RIPA Request to Apple by UK

b0rn2sk8 · 2025-02-22T01:22:11+0000

Raymond Lin said:
I just realised i never opted in….lol

Like 99.9% of Apple users that didn’t even know the feature existed before this all blew up.

I didn’t opt in because if I lost my device or got locked out of my account, my data is toast. Given I’m not a criminal and use iCloud to store things like 20 years family photos, the risk of losing that data because the encryption key is tied to an account which only I can access is too much of a risk.

If I’m run over by a bus tomorrow, I’d rather my wife being able to get access to this data that otherwise wouldn’t be possible if the encryption key literally died with me.

This thread is full of utterly terrible takes though. A lot don’t seem understand what the feature is and what the government is requesting or that its opt in and Apple doesn’t ever prompt the user to turn it on. This is rather concerning given we are effectively on a ‘tech’ forum, if people here don’t understand it, the tech muggles have got no chance.

Edit: To be clear, I’m in no way defending the government but that doesn’t make a lot of the takes here and less terrible.

The legislation isn’t going to meet the objectives set. Largely because the kinds of people who enables this feature for nefarious reasons will just migrate to something else which isn’t impacted.

The internet doesn’t recognise jurisdictional boarders where as the law and the courts do. In other words, if a cloud service provider doesn’t have a U.K. presence, there is nothing the home office can do to enforce U.K. legislation on that service provider. So there will always be services which offer what Apple offered in the market to use, hence there will always be places for the criminals to hide and exchange data in the cloud which the security services will never be able to access so it’s pointless.

Hades · 2025-02-22T02:12:17+0000

b0rn2sk8 said:
If I’m run over by a bus tomorrow, I’d rather my wife being able to get access to this data that otherwise wouldn’t be possible if the encryption key literally died with me.

If you aren't already doing so then you should use a password manager and add all passwords and keys in there. Then share the password manager recovery details with your wife.

VaderDSL · 2025-02-22T04:34:37+0000

Hades said:
If you aren't already doing so then you should use a password manager and add all passwords and keys in there. Then share the password manager recovery details with your wife.

Also use the legacy contact, lets you directly nominate someone so they can easily access your iCloud items.

How to add a Legacy Contact for your Apple Account – Apple Support (UK)

A Legacy Contact is someone you choose to have access to the data in your Apple Account after your death. Find out about the information that's shared with your Legacy Contact and how to add one or more Legacy Contacts.

support.apple.com

Mr Jack · 2025-02-22T08:37:59+0000

shifty_uk said:
Devils advocate, what if these changes meant it was easier to prosecute pedos and terrorists?

Terrorists and paedos! Oh My! Don't let the boogeymen get us!

b0rn2sk8 · 2025-02-22T08:43:23+0000

VaderDSL said:
Also use the legacy contact, lets you directly nominate someone so they can easily access your iCloud items.

How to add a Legacy Contact for your Apple Account – Apple Support (UK)

A Legacy Contact is someone you choose to have access to the data in your Apple Account after your death. Find out about the information that's shared with your Legacy Contact and how to add one or more Legacy Contacts.

support.apple.com

Fair enough, probably another Apple feature 99% of users don’t know exists, I certainly didn’t.

So that’s one I will enable - I’m not sure how it interacts with ADP because it requires Apple to store additional encryption keys and that seems to go against what APD is meant to achieve.

shifty_uk · 2025-02-22T08:58:16+0000

Mr Jack said:
Terrorists and paedos! Oh My! Don't let the boogeymen get us!

I don't get your point? These are the boogeymen.

The government don’t want or have the resources to spy on you unless you’re a serious threat or have committed a crime, there’s no point joining the tinfoil hat brigade.

Mr Jack · 2025-02-22T09:02:06+0000

shifty_uk said:
I don't get your point? These are the boogeymen.

Didn't BrassEye have an episode on this?

The government don’t want or have the resources to spy on you unless you’re a serious threat or have committed a crime, there’s no point joining the tinfoil hat brigade.

Because the state has a 100% unblemished record of using the powers granted to it only ever in way that is proportionate and appropriate, right? The reason we have strong limits on the ability of state and state-authorised powers is because of a long history of figuring out appropriate controls on them. We should not be casually throwing those out because now it is online and the state wants the right to snoop in complete secrecy.

b0rn2sk8 · 2025-02-22T09:26:11+0000

It’s kind of a moot point because the same act requires you to decrypt it or you are automatically found guilty of another offence which comes with jail time by default even if the data turns out to be irrelevant to their investigation.

The act is designed to be a legal shortcut to get the data in the event you refuse to decrypt it yourself, you’re only ever going to do that if it’s incriminating. The legal shortcut is that if they really want the data, they could pay someone £lol to brute force it as the famously did.

Freefaller · 2025-02-22T09:37:00+0000

The only cloud stuff I use is Google photos which backs up my photos. I wonder if there's a better way of backing up.photos? I take it this will undoubtedly happen with Google. Do I really care about my pics being accessed? As long as they're not deleted...

Oh actually work we use one drive but I'm guessing it's hosted on our own network.

Other than that personal files are all on my NAS, but I guess I'm not super techy so never felt the need to host every on the cloud.

b0rn2sk8 · 2025-02-22T09:41:57+0000

The security services are not randomly accessing your cloud storage, they need a warrant signed off by a judge.

Mr Jack · 2025-02-22T10:36:24+0000

b0rn2sk8 said:
The security services are not randomly accessing your cloud storage, they need a warrant signed off by a judge.

No, they need one signed off by the Home Secretary, an assortment of Scottish ministers, or a Judicial Commissioner (all of whom are former judges) - and it's done in secret, with a specific criminal offence of disclosing it. And the act allows broad powers to nominate groups or associates.

But that's largely irrelevant anyway, because the broader result of the act is to prevent any citizen from using online security. It's the equivalent of banning locks so the security services can go and investigate paedos or terrorists or other boogeymen.

nine_tails · 2025-02-22T10:40:16+0000

Fear is one of the ways for governments to pass over-reaching laws. This was a sad day.

hartgeh3 · 2025-02-22T10:42:00+0000

What other countries apart from the morons in the UK are doing/want this? no-one.....always the UK

Orangeade · 2025-02-22T11:12:14+0000

[FnG]magnolia said:
Quite a lotta sweaty fellas with their 'home' solutions going on.

I'm not knocking you, I don't care mostly what you do.

Keep it clean - or good enough - and let's get to the finals and make our town proud!

See this is the problem. You, along with the people that justify such measures always have the same tired of insinuation of wrong doing (morally, legally or whatever). Otherwise why would people have an issue with it?

Then you can look to LLM whereby everyone's data has been scrapped in the models, inputs are recorded etc. Suddenly privacy makes a bit more sense. And this is the tip of "bad usage".

Government's have shown they do not care about us, and the rise of far right, far left or whatever ****** ideology that comes in shows that laws that might be okay for today will be heavily abused in the future.

We have a right to privacy and we should enforce it.

Cromulent · 2025-02-22T11:23:11+0000

Orangeade said:
See this is the problem. You, along with the people that justify such measures always have the same tired of insinuation of wrong doing (morally, legally or whatever). Otherwise why would people have an issue with it?

Then you can look to LLM whereby everyone's data has been scrapped in the models, inputs are recorded etc. Suddenly privacy makes a bit more sense. And this is the tip of "bad usage".

Government's have shown they do not care about us, and the rise of far right, far left or whatever ****** ideology that comes in shows that laws that might be okay for today will be heavily abused in the future.

We have a right to privacy and we should enforce it.

I don't disagree with you but if you true privacy you need to do it yourself. Relying on a company like Apple to keep you safe is a bad plan.

Encrypt all your data with GnuPG and upload it where ever you want. Use a privacy focused email service like ProtonMail and ensure your SSD/HDD drives are encrypted. Also use a VPN when needed.

If you do that then it doesn't matter what the government does.