UK Orders Apple to Break iCloud Advanced Data Protection
Dominic Preston (Hacker News, MacRumors):
Apple has reportedly been ordered by the UK government to create a backdoor that would give security officials access to users’ encrypted iCloud backups. If implemented, British security services would have access to the backups of any user worldwide, not just Brits, and Apple would not be permitted to alert users that their encryption was compromised.
The Washington Post reports that the secret order, issued last month, is based on rights given under the UK’s Investigatory Powers Act of 2016, also known as the Snoopers’ Charter. Officials have apparently demanded blanket access to end-to-end encrypted files uploaded by any user worldwide, rather than access to a specific account.
[…]
The UK has reportedly served Apple a document called a technical capability notice. It’s a criminal offense to even reveal that the government has made a demand. Similarly, if Apple did accede to the UK’s demands then it apparently would not be allowed to warn users that its encrypted service is no longer fully secure.
While law enforcement has long been able to access encrypted data for which Apple holds the keys, this move would reportedly apply to end-to-end data in which the user holds the keys, such as Apple’s Advanced Data Protection. This law would target end-to-end encrypted data from Google and Meta as well.
This is red alert, five-alarm-fire kind of stuff. Providing a backdoor would be worrying enough for reasons that should be obvious to anybody who knows the barest inkling about technology—to wit, that there exists no mechanism to keep such a tool out of the hands of malicious actors—but the fact that it would apply beyond the UK borders to other countries is a staggering breach of sovereignty. And, moreover, as Menn points out, such a move would no doubt embolden other powers to ask for access to the same capabilities—such as China.
[…]
Ironically, the biggest impediment might come in the form of the European Union, as Apple apparently argued that the implementation would undermine the European right to privacy.
In any case, the reported demands by the U.K. government are an extraordinary abuse of their own. It has global implications for both U.K. access and, I would venture, access by its allies. As a reminder, U.S. and U.K. spy agencies routinely shared collected data while avoiding domestic legal protections. This order explicitly revives the bad old days of constant access.
According to sources that spoke to the publication, Apple is likely to stop offering encrypted storage in the UK as a result of the demand. Specifically, Apple could withdraw Advanced Data Protection, an opt-in feature that provides end-to-end encryption (E2EE) for iCloud backups, such as Photos, Notes, Voice Memos, Messages backups, and device backups.
In this scenario, UK users would still have access to basic iCloud services, but their data would lack the additional layer of security that prevents even Apple from accessing it.
Previously:
- Privacy of Photos.app’s Enhanced Visual Search
- China Possibly Hacking US “Lawful Access” Backdoor
- Proposed EU Chat Control
- iCloud Advanced Data Protection Uptake
- UK Proposal to Weaken Messaging Security
- Apple Opposes Updated UK Investigatory Powers Act
- Advanced Data Protection for iCloud
- Apple Dropped Plans for End-to-End Encrypted iCloud Backups After FBI Objected
3 Comments RSS · Twitter · Mastodon
The extraterritorial effect of the law is profoundly troubling, especially the prohibition on revealing the existence of the Technical Capability Notice. However, Apple would almost certainly be subject to lawsuits in the US and EU if it secretly added a backdoor to iCloud Advanced Data Protection, because doing so would violate their privacy policy and would likely give rise to fraud claims. They could kill iCloud Advanced Data Protection entirely, or they could add a backdoor and say there is a backdoor, but they could not, without being exposed to liability, secretly add a backdoor while simultaneously claiming that the data is end-to-end encrypted and nobody other than the user can access the data.
This shows us why centralized power, in this case practised by Apple, is a bad thing, especially when it comes to computers and networking. So should Apple just remove E2EE, where demanded by national laws? Why not?! Apple could even go many steps further, say bye-bye to centralization, and in fact use the opportunity to make even more money by giving all users worldwide a choice: you are free to continue using our traditional centralized iCloud services, but (depending on your jurisdiction) you would have to live with the risk of your government accessing your data… or you can just buy our shiny new hardware, the Mac Home, an Apple home server/NAS with lots of M.2 storage expandability, complete with a server-optimized version of macOS, with RAID5 & RAID6 built into APFS, which runs your own personal instance of iCloud for you and your family, for all your family's client devices, with E2EE for everything, iMessage server, sync for calendar, contacts, photos, passwords/keychains, Apple Home, Notes, email, system/account settings, office documents, remote file sharing etc. pp., Apple dDNS & VPN included for free, plus syncing third-party app data, plus local services like TimeMachine server, caches for Apple Music/TV & OS updates, and an open system for installing 3rd-party services, command-line tools, apps, containers, you know, for those who want to expand the device into an all-round home server. For customers who take the decentralized plunge, Apple's own iCloud infrastructure would then function only as a kind of bootstrap/handshake server. And if a government wants access to Apple's iCloud servers, there's literally nothing for them to see, unless they kick in your own home door, though they'd still need to break the encryption on your personal iCloud instance. --- And to speed things up, Apple could first release an iCloud Home app, which users can install on existing hardware, e.g. a dedicated Mac Mini.
Something I'd like to see clarified with reportage on this - is this purely about iPhone *backups*, or is it covering e2e iMessage "messages in the cloud" storage as well?
ie is it a backdoor to the working iCloud datastores, or is it just the dead storage of the backups?
If it's the latter, you can see why - person arrives at the border, suspected of having prohibited material on their phone, phone is found to have been wiped on the assumption it can be restored once they've cleared customs, etc.
