-
UK demands Apple break encryption to allow gov’t spying worldwide, reports say 2 arstechnica.com
U.K. asks to backdoor iCloud Backup encryption blog.cryptographyengineering.com via
mantej
28 days ago
mantej
28 days ago
It’s time for Apple to put its money where its mouth is once again, this time risking an entire UK market if it goes as far as pulling out of the UK entirely. But I hope they do the right thing and absolutely refuse the order, with no compromises.
I found Mark Nottingham’s description of Apple’s potential responses to the UK interesting.
Presumably they have complied to some extent in China
In china you can’t enable ADP and so your iCloud keys are always in escrow on Apple’s servers. That’s the access China will have. The UK wants access to the keys Apple don’t have, too.
Apple .. decentralize? in what alternate universe is the author living?
But there were blog posts about how Apple can’t access it even if they wanted to?
It is, of course, complicated. This is a simplified view. I am leaving some very important assumptions unanswered (such as: how does iMessage do key exchange). Disclaimer: I am an idiot, probably compromised by the government, and you should independently verify the claims below, most of which are probably completely wrong.
There is a lot of trust, and a lot of external review around this. In some markets, such as China, you cannot disable Key Escrow, but iMessage is (supposedly) E2EE - a rare exception.
So like… make your own conclusions about this, but I’m relatively confident that Apple currently cannot access your data with ADP on. Of course, I can be wrong and even more of course, things may change. They could, for example, silently disable ADP with an iOS update - such a move would hopefully be catastrophic to their public image. Fun fact: this is (possibly) why Apple requires a PIN to update iOS on demand.
TLDR As it stands and as it’s publicly communicated (and verified by researchers): Apple can’t access your data on your phone but they can access anything stored in iCloud unless you use ADP in which case they can’t, unless you use iCloud on web. Your mileage may vary. Promotion not valid in China.
[0] https://www.wired.com/story/apple-csam-scanning-heat-initiative-letter/
[1] https://support.apple.com/en-us/108756 <– this is the most important footnote
[2] Apple claims that Apple does not maintain key escrow. I’m not saying to the contrary, I’m just highlighting one of many very important assumptions people might make
Could you elaborate on the “verified by researchers” part?
There are lots of so-called researchers who regularly verify so-called Apple’s so-called claims.
Wat?
Surely, there should be other so-called researchers to call the so-called researchers on their bluff for only so-called checking on so-called Apple’s so-called claims.
I don’t know that it’s right to ascribe to conspiracy what simply could be people doing their job well.
The important thing is, if Apple were lying about when or how much they retain keys, how would any so-called researcher know?
Maybe such evidence could become part of the public record in a court case, if it weren’t redacted for national security or whatever, or if the government sloppily didn’t keep it out of the record with their famous ‘parallel construction’ prosecutorial methods. Or maybe an Apple employee could leak, but they sure seem incentivized not to. I don’t know how much to infer from Apple’s selectively vague statements. I get that they’ve marketed themselves as privacy-forward and there’s reputational risk at play. But I also see they just paid $95M to make a specific claim that they might be up to some funny business just go away with no discovery or legal conclusions.
Bottom line for me is, unless I fully control the encryption process and key storage, E2EE isn’t all it’s cracked up to be, and I don’t care how slick the marketing is.
how are people at a company supposed to do their jobs well without conspiring?
Oooh good point.
It’s a conspiracy! People are doing their jobs exactly as desired!
it would be really weird for engineers at a large company to be working in isolation from one another.
They easily can since they control the end point software and the end points have the unencrypted content
They “easily can” do “what” exactly?
Please expound.
Also when you say “endpoint” I assume you mean “iDevices”. Please confirm.
Their model is published regularly on their site, periodically: https://support.apple.com/guide/security/welcome/web
3rd parties continually review although that is at the 3rd party’s whim and not perfect.
And yes, there’s a lot of trust, but there’s also a lot of internal and external researchers.
I, personally, trust Apple is doing what they’re saying. I am also an idiot.
If I had (active) government level entities attacking me, or was worried that there were, I would probably completely change how I communicate and interact with communication technologies.
I’m being a little pithy here btw :p but trust and trusting is an important component of this system, and it’s up to you to inform yourself and individually assess your posture.
Ideally? Maybe this would be regulated by strict pro-privacy laws that deeply incentivized companies like Apple to be pro-privacy.
Idk
Like I said in my root comment, I’m probably a govt shill who shouldn’t be trusted and you should verify for yourself
Not just the idevice (though os control is enough to get all messages in clear text of course) but with iMessage also control of the app itself.
No matter how it is encrypted on their server to begin with, the app or os could easily eg upload the entire db of unencrypted messages to apple at any time.
Could be an interesting story, but this version of it is paywalled.
That’s really my mistake, I didn’t even notice (I use “Bypass Paywalls Clean” extension). Can a moderator change the link to https://www.washingtonpost.com/technology/2025/02/07/apple-encryption-backdoor-uk/ which is the primary source anyway?
FYI Washington Post is also a fully paywalled site.
Sideshow_bob_rakes.gif
https://arstechnica.com/tech-policy/2025/02/uk-demands-apple-break-encryption-to-allow-govt-spying-worldwide-reports-say/
Apple give the Chinese government access, why not the UK?
The problem is UK goverment wants more than UK customers. They want wiretapping access to all Apple customers worldwide.
The sun never sets on the UK’s appetite for data collection.
Even if they just wanted to violate the privacy of their own citizens, the right answer is still “no”.
This is about the same event as https://lobste.rs/s/07jh0c/uk_demands_apple_break_encryption_allow but different source and commentary
Maybe this is a dumb question, but… a passcode? Like, a short-ish digit sequence, a PIN? Because that doesn’t have nearly enough entropy to make a good key for a remote backup. I understand recent iDevices have fancy thumbprint and face ID stuff, so maybe they are using that instead?
Disclaimer: I’m not totally sure this is accurate. But I’m like, 90% sure, both from what I already know and from reading this article.
The backup (and other assets) are not literally encrypted with the PIN. If you give the PIN to Apple, they still cannot retrieve your information. Instead, your device purges all the relevant encryption keys from Apple’s HSMs, and then does a key rotation. Meaning that the only place where the active (randomly-generated, high-entropy) encryption keys are is on your device(s). The passcode comes in because these encryption keys are protected by the Secure Enclave, which enforces rate-limiting on the passcode (the passcode or biometric authentication are required to release the encryption keys for use).
Thank you, that makes much better sense. So when the secret police come for my ADP encrypted backup, they’ll have to just beat the PIN out of me the old fashioned way. (j/k, I don’t use any of this stuff, never trusted Apple!)
Doesn’t the secret police beating secrets out of you apply regardless of what products you do or do not you?
Of course. Quite possible they’ll even beat me if I don’t actually have any secrets; maybe I’m just a fall guy or something.
But that doesn’t scale nearly as well as just being able to issue a secret subpoena and log into some backdoor portal.