RIPA Request to Apple by UK

[Terminal_Boy]

I see no issues here.

For centuries the police have been able to get a warrant to intercept our mail if they have supporting evidence to justify it.

For over a century the police have been able to get a warrant to listen in on our phone calls if they have supporting evidence to justify it.

Now the police are (finally) going to be getting proper powers to search our online storage if they have supporting evidence to justify it.

The only people who need to be worried about this are criminals, and the paranoid.

That was certainly my view before successive U.K. governments put large parts of the country under 24/7/365 CCTV surveillance in order “to keep up us safe” and it didn’t achieve anything of the sort.

Given that the current government jails people for hurting other’s feelings on the internet by stating facts, I would be very concerned about Starmer’s Stasi having access to my data if I still lived in the U.K.

 

[stuman]

I used to think along those lines, but as time goes I’m getting less and less trusting of our governments.

We seem to have less and less privacy, and at the same time our digital lives become more and more unsafe.

The loss of privacy does not balance against the safety ‘measures’ it’s supposed to afford us.

Ineffective.

I honestly wouldn’t blame Apple if they went ham and pulled out of the UK over this.

 

[ubersonic]

I think this is the important part that many people are missing:

"Apple has previously said it would pull encryption services like ADP from the UK market rather than comply with such government demands - telling Parliament it would "never build a back door" in its products."

I think the government know already Apple will not play ball and simply want ADP gone as the risks it poses to national security far outweigh the benefits it brings to people in knowing their selfies can't be hacked as easily anymore.

No they haven’t, they've been able to get warrant to listen/intercept an individuals mail/calls if they can prove to a court that there's reasonable suspicion. They do not get a warrant to intercept/listen to 'our' as in all of our mail/calls in the hope they catch someone doing/saying something they shouldn't.

That's exactly what my post you're quoting says...

If it was to search an individuals online storage then sure

"the government would want to access this data if there were a risk to national security - in other words, it would be targeting an individual"

Given that the current government jails people for hurting other’s feelings on the internet by stating facts, I would be very concerned about Starmer’s Stasi having access to my data if I still lived in the U.K.

Like I said, the only people who have cause to worry are criminals and the paranoid

 

[cu3ed]

Doesnt even the user lose all of their stuff if they dont know how to acess it, like Apple dont even try and acess it on yrou behlaf even if you prove its your account?

 

[Broken Hope]

Doesnt even the user lose all of their stuff if they dont know how to acess it, like Apple dont even try and acess it on yrou behlaf even if you prove its your account?

Apple can’t access it, that’s the point, they don’t have the encryption keys.

 

[jpaul]

I think this is the important part that many people are missing:

"Apple has previously said it would pull encryption services like ADP from the UK market rather than comply with such government demands - telling Parliament it would "never build a back door" in its products."

no - if you are visiting the UK or on uk soil with a foreign registered phone using ADP you'd be in contravention

 

[SupraWez]

And the obvious flaw in the plan is that people who they should be checking on will just use some other encryption, as with most policies they rarely help solve the issue for the minorities they target while disproportionally affecting the masses.

 

[Murphy]

That's exactly what my post you're quoting says...

No it does not, you said "our" mail and "our" phone calls. You used a determiner that quantified what you said to be more than one person, hence why made the distinction between individuals and your use or "our" as a group.

"the government would want to access this data if there were a risk to national security - in other words, it would be targeting an individual"

As someone already told you: Tell me you don't understand encryption without telling you don't know about encryption.

So what's your proposal for how the government would access this data from/on an individual without compromising everyone else, what do you suggest to backdoor/break an individuals encryption without putting everyone at risk.

Like I said, the only people who have cause to worry are criminals and the paranoid

And as has been shown that's simply not true.

 

[Murphy]

A quote attributed to Benjamin Franklin: They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.

Also...

 

[[FnG]magnolia]

Quite a lotta sweaty fellas with their 'home' solutions going on.

I'm not knocking you, I don't care mostly what you do.

Keep it clean - or good enough - and let's get to the finals and make our town proud!

 

[Haggisman]

So what's your proposal for how the government would access this data from/on an individual without compromising everyone else, what do you suggest to backdoor/break an individuals encryption without putting everyone at risk.

Exactly, since a comparison was made to tapping phones/intercepting mail, the "real world" equivalent of this would be preventing people from having curtains/blinds on their windows and from locking their doors.

Sure, maybe the police (say they) aren't going to come snooping around without good reason, but that doesn't stop potential bad actors from watching your kids through the window or helping themselves to your stuff while you're out.

If wanting to keep parts of my personal life private makes me paranoid, then I guess I must be paranoid

 

[Diddums]

The gov can suck a chode tbh. I don't use Apple's ecosystem but if I did I'd simply move my stuff elsewhere.

I hope Apple stick it to them.

 

[silvagti]

I’d expect most cloud companies to come out pretty hard against this. As if it becomes the case that any information/documents/photos/email/messages you put into cloud based platforms can be readily accessed by government agencies that’ll put many customers off using their products.

I can see a future where many will start hosting/storing their own services and a move away from the larger monopoly ecosystem providers (Microsoft /Apple/Google) towards more decentralised private/anonymous/encrypted systems if it comes to pass.

 

[MrRockliffe]

You are also partly paying for that privacy in the Apple tax. Their business model isn't your information unlike google and co.

As you say, thats part of the reason I use Apple stuff.

Not at the moment, but if iPhone sales continue to slow, and they’re continued to be forced to open their ecosystem, they will begin to enhance their ad revenue streams - as in, you become the product.

 

[Murphy]

When you consider RIPA contains a section on disclosing passwords/passcodes that...

When can the police serve the notice?​

If a suspect was to refuse to provide their PIN in interview, then section 49 of RIPA gives the police the power to issue a notice which requires the suspect to disclose their PIN or password if necessary.
The police must obtain appropriate permission from a judge to obtain a s.49 RIPA notice.
Before a judge grants the notice, they must be satisfied that:

1. The key to the protected information is in the possession of the person given notice.
2. Disclosure is necessary in the interest of national security, in preventing or detecting crime or in the interests of the economic wellbeing of the UK.
3. Disclosure is proportionate.
4. If the protected information cannot be obtained by reasonable means.

And says...

Do I have to comply with the notice?​

You are not compelled to provide your password to the police in any instance.
However, section 53 of RIPA makes it a criminal offence not to comply with the terms of a s.49 notice which is punishable by up to two years imprisonment and up to 5 years imprisonment in cases involving national security and child indecency. Therefore, failing to comply could lead to a criminal conviction and imprisonment.

It seems like there maybe an ulterior motive in wanting to backdoor/break encryption.

 

[NickK]

A quote attributed to Benjamin Franklin: They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.

Also...

EU > US in that case!

 

[Angilion]

And the obvious flaw in the plan is that people who they should be checking on will just use some other encryption, as with most policies they rarely help solve the issue for the minorities they target while disproportionally affecting the masses.

That's only a flaw if the stated purpose is true. I think that the stated purpose is not true, for two reasons;

i) As you say, it's obvious that the plan can't serve the stated purpose. Even if the government was completely ignorant of the subject, they've been told what the problems with the plan are so they're not ignorant now. They're deliberately implementing a plan that they know can't serve the stated purpose.
ii) Companies targeted by the plan are forbidden to tell anyone they've been targeted. They are required to actively lie to their customers regarding privacy and security.

For those reasons, I conclude that the purpose is mass surveillance and the government doesn't care that the result is that everyone+dog will be able to watch (it's either safe or it isn't - if there's a backdoor it's not safe) and the government is lying about it (hence forcing the companies they target to lie to their customers).

Apple might be big enough and determined enough to make a stand, but what about the other companies the government has secretly targeted and forced to lie to their customers? Apple certainly won't be the only victim of this. Most companies cave to authoritarian governments if there's profit in doing so.

 

[ubersonic]

No it does not, you said "our" mail and "our" phone calls. You used a determiner that quantified what you said to be more than one person, hence why made the distinction between individuals and your use or "our" as a group.

Lol,

I said: "For centuries the police have been able to get a warrant to intercept our mail if they have supporting evidence to justify it. For over a century the police have been able to get a warrant to listen in on our phone calls if they have supporting evidence to justify it."

You said: "No they haven’t, they've been able to get warrant to listen/intercept an individuals mail/calls if they can prove to a court that there's reasonable suspicion."

It is literally the same thing just worded differently

As someone already told you: Tell me you don't understand encryption without telling you don't know about encryption.

Using that gotcha incorrectly made them look foolish too.

So what's your proposal for how the government would access this data from/on an individual without compromising everyone else, what do you suggest to backdoor/break an individuals encryption without putting everyone at risk.

I can think of two.

(1): The authorities give apple the warrant for a copy of Joe Bloggs encrypted data, Apple give the authorities a copy of Joe Bloggs encrypted data, the authorities cyber experts then try and break the encryption. Obviously this is not ideal from a national defence point of view, but a good trade off between that and protecting people against getting their accounts hacked and data stolen.

(2) Just ban cloud storage providers from offering data encryption for UK users and allowing upload of encrypted data for UK users. This is obviously the more nuclear one but at the end of the day if people choose to keep their pictures/videos/files in iCloud, OneDrive, etc that is a personal decision made entirely for their own convenience. Call me authoritarian if you like but if it's a choice between terrorists and criminals not being able to secure their plans/operations from the authorities as easily or Deno being able to access his pictures of the Ibiza trip on both his iPhone and his iPad safe in the knowledge they can never get leaked online then I favour the option that's actually of value to society.

Lets be honest after all, 99% of the justification for cloud encryption existing would be removed if people would just stop uploading naked pictures of themselves xD

 

[dowie]

Tell me you don't understand encryption (and the risks of creating a "backdoor" in it) without telling me you don't understand encryption...

While I disagree with the other poster's positon I think perhaps you don't understand encryption here - he didn't say anything about a backdoor and what do you think happens to your emails server side at google etc.? - they have the keys and can respond to warrants - standard email protocols don't really support fully end to end encryption (need to be compatible/standard with email servers).

However, w.r.t Apple's proprietary stuff then users can fully encrypt so that Apple themselves can't even look on the server-side - messages. photos, notes, icloud backups etc. this requires selecting advanced data protection for icloud.

 

[Murphy]

It is literally the same thing just worded differently

No it is not, the reason they're worded differently is because they mean two entirely different things, if you think two differently worded sentence mean the same thing then that explains a lot.

Using that gotcha incorrectly made them look foolish too.

It's only a gotcha if you demonstrate a lack of understanding, something you've amply demonstrated.

I can think of two.

(1): The authorities give apple the warrant for a copy of Joe Bloggs encrypted data, Apple give the authorities a copy of Joe Bloggs encrypted data, the authorities cyber experts then try and break the encryption. Obviously this is not ideal from a national defence point of view, but a good trade off between that and protecting people against getting their accounts hacked and data stolen.

Break the encryption! Do you think this is a movie or something?

(2) Just ban cloud storage providers from offering data encryption for UK users and allowing upload of encrypted data for UK users. This is obviously the more nuclear one but at the end of the day if people choose to keep their pictures/videos/files in iCloud, OneDrive, etc that is a personal decision made entirely for their own convenience. Call me authoritarian if you like but if it's a choice between terrorists and criminals not being able to secure their plans/operations from the authorities as easily or Deno being able to access his pictures of the Ibiza trip on both his iPhone and his iPad safe in the knowledge they can never get leaked online then I favour the option that's actually of value to society.

Lets be honest after all, 99% of the justification for cloud encryption existing would be removed if people would just stop uploading naked pictures of themselves xD

Thusly throwing Victims of police misconduct, MPs, Disabled people, Environmental campaigners, Journalists, Whistle-blowers, Lawyers, People of minority sexualities and identities, Doctors, hospital workers and their patients, Encryption advocates and researchers, Muslim community, Women being harassed, and Women stalked or tracked by abusive partners all under the bus.

When as has been shown there's already provisions in RIPA to imprison someone for up to 5 years if they fail to provide the PIN to access said encrypted data.

Tell me again what problem does the UK government demanding access encrypted data stored by Apple users worldwide in its cloud service actually solving?