Supported by Digital Ocean
Sponsor: Digital Ocean

Dream it. Build it. Grow it. Sign up now and you'll be up and running on DigitalOcean in just minutes.

U.K. Government Wants to Spy on Every Apple Device in the World

Joseph Menn, writing at The Washington Post:

Security officials in the United Kingdom have demanded that Apple create a back door allowing them to retrieve all the content any Apple user worldwide has uploaded to the cloud, people familiar with the matter told The Washington Post.

The British government’s undisclosed order, issued last month, requires blanket capability to view fully encrypted material, not merely assistance in cracking a specific account, and has no known precedent in major democracies. Its application would mark a significant defeat for tech companies in their decades-long battle to avoid being wielded as government tools against their users, the people said, speaking under the condition of anonymity to discuss legally and politically sensitive issues.

It’s extraordinary for the U.K. to demand this disastrous, privacy-wrecking access for its own citizens. It’s beyond audacious to do so for the 2.35 billion Apple devices in use in the world.

At issue is Apple’s Advanced Data Protection for iCloud, which, per Apple’s support document:

is an optional setting that offers Apple’s highest level of cloud data security. If you choose to enable Advanced Data Protection, the majority of your iCloud data — including iCloud Backup, Photos, Notes, and more — is protected using end-to-end encryption. No one else can access your end-to-end encrypted data, not even Apple, and this data remains secure even in the case of a data breach in the cloud.

To simplify greatly, without Advanced Data Protection, your data is stored in an impenetrable safe with a ridiculously strong lock, and you and Apple each hold a key. If the government wants access, they approach Apple and ask them to unlock the safe with their key.

After enabling Advanced Data Protection, you are the only one who has a key. If you lose the key, you lose your data, but! no one else—Apple, governments, jilted exes—can get to your data either, even if they abscond with the safe itself.

What the U.K. is proposing is adding a tiny pinhole to every single safe, into which they can stick a paperclip and pop them open, anytime they want—no requests, no approvals, no notifications.

And Apple would be prevented from telling anyone that they’ve added the pinhole.

I would think every government official in every country in the world would raise hell over this: why would you subject your subjects to possible surveillance from a foreign power?

From The Verge’s story:

If Apple grants the UK government access to encrypted data, it’s likely that other countries, including the US and China, will see the opportunity to demand the same right. Apple will have to decide whether to comply, or remove its encryption service entirely. Other tech companies would almost certainly face similar requests next.

Indeed they would, and it’s possible—dare I suggest likely?—this is part of a coordinated effort by members of the Five Eyes to gain access to our devices.

In the past, I would have strenuously argued that Apple would defend our right to privacy. Privacy. That’s Apple.

Today, I’m less confident. Not because I believe Apple’s commitment to privacy has waned. On the contrary, I think it’s as strong as ever. Rather, it’s because governments are recognizing they can coerce Apple via threats of sales bans, catastrophic fines, or tariffs.

Apple is much more likely to comply when their bottom line is at stake.

⚙︎