UK government still wants Apple to break data encryption

UK government still wants Apple to break data encryption

5gDedicated
Yanac

The authoritarian, surveillance-loving UK Labour government remains deeply committed to magical thinking, slamming yet another encryption-busting “Technical Capability Notice” (TCN) on Apple, according to the Financial Times. 

The difference is that this time it says it only wants to damage the privacy and security of the UK’s subject population. “The UK government has issued a new order to Apple to create a back door into its cloud storage service, this time targeting only British users’ data,” the FT reported.

It’s not over till it’s over

Snap back in time and you’ll recall the UK Home Office secretly demanded that Apple create a worldwide back door into encrypted iCloud data. Apple responded by withdrawing its Advanced Data Protection service from the UK market and opposing the request in a top-secret UK court. The original order also extended to users outside the UK, so the government also faced opposition from privacy and free speech advocates and the US government as the move trampled on the Constitutional rights of US citizens. 

The latter seemed to have an impact. 

In the end, we believed the UK had pulled back, particularly as its overreach was deeply dangerous, would invite imitation from other repressive governments, and would deeply damage data security with the potential to undermine international business transactions. 

The widely understood argument is that if one back door exists, every hacker, surveillance fetishist, tech-addicted stalker, criminal, gangster, or enemy nation would spend vast resources locating that door and exploiting it.

Anyone, absolutely anyone, who has any insight into how digital communications works will tell you the same thing. Any weakening of encryption opens a Pandora’s box of harms and will not keep you safe.

UK.gov wants all your data

Unfortunately, the Keir Starmer government is big on hyperbole and short on sense, so the Home Office has returned to the fray, filing a September TCN insisting Apple build encryption back doors that only target UK subjects. 

It can make this egregious request because the subjects of the UK crown have no constitutional rights to protect them, (despite much-repeated hokum concerning the Magna Carta) and US politicians are unlikely to care so long as US citizens aren’t affected by the rule. 

The thing is, technically it’s impossible. There is no real way to create a back door or to weaken encryption of UK user’s data that does not also impact others — if nothing else, the existence of that door means it will be abused, and digital criminals are quite sufficiently well-resourced to find that weakness, exploit, and extend it. Just look at the existence of the highly profitable surveillance-as-a-service “industry” for proof. In other words, the UK’s demand still undermines the rights enjoyed by US users. 

Dangerous overreach

The other thing is that the UK plan can’t work. Anyone who understands technology and values data privacy will simply add additional encryption to the files they store online, using tools like Cryptomator. That means the only people who will be affected by the rule will be ordinary folk, rather than criminals. That suggests the UK agenda is not about crime prevention, but more likely concerned with wider exploitation of the data made available. Such intentions don’t appear to have been discussed in public, which hints the UK public would probably reject them if it knew. 

That’s the worst thing about the UK’s determination to continue down this dangerous road; not only is it refusing to listen to common sense about the dangers of weakening data protection, but it is also making moves that would be unpopular with no transparency at all. 

For the government, the danger here is that it will be remembered for putting in place the mechanism for dangerous authoritarianism (including Digital ID) without scrutiny, transparency, or legal recourse. 

What Apple said

In a statement provided to Computerworld, an Apple spokesperson said: “Apple is still unable to offer Advanced Data Protection (ADP) in the United Kingdom to new users and current UK users will eventually need to disable this security feature.

“ADP protects iCloud data with end-to-end encryption, which means the data can only be decrypted by the user who owns it, and only on their trusted devices. We are gravely disappointed that the protections provided by ADP are not available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy. Enhancing the security of cloud storage with end-to-end encryption is more urgent than ever before. Apple remains committed to offering our users the highest level of security for their personal data and are hopeful that we will be able to do so in the future in the UK.

“As we have said many times before, we have never built a back door or master key to any of our products or services, and we never will.”

What the UK said

The UK Home Office told the FT that it does not comment on such matters, including, “for example,” confirming or denying the existence of any such notices. “We will always take all actions necessary at the domestic level to keep UK citizens safe,” it said. 

Except, of course, in this case its actions will not keep UK citizens safe, leaving their data at risk and potentially impacting the entire digital value chain — all without transparency, discussion, or public mandate.

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.UK government still wants Apple to break data encryption – ComputerworldRead More