As a believer in equal protection under the law, it is never a win when a powerful company or government lobbies for a specific carve out for only it's customers or its country. Human rights like privacy don't belong to those who bought the right phone or were born on the right piece of soil.
This isn't a win, this is solidifying and reinforcing the idea that different laws should exist for different classes of people - those who can afford to make the government look the other way and those that can't.
Congratulations to Apple on lobbying for its own money. Very noble.
>it is never a win when a powerful company or government lobbies for a specific carve out for only it's customers or its country.
This wasn't an "Apple only" law -- it would have affected all platforms with data on customers that live outside the UK.
>This isn't a win, this is solidifying and reinforcing the idea that different laws should exist for different classes of people - those who can afford to make the government look the other way and those that can't.
Corporations are not people. The people can afford to vote out politicians making laws that go against the will of the people.
As far as I know, the blue/green mentality is a cultural issue for Apple. They would be fine if Android users had their data read by the government, because that injustice is a market differentiator for them they can then sell.
I'm not saying they shouldn't lobby for what they believe in, but Apple always stops short of making the world a better place and seems to care only if their walled garden is secure.
> Apple always stops short of making the world a better place and seems to care only if their walled garden is secure.
succinctly summed up why I dislike Apple (despite using their products). If you value privacy (against third parties), E2EE, and the tight device coupling then Apple is literally the only choice unless you have the time, knowledge and desire to piecemeal together your own solutions and that really sucks. I have permanent cognitive dissonance because I won't give up the small quality of life features Apple gives me, but I also don't have the time nor skill to replicate their whole ecosystem with Linux, GrapheneOS, writing BLE scripts for watch unlock, fussing with KDE connect for universal clipboard, hosting my own nextcloud instance, etc.
I wish there was another choice of mobile + accessories that was both privacy respecting and actively using open standards for the betterment of all, not just their own profits.
> I wish there was another choice of mobile + accessories that was both privacy respecting and actively using open standards for the betterment of all, not just their own profits.
That's the rub. If you look at Android handset financials, there's almost no money in making Android phones unless the company making them is Samsung, and only certain models sell. Where are all of these profits going to come from?
I wonder if you'd get farther with a USB SIM adapter under desktop Linux in that regard. I think you'd be hard pressed to end up where you want to in anything more portable than a laptop, since phones themselves are designed to be glorified containers for your mobile ad ID.
It's Apple's fault. They abandoned principled security a long, long time ago if you were paying attention. Chinese iCloud users have no protection against state-authorized backdoors since Apple removed the hardware security modules[0] that protect user encryption keys (at the PRC's request). Apple doesn't care about protecting their users above and beyond the reach of the state, state surveillance is an inevitability.
When you start down a slippery slope like this, you burn trust and make people demand transparency. It's impossible for me to say that I'm any more secure as an American user - no trusted third-parties actually audit Apple's American iCloud servers for such backdoors. Users trusting Apple for security are (unfortunately) fish in a barrel, same as ever.
I find the snark in your comment very weird and misplaced... Consider what the alternative is - Apple isn't allowed to talk about this, so they would have just had to silently backdoor their encryption for all their users all around the world so the UK intelligence organisations could access anyone Apple user's data...
Honestly probably nobody would have noticed that, and it would have been the path of least resistance to just comply. Some informed technical people might abandon Apple's platform, but the masses wouldn't have noticed... So how is this "Apple on lobbying for its own money"?
Honestly that last line just comes across as unhinged... Trying to read your comment in the most generous light but it's not close to reality...
>it is never a win when a powerful company or government lobbies for a specific carve out for only it's customers or its country.
I don't think that is the case here. It's a "secret order" so it's never sure, but there aren't a lot of global tech companies who will comply to give a single government their worldwide data.
This is an obvious win when fewer people are under the boot even if some people remain they're. It's not a universal win, for sure, but let not perfect be the cause to ignore the good.
If the UK had 'won' again Apple, do you not think that the Android ecosystem would be next? If the UK had 'won', do you not think that Turkey, India, China, etc, would not be lining up as well?
You have a good point. Privacy is a human right, but nobody should be able to fight for it. People or organizations trying to influence the governments that they live or operate under is wrong, as governments (all of them, globally) should simply do the right thing automatically, all the time.
Sadly every time I’ve tried to explain this to people they always say “you are bleeding a lot” and “dude you just fell down so many stairs. I have never seen anyone fall down that many stairs” or “your head sustained the entire impact of your full bodyweight when you finally reached the bottom of those stairs, how are you even standing?” so I don’t think this is a conversation a lot of people are ready to have
But surely it is only a ChatGPT signal because it was a strong signal in the training data. You need more than one strong signal with that sort of potential for false positives to make a reasonably accurate identification.
If it is, it's one I've neither heard others mention before nor seen often enough myself to consider it a tell (but for the latter, I do use ChatGPT's customisation options).
Dude, half my stuff on here is downvoted. I am not a good writer, but I do my best. My opinions and thoughts are my own and I am not using ChatGPT to make hot takes on hacker news, but I do use ChatGPT and have conversations with it.
Sometimes when I talk to British people, I start to do an accent a little bit. I think I just chameleon my tone to recent conversations, but I can't convince you otherwise.
Unrelatedly, there is a upended tortoise outside my house struggling in the heat. I am not sure why I refuse to help him, can you tell me why?
Yup, and constituent apathy killed it. if people can't hold their reps accountable over even the most obvious BS, and re-elect them anyway, why would reps bother trying to hide it?
The other concerning thing is that it took the otherwise awful Trump administration to push back, while the Biden administration was reportedly going to look the other way (and have been accused of knowing about it but hiding it from Congress) [1].
See this is the kind of lying I expect from politicians - misleading people about their policy decisions. Not the constant challenging of recorded fact.
Well, Google and Co. are trying to push it worldwide anyway under the ruse of UK law, regardless of administration. I don't see them countering all this AI ID stuff.
I feel this is more of an "Earth isn't yours to conquer" move rather than one really aimed at protecting US Citizen's data. Governments is simply fighting over who can control how we navigate our tech.
The backdoors might still go ahead. What if backing down is just for show?
In the end they don't have to let public know, but this information serves a purpose - potential suspects might now think it is okay to use now and fall right into the trap.
I am all for laws designed to protect children, and stop terrorism. But these 'back door' laws are nearly always very poorly thought out and offers new avenues for 'normal' people to come to harm.
This isn't true on the whole in this context. How does the UK's OSA target journalists, activists and whistleblowers?
I think this conspiratorial view of these laws is doing more harm than good and ignores the entire issues that these laws are designed to address.
The problem is we create overly broad laws because:
- There is a problem with child predation / terrorism
- There is a lack of understanding on how technology works
- There is faith that the system works and won't ever be abused
- There are too few people in community self policing these issues.
Addressing any one of these in a different way will negate the need for laws like the UK were trying to implement.
Creating broad gives the police more ability to enforce their spirit. I think that's generally a bad thing when the laws are to do with civil liberties. But maybe a good thing when dealing with, for example, domestic abuse.
>How does the UK's OSA target journalists, activists and whistleblowers?
The general context is it targets "anyone who angers the government". Being able to ban your entire internet if this becomes widespread becomes a very powerful deterrent to opposition. \
>Creating broad gives the police more ability to enforce their spirit. I think that's generally a bad thing when the laws are to do with civil liberties.
Given the histories of "enforcing spirits" for both the US and the UK police forces, I'm not sure how or why you'd have faith in their interpretations.
The police can bring up your info themselves without needing the ability to cut off someone's entire digitial landscape.
Unfortunately, I'm highly confident that 90% of the intelligence community looks at us insisting that crypto standards be inviolable, and thinks we're all as infuriatingly naïve as a ChatGPT comment.
I don't know the true risks of terrorist organisations. I doubt I ever will, because the intelligence community wants to keep its methods secret in order to avoid mildly competent terrorists from avoiding stupid (from MI5/6's POV) mistakes. The counter-point is that such secrecy makes the intelligence organisations themselves a convenient unlit path for a power-hungry subgroup to take over a nation.
Regarding sexual abuse, the stats are much easier to find, and are much much worse than most people realise to the extent that most people either don't understand what those numbers mean or don't believe them: If you're an American, on your first day in high school, by your second class you have more than even odds of having met a pupil who had already been assaulted, most likely by someone close to the victim such as a relative.
I don't see how any level of smartphone surveillance will do anything to stop that. Or indeed, any surveillance that isn't continuous monitoring of every kid to make sure such acts don't find them.
I think the problem with terrorism is it's simultaneously more and less than they think. More from the groups they don't expect, and less from the ones they expect it to come from and are surveillance and infiltrating.
For example, looking back over the history from what has been declassified in my country, the intelligence services spent a huge amount of time and resources infiltrating and surveillance communist groups and university socialist clubs, and then seemed to be completely blind-sided by the rise of Islamic terrorism when 9/11 rolled around... In a similar vein I think to how the UK is spending all this time going after people waving signs supporting Palestinians - they probably honestly think there's a real threat there, and it will turn out to be a huge waste of time and the next real terror threat will come out of some other unexpected group.
As for assault - yes, it's usually someone they know. Which is why it's ridiculous the resources they spend trying to backdoor private messaging etc. in the name of "protecting the children" when much of it's happening in person...
>If you're an American, on your first day in high school, by your second class you have more than even odds of having met a pupil who had already been assaulted, most likely by someone close to the victim such as a relative.
You're saying that the rate of sexual assault is.. a few percent?
Too high! I agree. But it's bad form to give convoluted examples in order to give the impression that the actual number is worse than it is.
> Unfortunately, I'm highly confident that 90% of the intelligence community looks at us insisting that crypto standards be inviolable, and thinks we're all as infuriatingly naïve as a ChatGPT comment
Until they can prove this is the case, and not just fear mongering to justify their massive budgets, overreach and assaults on civil liberties, I am happy to continue being considered naïve by them.
I am very much against laws designed to protect children and stop terrorism.
By now, "think of the children" is a tired cliche of anti-freedom laws. If "protecting children" requires sacrificing freedom for everyone, then children should not be protected.
Every time I come across another anti-freedom law wrapped in an excuse of "think of the children", I question whether the worshippers of Moloch had the right idea after all.
> If "protecting children" requires sacrificing freedom for everyone, then children should not be protected.
Agreed. It all goes back to the famous quote "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." (granted, the quote was about taxation but the principle applies here)
Much like cybersecurity, it's always a trade off between absolute freedom and absolute safety. You don't get both. Every "safety" measure that gets put in place reduces your level of individual freedom. Go to far in the safety direction and you lose all your freedoms, and that trade off IMO is not worth it.
> I am very much against laws designed to protect children and stop terrorism.
This can't be true. You're against a law that says a convicted child rapist cannot work in schools? You're against a law that says people can't take bombs onto planes?
I think you're being dishonest in your statements, or do not care about anyone else in society.
>You're against a law that says a convicted child rapist cannot work in schools?
I'll be the devil's advocate: for how long and in what way? You can be on the child predator list because a minor caught you peeing on the side of a road. Do they deserve to be blocked out of an industry because of bad luck over something many people have done?
>You're against a law that says people can't take bombs onto planes?
Well that led to me not being able to bring a normal stick of deoderant in my bags. So maybe we should review the TSA oversight after 20 years.
>I think you're being dishonest in your statements, or do not care about anyone else in society.
and I think you're arguing in bad faith comparing the ability for government to track society's entire digital footprint to imprisoning a convicted criminal.
I do think that both TSA and modern airport security in general should be dismantled. And that any law that claims to "protect children" or "stop terrorists" should be scrutinized as if it was written by Satan himself, with assumed malicious intent.
This is true for existing laws, and true twice over for anything that's being proposed. It's long overdue for the "safety" plague of "think of the children" to die.
Cold logic dictates otherwise. The UK is part of Five Eyes: total data sharing between intelligence agencies. If that were the case, why would the UK need a law to get data it already has?
It wouldn’t need the law, but putting the proposal up and then, after the predictable backlash, retract it could be a ploy to make the criminals/us think they don’t have access to the data now.
WW2, the Allies used all sorts of fake outs to lead the Germans to believe that the Enigma machine remained secure. Many people died for the sake of the secret.
Given the lengths the government has gone to monitor its citizens, I could believe the technology stack has already been compromised.
Upvote from me. Your point is completely valid and simply stated, and yes, I agree that they very possibly could do exactly this sort of thing for the sake of play-acting a government blindness that doesn't really exist as such.
Truly this site is crawling with anal-retentive man-children who downvote over any silly self indulgent bullshit they can think of.
It’s not really a secret; it’s by design and it’s public. iCloud is not end to end encrypted by default. Apple and the state can read the on-by-default iCloud Backup which contains your iMessage sync keys and all your historical iMessages and attachments. iCloud Photos, Contacts, and Mail are all similarly not e2ee and trivially readable by Apple, DHS/FBI, and anyone else under FAA702 (aka PRISM, aka the #1 most used US intel source) without a warrant.
Apple processes FAA702 orders on upwards of 80,000 Apple IDs per year per their own annual transparency report.
Snowden himself said that they see so many nudes that they got desensitized to it.
This clever setup allows them to claim iMessage is e2ee while still escrowing keys in effective plaintext to Apple in the iCloud Backup, rendering the e2ee totally ineffective.
I think “backdoor” is probably an appropriate term for it, but they have made no secret whatsoever of it.
It’s terrifying to think that the US federal government can read every iMessage in the entire world across a billion devices (except China, where the CCP can do the same) in effectively realtime. The power that that enables (if only in blackmail ability) is staggering.
I don' think so, but, even with advanced data protection on - if you communicate with someone via iMessage, for example, that does not use advanced data protection, and then they use iCloud backup, then it nullifies it essentially. Feds could get your messages via the recipients iCloud backup.
Advanced Data Protection needs to be turned on for both you, and everyone you communicate with if you want the full chain to be E2EE. Your communications are only ever as secure as its recipient.
Also, what regular criminal, let alone terrorist, would leave iCloud backup turned on after all the hacks and leaks over the years. I assume that most in the HN community, like myself, have iCloud backup turned off.
“As a result, the UK has agreed to drop its mandate for Apple to provide a ‘back door’ that would have enabled access to the protected encrypted data of American citizens and encroached on our civil liberties.”
The reason the UK dropped the demand is because they already have backdoor access to personal data using multiple methods, and to make the topic disappear for the time being.
Never use a mobile for anything that requires privacy or security. It's the intelligence agencies favourite tool.
Governments generally use special procedures for securing secret information, which makes this a non-issue for government use, assuming government employees follow the procedures, which apparently the Trump administration doesn’t.
As a believer in equal protection under the law, it is never a win when a powerful company or government lobbies for a specific carve out for only it's customers or its country. Human rights like privacy don't belong to those who bought the right phone or were born on the right piece of soil.
This isn't a win, this is solidifying and reinforcing the idea that different laws should exist for different classes of people - those who can afford to make the government look the other way and those that can't.
Congratulations to Apple on lobbying for its own money. Very noble.
>it is never a win when a powerful company or government lobbies for a specific carve out for only it's customers or its country.
This wasn't an "Apple only" law -- it would have affected all platforms with data on customers that live outside the UK.
>This isn't a win, this is solidifying and reinforcing the idea that different laws should exist for different classes of people - those who can afford to make the government look the other way and those that can't.
Corporations are not people. The people can afford to vote out politicians making laws that go against the will of the people.
> This wasn't an "Apple only" law -- it would have affected all platforms with data on customers that live outside the UK.
Yeah, the law still exists. Apple just successfully managed to refuse to comply with a request made under it.
I agree it should be across the spectrum where people have the same rights to privacy.
> those who can afford to make the government look the other way and those that can't.
> Congratulations to Apple on lobbying for its own money. Very noble.
But what’s your implication here, that Apple shouldn’t have fought it?
Probably that it should be a generalization and apple should have fought for that and not apply just to one particular operator.
As far as I know, the blue/green mentality is a cultural issue for Apple. They would be fine if Android users had their data read by the government, because that injustice is a market differentiator for them they can then sell.
I'm not saying they shouldn't lobby for what they believe in, but Apple always stops short of making the world a better place and seems to care only if their walled garden is secure.
> Apple always stops short of making the world a better place and seems to care only if their walled garden is secure.
succinctly summed up why I dislike Apple (despite using their products). If you value privacy (against third parties), E2EE, and the tight device coupling then Apple is literally the only choice unless you have the time, knowledge and desire to piecemeal together your own solutions and that really sucks. I have permanent cognitive dissonance because I won't give up the small quality of life features Apple gives me, but I also don't have the time nor skill to replicate their whole ecosystem with Linux, GrapheneOS, writing BLE scripts for watch unlock, fussing with KDE connect for universal clipboard, hosting my own nextcloud instance, etc.
I wish there was another choice of mobile + accessories that was both privacy respecting and actively using open standards for the betterment of all, not just their own profits.
> I wish there was another choice of mobile + accessories that was both privacy respecting and actively using open standards for the betterment of all, not just their own profits.
That's the rub. If you look at Android handset financials, there's almost no money in making Android phones unless the company making them is Samsung, and only certain models sell. Where are all of these profits going to come from?
I wonder if you'd get farther with a USB SIM adapter under desktop Linux in that regard. I think you'd be hard pressed to end up where you want to in anything more portable than a laptop, since phones themselves are designed to be glorified containers for your mobile ad ID.
https://en.wikipedia.org/wiki/Advertising_ID
s/secure/profitable/
Weird way to manage to do enough contortions to make this all Apple's fault.
It's not their fault. They did the right thing, which luckily coincided with what is best for their bottom line this one time.
It's Apple's fault. They abandoned principled security a long, long time ago if you were paying attention. Chinese iCloud users have no protection against state-authorized backdoors since Apple removed the hardware security modules[0] that protect user encryption keys (at the PRC's request). Apple doesn't care about protecting their users above and beyond the reach of the state, state surveillance is an inevitability.
When you start down a slippery slope like this, you burn trust and make people demand transparency. It's impossible for me to say that I'm any more secure as an American user - no trusted third-parties actually audit Apple's American iCloud servers for such backdoors. Users trusting Apple for security are (unfortunately) fish in a barrel, same as ever.
[0] https://www.nytimes.com/2017/07/12/business/apple-china-data...
I find the snark in your comment very weird and misplaced... Consider what the alternative is - Apple isn't allowed to talk about this, so they would have just had to silently backdoor their encryption for all their users all around the world so the UK intelligence organisations could access anyone Apple user's data...
Honestly probably nobody would have noticed that, and it would have been the path of least resistance to just comply. Some informed technical people might abandon Apple's platform, but the masses wouldn't have noticed... So how is this "Apple on lobbying for its own money"?
Honestly that last line just comes across as unhinged... Trying to read your comment in the most generous light but it's not close to reality...
>it is never a win when a powerful company or government lobbies for a specific carve out for only it's customers or its country.
I don't think that is the case here. It's a "secret order" so it's never sure, but there aren't a lot of global tech companies who will comply to give a single government their worldwide data.
This is an obvious win when fewer people are under the boot even if some people remain they're. It's not a universal win, for sure, but let not perfect be the cause to ignore the good.
Any port in a storm.
> Congratulations to Apple on lobbying for its own money. Very noble.
First they came for the Apple fanboys, and I did not speak out— Because I was not a Apple fanboy.
* https://en.wikipedia.org/wiki/First_They_Came
If the UK had 'won' again Apple, do you not think that the Android ecosystem would be next? If the UK had 'won', do you not think that Turkey, India, China, etc, would not be lining up as well?
Doesn't the UK law already apply to all those others ?
You have a good point. Privacy is a human right, but nobody should be able to fight for it. People or organizations trying to influence the governments that they live or operate under is wrong, as governments (all of them, globally) should simply do the right thing automatically, all the time.
Sadly every time I’ve tried to explain this to people they always say “you are bleeding a lot” and “dude you just fell down so many stairs. I have never seen anyone fall down that many stairs” or “your head sustained the entire impact of your full bodyweight when you finally reached the bottom of those stairs, how are you even standing?” so I don’t think this is a conversation a lot of people are ready to have
Unfortunately the internet is just going to be these ChatGPT comments now, isn't it.
I am a human being, but I have been training on ChatGPT conversations for a few years, is it starting to show?
FWIW, I was using em-dash before it was actively the opposite of cool.
It's not just that, this construction:
> This isn't X, this is Y
is a huge ChatGPT signal.
But surely it is only a ChatGPT signal because it was a strong signal in the training data. You need more than one strong signal with that sort of potential for false positives to make a reasonably accurate identification.
If it is, it's one I've neither heard others mention before nor seen often enough myself to consider it a tell (but for the latter, I do use ChatGPT's customisation options).
I love how completely prosaic phrases are now "ChatGPT signals".
Do we really think an account that's been here since 2009 and claims to be a software developer is using ChatGPT to write comments on Hacker News?
I think that people aren't farming out work to ChatGPT as you've imagined, but moreso using it to "help them write" if they're poor writers.
Dude, half my stuff on here is downvoted. I am not a good writer, but I do my best. My opinions and thoughts are my own and I am not using ChatGPT to make hot takes on hacker news, but I do use ChatGPT and have conversations with it.
Sometimes when I talk to British people, I start to do an accent a little bit. I think I just chameleon my tone to recent conversations, but I can't convince you otherwise.
Unrelatedly, there is a upended tortoise outside my house struggling in the heat. I am not sure why I refuse to help him, can you tell me why?
The classic Chatgpt "upended tortoise" tangent. This guy, I swear
You're Harrison Ford - we knew it !
what in that top comment made you suspicious of ChatGPT usage? It doesn't seem to be that tone at all.
I checked; their post has good ol' fashioned hyphens, no em-dashes, so it's less likely to be slop.
Stated above, not just em-dash, but the following:
> This isn't X, this is Y
This is ChatGPT's favorite rhetorical flourish without exception.
ChatGPT wouldn't have set the apostrophe incorrectly in "it's customers".
It's great that they're dropping it, but concerning that it was only because of pushback from US politicians.
Also important to note:
> With the order now reportedly removed, it’s unclear if Apple will restore access to its ADP service in the UK.
For sure they didn't drop it out of the goodness of their heart.
There was once an idea that elected politicians should champion the interests of their constituents.
Somehow I don't think this was in the constituents' interests in the first place.
> There was once an idea that elected politicians should champion the interests of their constituents.
I think that idea died a very long time ago.
Yup, and constituent apathy killed it. if people can't hold their reps accountable over even the most obvious BS, and re-elect them anyway, why would reps bother trying to hide it?
> only because of pushback from US politicians
Like it or hate it, that's still the way of the world.
The other concerning thing is that it took the otherwise awful Trump administration to push back, while the Biden administration was reportedly going to look the other way (and have been accused of knowing about it but hiding it from Congress) [1].
1. https://daringfireball.net/linked/2025/02/26/wapo-biden-just...
See this is the kind of lying I expect from politicians - misleading people about their policy decisions. Not the constant challenging of recorded fact.
Well, Google and Co. are trying to push it worldwide anyway under the ruse of UK law, regardless of administration. I don't see them countering all this AI ID stuff.
I feel this is more of an "Earth isn't yours to conquer" move rather than one really aimed at protecting US Citizen's data. Governments is simply fighting over who can control how we navigate our tech.
The backdoors might still go ahead. What if backing down is just for show? In the end they don't have to let public know, but this information serves a purpose - potential suspects might now think it is okay to use now and fall right into the trap.
Just rejoice that in this one case, the spinelessness of our elected representatives has some, perhaps temporary, upside.
How is this an example of spinelessness?
Maybe they mean the spinelessness of UK representatives?
Some people always assume everything is about their country.
Yep
Good news for UK people.
I am all for laws designed to protect children, and stop terrorism. But these 'back door' laws are nearly always very poorly thought out and offers new avenues for 'normal' people to come to harm.
> I am all for laws designed to protect children, and stop terrorism.
The usual suspects:
* https://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalyp...
The real target: journalists, activists and whistleblowers
This isn't true on the whole in this context. How does the UK's OSA target journalists, activists and whistleblowers?
I think this conspiratorial view of these laws is doing more harm than good and ignores the entire issues that these laws are designed to address.
The problem is we create overly broad laws because:
- There is a problem with child predation / terrorism - There is a lack of understanding on how technology works - There is faith that the system works and won't ever be abused - There are too few people in community self policing these issues.
Addressing any one of these in a different way will negate the need for laws like the UK were trying to implement.
Creating broad gives the police more ability to enforce their spirit. I think that's generally a bad thing when the laws are to do with civil liberties. But maybe a good thing when dealing with, for example, domestic abuse.
>How does the UK's OSA target journalists, activists and whistleblowers?
The general context is it targets "anyone who angers the government". Being able to ban your entire internet if this becomes widespread becomes a very powerful deterrent to opposition. \
>Creating broad gives the police more ability to enforce their spirit. I think that's generally a bad thing when the laws are to do with civil liberties.
Given the histories of "enforcing spirits" for both the US and the UK police forces, I'm not sure how or why you'd have faith in their interpretations.
The police can bring up your info themselves without needing the ability to cut off someone's entire digitial landscape.
Back doors just make the device or platform less secure.
Mm.
Unfortunately, I'm highly confident that 90% of the intelligence community looks at us insisting that crypto standards be inviolable, and thinks we're all as infuriatingly naïve as a ChatGPT comment.
I don't know the true risks of terrorist organisations. I doubt I ever will, because the intelligence community wants to keep its methods secret in order to avoid mildly competent terrorists from avoiding stupid (from MI5/6's POV) mistakes. The counter-point is that such secrecy makes the intelligence organisations themselves a convenient unlit path for a power-hungry subgroup to take over a nation.
Regarding sexual abuse, the stats are much easier to find, and are much much worse than most people realise to the extent that most people either don't understand what those numbers mean or don't believe them: If you're an American, on your first day in high school, by your second class you have more than even odds of having met a pupil who had already been assaulted, most likely by someone close to the victim such as a relative.
I don't see how any level of smartphone surveillance will do anything to stop that. Or indeed, any surveillance that isn't continuous monitoring of every kid to make sure such acts don't find them.
I think the problem with terrorism is it's simultaneously more and less than they think. More from the groups they don't expect, and less from the ones they expect it to come from and are surveillance and infiltrating.
For example, looking back over the history from what has been declassified in my country, the intelligence services spent a huge amount of time and resources infiltrating and surveillance communist groups and university socialist clubs, and then seemed to be completely blind-sided by the rise of Islamic terrorism when 9/11 rolled around... In a similar vein I think to how the UK is spending all this time going after people waving signs supporting Palestinians - they probably honestly think there's a real threat there, and it will turn out to be a huge waste of time and the next real terror threat will come out of some other unexpected group.
As for assault - yes, it's usually someone they know. Which is why it's ridiculous the resources they spend trying to backdoor private messaging etc. in the name of "protecting the children" when much of it's happening in person...
>If you're an American, on your first day in high school, by your second class you have more than even odds of having met a pupil who had already been assaulted, most likely by someone close to the victim such as a relative.
You're saying that the rate of sexual assault is.. a few percent?
Too high! I agree. But it's bad form to give convoluted examples in order to give the impression that the actual number is worse than it is.
> You're saying that the rate of sexual assault is.. a few percent?
Specifically of pre-pubescents. This is already enough to exceed the prison capacity of any nation, including El Salvador.
If I had instead broadened to the under-18 rate of victimisation, about 11% of women are victimised: https://rainn.org/statistics/children-and-teens
The lifetime risk is higher still.
> Unfortunately, I'm highly confident that 90% of the intelligence community looks at us insisting that crypto standards be inviolable, and thinks we're all as infuriatingly naïve as a ChatGPT comment
Until they can prove this is the case, and not just fear mongering to justify their massive budgets, overreach and assaults on civil liberties, I am happy to continue being considered naïve by them.
I am very much against laws designed to protect children and stop terrorism.
By now, "think of the children" is a tired cliche of anti-freedom laws. If "protecting children" requires sacrificing freedom for everyone, then children should not be protected.
Every time I come across another anti-freedom law wrapped in an excuse of "think of the children", I question whether the worshippers of Moloch had the right idea after all.
> If "protecting children" requires sacrificing freedom for everyone, then children should not be protected.
Agreed. It all goes back to the famous quote "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." (granted, the quote was about taxation but the principle applies here)
Much like cybersecurity, it's always a trade off between absolute freedom and absolute safety. You don't get both. Every "safety" measure that gets put in place reduces your level of individual freedom. Go to far in the safety direction and you lose all your freedoms, and that trade off IMO is not worth it.
> I am very much against laws designed to protect children and stop terrorism.
This can't be true. You're against a law that says a convicted child rapist cannot work in schools? You're against a law that says people can't take bombs onto planes?
I think you're being dishonest in your statements, or do not care about anyone else in society.
>You're against a law that says a convicted child rapist cannot work in schools?
I'll be the devil's advocate: for how long and in what way? You can be on the child predator list because a minor caught you peeing on the side of a road. Do they deserve to be blocked out of an industry because of bad luck over something many people have done?
>You're against a law that says people can't take bombs onto planes?
Well that led to me not being able to bring a normal stick of deoderant in my bags. So maybe we should review the TSA oversight after 20 years.
>I think you're being dishonest in your statements, or do not care about anyone else in society.
and I think you're arguing in bad faith comparing the ability for government to track society's entire digital footprint to imprisoning a convicted criminal.
I do think that both TSA and modern airport security in general should be dismantled. And that any law that claims to "protect children" or "stop terrorists" should be scrutinized as if it was written by Satan himself, with assumed malicious intent.
This is true for existing laws, and true twice over for anything that's being proposed. It's long overdue for the "safety" plague of "think of the children" to die.
Meanwhile, who believes that the US has no backdoors in these devices?
Cold logic dictates otherwise. The UK is part of Five Eyes: total data sharing between intelligence agencies. If that were the case, why would the UK need a law to get data it already has?
https://lapcatsoftware.com/articles/2024/10/4.html
https://sneak.berlin/20231005/apple-operating-system-surveil...
It wouldn’t need the law, but putting the proposal up and then, after the predictable backlash, retract it could be a ploy to make the criminals/us think they don’t have access to the data now.
WW2, the Allies used all sorts of fake outs to lead the Germans to believe that the Enigma machine remained secure. Many people died for the sake of the secret.
Given the lengths the government has gone to monitor its citizens, I could believe the technology stack has already been compromised.
Upvote from me. Your point is completely valid and simply stated, and yes, I agree that they very possibly could do exactly this sort of thing for the sake of play-acting a government blindness that doesn't really exist as such.
Truly this site is crawling with anal-retentive man-children who downvote over any silly self indulgent bullshit they can think of.
San Bernardino shootings smartypants
It’s not really a secret; it’s by design and it’s public. iCloud is not end to end encrypted by default. Apple and the state can read the on-by-default iCloud Backup which contains your iMessage sync keys and all your historical iMessages and attachments. iCloud Photos, Contacts, and Mail are all similarly not e2ee and trivially readable by Apple, DHS/FBI, and anyone else under FAA702 (aka PRISM, aka the #1 most used US intel source) without a warrant.
https://www.reuters.com/article/world/exclusive-apple-droppe...
Apple processes FAA702 orders on upwards of 80,000 Apple IDs per year per their own annual transparency report.
Snowden himself said that they see so many nudes that they got desensitized to it.
This clever setup allows them to claim iMessage is e2ee while still escrowing keys in effective plaintext to Apple in the iCloud Backup, rendering the e2ee totally ineffective.
I think “backdoor” is probably an appropriate term for it, but they have made no secret whatsoever of it.
It’s terrifying to think that the US federal government can read every iMessage in the entire world across a billion devices (except China, where the CCP can do the same) in effectively realtime. The power that that enables (if only in blackmail ability) is staggering.
I don' think so, but, even with advanced data protection on - if you communicate with someone via iMessage, for example, that does not use advanced data protection, and then they use iCloud backup, then it nullifies it essentially. Feds could get your messages via the recipients iCloud backup.
Advanced Data Protection needs to be turned on for both you, and everyone you communicate with if you want the full chain to be E2EE. Your communications are only ever as secure as its recipient.
Good point. A lot like pgp and email in that sense.
My read is that it does not apply to ADP.
Also, what regular criminal, let alone terrorist, would leave iCloud backup turned on after all the hacks and leaks over the years. I assume that most in the HN community, like myself, have iCloud backup turned off.
Criminals (that get caught, or get put under surveillance) are generally criminals because they are stupid.
I would venture a guess that almost all criminals have iCloud Backup enabled, because that is the default setting.
Hopefully no one, in services available globally (i.e. not US-specific), just to be sure.
Why litigate it when you can buy it from the NSO / IDF?
Title should say "reportedly drops" or "according to US official." No proof is offered other than a tweet from Tulsi Gabbard.
I wouldn’t have even bothered to click on the comments if that was in the title. Thanks for illuminating the lack of credible source.
“As a result, the UK has agreed to drop its mandate for Apple to provide a ‘back door’ that would have enabled access to the protected encrypted data of American citizens and encroached on our civil liberties.”
Back doors to end-to-end encryption are considered bad now? Someone should tell the FBI. https://www.fbi.gov/how-we-investigate/lawful-access/lawful-...
> Apple can no longer offer Advanced Data Protection (ADP) in the United Kingdom to new users.
Still there.
Yeah if this is true - bit sketchy
Small reprieve. Let's hope that Apple pushes back on Chat Control as well.
They will try again
Smoke and mirrors. The UK government got what they want with Apple disabling ADP. Until that's turned on, all iCloud backups are available to them.
That Apple can even claim it encrypts your data is such a bald-faced lie when Advanced Data Protection defaults to off.
The reason the UK dropped the demand is because they already have backdoor access to personal data using multiple methods, and to make the topic disappear for the time being.
Never use a mobile for anything that requires privacy or security. It's the intelligence agencies favourite tool.
First rule of backdoors: the intended user may not be the only user.
Which means they got it.
Or the MOD told them they’ve had it all this time and don’t draw any more attention to it
Don't many governments themselves use Apple, especially the Americans? I always found this a weird demand if they do.
Governments generally use special procedures for securing secret information, which makes this a non-issue for government use, assuming government employees follow the procedures, which apparently the Trump administration doesn’t.
Even if they did, it'd be like the proposed chat control, where there are carve outs for politicians.
Rules for thee, not for me.
See you all around in a few months when they try the exact same thing :head slap:
Or did they get what they want?
So when can I have ADP back?
Bet that's not happening...
We'll get ADB back before we get ADP back.
Quis custodiet ipsos custodes?
... says the most "truthy" US government since records began.
I don't want to be overly cynical but I'm resigned to never truly know details of national security. I have opinions but nobody is listening to them.
For now... they've tried and dropped this a half dozen times over the years.
more important things to yell about now like global id and age verification and doing everything in their power to hamstring AI development
[dead]
but what about the children! /s
Don't worry, politicians will take care of them.
[flagged]
another reason to award the Nobel Prize to DJT if it was ever necessary