Rather than add a backdoor, Apple decides to kill iCloud E2EE for UK peeps
Rather than add a backdoor, Apple decides to kill iCloud E2EE for UK peeps
PLUS: SEC launches new crypto crime unit; Phishing toolkit upgraded; and more
Aside from regular users: Bad news for businesses that rely on such features, even if only for their compliance tickboxes. Or are those exempt?
Edit: so many more questions:
- why only Apple? Why not, say, Proton?
- how does this work for tourists, expats, business travelers, … ? Is Apple relying on IP address, account details?
Apple is probably betting they can twist the UKs arm until they roll back the requirements. In the long run this is better for users.
For your first question, my guess would be its the largest fish. Proton probably has some users that harbor useful information but think about apples market dominace. It's massive. And as far as I know, proton doesn't have a business presence directly under UK jurisdiction; Apple has an enormous presence and billions in previous investments for employees and infrastructure there. Making it much easier to enforce those laws on them.
In other words, it's like living in the country versus living in another country. My home country will have a much easier time forcing laws on me than a country I'm not even living in.
I'm unable to answer your second question though. I don't know enough about legality.
malicious compliance?
it's the only way to maintain trust. as soon as you publicly compromise even a small part of the system the whole thing is worthless.
No, just regular keel over compliance.
Yeah, they should have taken a stand and been banned for breaking the law, that would have showed the government.
What's the alternative? Strong arm a democratically elected --- even if stupid at times --- government to change policy? That's a terrifying precedent.
The other alternative is to backdoor or otherwise compromise users in other jurisdictions. Glad they didn't do that.
The only way to add a backdoor to E2EE is to make it not E2E, so I don’t see how apple bad here, in this case. Can somebody clue me in?
You can add a switch inside the program which makes it give up its E2E encryption keys to some random third party who asks, who is able to demonstrate to the program's satisfaction that they are from the government. I don't know about this particular case, but that is the type of feature that governments periodically try to demand that software companies add to E2EE products, and it is exactly as bad an idea as it sounds like. And yes, Apple is being good by telling them "absolutely not." They have also said the same to the US government several times now.
Very, very occasionally, governments have succeeded in talking people into doing this. On every occasion that I know of, people who are not the government have started using the feature to eavesdrop on people's communications. Even though it means they have to lie to the software! I know, it's terrible, the things that people do in the modern world.
Thank you!
Eh, just doing it for the good PR I guess. UK is still going to get access to everyone's files through the NSA-to-UK pipeline.
I wouldn't be completely sure.
- The NSA doesn't just do whatever is the worst thing for everyone at every given time. There's no particular guarantee that the NSA will share any given communication with any given UK agency that wants it at the drop of a hat, although for major problems (like climate activists! those awful people /s) they may share pretty freely. E2EE is still a significant obstacle even if the NSA has it broken completely.
- There's no guarantee that the NSA has broken it completely. Edward Snowden's leaks about how the NSA had HTTPS broken are a fascinating and rare window into what the reality of their secret capabilities actually are. TL;DR, they either couldn't or didn't want to spend the resources to break the core encryption, so instead they arranged to smuggle subtly insecure master keys into vital places in the supply chain, so that they could exploit the flaws in those keys and read a significant fraction but not all HTTPS traffic (the fraction that was derived from those insecure keys). Of course their capabilities have improved since then, but so have the standards of encryption. I think the assumption "they can read some but not all encrypted traffic" is probably a good ballpark to use for their present-day capabilities, after however many years of both sides of the arms race continuing to evolve in tandem from that point.