play here. Metadata is fair game even with ADP. Apple retains it and could probably be compelled to pass that along
How do we know there are not back-doors already in Apple's cloud storage (that the 5-eyes cult has access to)? This fight may just be theater the goal of which is to legitimize the view that Apple's cloud storage is secure and free from government snooping.
Trust, then verify. No ability to verify? No trust.
This fight is about providing encryption to the masses. If you want to use your own open source security solution, you should definitely do that (really!). But you will be one of a small number of people doing so. And a society where only a small number of "wizards" have freedom isn't a free society at all.
I am very sympathetic to the idea that more components should be open source, and Apple's systems should be much more open (particularly backup.) But at the end of the day if Apple is compromised there is no open source solution that can save you. They design the silicon.
> This fight is about providing encryption to the masses
If apple cared about providing encryption to the masses, ADP would be enabled by default and you'd have to opt out of it.
As-is, all your messages, photos, and so on are backed up unencrypted to apple's servers where they can read them at will. End-to-end encryption is opt-in, and I doubt most "the masses" even know a setting for that exists.
>If apple cared about providing encryption to the masses, ADP would be enabled by default and you'd have to opt out of it.
Apple is also a company that needs to cater to its customers. If they enabled ADP by default and customer locks themselves out and goes to Apple, they want to be able to help. ADP is intended for people who understand what it is but nit savvy enough to run their own system.
You can't have it both ways. Either you're providing encryption to the masses, or you're not.
Providing encryption to the masses would in fact be telling people who lost their phone, or forgot their password "no, all your photos are gone forever, tough luck. Also, you have to make a new apple account and re-purchase all your apps".
You must have a different definition of "providing" because offering a service is definitely providing it. Apple makes "smart" devices that do what people want them to, and encryption is second to that. I think it's a fair compromise to have it easily available but not default.
This is correct, apple has a very customer first support culture which has a famous history of blowing up in their faces.
Internal metrics for support teams are almost entirely customer satisfaction focused, which built a culture of getting a result for the customer at all costs, which was very exploitable by social engineering.
It doesnt surprise me that they dont want to let customers encrypt and lose all their baby photos by default.
I didn’t say it was Apple fighting. I’m referring to the broader fight. Getting Apple to deploy encryption by default is one outcome I’d like us to fight for. But if we give up and start poo-pooing Apple’s encryption because it’s not pure enough, that fight is over.
It’s impossible to live without depending on other people’s decisions unless you live completely isolated. It’s not “free” but most people are fine sacrificing some freedom for other gains. This has already been discussed for centuries, see Thomas Hobbes and the social contract.
They also switched a few years back to provide signed firmwares rather than encrypted firmwares to ease independent verification, and have the Apple Security Research Device program to do runtime exploration with certain security walls turned off. (Supposedly creating these devices requires a partial factory retooling)
Apple also only has per-device global builds, rather than regional builds which might obscure requested features. My understanding is that they take transparency measures to make sure it can be detected if a firmware was released out-of-stream, and anonymity measures to prevent targeting a specific device with a custom firmware.
The Secure Enclave also requires the device passcode as part of an approval process for installing new device/enclave firmware; the underlying OS and security enclave are not meant to have the capability of being transparently updated/modified.
Australia introduced the concept of these laws with the Access and Assistance bill. The politicians were adamant it was necessary, however there were so many potential users of the system (Politicians, police, spy agencies) it never made a lot of sense.
Fast forward a few years and ASIO gave a press conference where they admitted to only having used the powers under the bill twice. Which makes me concerned about who the bill was for and what it has been used for. Unlike the British version, any public information release leads to instant jail time, and it was unclear whether this extended to briefing legal counsel.
I feel like, if the 5 eyes wanted to breach iCloud they would use Australia rather than Britain where it can be publicly contested like this.
The AA bill has an explicit provision for not allowing weakening of existing security measures if supplying a TCN. That's the major difference between Australia and the UK.
There are some really good answers in this thread. But if Apple had backdoors they would ultimately be used and either through prosecutions which would make it obvious or reverse engineering which would be quickly discovered. This is slightly different to say AN0M phones that had a low IQ user base and wasn't actively researched by security people but the whole network was burned when they went for mass prosecution in jurisdictions where the evidence was admissible.
Agree, blind trust in any big tech company is naive. But if Apple already had hidden backdoors, why would the UK government be pushing so hard for one now?
I understand that's not your point, but the government is a massive entity: it's entirely possible that the intelligence community has capabilities that wouldn't be admissible in court and therefore are of limited use to law enforcement. Or that they might be unwilling to share them with law enforcement.
We more need FOSS (and supply chain) hardware, software, and (distributed) cloud platforms with encrypted all at rest and in-flight with zero knowledge storage (minus specific private keys and offline authoritative key locations, of course). The problem, of course, is the main platforms are ultimately owned by single point-of-failure (SPoF) corporations that can be leaned on, banned, or raided. This would require immense, deliberate investment to avoid compromise/slowly replace closed choices and to avoid supply chain attacks. And then, ultimately, it requires a socio-political bargain to decide whom to trust and why, such as, based on interests and leadership team.
Good. Even if they lose, they should make as much noise as possible before giving up on the UK market. Maybe it will start to turn the tide of public perception.
The more awareness there is, the harder it becomes for governments to quietly erode encryption without pushback. If nothing else, it might make other companies think twice before rolling over.
From a leadership personality angle, who do you think initiated this brilliant marketing/messaging campaign — sue a country because ”it infringes on human rights and Apple upholds it.“
Do you think this kinds thing comes from someone in Marketing, Legal, a C-Suite, or is this kind of thing a thing by community at Apple? If it is the last, it would be brilliant to read that protocol/process/flow.
I don’t know, but it feels like the UK gave them the softest pitch, straight over the plate, and all they had to do was hit it. (Maybe a cricket metaphor would have been better)
Can't see much coming of this. At the very least the largest two parties are all for this kind of encryption backdoor and regardless of what the 'court' decides parliament can just legislate around it.
Apple will do it for the attention, PR and to hurt the idea generally even if they lose. Mindshare and ire towards the government are as strong as any legal judgement over time.
Yup, the Courts are ultimately there to fulfil the will of Parliament: if there's a clear power granted by Parliament to do this sort of thing, and there's no compelling objection from other areas of law, then this is more just a delaying tactic.
I see from your comment history you're British, so I don't get why you describe this as surprising. There's the Commons, Lords, and the King. Who or what else would be creating or dissolving the court? Why would it be able to overturn primary legislation that's received royal assent? That would just be swapping things around so you'd be saying 'fun fact about parliament, supreme court can...' anyway, surely?
Not having a judicial body that is fully independent of the legislative branch (parliament) and not being able to strike down laws is interesting/surprising to me shrug. I've always liked the idea of strong judicial oversight. But I guess without a strong constitution, where parliaments laws can't be ruled unconstitutional, it doesn't matter much... the public will be fully at the whims of parliament.
UK judicial oversight is actually pretty good. The government at the time lost numerous important cases when trying to implement Brexit. While Parliament can create legislation to overrule the courts decisions it's not typical and in the case of EU legislation they were stuck because they couldn't easily change that. The UK does have a strong constitution despite the fact it's not codified. In my opinion the US Supreme Court is farcical compared with the UK one. The fact it has lifetime appointments and is accepted as politically biased astounds me. NB: I know you didn't mention the US but it's my only point of comparison.
> The government at the time lost numerous important cases when trying to implement Brexit.
Yup, in the two cases that come to mind, the Supreme Court kicked the issue back to Parliament: Miller I[1] said that, given the extreme constitutional consequences of no deal, the Government couldn't unilaterally trigger Article 50, such a decision could only come from Parliament. This was more just a procedural issue. An Act[2] was passed a couple months after the judgment, and Article 50 was triggered a couple days later. Whereas, Miller II[3] was about the Government proroguing Parliament in order to silence it. The Supreme Court was having none of that, so it annulled the prorogation. In both cases, the Supreme Court was protecting Parliament.
The UK doesn't have a written constitution. This is rare amongst highly developed democracies. Also, to my knowledge, most parliamentary systems don't have a final court that can overturn laws passed by the parliament.
Aren't US SC judges picked by the president? Can't he override everything with pardons and executive orders anyway? Can't the US constitution be, uh, amended?
They're nominated by the president, but approved by the Senate. There have been cases throughout history where a nominated judge doesn't get through the approval process. Of course when the president and the Senate are aligned and in agreement this approval process is largely a rubber stamp.
Can't he override everything with pardons and executive orders anyway?
Not at all. Despite what it sometimes looks like, the president's executive order powers are quite limited. But again, if congress isn't willing to challenge the order and the Supreme Court isn't willing to rule on it, these limits are more theoretical.
Can't the US constitution be, uh, amended?
It can, but it is a slow and difficult process, requiring 2/3 support of both the house and the senate, plus support from 3/4 of the States. There have apparently been over 10000 attempts to amend the constitution since the founding, of which 27 have passed. Furthermore the president has no power to suggest or approve constitutional amendments.
Basically a president that doesn't have the support of Congress and the Supreme Court has surprisingly little power.
Technically it just requires 3/4 of the state legislatures (first 2/3 of them to trigger a constitutional convention, and then 3/4 to ratify its results).
Which - fun fact - is possible to do with states that together amount to less than 25% of the overall country population. In fact, given that it's really the legislature that needs to vote for ratification, and given FPTP being typical on state level as well + the usual gerrymandering etc that this enables, it's actually possible to amend the US Constitution arbitrarily with something like 10% of the voters (acting in concert to vote in the state legislatures that would then do the amending), if they have just the right geographic distribution.
Yup, which is why movements like https://conventionofstates.com/ can be quite frightening. As while it may seem reasonable at first glance, you needn't look very hard to find the sinister intent. Surely by now there has to be a name for the concept, similar to Godwin's Law, of right-wing movements bringing up George Soros. In addition, it mentions gay marriage, abortion, and the Affordable Care Act as examples of why a Convention of States is necessary. How lovely =/
Well, the British system is particularly unique because there is no formal Constitution, and thus we have no Judicial Review for Constitutionality. There's a pretty interesting talk about this here: https://www.youtube.com/watch?v=YIlkY90Cck8
This is basically a "the Emperor's new clothes" situation where the UK's constitution can only be seen by smart and educated people. (Yes, you have QCs [now KCs] saying otherwise, but that's exactly my point.)
Face it, if the constitution is "whatever the prevailing political elite class says it is", then you don't have a constitution.
There are words in the British constitution as well. Acts of Parliament that define how the Parliament and the courts function are constitutional laws, such as the Parliament Acts of 1911 & 1949 and the Constitutional Reform Act 2005. If we are going by words, there are a lot more words in these multiple constitutional documents than in the constitutional documents of many countries that only have one such document.
It's not meaningfully a constitution if it can be overridden in practice by a simple parliamentary majority vote, same as any other law. It's more like the "constitutions" that some absolute monarchies have or had in the past where the first thing is does is declare the monarch above any limits, just not quite as overt.
The constitution is the legal framework by which a country is governed. It is not necessarily a set of super-laws that are harder to change than regular laws (although it may contain such laws). The UK is also not the only democracy where the legislature can amend parts of the constitution with a simple majority. Besides, the UK itself has a super-law that cannot be amended, which is that the parliament is sovereign and cannot be bound by a previous parliament.
Neither the monarch, nor individual Members of Parliament, are above all limits under UK law.
Well, we are unfortunately seeing more of this with the rise of populism. However, I feel as if certain factors come together to provide a pretty effective stop-gap:
1. Members of Parliament (MPs) represent roughly 70k people. And while that's still a significant number, it's small enough for them to know and be known by their constituents. It's more difficult to vote against your constituents when you know them.
2. The House of Lords (HoL) can revise and delay, but not block, which means we are functionally immune from cross-chamber games of chicken that result in US-style government shutdowns, or European-style budget bills as confidence motions. We did come pretty close to this with Brexit in 2019, but this was all within the House of Commons given that the ruling party did not command a majority.
3. Parliamentarians usually respect the inertia of institution. As in, the idea that it's right to continue things as they've always been done, unless there's a compelling reason. It's why we're still a Monarchy, why there's still bishops and hereditaries in the House of Lords, etc. Basically, there's a culture of incrementalism. Because if you don't have the inertia, you appear to lack legitimacy, it's just a gimmick.
4. And on the heels of that, I think Parliamentarians have an occupational understanding of the adage "With great power comes great responsibility."
5. The Civil Service, while ostensibly neutral, tends to resign when asked to do anything believed to be damaging to the country.
All of this put together (and probably more than I haven't thought of) means that MPs understand that they could do great damage, and so they restrain themselves.
Contrast this with other countries with difficult systems where politicians stir up the passions of their constituents by naming their systemic limitations, "I would love to do X, but I can't because Y prevents me." A somewhat related example would be abortion in the US, where after Roe v Wade was decided, many states became soapboxes for anti-abortion rhetoric. It's a safe rhetorical position: you can say what you like and then blame the federal government for not being able to do it. But then Roe v Wade was overturned and many of these politicians and states have changed their tune, because the power is now in their hands, they are now answerable to their constituents on this matter. Not that it matters given how much gerrymandering there is, but still, the effect was noticeable.
Mostly self preservation I guess. It's not unheard of for a party to get wiped out.
I feel the Queen made moves behind the scenes to keep the government in check too. As much as she could. Not sure about Charles
I'm sure they're looking at Trump and realising they can get away with anything if they want to.
Ministers used to resign in disgrace over far less severe things than we've seen the past 2 decades. Now you can just easily distract the public with scandal after scandal or issue after issue. Then they can re-enter politics
Essentially true however judicial review can expose legal flaws, incompatibilities, or breaches of higher legal principles (e.g. the Human Rights Act 1998) essentially compelling (not forcing) the government to amend or adjust legislation.
A notable example being section 23 of the Anti-terrorism, Crime and Security Act 2001.
It will be good to have a test of the legislation, the last government spat out some horrifically written legislation, so it might not even say what they think it says.
I don't know what they are arguing in this case, but there is a chance that the government violated the US-UK Bilateral Data Access Agreement 2019, which governs data access requests from either country's government to technology companies based in the other country.
If the British government insists on this applying to non-british citizens in other jurisdictions, they are likely to be in conflict with privacy laws in those countries and that will trigger an international court case.
I think that the people who want to use encryption should use their own software for encryption, which is separate from the cloud service. (This alone might not do, because you also need to implement other security, but it will be one thing to do.)
You are suggesting people be able to insert an encryption module into other services?
Or that everyone has to constantly manage a non-default set of tools, and deal with all the interoperability issues of all the mish-mashes of choices others make?
Or, ...?
Personally, I cannot see a safe online world that doesn't have hard privacy.
Why not give people easy ways to report "very bad behavior" online, to authorities that build up a reputation of responding responsibly. Including bounties for the most egregious stuff.
Then every recipient of anything rotten becomes a honeypot for the criminals.
Breaking everyone's privacy is going to attract every nefarious and security conscious actor in the world to the buffet. Every state actor, "good" or "bad" is going to want to have access to everything that can theoretically be accessed. Worst possible kind of honeypot.
This is the issue. If you encrypt your own, then the software will not be able to use it as it's not a file it expects. So all of the software that you want to use your encrypted files will need to have this type of module.
At that point, I feel like we've opened pandora's box. If every single app had to be able to decrypt/encrypt with your personal key, we just know someone will roll their own and fuck it up for everyone else.
In NT you can have modules that sit between various operations on the file system. It’s how AV works without having to hook into every single application that reads and writes from storage.
There’s no technical reason why this kind of approach couldn’t be applied by Apple for encryption. But it would require relinquishing some control over their platform, so it would never happen.
Microsoft gets that excuse, because it lets you run anything at all on your computer. Apple doesn't, because it only lets you run things approved by Apple. Instead of "why did you make this encryption system we can't break into? Trillion dollar fine!" it'd be "why did you let XYZ Corp install this encryption system we can't break into? Trillion dollar fine!"
How do you guys interpret the fact that the UK hasn't requested such backdoors for Android-based stuff ? Ie. is this an indication that they already have such thing ?
The UK "laws" are extremely evil when it comes to violating basic rights, they can essentially force companies to shut up, "gagging orders", etc...
I never get this perspective. Firstly we do give them a crap load of revenue. Secondly it'd probably trash any of their non US business almost immediately as people start looking for contingency in case they pull out of other countries. Thirdly they didn't pull out of China. And fourthly there are a lot of Apple engineering staff here in the UK - it'd cripple them because they won't move to the US.
They will comply with the law and make a lot of noise and not a lot else.
Literally a large chunk of the ARM core team are in Cambridge including most of the GPU folk and there are a ton of infra and software team in a couple of other UK locations.
On top of that, a big chunk of the follow the sun on call engineering (SRE) are here that look after global infra and most of the European support operation are in Northern Ireland.
Fruit Engineering Ltd. hires brits and contracts with offshore Apple Inc. The former does not have the keys and cannot be forced to do anything iCloud-side.
It's not like corporate doesn't know all the tricks already. The only reason they need is whether the UK market is worth the hassle. That's all.
Isn't that potentially devastating to the UK, not Apple in the long run? Choosing to walk away from the market in terms of supplying goods does not mean needing to walk away from high level engineering staff.
Of course, you may mean these staff are only required to service the UK market...but it sounds like you mean they are valuable to Apple, at which point I am unsure as to why they would not be retained/shifted as appropriate.
Also my apologies, I assumed revenue here. Also thank you, I had not considered staffing, but it makes sense.
Yes it’s more critical staff. And it’s more a cultural thing. I know a couple of Apple folk and they will definitely not relocate to retain the job. Especially in the current political climate.
You don’t actually need as much money to survive in the UK as the US for example. So there isn’t the motivator to retain high level salaries other than luxury.
It would be “no thanks” and take a 30% cut to go and work somewhere else.
> Yes it’s more critical staff. And it’s more a cultural thing.
Ah yup, that 100% makes sense and I don't know why I didnt consider it. I should no more than anyone the value of more "key staff" as it were, and the impact a shock to those kind of staff can have.
> You don’t actually need as much money to survive in the UK as the US for example. So there isn’t the motivator to retain high level salaries other than luxury.
I did not know this, I am over in AU and don't know that much about the UK to be honest. I've only heard things in passing about London really and even then all ive heard is "VERY EXPENSIVE, RENT BAD" so thats super interesting.
> It would be “no thanks” and take a 30% cut to go and work somewhere else.
Yes, good for them too. I have taken (including recently) such pay cuts because I have strong opinions of where I will work, or who I will work with.
Thanks for coming back to answer my questions, I found it super informative. I didnt intend to sound aggressive in my first response so i'm glad you did!
The perspective is that if Apple bricks its devices for a couple days in the UK the pitchforks will come out considering they have the moral high ground and the better marketing team to pitch it to the general population.
Whether it's good for a US corpo to interfere with the stable 1984 progression of the UK is another issue. If I were in a decision making position at Apple I wouldn't want to bother with this either. Just take the easy marketing W and move on. Maybe prepare a plan for market exit just in case they're not satisfied with disabling encryption and demand a global backdoor.
"What if every country on Earth violated everyone's rights" isn't really much of an argument against standing up to countries that try. If that actually happens then we're all screwed anyway. Until it does actually happen, why roll over and allow it to happen without even trying?
According to Apple, everything in their system still works the same and they still have control of their own hardware, even if it’s in a Chinese data center. Systems like iMessage are still fully end-to-end encrypted even in China. Maybe they’re lying but it would be a huge opportunity for devastating leaks if that’s true.
> Systems like iMessage are still fully end-to-end encrypted even in China.
I do wonder about this. How can an authoritarian state allow a (very!) large foreign corporation to operate an important communications network without data transparency to their domestic spy agency? I am not normally a tin-foil-hatter, but I just assume that the domestic spy agency has a copy of the private encryption keys used for HTTPS/TLS. Then, Apple can continue to advertise "end-to-end encrypted" (in Mainland China), but the local spies can read the comms.
The simplest answer to your question is "it exists" and "iMessage isn't important," but instead, you chose to write a whole fiction for your brain. If that's critical thinking, I'd call it hallucination.
See, I don't see just withdrawing from the country as 'standing up to'. It's just giving up in a more disruptive way, especially when It seems very likely to me that other countries will start demanding the same.
Actually taking them to court and objecting seems more productive to me.
> I don't see just withdrawing from the country as 'standing up to'. It's just giving up in a more disruptive way...actually taking them to court and objecting seems more productive to me.
"objecting" alone does nothing. Objecting + lawsuits or objecting + withdrawing might accomplish something.
I'd agree that lawsuits are a good idea but they are also entirely dependent on the courts (of the same country that already wants to violate people's rights) to do the right thing. If the lawsuit works and the government forces the government to back off it's a good thing, but if not a company keeps the power to take their technology and leave. They can choose to do that regardless of what the laws or courts of another country thinks.
Walking away might be seen as a company "giving up" on the corrupt country that wants to violate people's rights, but it's certainly not a company giving up on their principles.
A nation full of people angry that they won't be able to get highly sought after products and services can change policy too.
I wish this issue were playing out in Australia right now, rather than the UK. It would be hilarious to see Apple walk out of the Australian market right before a federal election.
I wish they placed a red warning on every phone instead: "Your government is forcing us to weaken your security because it wants to snoop on you."
One of the problems of digital surveillance is that is doesn't feel intrusive, indeed it can be fully hidden from the users. With a message like this displayed every time you unlock your phone, plenty of people would start asking questions.
Isnt that their soft plan? They plan on just removing the encryption for all UK users to make the point moot domestically if this gambit doesnt bare fruit. If they want to continue to push that they want it for all users globally, Apple can attempt to leave the market fully.
Government backdoors to devices not only allow governments to manipulate their people in domineering ways, but make it easier for hackers to steal form users. This will always be true.
Honestly think they should just disable all iPhone functionality but phone calls and the politicians will fold within hours.
End of the day people love their devices more than their rulers and it’s a tangible way to action citizens who would normally sleep though this into having their privacy protected.
Until people start to really feel what losing privacy mean, nothing much will happen.
Right now, there is still a strong support in the UK for the gouvernement crusade against encryption and overall ending of privacy.
Because "why should I care, i have nothing to hide".
It takes time and tragedy for populationd to educate themselves on matter, maybe in a few years or a decade the trend will invert.
Until then, there isn't much apple can do. They haven't the law with them, they haven't the population with them, they got the money but they aren't going to spend it on educating people.
Taking UK gouvernement to court is just the best they can do right now, a big pr stunt, like a giant ad to say to the rest of the world 'we care about your privacy, buy iphone'.
any qualified opinions here on tresorit? i'm using them now for about three years and the service is alright and reliable afaiac. supposedly they don't have the private key. that makes using it sometimes a little slow compared to other options. but i decided to go with them after reading numerous horror stories about dropbox et al.
Was Tarsnap evaluated? Those behind it are well known and the construction is simple and explained clearly. My general rule: never make technology recommendations without throughly vetting/testing multiple candidates and digging deep into support, the company, and demoing close to intended use.
Sure, but it’s the only thing they really can do in the situation, i.e. cause as much stir as they can to hopefully draw public attention to the matter.
The "only used in exceptional cases" argument is the same tired line every government uses before mass surveillance becomes the norm. Once a backdoor exists, it's not just "good guys" using it; it's an open invitation for abuse.
Indeed. During the pandemic, restaurants in Germany were required to track customer's information including addresses, so people could be informed in case of a confirmed CoViD infection of another customer who was there at the same time. Of course, this information was never to be used for any other purpose whatsoever.
In one case, however, there was a capital crime near a restaurant (or similar venue) and police and prosecutor used this information illegally to track down witnesses. They were sued after the fact and lost, but got nothing more than a slap on the wrist.
Once information is available, it will be used for purposes other than the intended one, even by the "good guys".
Better to simply not collect the data in the first place. It's like the hierarchy of controls used in risk management, from most to least effective:
- Elimination – physically remove the hazard
- Substitution – replace the hazard
- Engineering controls – isolate people from the hazard
- Administrative controls – change the way people work
- PPE – protect the worker with equipment
Only with hazardous data, or things like moral hazards rather than physical hazards.
Offtopic, but do you know some good sources to read on that matter?
Here's a nice OSHA doc on this: https://www.osha.gov/sites/default/files/Hierarchy_of_Contro...
Might want to save it locally though.
> Might want to save it locally though.
The real hazard is the infohazard of knowing how to deal with hazards. Hopefully some genius will eliminate it and increase efficiency.
Oh is it being done by the same genius that built electric cars with no way to get out of the back when the power is out so if there's a fire and you're in the back you'll burn to death?
I used the following query in your favorite ai powered search engine, "what knowledge would I need to able to make an intelligent post similar to <insert above comment>, please give me some high quality reading sources"
https://en.wikipedia.org/wiki/Hierarchy_of_hazard_controls
https://en.wikipedia.org/wiki/Data_minimization
https://www.ccohs.ca/oshanswers/hsprograms/hazard/hierarchy_...
https://epic.org/data-minimization-is-the-key-to-a-meaningfu...
I won't shovel the rest in here, but this is a good start.
Damn, you used an LLM to tell you that to learn more about "hierarchy of hazard controls" you should google "hierarchy if hazard controls" :) Truly a revolutionary technology!
You don't know what you don't know! Did I open myself to a sweet hindsight bias attack, luckily my saving throw worked. I used a search engine in a high dimensional space, not a fax machine.
I remember reading a similar story in Ireland on Reddit, where a guy started receiving newsletters and advertising texts that he only ate at once during the pandemic. Turns out the restaurant were using the contact details for Covid tracking for advertising purposes… diabolical stuff.
And once trust is broken, it's almost impossible to restore.
I visited US once, for a week. I went through an E-ZPass controlled interstate once as a passenger, and gave no e-mails to anyone.
Yet, I received "Pending E-ZPass payment" scam for a year.
I have no further comments.
>I went through an E-ZPass controlled interstate once as a passenger
>Yet, I received "Pending E-ZPass payment" scam for a year.
I think you're overestimating how precise scammers' targeting are. They're playing a numbers game, so they're going to spam every who might have used ezpass, not carefully curate their spam list by buying real time location data from data brokers. I received phishing texts for banks that I don't have accounts for, so next time I get a phishing text for a bank that I do use, I'm not going to think my bank got breached.
I think it's in the middle.
I travel a lot due to work. Generally the destinations are the same, but a new country is added now and then. When I go there and come back, I also start to get spam in that country's language.
I currently have English, Spanish, Dutch and Italian spam regularly in my mailboxes. They all started after I visited respected countries, and continue since I still visit them semi-regularly.
That E-ZPass spam started right after I returned from US, continued for a year, ceased and didn't return.
Spammers have better targeting tools than we know.
>I currently have English, Spanish, Dutch and Italian spam regularly in my mailboxes. They all started after I visited respected countries, and continue since I still visit them semi-regularly.
It's far more likely your email addresses are getting leaked by airlines/hotels (or basically anyone you gave your email to during your travel) than random apps selling your location to data brokers, data brokers being competent enough link those locations back to your email, but somehow too incompetent to know that being in France for a month doesn't mean you're interested in buying French car insurance. The latter isn't impossible, but occam's razor says we should favor the more straightforward explanation.
The kicker? The e-mail address I give to the hotels doesn't get that spam. My other, personal, e-mail address gets them. A specific one.
And no, I don't get car insurance scam. I get generally faster ones, like "you have a package" types...
The rabbit hole is a bit deeper to summarize with a #8, Solingen made Occam's razor.
So how do you think the connection was made?
The best I can think was your location data was sold by a company behind one of the apps on your phone.
They might have correlated my shopping data plus with my location (the state/shop I'm in), and possibly went from there.
Some of my phone apps might have betrayed to me, too, but I have no idea what I had installed at that time.
Possibly sold by an insider through unofficial channels?
Exactly. No matter how well-intentioned a system is at the start, once the data exists, it will be accessed for purposes beyond what was originally promised
>restaurants in Germany were required to track customer's information including addresses
Ironic they went along with this considering how chest-pumping Germans are about their government being all about protecting their citizens' "privacy".
>They were sued after the fact and lost, but got nothing more than a slap on the wrist.
Government workers don't care about doing a good job since if they break the rules they won't get fired and the fines are not paid from their pockets but from the taxpayers pockets anyway so there's no incentive to be competent at your job.
It’s always a mistake to generalize about a population as large as “employees of the German government”.
Some people are meticulous about their jobs. Some are not. Both types are present in any large organization.
The German government, and maybe to a lesser extent the EU more generally, feels that the privacy of citizens from corporations (especially foreign ones, especially American tech ones) is important to preserve and protect. Privacy from the government is a different matter. The government, due to its being duly elected by the people, has an implicit right to pry into people's affairs if such prying can be justified as serving the public interest.
It's quite a different attitude than the USA. The USA is almost unique in being individualist to what some might consider an extremist degree, to the point where if the government intends to violate someone's fundamental rights, they may do so only under very limited circumstances and must document everything and prove that those circumstances had been met. In most of the democratic world, individual rights are just one factor that needs to be balanced against public safety, public order, etc. and the government has much wider latitude to violate even constitutionally protected rights on its own say-so.
This is how you get German prosecutors on 60 Minutes, grinning and laughing as they describe the shock people undergo as they are arrested and their computers confiscated and searched over literal mean tweets. For the Germans, it's normal -- necesssary, even, to have a functional society. To Americans it's abhorrent.
I'm not really all that surprised. Public opinion is easily swayed with good marketing.
The government mandated contact tracing, but not how it was to be implemented. There was a publicly developed open-source app for contact tracing that was perfectly privacy preserving.
Unfortunately, many restaurants instead used a commercial solution that was none of these things. What it did have was support from a mildly famous German musician and great lobbying. Most people didn't care, they just wanted to go to the restaurant.
Well. That's actually a good example. Because contact tracing can (and was) implemented in a completely anonymous way, at a technical level, storing no personally identifiable information.
You can do this, just like you can do e.g. video surveillance, in a secure and privacy-respecting way. There is just no political will.
[dead]
> was a capital crime
> track down witnesses
Am I too naive that I think that's a worthy use of that information?
It probably was. It was also illegal. As much as you, I, or even public opinion may agree that something is right, we can't have public servants knowingly violate the law when it is convenient. To accept that would be to forfeit many of your liberties.
In my state the law said that this checking information could only be used for contact tracing. So when the law says this and the cops drive over it in in a bulldozer, it's a bit shit.
That said, in my state the cops recruited and flipped a criminal lawyer who then back doored her high profile clients and gave confidential and privileged information to them them in order to build cases.
I'd agree that is a good case. But I'd still object to this tracking. It's a slippery slope. Who determines what is worthy?
We might like one government administration and highly expect them to respect the privacy. But what about the next administration? We've just seen Trump say he will withhold funding for universities with "illegal protests". I'd fully expect his administration to abuse this tracking, in the name of law and order.
> It's a slippery slope. Who determines what is worthy?
Who determines if a wiretap is worthy? Or a search and seizure? Or a simple arrest?
We have an answer for this, it's called Law and an independent judiciary.
You're right in theory but history shows us it's not black and white and rarely has an effect after the fact.
When these apps were rolled out, they were specifically advertised as private and only used for contact tracking and nothing more on the basis that we as a society want to maximize their use for tracking to be effective. Reneging on this promise will backfire in any future pandemic.
Similar happened in Australia, collect the data to keep everyone safe, it's private, but next minute...
https://www.abc.net.au/news/2021-06-15/safewa-app-sparks-urg...
https://www.smh.com.au/politics/federal/breach-of-trust-poli...
Not quite the same:
The police gained no advantage, no prosecutions were carried through, and in WA Quigley (then WA Attorney-General ) rebuffed the police and strengthened the fines for breaching. He is not (now) a fan of the police, despite having once been the police unions bulldog lawyer of choice .. he's seen too many breaches too close to ignore. ~ https://en.wikipedia.org/wiki/John_Quigley_(politician)I once naively believed that us "good guys" have little to fear or to lose by yielding a little privacy for the greater good. Then I grew up and realized that governments routinely fail to wield such power responsibly.
And even if the current government does wield such power more-or-less responsibly, the next one may not.
It also always lead to the same downward spiral of prosecutors complaining that the data they need to investigate drug trade is right there, but they can only access it for terrorism reasons, so why not add drug trade to the list of exceptions. Repeat with homicide, then fraud, all the way down to traffic infractions.
> it's an open invitation for abuse.
And I refuse to believe that the politicians behind that travesty don't know that.
Also, if you already go to prison for not handing over your decryption keys when asked, the one purpose left for a backdoor can only be criminal abuse.
"To continue to demonstrate why tools like this are essential to our mission, we need to use them ... I urge everyone to continue to look for ways to appropriately use US person queries to advance the mission"
- 2024 internal email by FBI Deputy Director Paul Abbate
(https://gizmodo.com/leaked-fbi-email-warrantless-wiretaps-se...)
The patriot act stayed in place 3 times longer than initially said.
It removed the habeas corpus for 15 years.
I am very glad they are doing this as a UK based ADP user. Waiting to see how long before they forcibly turn it off for existing users. I will of course just remove everything from iCloud at that point.
It's not like you can use an alternative without facing jail time if you don't give up the keys.
The penalty for not giving up keys is max 2 years in prison. Most offences that they're trying to use the encrypted data to use as prosecution evidence (for example, child pornography), have penalties that are way more than 2 years in prison.
If you're genuinely innocent, the 2 years is horrid. If you're actually guilty, it's a cheap way to serve your time.
It's a weird and perverse law that shouldn't exist, but it's likely in time the government will need to move the needle one way or the other, as habitual criminals are getting used to doing the maths.
This comes up every time someone wants to give the death penalty for rape.
If the punishment for rape is harsher than the punishment for murder than anyone committing it may as well remove the evidence by using a blender.
Is there a academic study of the heuristic of choosing between option A versus option B?
People (even criminals) are not perfectly economic thinkers. That's probably a good thing. I have this terrible thought of a quant rapist: juggling their risk that the victim stays quiet or otherwise acts (police or revenge). Deciding on the Kelly Criterion for losing 20 years in prison.
I'd watch a movie about a killer using statistics properly. It is annoying when muderers are cast as being idiots. I imagine the protagonist runs a hedge fund and gets bored of getting away with white collar crime.
In this modern age, I'm rather interested in the inverse: lawmakers doing proper scientific research, and legislating based on that; attempting to discover the sociological or economical truths rather than chasing slogans and acting on beliefs and agendas.
They do that in many countries. Basically they check the likelihood of being a repeat offender and try to minimize that. Tax crimes become harsher than violent crimes because of it, for example… it is not popular amongst the population though.
I've only heard rumors that Scandy countries do this, do you have any references?
>Is there a academic study of the heuristic of choosing between option A versus option B?
I don't know of a paper on that specific question, but for example, Gary Becker got his Nobel prize because he applied economics to a wide range of human behavior including crime and punishment. Here is a famous paper of his on crime:
https://www.nber.org/system/files/chapters/c3625/c3625.pdf
But if criminals are not perfectly rational economic thinkers, harsher prison sentences may not be morally justified!
A behaviorist perspective on justice, punishment, and rehabilitation does not require morality.
1. Pragmatism - Justice can be effectively framed around practical outcomes and societal safety, it requires no moral framework.
2. Remorse and Emotional Response - Feelings of remorse can be understood as conditioned responses shaped by environmental influences rather than as reflections of moral responsibility; remorse does not necessitate moral weight as they can arise from societal conditioning and past experiences.
3. CBT - Cognitive Behavioral Approaches demonstrate that behavioral and emotional changes can occur without delving into moral implications, and requires no moral reflection.
4. Behavioral Accountability - Individuals can be held accountable for their actions based solely on their observable behavior and its consequences, without the need for moral judgments. The focus is on modifying harmful behaviors through interventions and reinforcements rather than assigning moral blame.
So, this framework provides a rational and effective approach to understanding and managing human behavior, focusing on the pragmatic aspects of justice, rehabilitation, and accountability, it does not require an already shaky and subjective moral judgment or moral accountability, and as thus, need not be morally justified.
If you want me to elaborate (with examples, too), I am willing to as my time allows.
I know a woman who was raped by her father. The state is going to release him in a few years, so now her family lives in terror of that day. Where is the justice in that, and what does the rapist bastard being or or not being a ""rational economic actor"" have to do with any of it?
Indeed, a big part of a society's system of justice is "letting most people sleep at night."
Whether there's justice or not in a rapist serving their sentence and going free (given that, one assumes, the sentencing guidelines were decided by dispassionate thinkers trying to reason about society as a whole)... It goes out the window if a family lives in so much fear they decide to "fix" the issue by taking the law into their own hands.
Then the society has to decide whether to jail the family, and so on.
Hammurabi's code seems harsh by modern standards, but at the time it was positively progressive. It was attempting to replace a retaliatory tradition so bloody it could wipe out entire bloodlines. He was trying to impose an upper limit on consequence to allow a society of semi-strangers to reach some meta-stability.
Where is the justice in keeping him locked up to assuage a families fears?
> I'd watch a movie about a killer using statistics properly.
At the start of the movie Heat, one of the hot head robbers kills one of the guards. De Niro, the leader of the robbers, immediately kills the other guard and says something along the lines of 'it's capital murder either way so may as well not leave any witnesses'. Ultimately, it's Di Nero being non-rational and driven by emotion that leads to the final scene in the movie.
> People (even criminals) are not perfectly economic thinkers.
This imperfection feeds into the argument for not punishing rape as harshly as murder: the rapist is likely to misjudge the chances of the murder being discovered and traced back to them, when doing the risk math to decide how to proceed. If their imperfect thinking leads them to overestimate their chance of pulling off the perfect murder (or the perfect coverup after one) then that pushes the chance of equal punishment leading to more murders higher.
"Doing risk math" oversells it for crimes of opportunity, where decisions about how to keep the action quiet after it has happened is going to be very emotion/panic (rather than facts/stats) driven, but for premeditated attacks I suspect things will flip the other way.
> People (even criminals) are not perfectly economic thinkers. That's probably a good thing.
why is that a good thing?
Perfect economic thinkers are good, because they'd be predictable and can be reasoned with. Providing economic incentives to such means you can direct behaviour in an easy and efficient way.
Irrational thinkers cannot be reasoned with via economic rationality. Therefore, either you have to stack the incentives so high that the cost becomes overbearing, or you use some other means of control that's less nice.
Perfect economic thinkers will kill one guy so his organs can save three others.
Utility is a flawed way to capture ethics.
Being perfect economic thinkers doesn't mean they are all powerful. How does one go kill one guy without consequence? The only person this perfect economic thinker has access to is himself, and surely, he values his own life at infinity.
Ethics is an agreement between people in society, which cannot be captured via economic rationalism alone, but economic rationalism can take into account current ethics, as well as other actors' propensity for more or less ethics.
Except that rape and murder are separate offenses and both would be charged, not one or the other.
they can't execute a criminal more than one time.
Not everywhere has the death penalty. Some countries are civilized.
Like Germany and the UK? However, it's no problem at all for them to supply Israel with support in their murder of 18,000+ children. Remote killing good, local killing bad?
this subthread was about how if rape has the death penalty then s rapist may decide to commit murder to lessen the chance of being identified.
Right, and my point was that if rape doesn't have the death penalty, then murder is less likely.
agreed, which was also my point, but you seemed to think I was making the mistake, common on this site, that American rules pertain all over the world, which was not even what the discussion was about!
on edit: got confused as to who was whom in the nesting.
on second edit: I also don't know if there is anywhere that has execution for rape, it was a hypothetical as I read it.
Blender? A 3-d drawing program? How would that remove evidence?
Would be rapists and murderers simultaneously aren't deterred from committing their crime in the first place by the threat of execution, but also will escalate their crime in response to the threat of execution. Very curious.
Liberal Europeans and Americans like to say that no civilized country executes criminals, but in fact several developed democratic countries in Asia do, and to say they aren't civilized seems absurd. Executing criminals seems to work well for them. Very curious.
> no civilized country executes criminals, but in fact several developed democratic countries in Asia do, and to say they aren't civilized seems absurd.
If you're saying the first bit, you're saying that it's a disqualifier from the second.
And I'm saying that anybody who claims Japan, South Korea or even Singapore isn't civilized is being absurd. Their own country is almost certainly more dangerous than those, there are very few countries with lower intentional homicide rates than those three.
The US have the death penalty too, so implying that those countries have a low homicide rate because of it is quite far-fetched.
Not to mention at least in the US the death penalty is more expensive than a lifelong prison sentence, so it's simply not a good idea.
It is, perhaps, worth observing that one of the stories told about how English law pulled back from death-penalty-for-thievery was that if a thief had their life on the line already, they may as well murder too.
It's an interesting story, but the historical record of how English law changed is, I think, a bit more interesting. Kids in London would steal. They'd go on trial. A jury of Londoners would see what looked like a twelve-year-old in the docket and just flat-out refuse to find them guilty because they couldn't sleep with themselves thinking they'd sent some kid to the gallows. This pattern became such an issue that merchants petitioned the King to pull back the penalties because as the system was implemented, it was going to stop protecting their property from thievery.
I lost some braincells reading this one
Thank you.
When you are released from prison, they can simple ask you to decrypt the data again, and if you refuse or can't, you have broken a law with another 2 years in prison (5 if they think you could have anything to do with 'terrorism').. Its theoretically an infinite prison sentence for forgetting your passwords.
I believe double-jeopardy laws wouldn't allow this, but I could be wrong.
Double jeopardy was abolished in England and Wales almost twenty years ago:
http://news.bbc.co.uk/2/hi/uk_news/4406129.stm
This is correct - but I’d rather my law enforcement had a pre-existing reason to investigate me rather than just stumbling upon something in random hidden searches. Innocent until proven guilty is key here.
I have nothing to hide, but I’m still not giving you access to my photo library.
Whether the data is encrypted or not, they still need a warrant.
Those warrants are secret. We don't even know if they're following the rules they lay out.
In the US, the secret FISA court hasn't turned down a single warrant. Either the government is only coming to them with completely justified cases or they're just a rubber stamp. Either way, there's no oversight so we have no way of knowing.
For now. Once the means are there it's only a matter of time until everything is scanned automatically.
[flagged]
You seem to think that the indexing and searching happens only if there is a reason. Why do you think that? There are all kinds of cases where government agents were found to have abused access to data for reasons that had nothing to do with illegal or immoral behavior by a target.
Irritatingly naive
Because they can.
So they randomly picked a person to search?
They have a jealous ex who is a LEO.
Never been across an international border?
Speaking of which, iOS needs to finally support user accounts, ideally hidden ones as well.
That's still a big improvement. A backdoor can be exploited by criminals who want personal gain, not just used as intended by police.
That’s not necessarily true.
RIPA notices do indeed assume you’re in possession of the keys of anything encrypted and you must disclose when asked nicely.
You just need an airtight provable way of showing you have a way to destroy that key when you push a button and do that before the notice arrive. I suspect that’s after they seize your stuff.
Indeed. But you can of course say "show me the court order" and defend yourself.
Not in the UK. In fact there's precedence they can arrest you for not unlocking your devices, without a warrant[0]
[0] https://www.independent.co.ug/activist-convicted-uk-terror-o...
They can arrest you for anything. I’ve been arrested twice. And questioned once. And apologised to twice.
I was stopped and questioned twice within a span of about ten minutes while walking around near Parliament in the middle of the night because someone _supposedly_ called in some sort of a threat. I was severely jetlagged and had never been to London before, so I figured it wouldn't be any different than walking around NYC but that may have been naive on my part.
You can walk around 99.9% of central London at any time of night and nobody is going to raise any eyebrows no matter how jet-lagged you look. But there's always a chance you're going to attract some attention outside Parliament, or certain embassies, especially if there's an "elevated threat level" or whatever.
apologised?!
Surely you're joking!
No way that really happened or it was an empty apology like.
> I'm sorry you made yourself suspicious
First time I was arrested for being next to a fight until I was cleared of any involvement. This required some explaining and the policeman was an idiot.
Second time some busybody reported to the police that I was carrying a knife. This was a Santoku knife that I'd literally bought and was still in the plastic packaging but you could see it through the plastic bag I was carrying it in. We had a bit of a laugh about it and they apologised for wasting my time. They did however arrest me so that they could do a formal search and had right to as they had reasonable suspicion I was carrying it as a weapon. I'm not bothered they were very reasonable and so was I.
Nothing about either of those is reasonable.
In the US both of those would have been handled with an Investigatory detention - same as being pulled over for a traffic stop. Not even remotely an arrest.
> They did however arrest me so that they could do a formal search and had right to as they had reasonable suspicion I was carrying it as a weapon.
What "reasonable suspicion"? They could see the "weapon" that had been reported and at that point it should have been "have a nice day" and then them trundling themselves over to whoever called it in and charged them with making a false report.
I swear, UK police seem generally nicer than US cops but infinitely dumber and the shit you brittons put up with in terms of having your rights violated is astounding.
> In the US both of those would have been handled with an Investigatory detention - same as being pulled over for a traffic stop. Not even remotely an arrest.
I'm not from the UK, but it seems likely that this is just a question of semantics. Many US traffic stops are far more stressful—and handled in a way that is far less conciliatory—than the "arrest" that OP describes. It doesn't sound like they were taken to a police station or even necessarily handcuffed, more just formally detained.
As for US detentions: It doesn't especially matter if they're not technically "arrests" in US parlance, you're still being stopped by the police and you still can't go anywhere until they let you because there's a too-high probability that they'll find an excuse to make your life miserable if you don't cooperate.
"Reasonable suspicion" is the UK equivalent of what Americans call "probable cause" i.e. jargon for when the police are allowed to search you.
The police have to conduct stops in a certain manner, because of the law that gives them the power to stop people: They are legally required to tell the person they're being detained for the purposes of a search, the purpose of the search, the grounds for the search, and the legal power used.
Getting a load of jargon thrown at you about "detained" and "offensive weapon" and "Police and Criminal Evidence Act" sound a bit officious, but once they've stopped you they've got to give you the officious jargon, it's required by law.
Also, while it's rare that the police will have occasion to stop and search a middle class, middle age white guy like myself, when the situation does come up, it's reasonable for them to do it thoroughly and by the book. They should treat a report of me carrying a knife the same as they'd treat a report of a black teenager in a bad neighbourhood carrying a knife.
Because of the increase in knife crimes in the last couple of years the UK police have become incredible aggressive towards anybody in possesion of even small purpose knifes in public. I'm honestly surprised OP got away with it.
> I'm honestly surprised OP got away with it.
Buying a knife and carrying it home is 100% legal, so there's nothing to "get away with" here.
Carrying a Santoku knife in public is only illegal if it's being carried without a "good reason" and carrying a newly purchased knife home is certainly a good reason.
The police have the power to stop and search people when they have "reasonable grounds" to suspect they're carrying a weapon; if the knife is clearly visible that's certainly reasonable grounds. So the search was not illegal.
A stop-and-search means being "detained" in the sense that you are not free to leave until the search is completed, but it's not an "arrest" that would appear on your arrest record. Perhaps there was a miscommunication about the distinction between being 'detained' and being 'arrested' ?
UK police are nothing more than legal mobster. If they don't like your face they can just decide the good reason is not good enough.
https://professional-troublemaker.com/2018/04/10/u-k-knife-c...
> If they don't like your face they can just decide the good reason is not good enough
The article you linked does not support the claim that the UK police not liking someone's face is sufficient for them to be allowed to stop and search someone.
In fact, this goes directly against the PACE guidelines as described at https://www.college.police.uk/app/stop-and-search/fair
> A person’s physical appearance [...] cannot be used as the reason for stopping and searching them [...] unless there is information or intelligence giving a specific description of a person suspected of carrying an item for which there is a power to search.
>goes directly against the PACE guidelines
Guidelines have never stopped authoritarian hell holes. They can just make shit up.
> In the US both of those would have been handled with
Shooting. They would probably have shot him.
At the same time they don’t tend to blow holes in the victim here.
He didn't even explain why he was arrested or what he was suspected of
If you are stopped at the border then you don't have such a right. British border force can just demand you give them keys to all your devices and hold them for 7 days, no court order needed.
Watch this if you're curious how that looks like:
https://www.youtube.com/watch?v=991kRp8KUmo
The part that stood out to me, copying from the automatic transcript:
> they're sitting there with these like blank A4 Bits of Paper writing down everything I'm telling them like you know bits of interest and it's exactly the same thing the Russians did when they interrogated me [...] to be honest interactions with the Russians have been pretty much the same as inter with the British government
I didn't do my research before going to the UK for the first time two months ago and just went with my gut feeling, that is, deleting files from my phone that I don't want to end up in a government system through Cellebrite's "accelerated justice" or whatnot. Never done this for any other country before (I cross borders on a weekly basis). Seeing this video and the Ugandan article from the sibling comment, that was definitely the right move
I get bagged and tagged at least once a week when I go shopping in the UK in the last 50 years. You don’t want to come here at all. I’d rather hang around in Russia these days.
Facetious comment aside the only time I’ve had problems with border security anywhere is getting a large carpet back home from Azerbaijan. This was very interesting and required them to examine every square centimetre of it. China, US, UK, Europe all really boring. Russia was incompetent. They didn’t even check anything at all (2012)
I don’t know of any country where border guards don’t have the authority to seize your device if you’re trying to cross.
I just use devices with ephemeral storage for crossing borders to save myself from having to do any research on any particular country’s device privacy practices.
Then I'm not sure what we're criticizing China for, if no country has such fundamental rights for the people under its control. The warrant system exists for a reason. I'm not more likely to be carrying something illegal when going between countries than within the jurisdiction where my registered place of residence is; less if anything because there might be spot checking indeed
Some firms routinely forbid carrying company data (including encrypted data) across five-eyes and PRC borders, this is why.
Imagine you're a citizen and say no.
Are they arresting you?
Because they have to let you in.
You don't have the right to say no or even stay silent. If you refuse to give up your passwords they will charge you with the whatever the legislation around it is, it's 2 years behind bars for refusing.
God this is scary. What if this "authority" figure is abusing their position? Do you have any recourse?
Probably not, just a waste of money and time, but hopefully someone can provide a reasonable recourse.
What if you say you forgot? I actually had times (after not having used my phone for a month or two) that I (& my muscles) forgot my PIN (not for the SIM card) and I had to do a factory reset.
Well it's not automatic 2 year prison sentence. The state charges you with a crime, it goes to trial, and then you have to defend yourself - if your argument is that you forgot, then it would be an interesting case - ultimately the prosecutor would need to prove that it's unlikely you forgot, say if they had proof (say CCTV recording at the airport) showing you using your phone 5 minutes before it was confiscated - it would be pretty hard to argue that in the space of those 5 minutes you forgot the password. But if you had a device in your suitcase and could successfully argue that you haven't used it in ages and the password was long and complex then yeah, I guess you'd be found not guilty - up to the judge/magister/jury depending on where exactly in the justice system you end up. But yeah, while stopped at the border saying "I forgot" is not a good card to play.
It probably won't end well but I'm curious what would happen if you give them a password that resets the device. Theoretically it unlocks it, it's just that it takes a minute and it's factory new at that point.
They'd charge you with destroying evidence, or "perverting the course of justice". They aren't stupid, they would know that you gave them a password that wiped the device.
They would image the device and try the password against the image, if possible.
This depends on who the Border Agency officer is:
An Immigration Officer may search you until they are satisfied you are a citizen. As long as you have a passport (or emergency travel document) listing you a citizen, this should be straightforward and they're unlikely to have grounds for any further search. At that point, you have been let into the country.
Customs Officers are much more likely to have grounds for a search — if they believe you are bringing prohibited material on the electronic device into the country (and "reasonable grounds" is low, as it typically is for customs — "you're acting kinda sus" is a reasonable ground), they can search your device. It is an offence to refuse a search, so while you've been admitted to the UK, you could be arrested for that offence.
This is all broadly comparable to most other countries immigration and customs laws; the UK is not an outlier here.
The problems with the UK are primarily things that apply to everyone, not just at the border — for example the Terrorism Act 2000 and Regulation of Investigatory Powers Act 2000. But again, in the border case — that's basically all going to be _after_ you are admitted to the UK.
Is a court order explicitly needed in the UK to demand a key?
Yes there has to be magistrate approval and you can challenge a notice with legal representation.
A warrant is required - can be issued by the Secretary of State.
I can be criminally charged for encrypting my data (and keeping it encrypted)? That’s mental!
Guess, I better delete that big file of random numbers from my computer.
> I can be criminally charged for encrypting my data (and keeping it encrypted)? That’s mental!
That's the UK.
But then you will know they are spying on you - they won't be able to do it secretly.
Really? So you can have your own Nextcloud server, connect over Tailscale and you’d face jail-time? I can’t imagine that.
The law is about making sure the UK government has access to your encrypted data if they want it. It doesn't only apply to big corporate solutions.
Wtf. What is next, my thoughts? Who are these people? Thinking they can outlaw basic maths operations.
Look up "decolonize math" or "critical mathematics".
Yes, and they have the resources to go after every (former) user of ADP. </s>
> I will of course just remove everything from iCloud at that point.
The iPhone's backup utility doesn't seem to support anything other than iCloud, so you'd probably have to individually set up some kind of automated scheduling that (no idea how) for your main apps.
Not sure if you'd be able to backup system stuff though. :(
On a Mac, creating encrypted local backups of your iOS device is built into MacOS.
On Windows, you create an encrypted local backup of your iOS device using iTunes.
It backs up everything. OS, Apps, and data.
> It backs up everything. OS, Apps, and data.
I’m not claiming you’re wrong, but I think the backup includes the list of apps and versions and excludes data that can be easily downloaded from AppStore.
The cloud backup does (its description says as much!), but the local one genuinely seems to be an image that includes the binaries.
I don't backup my phone anyway. There's nothing I can't replace in about 30 minutes work.
Do you save photos and messages somewhere?
It's not automated but you can certainly still use iTunes to create a local encrypted backup of the entire phone, apps, and data. Works over USB and Wirelessly on the same network. People who decide not to use iCloud can certainly still keep their data safe.
On a Mac, at least, by default it backs up to a location that then gets included into Mac's own Time Machine backup, if that is set up.
Doesn't Syncthing work on Apple machines?
I wonder how the metadata comes into play here. Metadata is fair game even with ADP. Apple retains it and could probably be compelled to pass that along
Yet I don't have much faith that the UK government will back down
[dead]
How do we know there are not back-doors already in Apple's cloud storage (that the 5-eyes cult has access to)? This fight may just be theater the goal of which is to legitimize the view that Apple's cloud storage is secure and free from government snooping.
Trust, then verify. No ability to verify? No trust.
This fight is about providing encryption to the masses. If you want to use your own open source security solution, you should definitely do that (really!). But you will be one of a small number of people doing so. And a society where only a small number of "wizards" have freedom isn't a free society at all.
I am very sympathetic to the idea that more components should be open source, and Apple's systems should be much more open (particularly backup.) But at the end of the day if Apple is compromised there is no open source solution that can save you. They design the silicon.
> This fight is about providing encryption to the masses
If apple cared about providing encryption to the masses, ADP would be enabled by default and you'd have to opt out of it.
As-is, all your messages, photos, and so on are backed up unencrypted to apple's servers where they can read them at will. End-to-end encryption is opt-in, and I doubt most "the masses" even know a setting for that exists.
>If apple cared about providing encryption to the masses, ADP would be enabled by default and you'd have to opt out of it.
Apple is also a company that needs to cater to its customers. If they enabled ADP by default and customer locks themselves out and goes to Apple, they want to be able to help. ADP is intended for people who understand what it is but nit savvy enough to run their own system.
You can't have it both ways. Either you're providing encryption to the masses, or you're not.
Providing encryption to the masses would in fact be telling people who lost their phone, or forgot their password "no, all your photos are gone forever, tough luck. Also, you have to make a new apple account and re-purchase all your apps".
You must have a different definition of "providing" because offering a service is definitely providing it. Apple makes "smart" devices that do what people want them to, and encryption is second to that. I think it's a fair compromise to have it easily available but not default.
This is correct, apple has a very customer first support culture which has a famous history of blowing up in their faces.
Internal metrics for support teams are almost entirely customer satisfaction focused, which built a culture of getting a result for the customer at all costs, which was very exploitable by social engineering.
It doesnt surprise me that they dont want to let customers encrypt and lose all their baby photos by default.
I didn’t say it was Apple fighting. I’m referring to the broader fight. Getting Apple to deploy encryption by default is one outcome I’d like us to fight for. But if we give up and start poo-pooing Apple’s encryption because it’s not pure enough, that fight is over.
Is the society that relies on everyone else to make the decisions that serve their best interests free either?
It’s impossible to live without depending on other people’s decisions unless you live completely isolated. It’s not “free” but most people are fine sacrificing some freedom for other gains. This has already been discussed for centuries, see Thomas Hobbes and the social contract.
Partly because they document the doors which are there for LE : https://www.apple.com/legal/privacy/law-enforcement-guidelin...
They also switched a few years back to provide signed firmwares rather than encrypted firmwares to ease independent verification, and have the Apple Security Research Device program to do runtime exploration with certain security walls turned off. (Supposedly creating these devices requires a partial factory retooling)
Apple also only has per-device global builds, rather than regional builds which might obscure requested features. My understanding is that they take transparency measures to make sure it can be detected if a firmware was released out-of-stream, and anonymity measures to prevent targeting a specific device with a custom firmware.
The Secure Enclave also requires the device passcode as part of an approval process for installing new device/enclave firmware; the underlying OS and security enclave are not meant to have the capability of being transparently updated/modified.
We can never truly verify, because there is no such thing as perfect security [1].
However there is "Deterrence through Accountability. We can attempt to legally prosecute the attackers" [1].
That is what is happening here. The attackers are being prosecuted.
[1] https://www.cs.cornell.edu/courses/cs5430/2017sp/l/03-princi...
Yeah its a concern of mine.
Australia introduced the concept of these laws with the Access and Assistance bill. The politicians were adamant it was necessary, however there were so many potential users of the system (Politicians, police, spy agencies) it never made a lot of sense.
Fast forward a few years and ASIO gave a press conference where they admitted to only having used the powers under the bill twice. Which makes me concerned about who the bill was for and what it has been used for. Unlike the British version, any public information release leads to instant jail time, and it was unclear whether this extended to briefing legal counsel.
I feel like, if the 5 eyes wanted to breach iCloud they would use Australia rather than Britain where it can be publicly contested like this.
The AA bill has an explicit provision for not allowing weakening of existing security measures if supplying a TCN. That's the major difference between Australia and the UK.
There are some really good answers in this thread. But if Apple had backdoors they would ultimately be used and either through prosecutions which would make it obvious or reverse engineering which would be quickly discovered. This is slightly different to say AN0M phones that had a low IQ user base and wasn't actively researched by security people but the whole network was burned when they went for mass prosecution in jurisdictions where the evidence was admissible.
Agree, blind trust in any big tech company is naive. But if Apple already had hidden backdoors, why would the UK government be pushing so hard for one now?
I understand that's not your point, but the government is a massive entity: it's entirely possible that the intelligence community has capabilities that wouldn't be admissible in court and therefore are of limited use to law enforcement. Or that they might be unwilling to share them with law enforcement.
"Trust but verify" was political double speak from the start, it's fascinating how it still lives on for so long.
And yes, we shouldn't put trust in corporations in the first place.
"Trust but verify" is a description of speculative execution.
I now need so badly a situation I can bestow a "Speculatively execute!" advice to someone.
Otherwise before "Trust but verify" became popular, "Put no faith in words" was apparently the go to for Russian leaders. Not as catchy indeed.
The reason why it became popular in Russian in the first place is mostly just because it rhymes nicely...
We more need FOSS (and supply chain) hardware, software, and (distributed) cloud platforms with encrypted all at rest and in-flight with zero knowledge storage (minus specific private keys and offline authoritative key locations, of course). The problem, of course, is the main platforms are ultimately owned by single point-of-failure (SPoF) corporations that can be leaned on, banned, or raided. This would require immense, deliberate investment to avoid compromise/slowly replace closed choices and to avoid supply chain attacks. And then, ultimately, it requires a socio-political bargain to decide whom to trust and why, such as, based on interests and leadership team.
"In 2021: No (IPT) cases were found in favour of the complainant": https://en.wikipedia.org/wiki/Investigatory_Powers_Tribunal#...
This sounds like something Douglas Adams would have written about.
Good. Even if they lose, they should make as much noise as possible before giving up on the UK market. Maybe it will start to turn the tide of public perception.
The more awareness there is, the harder it becomes for governments to quietly erode encryption without pushback. If nothing else, it might make other companies think twice before rolling over.
From a leadership personality angle, who do you think initiated this brilliant marketing/messaging campaign — sue a country because ”it infringes on human rights and Apple upholds it.“
Do you think this kinds thing comes from someone in Marketing, Legal, a C-Suite, or is this kind of thing a thing by community at Apple? If it is the last, it would be brilliant to read that protocol/process/flow.
I don’t know, but it feels like the UK gave them the softest pitch, straight over the plate, and all they had to do was hit it. (Maybe a cricket metaphor would have been better)
People seem to be misinterpreting the above post. I was referring to the UK giving Apple a great marketing opportunity for their privacy stance.
Can't see much coming of this. At the very least the largest two parties are all for this kind of encryption backdoor and regardless of what the 'court' decides parliament can just legislate around it.
Apple will do it for the attention, PR and to hurt the idea generally even if they lose. Mindshare and ire towards the government are as strong as any legal judgement over time.
> Mindshare and ire towards the government are as strong as any legal judgement over time.
Much stronger.
Yup, the Courts are ultimately there to fulfil the will of Parliament: if there's a clear power granted by Parliament to do this sort of thing, and there's no compelling objection from other areas of law, then this is more just a delaying tactic.
Fun facts about the UK supreme court:
- It was created by an Act of Parliament
- It is a government department
- It can not overturn primary legislation
- Parliament could dissolve the court if it so wished
I see from your comment history you're British, so I don't get why you describe this as surprising. There's the Commons, Lords, and the King. Who or what else would be creating or dissolving the court? Why would it be able to overturn primary legislation that's received royal assent? That would just be swapping things around so you'd be saying 'fun fact about parliament, supreme court can...' anyway, surely?
Not having a judicial body that is fully independent of the legislative branch (parliament) and not being able to strike down laws is interesting/surprising to me shrug. I've always liked the idea of strong judicial oversight. But I guess without a strong constitution, where parliaments laws can't be ruled unconstitutional, it doesn't matter much... the public will be fully at the whims of parliament.
UK judicial oversight is actually pretty good. The government at the time lost numerous important cases when trying to implement Brexit. While Parliament can create legislation to overrule the courts decisions it's not typical and in the case of EU legislation they were stuck because they couldn't easily change that. The UK does have a strong constitution despite the fact it's not codified. In my opinion the US Supreme Court is farcical compared with the UK one. The fact it has lifetime appointments and is accepted as politically biased astounds me. NB: I know you didn't mention the US but it's my only point of comparison.
> The government at the time lost numerous important cases when trying to implement Brexit.
Yup, in the two cases that come to mind, the Supreme Court kicked the issue back to Parliament: Miller I[1] said that, given the extreme constitutional consequences of no deal, the Government couldn't unilaterally trigger Article 50, such a decision could only come from Parliament. This was more just a procedural issue. An Act[2] was passed a couple months after the judgment, and Article 50 was triggered a couple days later. Whereas, Miller II[3] was about the Government proroguing Parliament in order to silence it. The Supreme Court was having none of that, so it annulled the prorogation. In both cases, the Supreme Court was protecting Parliament.
- [1] <https://en.wikipedia.org/wiki/R_(Miller)_v_Secretary_of_Stat...>
- [2] <https://en.wikipedia.org/wiki/European_Union_(Notification_o...>
- [3] <https://en.wikipedia.org/wiki/R_(Miller)_v_The_Prime_Ministe...>
Aren't US SC judges picked by the president? Can't he override everything with pardons and executive orders anyway? Can't the US constitution be, uh, amended?
Aren't US SC judges picked by the president?
They're nominated by the president, but approved by the Senate. There have been cases throughout history where a nominated judge doesn't get through the approval process. Of course when the president and the Senate are aligned and in agreement this approval process is largely a rubber stamp.
Can't he override everything with pardons and executive orders anyway?
Not at all. Despite what it sometimes looks like, the president's executive order powers are quite limited. But again, if congress isn't willing to challenge the order and the Supreme Court isn't willing to rule on it, these limits are more theoretical.
Can't the US constitution be, uh, amended?
It can, but it is a slow and difficult process, requiring 2/3 support of both the house and the senate, plus support from 3/4 of the States. There have apparently been over 10000 attempts to amend the constitution since the founding, of which 27 have passed. Furthermore the president has no power to suggest or approve constitutional amendments.
Basically a president that doesn't have the support of Congress and the Supreme Court has surprisingly little power.
Technically it just requires 3/4 of the state legislatures (first 2/3 of them to trigger a constitutional convention, and then 3/4 to ratify its results).
Which - fun fact - is possible to do with states that together amount to less than 25% of the overall country population. In fact, given that it's really the legislature that needs to vote for ratification, and given FPTP being typical on state level as well + the usual gerrymandering etc that this enables, it's actually possible to amend the US Constitution arbitrarily with something like 10% of the voters (acting in concert to vote in the state legislatures that would then do the amending), if they have just the right geographic distribution.
Yup, which is why movements like https://conventionofstates.com/ can be quite frightening. As while it may seem reasonable at first glance, you needn't look very hard to find the sinister intent. Surely by now there has to be a name for the concept, similar to Godwin's Law, of right-wing movements bringing up George Soros. In addition, it mentions gay marriage, abortion, and the Affordable Care Act as examples of why a Convention of States is necessary. How lovely =/
I was speaking to the wider audience here
Our supreme court is different to the US supreme court for example
Well, the British system is particularly unique because there is no formal Constitution, and thus we have no Judicial Review for Constitutionality. There's a pretty interesting talk about this here: https://www.youtube.com/watch?v=YIlkY90Cck8
This is basically a "the Emperor's new clothes" situation where the UK's constitution can only be seen by smart and educated people. (Yes, you have QCs [now KCs] saying otherwise, but that's exactly my point.)
Face it, if the constitution is "whatever the prevailing political elite class says it is", then you don't have a constitution.
I’m not sure how a written constitution that is anyway interpreted by “the prevailing political elite class” is functionally much different?
At least there are words.
The Brits have nothing.
> At least there are words.
> The Brits have nothing.
There are words in the British constitution as well. Acts of Parliament that define how the Parliament and the courts function are constitutional laws, such as the Parliament Acts of 1911 & 1949 and the Constitutional Reform Act 2005. If we are going by words, there are a lot more words in these multiple constitutional documents than in the constitutional documents of many countries that only have one such document.
It's not meaningfully a constitution if it can be overridden in practice by a simple parliamentary majority vote, same as any other law. It's more like the "constitutions" that some absolute monarchies have or had in the past where the first thing is does is declare the monarch above any limits, just not quite as overt.
The constitution is the legal framework by which a country is governed. It is not necessarily a set of super-laws that are harder to change than regular laws (although it may contain such laws). The UK is also not the only democracy where the legislature can amend parts of the constitution with a simple majority. Besides, the UK itself has a super-law that cannot be amended, which is that the parliament is sovereign and cannot be bound by a previous parliament.
Neither the monarch, nor individual Members of Parliament, are above all limits under UK law.
Yup. What Parliament giveth, Parliament can taketh away. It is scary to think what Parliament can do with a simple majority.
Well, we are unfortunately seeing more of this with the rise of populism. However, I feel as if certain factors come together to provide a pretty effective stop-gap:
1. Members of Parliament (MPs) represent roughly 70k people. And while that's still a significant number, it's small enough for them to know and be known by their constituents. It's more difficult to vote against your constituents when you know them.
2. The House of Lords (HoL) can revise and delay, but not block, which means we are functionally immune from cross-chamber games of chicken that result in US-style government shutdowns, or European-style budget bills as confidence motions. We did come pretty close to this with Brexit in 2019, but this was all within the House of Commons given that the ruling party did not command a majority.
3. Parliamentarians usually respect the inertia of institution. As in, the idea that it's right to continue things as they've always been done, unless there's a compelling reason. It's why we're still a Monarchy, why there's still bishops and hereditaries in the House of Lords, etc. Basically, there's a culture of incrementalism. Because if you don't have the inertia, you appear to lack legitimacy, it's just a gimmick.
4. And on the heels of that, I think Parliamentarians have an occupational understanding of the adage "With great power comes great responsibility."
5. The Civil Service, while ostensibly neutral, tends to resign when asked to do anything believed to be damaging to the country.
All of this put together (and probably more than I haven't thought of) means that MPs understand that they could do great damage, and so they restrain themselves.
Contrast this with other countries with difficult systems where politicians stir up the passions of their constituents by naming their systemic limitations, "I would love to do X, but I can't because Y prevents me." A somewhat related example would be abortion in the US, where after Roe v Wade was decided, many states became soapboxes for anti-abortion rhetoric. It's a safe rhetorical position: you can say what you like and then blame the federal government for not being able to do it. But then Roe v Wade was overturned and many of these politicians and states have changed their tune, because the power is now in their hands, they are now answerable to their constituents on this matter. Not that it matters given how much gerrymandering there is, but still, the effect was noticeable.
Good question.
Mostly self preservation I guess. It's not unheard of for a party to get wiped out.
I feel the Queen made moves behind the scenes to keep the government in check too. As much as she could. Not sure about Charles
I'm sure they're looking at Trump and realising they can get away with anything if they want to.
Ministers used to resign in disgrace over far less severe things than we've seen the past 2 decades. Now you can just easily distract the public with scandal after scandal or issue after issue. Then they can re-enter politics
Probably the pitchfork risk. Governments have gotten good at keeping safe distance from the point where things might get violent.
Essentially true however judicial review can expose legal flaws, incompatibilities, or breaches of higher legal principles (e.g. the Human Rights Act 1998) essentially compelling (not forcing) the government to amend or adjust legislation.
A notable example being section 23 of the Anti-terrorism, Crime and Security Act 2001.
There's an interesting talk involving Baroness Hale, who'd later go on to be President of the Supreme Court, where she mentions the Belmarsh case: https://www.youtube.com/watch?v=pYR414Q8v6A&t=2605s
I'm not sure that's entirely true, the UK government gets sued regularly and loses a fair amount.
Sure, but that's because the government acted in ways contrary to what Parliament willed.
It will be good to have a test of the legislation, the last government spat out some horrifically written legislation, so it might not even say what they think it says.
I wonder if this case will be dropped by the uk, now that it's more clear that trump/ us gov serves (or is aligned with...) russia
The global landscape has changed significantly since (last week) this case began
As they should. You can’t throw an ultimatum for something that benefits nobody but the govt. and kick everyone around.
Would like to see other companies who were affected by similar situations also take this to court
How well it’ll do in court is debatable, could go for either side, but regardless of the outcome it’s always good to see resistance and pushback
Apple will lose, because the government didn't break any law.
I don't know what they are arguing in this case, but there is a chance that the government violated the US-UK Bilateral Data Access Agreement 2019, which governs data access requests from either country's government to technology companies based in the other country.
If the British government insists on this applying to non-british citizens in other jurisdictions, they are likely to be in conflict with privacy laws in those countries and that will trigger an international court case.
I think that the people who want to use encryption should use their own software for encryption, which is separate from the cloud service. (This alone might not do, because you also need to implement other security, but it will be one thing to do.)
You are suggesting people be able to insert an encryption module into other services?
Or that everyone has to constantly manage a non-default set of tools, and deal with all the interoperability issues of all the mish-mashes of choices others make?
Or, ...?
Personally, I cannot see a safe online world that doesn't have hard privacy.
Why not give people easy ways to report "very bad behavior" online, to authorities that build up a reputation of responding responsibly. Including bounties for the most egregious stuff.
Then every recipient of anything rotten becomes a honeypot for the criminals.
Breaking everyone's privacy is going to attract every nefarious and security conscious actor in the world to the buffet. Every state actor, "good" or "bad" is going to want to have access to everything that can theoretically be accessed. Worst possible kind of honeypot.
And this whole situation just reinforces the fact that relying on a provider's encryption means trusting that they won't be forced to weaken it later
Remember software can be banned or regulated via export control.
Exactly. Just like the pirate bay.
That ban seems to be incredibly toothless considering a simple DNS/IP change can bypass it.
at least Apple should provide a way of inserting a module to encrypt decrypt files. and say, we just store the bytes user provide us.
This is the issue. If you encrypt your own, then the software will not be able to use it as it's not a file it expects. So all of the software that you want to use your encrypted files will need to have this type of module.
At that point, I feel like we've opened pandora's box. If every single app had to be able to decrypt/encrypt with your personal key, we just know someone will roll their own and fuck it up for everyone else.
It depends on where you put that module.
In NT you can have modules that sit between various operations on the file system. It’s how AV works without having to hook into every single application that reads and writes from storage.
There’s no technical reason why this kind of approach couldn’t be applied by Apple for encryption. But it would require relinquishing some control over their platform, so it would never happen.
Microsoft gets that excuse, because it lets you run anything at all on your computer. Apple doesn't, because it only lets you run things approved by Apple. Instead of "why did you make this encryption system we can't break into? Trillion dollar fine!" it'd be "why did you let XYZ Corp install this encryption system we can't break into? Trillion dollar fine!"
It's completely disgraceful what the U.K. is doing to freedom of expression. Very happy to see Apple like this.
How do you guys interpret the fact that the UK hasn't requested such backdoors for Android-based stuff ? Ie. is this an indication that they already have such thing ?
The UK "laws" are extremely evil when it comes to violating basic rights, they can essentially force companies to shut up, "gagging orders", etc...
This is about end-to-end encryption. Google doesn’t do that.
Where did you hear that?
A quick search tells me google does end-to-end encryption since at least 2021 [1].
https://www.androidcentral.com/how-googles-backup-encryption...
If Apple had the wherewithall, theyd give up on the UK and be done with it. Should they not prevail legally. Pipe dream, I know.
I never get this perspective. Firstly we do give them a crap load of revenue. Secondly it'd probably trash any of their non US business almost immediately as people start looking for contingency in case they pull out of other countries. Thirdly they didn't pull out of China. And fourthly there are a lot of Apple engineering staff here in the UK - it'd cripple them because they won't move to the US.
They will comply with the law and make a lot of noise and not a lot else.
How can a company the size of Apple be crippled by employees in the UK?
Literally a large chunk of the ARM core team are in Cambridge including most of the GPU folk and there are a ton of infra and software team in a couple of other UK locations.
On top of that, a big chunk of the follow the sun on call engineering (SRE) are here that look after global infra and most of the European support operation are in Northern Ireland.
Fruit Engineering Ltd. hires brits and contracts with offshore Apple Inc. The former does not have the keys and cannot be forced to do anything iCloud-side.
It's not like corporate doesn't know all the tricks already. The only reason they need is whether the UK market is worth the hassle. That's all.
Define a “crapload.” My understanding is that it’s actually a number that could be walked away from.
8000 staff including very high level engineering and technical.
Isn't that potentially devastating to the UK, not Apple in the long run? Choosing to walk away from the market in terms of supplying goods does not mean needing to walk away from high level engineering staff.
Of course, you may mean these staff are only required to service the UK market...but it sounds like you mean they are valuable to Apple, at which point I am unsure as to why they would not be retained/shifted as appropriate.
Also my apologies, I assumed revenue here. Also thank you, I had not considered staffing, but it makes sense.
Yes it’s more critical staff. And it’s more a cultural thing. I know a couple of Apple folk and they will definitely not relocate to retain the job. Especially in the current political climate.
You don’t actually need as much money to survive in the UK as the US for example. So there isn’t the motivator to retain high level salaries other than luxury.
It would be “no thanks” and take a 30% cut to go and work somewhere else.
> Yes it’s more critical staff. And it’s more a cultural thing.
Ah yup, that 100% makes sense and I don't know why I didnt consider it. I should no more than anyone the value of more "key staff" as it were, and the impact a shock to those kind of staff can have.
> You don’t actually need as much money to survive in the UK as the US for example. So there isn’t the motivator to retain high level salaries other than luxury.
I did not know this, I am over in AU and don't know that much about the UK to be honest. I've only heard things in passing about London really and even then all ive heard is "VERY EXPENSIVE, RENT BAD" so thats super interesting.
> It would be “no thanks” and take a 30% cut to go and work somewhere else.
Yes, good for them too. I have taken (including recently) such pay cuts because I have strong opinions of where I will work, or who I will work with.
Thanks for coming back to answer my questions, I found it super informative. I didnt intend to sound aggressive in my first response so i'm glad you did!
The perspective is that if Apple bricks its devices for a couple days in the UK the pitchforks will come out considering they have the moral high ground and the better marketing team to pitch it to the general population.
Whether it's good for a US corpo to interfere with the stable 1984 progression of the UK is another issue. If I were in a decision making position at Apple I wouldn't want to bother with this either. Just take the easy marketing W and move on. Maybe prepare a plan for market exit just in case they're not satisfied with disabling encryption and demand a global backdoor.
The Apple engineer staff can keep their jobs.
What happens when Australia blocks this next? Then Japan? Then Brazil? Then Sweden? Then the US?
"What if every country on Earth violated everyone's rights" isn't really much of an argument against standing up to countries that try. If that actually happens then we're all screwed anyway. Until it does actually happen, why roll over and allow it to happen without even trying?
If Apple gives in, it will certainly happen in dozens of countries. China alone would be a dealbreaker.
Apple gave in to China years ago. Apple gave operation of iCloud servers to a chinese company.
According to Apple, everything in their system still works the same and they still have control of their own hardware, even if it’s in a Chinese data center. Systems like iMessage are still fully end-to-end encrypted even in China. Maybe they’re lying but it would be a huge opportunity for devastating leaks if that’s true.
The simplest answer to your question is "it exists" and "iMessage isn't important," but instead, you chose to write a whole fiction for your brain. If that's critical thinking, I'd call it hallucination.
See, I don't see just withdrawing from the country as 'standing up to'. It's just giving up in a more disruptive way, especially when It seems very likely to me that other countries will start demanding the same.
Actually taking them to court and objecting seems more productive to me.
> I don't see just withdrawing from the country as 'standing up to'. It's just giving up in a more disruptive way...actually taking them to court and objecting seems more productive to me.
"objecting" alone does nothing. Objecting + lawsuits or objecting + withdrawing might accomplish something.
I'd agree that lawsuits are a good idea but they are also entirely dependent on the courts (of the same country that already wants to violate people's rights) to do the right thing. If the lawsuit works and the government forces the government to back off it's a good thing, but if not a company keeps the power to take their technology and leave. They can choose to do that regardless of what the laws or courts of another country thinks.
Walking away might be seen as a company "giving up" on the corrupt country that wants to violate people's rights, but it's certainly not a company giving up on their principles. A nation full of people angry that they won't be able to get highly sought after products and services can change policy too.
I wish this issue were playing out in Australia right now, rather than the UK. It would be hilarious to see Apple walk out of the Australian market right before a federal election.
I wish they placed a red warning on every phone instead: "Your government is forcing us to weaken your security because it wants to snoop on you."
One of the problems of digital surveillance is that is doesn't feel intrusive, indeed it can be fully hidden from the users. With a message like this displayed every time you unlock your phone, plenty of people would start asking questions.
> "Your government is forcing us to weaken your security because it wants to snoop on you."
They're not allowed to actually tell you about the UKGOV order. That's the point of it being a secret order.
And yet
Apple can't discuss any of the details, but I'm sure they could point their customers to a person who can.
"This feature is no longer available in the UK.
For further information, contact:
Mr Xxxxx Yyyyyy
UK Home Office
02070 xxx xxx
xxxxx.yyyy@homeoffice.gsi.gov.uk"
> Mr Xxxxx Yyyyyy
*Mrs
https://en.wikipedia.org/wiki/Home_Secretary
> red warning on every phone instead
This is silly. The average consumer will just avoid Apple products.
Isnt that their soft plan? They plan on just removing the encryption for all UK users to make the point moot domestically if this gambit doesnt bare fruit. If they want to continue to push that they want it for all users globally, Apple can attempt to leave the market fully.
Apple pulls data protection tool after UK government security row (bbc.com) - 1769 points , 1105 comments https://news.ycombinator.com/item?id=43128253
I hope for the same. Likely not for the same reason as you, but we are together in hoping.
Government backdoors to devices not only allow governments to manipulate their people in domineering ways, but make it easier for hackers to steal form users. This will always be true.
I've been wondering. What would happen if Tim Cook personally 'leaked' the notice on twitter?
How would the UK government reasonably sanction Apple?
Force cell carriers to block imei of apple handsets
That surely wouldn’t sit well with the public?
I'm fairly certain this would impact a large part of the government itself.
Why would the UK government limit itself to being reasonable?
I can imagine most CEOs pausing before picking a fight with the intelligence services.
Honestly think they should just disable all iPhone functionality but phone calls and the politicians will fold within hours.
End of the day people love their devices more than their rulers and it’s a tangible way to action citizens who would normally sleep though this into having their privacy protected.
Until people start to really feel what losing privacy mean, nothing much will happen.
Right now, there is still a strong support in the UK for the gouvernement crusade against encryption and overall ending of privacy.
Because "why should I care, i have nothing to hide". It takes time and tragedy for populationd to educate themselves on matter, maybe in a few years or a decade the trend will invert.
Until then, there isn't much apple can do. They haven't the law with them, they haven't the population with them, they got the money but they aren't going to spend it on educating people.
Taking UK gouvernement to court is just the best they can do right now, a big pr stunt, like a giant ad to say to the rest of the world 'we care about your privacy, buy iphone'.
any qualified opinions here on tresorit? i'm using them now for about three years and the service is alright and reliable afaiac. supposedly they don't have the private key. that makes using it sometimes a little slow compared to other options. but i decided to go with them after reading numerous horror stories about dropbox et al.
Was Tarsnap evaluated? Those behind it are well known and the construction is simple and explained clearly. My general rule: never make technology recommendations without throughly vetting/testing multiple candidates and digging deep into support, the company, and demoing close to intended use.
Fuck the UK government
[dead]
smells like PR/marketing
Sure, but it’s the only thing they really can do in the situation, i.e. cause as much stir as they can to hopefully draw public attention to the matter.
[flagged]
Imagine a Chinese company sued a Westoid nation over some national security feature.
HN would be calling for world war.
Apple should be celebrating Stammer for his proud tradition of freespeech not taking him to court.