RIPA Request to Apple by UK

[b0rn2sk8]

I just realised i never opted in….lol

Like 99.9% of Apple users that didn’t even know the feature existed before this all blew up.

I didn’t opt in because if I lost my device or got locked out of my account, my data is toast. Given I’m not a criminal and use iCloud to store things like 20 years family photos, the risk of losing that data because the encryption key is tied to an account which only I can access is too much of a risk.

If I’m run over by a bus tomorrow, I’d rather my wife being able to get access to this data that otherwise wouldn’t be possible if the encryption key literally died with me.

This thread is full of utterly terrible takes though. A lot don’t seem understand what the feature is and what the government is requesting or that its opt in and Apple doesn’t ever prompt the user to turn it on. This is rather concerning given we are effectively on a ‘tech’ forum, if people here don’t understand it, the tech muggles have got no chance.

Edit: To be clear, I’m in no way defending the government but that doesn’t make a lot of the takes here and less terrible.

The legislation isn’t going to meet the objectives set. Largely because the kinds of people who enables this feature for nefarious reasons will just migrate to something else which isn’t impacted.

The internet doesn’t recognise jurisdictional boarders where as the law and the courts do. In other words, if a cloud service provider doesn’t have a U.K. presence, there is nothing the home office can do to enforce U.K. legislation on that service provider. So there will always be services which offer what Apple offered in the market to use, hence there will always be places for the criminals to hide and exchange data in the cloud which the security services will never be able to access so it’s pointless.

 

[Hades]

If I’m run over by a bus tomorrow, I’d rather my wife being able to get access to this data that otherwise wouldn’t be possible if the encryption key literally died with me.

If you aren't already doing so then you should use a password manager and add all passwords and keys in there. Then share the password manager recovery details with your wife.

 

[VaderDSL]

If you aren't already doing so then you should use a password manager and add all passwords and keys in there. Then share the password manager recovery details with your wife.

Also use the legacy contact, lets you directly nominate someone so they can easily access your iCloud items.

How to add a Legacy Contact for your Apple Account – Apple Support (UK)

A Legacy Contact is someone you choose to have access to the data in your Apple Account after your death. Find out about the information that's shared with your Legacy Contact and how to add one or more Legacy Contacts.

support.apple.com

 

[Mr Jack]

Devils advocate, what if these changes meant it was easier to prosecute pedos and terrorists?

Terrorists and paedos! Oh My! Don't let the boogeymen get us!

 

[b0rn2sk8]

Also use the legacy contact, lets you directly nominate someone so they can easily access your iCloud items.

How to add a Legacy Contact for your Apple Account – Apple Support (UK)

A Legacy Contact is someone you choose to have access to the data in your Apple Account after your death. Find out about the information that's shared with your Legacy Contact and how to add one or more Legacy Contacts.

support.apple.com

Fair enough, probably another Apple feature 99% of users don’t know exists, I certainly didn’t.

So that’s one I will enable - I’m not sure how it interacts with ADP because it requires Apple to store additional encryption keys and that seems to go against what APD is meant to achieve.

 

[shifty_uk]

Terrorists and paedos! Oh My! Don't let the boogeymen get us!

I don't get your point? These are the boogeymen.

The government don’t want or have the resources to spy on you unless you’re a serious threat or have committed a crime, there’s no point joining the tinfoil hat brigade.

 

[Mr Jack]

I don't get your point? These are the boogeymen.

Didn't BrassEye have an episode on this?

The government don’t want or have the resources to spy on you unless you’re a serious threat or have committed a crime, there’s no point joining the tinfoil hat brigade.

Because the state has a 100% unblemished record of using the powers granted to it only ever in way that is proportionate and appropriate, right? The reason we have strong limits on the ability of state and state-authorised powers is because of a long history of figuring out appropriate controls on them. We should not be casually throwing those out because now it is online and the state wants the right to snoop in complete secrecy.

 

[b0rn2sk8]

It’s kind of a moot point because the same act requires you to decrypt it or you are automatically found guilty of another offence which comes with jail time by default even if the data turns out to be irrelevant to their investigation.

The act is designed to be a legal shortcut to get the data in the event you refuse to decrypt it yourself, you’re only ever going to do that if it’s incriminating. The legal shortcut is that if they really want the data, they could pay someone £lol to brute force it as the famously did.

 

[Freefaller]

The only cloud stuff I use is Google photos which backs up my photos. I wonder if there's a better way of backing up.photos? I take it this will undoubtedly happen with Google. Do I really care about my pics being accessed? As long as they're not deleted...

Oh actually work we use one drive but I'm guessing it's hosted on our own network.

Other than that personal files are all on my NAS, but I guess I'm not super techy so never felt the need to host every on the cloud.

 

[b0rn2sk8]

The security services are not randomly accessing your cloud storage, they need a warrant signed off by a judge.

 

[Mr Jack]

The security services are not randomly accessing your cloud storage, they need a warrant signed off by a judge.

No, they need one signed off by the Home Secretary, an assortment of Scottish ministers, or a Judicial Commissioner (all of whom are former judges) - and it's done in secret, with a specific criminal offence of disclosing it. And the act allows broad powers to nominate groups or associates.

But that's largely irrelevant anyway, because the broader result of the act is to prevent any citizen from using online security. It's the equivalent of banning locks so the security services can go and investigate paedos or terrorists or other boogeymen.

 

[nine_tails]

Fear is one of the ways for governments to pass over-reaching laws. This was a sad day.

 

[hartgeh3]

What other countries apart from the morons in the UK are doing/want this? no-one.....always the UK

 

[Orangeade]

Quite a lotta sweaty fellas with their 'home' solutions going on.

I'm not knocking you, I don't care mostly what you do.

Keep it clean - or good enough - and let's get to the finals and make our town proud!

See this is the problem. You, along with the people that justify such measures always have the same tired of insinuation of wrong doing (morally, legally or whatever). Otherwise why would people have an issue with it?

Then you can look to LLM whereby everyone's data has been scrapped in the models, inputs are recorded etc. Suddenly privacy makes a bit more sense. And this is the tip of "bad usage".

Government's have shown they do not care about us, and the rise of far right, far left or whatever ****** ideology that comes in shows that laws that might be okay for today will be heavily abused in the future.

We have a right to privacy and we should enforce it.

 

[Cromulent]

See this is the problem. You, along with the people that justify such measures always have the same tired of insinuation of wrong doing (morally, legally or whatever). Otherwise why would people have an issue with it?

Then you can look to LLM whereby everyone's data has been scrapped in the models, inputs are recorded etc. Suddenly privacy makes a bit more sense. And this is the tip of "bad usage".

Government's have shown they do not care about us, and the rise of far right, far left or whatever ****** ideology that comes in shows that laws that might be okay for today will be heavily abused in the future.

We have a right to privacy and we should enforce it.

I don't disagree with you but if you true privacy you need to do it yourself. Relying on a company like Apple to keep you safe is a bad plan.

Encrypt all your data with GnuPG and upload it where ever you want. Use a privacy focused email service like ProtonMail and ensure your SSD/HDD drives are encrypted. Also use a VPN when needed.

If you do that then it doesn't matter what the government does.

 

[Hagar]

But that's largely irrelevant anyway, because the broader result of the act is to prevent any citizen from using online security. It's the equivalent of banning locks so the security services can go and investigate paedos or terrorists or other boogeymen.

No it is not that is just paranoid. Anybody can secure their data using encryption however if you are a bad boy or suspected of being such the state has a duty to protect the majority by obtaining a warrant to investigate and maybe confiscate or destroy your stash.

I'm afraid that I disapprove of absolute security in the hands of the criminally intended or terrorists of whatever flavour.

 

[Mr Jack]

No it is not that is just paranoid. Anybody can secure their data using encryption however if you are a bad boy or suspected of being such the state has a duty to protect the majority by obtaining a warrant to investigate and maybe confiscate or destroy your stash.

Have you not noticed what the thread is about? It is literally the case that end-to-end encryption is being removed from UK users because of this. Security that should be the default is being stripped because of the UK government's decisions over this. It's not a question of getting a warrant to investigate or destroy; it's a case of pre-emptively preventing protection for the masses on the basis that it might get used to protect some bad people.

 

[muon]

No, they need one signed off by the Home Secretary, an assortment of Scottish ministers, or a Judicial Commissioner (all of whom are former judges) - and it's done in secret, with a specific criminal offence of disclosing it. And the act allows broad powers to nominate groups or associates.

But that's largely irrelevant anyway, because the broader result of the act is to prevent any citizen from using online security. It's the equivalent of banning locks so the security services can go and investigate paedos or terrorists or other boogeymen.

It's more akin to creating a fortress that can never be accessed by law enforcement.

It creates an arena beyond the reach of justice, no matter how many judges grant warrants.

 

[Orangeade]

I don't disagree with you but if you true privacy you need to do it yourself. Relying on a company like Apple to keep you safe is a bad plan.

Encrypt all your data with GnuPG and upload it where ever you want. Use a privacy focused email service like ProtonMail and ensure your SSD/HDD drives are encrypted. Also use a VPN when needed.

If you do that then it doesn't matter what the government does.

The problem with this is that it steadily gets eroded and eroded. And when it becomes even more complex the public suspicion grows.

We should foster instead a genuine expectation of privacy. If society is so concerned by the need to police itself, perhaps we should work on the reasons behind that instead..

 

[Mr Jack]

It's more akin to creating a fortress that can never be accessed by law enforcement.

Hardly, the information is still on the device, as is the means to access the information. The law also has the right to compel people to reveal the key and unencrypt the data.