RIPA Request to Apple by UK

[stuman]

No it is not, the reason they're worded differently is because they mean two entirely different things, if you think two differently worded sentence mean the same thing then that explains a lot.

It's only a gotcha if you demonstrate a lack of understanding, something you've amply demonstrated.

Break the encryption! Do you think this is a movie or something?

Thusly throwing Victims of police misconduct, MPs, Disabled people, Environmental campaigners, Journalists, Whistle-blowers, Lawyers, People of minority sexualities and identities, Doctors, hospital workers and their patients, Encryption advocates and researchers, Muslim community, Women being harassed, and Women stalked or tracked by abusive partners all under the bus.

When as has been shown there's already provisions in RIPA to imprison someone for up to 5 years if they fail to provide the PIN to access said encrypted data.

Tell me again what problem does the UK government demanding access encrypted data stored by Apple users worldwide in its cloud service actually solving?

It’s about finding other people involved ,elements, or the leaders.

Catch a terrorist - get phone comms for the leaders who encouraged it.

5 years in jail is nothing in comparison to cracking a terrorist cell.

This for me though is a gross overstep and as mentioned many time will just drive the intended to use another app’.

 

[Murphy]

It’s about finding other people involved ,elements, or the leaders.

Catch a terrorist - get phone comms for the leaders who encouraged it.

5 years in jail is nothing in comparison to cracking a terrorist cell.

I can certainly see an argument for that, like you i think it's a massive overstep, but i can see an argument for how UK laws only apply to UK citizens and 5 years is pretty weak so there's potential for stuff to slip through the net.

My issue is when organisations/people like the UK government, Ministers, the NSPCC, and ubersonic talk about getting access to encrypted data they always seem to come from a place where they're so woefully uninformed that IMO they don't really have a right to an opinion.

If someone said we should put diesel in petrol cars IMO they shouldn't be allowed anywhere near a car.

 

[b0rn2sk8]

Hosting your own data isn’t an effective countermeasure for this, RIPA takes care of that as they can compel you to hand over the keys or put you in prison.

You could argue that you don’t don’t have the keys but I doubt it would ever stand up in court for the simple fact that a judge is never going to believe that you can’t access your own data which you created and host.

They will ask themselves why would you be saving it if you can’t access it yourself and likely conclude your version of events isn’t plausible and draws suspicion and the law enforcement agencies accusation that you are not telling the truth will be more credible.

I guess the only thing you could do is move your data to a services which is outside the scope of U.K. law. There is probably plenty to choose from which kind of defeats the purpose of the law.

 

[Monkeynut]

Are the likes of Nordlocker covered by UK law?

 

[b0rn2sk8]

The more pertinent question is whether they have anything the U.K. government can take enforcement action against in the U.K.

For example, an office, employees, assets etc.

 

[Jono8]

Would this still require a warrant/a judge sign off though, before they can go snooping and use the evidence in court?

If so, i don't see the problem really.

 

[loftie]

Criminals and enemy states cannot easily intercept mail or phone calls. To do so would require a manual in person to attack the system. Significant effort.

If a back door is allowed for phone calls, criminals could very easily do so. There is a massive difference.

Modern security issues are completely different to historic ones.

For mobiles, but still.

 

[SpellowHouse]

Would this still require a warrant/a judge sign off though, before they can go snooping and use the evidence in court?

Yes, it would.

I think the problem with this is more that any sort of back-door access is a potential security problem for all users and the government don't seem to care about that.

The companies are two-faced, imo, because on the one hand they say that privacy is fundamental, and yet they all steal and sell our data whenever the slightest opportunity arises.

The whole subject is very interesting, in that with the Online Safety bill coming to force in the next few months, there could potentially be a huge showdown between the tech giants and the UK government over all of this. I don't really see how the government can win, because I doubt very much that Mr Trump would stand for us taking action against American companies on such a scale.

I think it's widely accepted that the UK government are just idiots when it comes to tech. They have grand designs but no way to actually implement them and no plan when they fail.

 

[SpellowHouse]

Are the likes of Nordlocker covered by UK law?

The law applies to any service no matter where it is.

However, I think the government would find it rather difficult to apply a law to a company that in theory has no service based in the UK.

The truth is that there are far too many ways to circumvent the laws.

But, it seems to me that the government are not so much after files, rather they are after communications. If people share files they are also sharing keys to access them. No, what the government really want is your phone records and emails.

 

[SpellowHouse]

This ^ not sure why they targeting Apple anyway, or have they also gone for Android or already have access, surely those really bothered will just move the data to another provider they don't have access too.

What makes you think they are only targetting apple? I am pretty sure they will have asked other companies as well, just we haven't heard about it.

 

[Murphy]

Would this still require a warrant/a judge sign off though, before they can go snooping and use the evidence in court?

If so, i don't see the problem really.

It would but it's a bit like saying a warrant/judge needs to sign off on looking at the footage the cameras the government has installed in your house have captured, there's a reason privacy is a fundamental human right. (not that in this particular case it's much of a breach of privacy as people can simply stop using cloud storage).

Talking more generally WRT privacy it's basically the principle of a panopticon, if people know or even suspect they're being watched they'll start to self regulate their behaviour, they become less human.

 

[b0rn2sk8]

What makes you think they are only targetting apple? I am pretty sure they will have asked other companies as well, just we haven't heard about it.

Apple is one of a few that encrypts the data on their servers using the service if you enable ‘Advanced Data Protection’ which is off my default. They hand the only key to the end user. If the end user loses that key (say the phone is reset without first decrypting the data), the data is effectively lost.

IIRC the likes of Google drive, Drop box, one drive etc do not encrypt the data they store and hand the only key to the end user so it can be accessed by the service and handed over to law enforcement under a standard warrant.

 

[SpellowHouse]

Apple is one of a few that encrypts the data on their servers using the service if you enable ‘Advanced Data Protection’ which is off my default. They hand the only key to the end user. If the end user loses that key (say the phone is reset without first decrypting the data), the data is effectively lost.

IIRC the likes of Google drive, Drop box, one drive etc do not encrypt the data they store and hand the only key to the end user so it can be accessed by the service and handed over to law enforcement under a standard warrant.

I have such a service. If I lose the key, that's it, game over.

The problem is that I am storing some very critical information. It's so important that I follow the 1,2,3 Backups for it and the cloud is 3. If I thought for an instant that there was a back door, I would be horrified. I don't care about the government looking at it, but I would care very much if the prince of Nigeria got his hands on it.

I think the companies have a duty to stop supplying services if they aren't secure. And ANY back door makes them insecure.

 

[b0rn2sk8]

I have such a service. If I lose the key, that's it, game over.

The problem is that I am storing some very critical information. It's so important that I follow the 1,2,3 Backups for it and the cloud is 3. If I thought for an instant that there was a back door, I would be horrified. I don't care about the government looking at it, but I would care very much if the prince of Nigeria got his hands on it.

I think the companies have a duty to stop supplying services if they aren't secure. And ANY back door makes them insecure.

Yup. Pretty much. The only ‘back door’ is for them to store the keys on their servers somewhere which pretty much nullifies the main selling point of the feature.

I’m not sure how the government could differentiate between ‘market sensitive’ data which someone could reasonably need to be encrypted at all times and not.

I guess the difference is that said ‘market sensitive’ data and Joe Bloggs who is up to no good is that the person with market sensitive data is likely encrypting it before it’s uploaded to the cloud and not relying on the 3rd party service like iCloud to do it for them (or they should be).

 

[dowie]

I think the problem with this is more that any sort of back-door access is a potential security problem for all users and the government don't seem to care about that.

The companies are two-faced, imo, because on the one hand they say that privacy is fundamental, and yet they all steal and sell our data whenever the slightest opportunity arises.

Well not really - if you use Gmail or Google Drive then that has a backdoor (the company can access your emails and will do so if a warrant is issued), also this isn't something that applies by default to Apple users and doesn't cover email.

Secondly, clearly Apple isn't two-faced if they're offering this/going above and beyond what most big tech companies offer.

 

[ubersonic]

Hosting your own data isn’t an effective countermeasure for this, RIPA takes care of that as they can compel you to hand over the keys or put you in prison.

I'm gonna reiterate the previous point, this only negatively affected criminals (and upsets the paranoid).

I.E: "Ooh no they will throw me in prison if I don't let them have access to my data" sounds scary but then they will only be asking that if they have got a court order to access it due to having reasonable suspicion/evidence that the individual in question is up to no good, If their suspicion is correct then that person should be in prison, if not then they have no fear of giving them access (aside from paranoia of some random investigator they will never meet seeing a picture of their penis or something).

My issue is when organisations/people like the UK government, Ministers, the NSPCC, and ubersonic talk about getting access to encrypted data they always seem to come from a place where they're so woefully uninformed that IMO they don't really have a right to an opinion.

The mistake you're making is that assuming you're so super smart that anyone with a differing opinion must be stupid. It is not the case, I fully understand the concept of encryption and worked in what is now called cyber security for many years. The difference of opinion we have is that I believe in society our right to security (and to be clear the use of the word "our" here is referring to a group of individuals, you had difficulty with that previously) is more important than the right of criminals and the paranoid to easily obfuscate their data from the authorities.

You sound a lot like the Americans who think everyone should have the right to own a gun and anyone with a differing opinion is stupid.

 

[dowie]

Yup. Pretty much. The only ‘back door’ is for them to store the keys on their servers somewhere which pretty much nullifies the main selling point of the feature.

No that's just normal - see Gmail etc. doing that wouldn't merely nullify a main selling point, the feature would essentially cease to exist.

 

[ubersonic]

Break the encryption! Do you think this is a movie or something?

No, in a movie it would be super easy and take a few seconds while matrix screensaver runs down the screen and the main character mutters nonsense about using a six thousand bit cryptogenic cipher to break t.

In reality it takes the authorities much longer to break, as it has in the USA when Apple have refused to decrypt.

Thusly throwing Victims of police misconduct, MPs, Disabled people, Environmental campaigners, Journalists, Whistle-blowers, Lawyers, People of minority sexualities and identities, Doctors, hospital workers and their patients, Encryption advocates and researchers, Muslim community, Women being harassed, and Women stalked or tracked by abusive partners all under the bus.

When as has been shown there's already provisions in RIPA to imprison someone for up to 5 years if they fail to provide the PIN to access said encrypted data.

You say that like it is a bad thing.

If somebody refuses to hand over their PIN to the authorities after the authorities have obtained a court order for their data due to supporting evidence of wrongdoing it means one of two things: Either they are a up to no good and don't want to get caught, or then have been wrongfully accused and they are too arrogant/stupid to clear their own name.

 

[Murphy]

The mistake you're making is that assuming you're so super smart that anyone with a differing opinion must be stupid.

No, i assume people who can't or won't say how backdooring/breaking encryption would not impact totally innocent people are stupid, i make that assumption because they consistently fail to demonstrate even a basic understanding of the subject they're talking about.

In reality it takes the authorities much longer to break, as it has in the USA when Apple have refused to decrypt.

Case in point.

You say that like it is a bad thing.

Because it is.

If somebody refuses to hand over their PIN to the authorities after the authorities have obtained a court order for their data due to supporting evidence of wrongdoing it means one of two things: Either they are a up to no good and don't want to get caught, or then have been wrongfully accused and they are too arrogant/stupid to clear their own name.

Also case in point, you can't even read what you're replying to but you expect people to take your opinion seriously.

 

[b0rn2sk8]

Or in the more likely scenario, the authorities abuse their power, has has been shown time and time again and they need to go on a fishing trip via your data to generate some charges that might stick - e.g. distributing Linux ISOs or hate speach.

No that's just normal - see Gmail etc. doing that wouldn't merely nullify a main selling point, the feature would essentially cease to exist.

Well yes, we thats literally the substance what I wrote using different words isn’t it?

Not sure why you mentioned gmail because it’s not relevant to this power. Your gmail isn’t ‘secure’ if Google can mine it for data as they do. By the very notion, someone else has access to it and Google can (and do) hand it over in an un-encrypted form to law enforcement agencies in the U.K. on a regular basis.

That isn’t what this notice is about, the authorities don’t care about Google because Google can hand everything over with a warrant.