How the UK Is Weakening Safety Worldwide

317 点作者 billybuckwheat3 个月前

19 条评论

"The thing is, Apple has made it abundantly clear in no uncertain terms that they will refuse any request by any government to knowingly insert backdoors into their software."They may say that, and it might even be true, but then again, If they were requested by the US they couldn't speak about it nor refuse without explicit court permission.In the U.S., gag orders under the Stored Communications Act (SCA) (18 U.S.C. § 2705(b)) and National Security Letters (NSLs) under the USA PATRIOT Act prevent companies from disclosing they were compelled to comply with law enforcement or intelligence agency requests.Key Regulations:<pre><code> Stored Communications Act (SCA) – 18 U.S.C. § 2705(b) Allows law enforcement to obtain a court-ordered non-disclosure order preventing a company from telling users or the public about the request. Typically applies to subpoenas, warrants, or other legal demands for electronic communications. National Security Letters (NSLs) – USA PATRIOT Act (18 U.S.C. § 2709) Used by the FBI to request customer information from telecom companies, ISPs, and financial institutions. NSLs often come with an automatic gag order, preventing disclosure. Companies may challenge NSLs in court, but they remain secret unless a judge rules otherwise. Foreign Intelligence Surveillance Act (FISA) Orders – 50 U.S.C. § 1805 Under FISA Section 702, the government can issue secret surveillance orders, and recipients are prohibited from disclosing them unless explicitly allowed. Executive Orders & National Security Directives Certain classified government surveillance programs, like PRISM, may be protected under Executive Orders (e.g., EO 12333) and other national security laws. Cloud Act (2018) While mainly about cross-border data access, it allows the U.S. to enter agreements with foreign governments and may include secrecy provisions regarding data requests.</code></pre>

评论 #43157737 未加载

评论 #43157652 未加载

评论 #43159786 未加载

评论 #43158210 未加载

评论 #43158546 未加载

评论 #43166174 未加载

评论 #43166832 未加载

aqueueaqueue3 个月前

Great article. Something they eluded to but didn't explicitly call out is the "good guys" I.e. the government who use the law to get access can be bad guys for many reasons.One is individual actors. See recent cases of how MI5 agents covered up DV using their privileges. Bad people love power, and they just need to get the right job.Another is a bad government, such as a repressive controlling style government gaining control and having everyone's personal data in a lake.

评论 #43155937 未加载

评论 #43158588 未加载

sph3 个月前

<a href="https://www.activism.net/cypherpunk/manifesto.html" rel="nofollow">https://www.activism.net/cypherpunk/manifesto.html</a>1993 — feels so far away now. Even us techies have become either posers or corporate lackeys, and no one is left to fight for privacy in the digital space.

评论 #43159859 未加载

评论 #43158847 未加载

mettamage3 个月前

The crazy thing with allowing for backdoors is that the most capable or trusted advisaries get in first, aka: other nation states and former employees.

评论 #43155752 未加载

评论 #43156163 未加载

troyvit3 个月前

When I saw the headline I thought, "what click-baity hyperbole is this now?" That was the attitude I had when I went to read the story, then I got to this part:> and while I always encourage readers to explore other options by privacy-first companies, I (among many other privacy enthusiasts) still touted this as a win for giving the everyday user an easy, effective way to protect their data.Actual. Nuance. It's been a few weeks since I've seen that in my feeds.

LittleTimothy3 个月前

I think it's actually valuable to hear from one of the former Tory ministers who was in favour of the bill says[1]. I don't necessarily agree with him, but it's interesting to hear he essentially argues that you don't have the security you think you do. If a bad actor wants to pwn you they'll do it on your device and you can't stop them. I think that's broadly true of some actors. If you personally are being targetted by a motivated opponent then yes, they will likely target your personal device first and then encrypted cloud is essentially moot. It's also an interesting idea to not say "We need this to tackle CSAM" but instead to say "We need this so that these companies can't enable CSAM whilst claiming to be unaware" - I think on a practical level that does hold more water.At the end of the day though, he doesn't address the clearest problem with these backdoors which is that the payoff value of being able to blanket unencrypted cloud data is of such high value it's extremely likely to get exploited, and for the average person you're more worried about being exposed as part of a broad attack on infrastructure not a targeted attack on your individually.It's also pretty difficult to give credence to the idea that they need this tool to tackle CSAM or organised crime. The reason you can't believe that is because they don't tackle CSAM or organised crime by and large. The UK government simply hasn't prioritized policing that, so we're not in a context of "we're doing all we can but we need more powers", we're in the context of "We can't be bothered, curtail people's rights so our job is easier". I'm sure Apple is not in favour of CSAM, but Apple isn't a member of the British police responsible for investigating and tackling CSAM, why are we trying to recruit them to be?[1]<a href="https://x.com/BenWallace70/status/1893936287477912035" rel="nofollow">https://x.com/BenWallace70/status/1893936287477912035</a>

评论 #43161835 未加载

评论 #43161045 未加载

marcus_holmes3 个月前

I flat do not trust that the motivations for the legislation are what the government says.The UK has a history of covering up child abuse by establishment figures, not least Prince Andrew. They are not actually concerned with preventing child abuse.Successive UK governments have tried to remove or weaken encryption over the years since the 90's. There have been a succession of excuses, but mostly "think of the children".The various MI* agencies have said publicly that they cannot carry out their duties (that of spying on UK citizens) while E2E encryption is available.IF they had the courage of their convictions they would just lay out their case for a society with no privacy, have the argument, and accept the conclusion. But I realise this is politically naive.

评论 #43157668 未加载

评论 #43156416 未加载

评论 #43159229 未加载

评论 #43157760 未加载

评论 #43159939 未加载

评论 #43157249 未加载

mihaaly3 个月前

Since ProtonMail was mentioned in a context, I wonder what is the fate of the Proton infrastructure in UK, also having encrypted storage of various items similar to iCloud. And the alike (Tresorit, ...). Are they the next?Although it is only partially parallel topic but my current pet peeve about the generic true uninterest of data safety in the UK is the practice of property agents requesting full set of data only necessary at the time of contract - or not even then, like the name of your children - just to start talk about viewing a rental property. Not for the viewing, not for applying for tenancy, no, before even talking about if there is available timeslots for viewing. First reply from them: fill this (very long) form. Some even ask for recent credit check reports uploaded on sending in interest for viewing opportunities. And people comply on masses without apparent hesitation. Years of degrading practice (8 years ago it was much different and less privacy intrusive) means several hundrends of thousands (millions?) people's deep personal data is flowing around in unencrypted emails or forms stored in the third party system (not even at the property agents) the agents dedicate for this purpose, very very fragmented in procedure and solutions and granularity. Apparently there is no objection of the masses as this is a practice property agents escalated to this level claiming "industry practice" when trying to complain. Feels like being alone, refusing, then being refused - I know, I am problematic not handing over all my data on first ask. I wonder what the Information Commissioner's Office will say about the matter. I reported one of the many cases. Only out of curiosity as the matter will be mute not only because of the 16 weeks turnaround for comment - 8 are already passed, and by then we will be out of the UK, for other reasons too - which is awfully slow for anyone affected but by the extent of uninterest for privacy from the UK masses. Property agents are just one tiny part of the pattern actually, asking for your data as the first move is a generic thing from almost all services I came accross. A representative example: - How much would this cost? - What is your name, phone number, address and email address? - the question comes instead of an answer despite that the price depends not the slightest on those data. And this is working this way for very long time. I have a bit of scepticism about if the UK population would ever fight back - risking put into the group of pedofiles by public opinion. I can imagine more arguing for it. As 'Good people have nothing to hide' principle. The "Get Involved" links are for the idealistic ones alone.

upofadown3 个月前

Isn't Apple doing client side encryption? It sounds like there is a key kept in the phone that is used to encrypt the stuff in the cloud. I am not seeing more than one "end" here. What aspect of their scheme causes the article to refer to it as "end to end encryption"?I think this is important because the UK is effectively cracking down here on the very idea of keeping things private. We don't have to bring messaging into this; this is a case of an individual attempting to keep their personal stuff to themselves. Most people would consider that a perfectly normal thing to be able to do.

florbnit3 个月前

I feel like Apple should have made a bolder statement and made the iCloud accounts of all politicians in the UK fully publicly accessible. And state that they would keep them such until the courts finished dealing with the appeal. But of cause Apple has cut its activist roots several decades ago and will stay sober in their dealing, which I also appreciate they feel like the only tech giant who’s actually acting like adults when it comes to privacy.

crimsoneer3 个月前

The Salt Typhoon example doesn't seem relevant, as it looks like it's down to unsecured routers?One more relevant question on this would be something like internet connection records, which when they were introduced everyone said would definitely get leaked.<a href="https://en.wikipedia.org/wiki/Collection_of_Internet_Connection_Records" rel="nofollow">https://en.wikipedia.org/wiki/Collection_of_Internet_Connect...</a>

评论 #43158646 未加载

GuestFAUniverse3 个月前

Undisclosable backdoors. Very democratic./sarcasm

dp-hackernews2 个月前

"The only thing necessary for the triumph of evil is that good men do nothing."<a href="https://quoteinvestigator.com/2010/12/04/good-men-do/" rel="nofollow">https://quoteinvestigator.com/2010/12/04/good-men-do/</a>

politelemon3 个月前

> knowingly insert backdoors into their softwareNot true however and contradicts itself later. They have inserted backdoors, the backdoors exist. Them holding the keys to it does not magically make it not exist.

评论 #43157562 未加载

dp-hackernews3 个月前

First they came for the socialists, and I did not speak out— Because I was not a socialist.Then they came for the trade unionists, and I did not speak out— Because I was not a trade unionist.Then they came for the Jews, and I did not speak out— Because I was not a Jew.Then they came for me—and there was no one left to speak for me.

评论 #43161422 未加载

renegat0x03 个月前

Crypto wars<a href="https://en.wikipedia.org/wiki/Crypto_Wars" rel="nofollow">https://en.wikipedia.org/wiki/Crypto_Wars</a><a href="https://gigazine.net/gsc_news/en/20191223-lotus-notes-nsa-backdoor" rel="nofollow">https://gigazine.net/gsc_news/en/20191223-lotus-notes-nsa-ba...</a><a href="https://archive.nytimes.com/www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html" rel="nofollow">https://archive.nytimes.com/www.nytimes.com/interactive/2013...</a><a href="https://www.eff.org/document/crypto-wars-governments-working-undermine-encryption" rel="nofollow">https://www.eff.org/document/crypto-wars-governments-working...</a><a href="https://theintercept.com/2014/10/17/draft-two-cases-cited-fbi-dude-dumb-dumb" rel="nofollow">https://theintercept.com/2014/10/17/draft-two-cases-cited-fb...</a><a href="https://arstechnica.com/tech-policy/2015/01/uk-prime-minister-wants-backdoors-into-messaging-apps-or-hell-ban-them" rel="nofollow">https://arstechnica.com/tech-policy/2015/01/uk-prime-ministe...</a><a href="https://www.extremetech.com/defense/203275-the-nsa-wants-front-door-access-to-your-encrypted-data" rel="nofollow">https://www.extremetech.com/defense/203275-the-nsa-wants-fro...</a><a href="https://theintercept.com/2015/12/28/recently-bought-a-windows-computer-microsoft-probably-has-your-encryption-key" rel="nofollow">https://theintercept.com/2015/12/28/recently-bought-a-window...</a><a href="https://arstechnica.com/tech-policy/2016/01/yet-another-bill-seeks-to-weaken-encryption-by-default-on-smartphones" rel="nofollow">https://arstechnica.com/tech-policy/2016/01/yet-another-bill...</a><a href="https://cyberlaw.stanford.edu/blog/2020/01/earn-it-act-how-ban-end-end-encryption-without-actually-banning-it" rel="nofollow">https://cyberlaw.stanford.edu/blog/2020/01/earn-it-act-how-b...</a><a href="https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage" rel="nofollow">https://www.washingtonpost.com/graphics/2020/world/national-...</a><a href="https://www.wired.com/story/europe-break-encryption-leaked-document-csa-law" rel="nofollow">https://www.wired.com/story/europe-break-encryption-leaked-d...</a><a href="https://www.newscientist.com/article/2396510-mathematician-warns-us-spies-may-be-weakening-next-gen-encryption" rel="nofollow">https://www.newscientist.com/article/2396510-mathematician-w...</a><a href="https://www.theregister.com/2024/04/25/asio_afp_accountable_encryption" rel="nofollow">https://www.theregister.com/2024/04/25/asio_afp_accountable_...</a>

agent3273 个月前

So how does this work when I visit the UK with my iPhone. Will it auto-decrypt? Will I be locked out of certain functions?

aboardRat43 个月前

>While there are no doubt a handful of evil people who would abuse E2EE to better cover their harmful tracks, it also benefits ordinary, law-abiding users by giving them a huge defensive boost against data breaches, massive data collection, unchecked mass surveillance, and a myriad of other threats onlineVery few people care about such things.Or rather, very few people understand such thing well enough to care about them.

评论 #43155115 未加载

评论 #43155260 未加载

评论 #43155355 未加载

alliao3 个月前

that's why I have long maintained CCP is the biggest threat to all citizens currently living in relatively free societies right now. Our democratic governments are only seemingly disgusted but whoever holds real power are ENTICED "what do you mean with these new tools and policies you've kept a billion people under control"

评论 #43155402 未加载