UK Once Again Demands Backdoor To Apple's Encrypted Cloud Storage (arstechnica.com)
- Reference: 0179616678
- News link: https://apple.slashdot.org/story/25/10/01/1719219/uk-once-again-demands-backdoor-to-apples-encrypted-cloud-storage
- Source link: https://arstechnica.com/tech-policy/2025/10/uk-once-again-demands-backdoor-to-apples-encrypted-cloud-storage/
> The UK Home Office demanded in early September that Apple create a means to allow officials access to encrypted cloud backups, but stipulated that the order applied only to British citizens' data, according to people briefed on the matter.
>
> A previous technical capability notice (TCN) issued in January sought global access to encrypted user data. That move sparked a diplomatic clash between the UK and US governments and threatened to derail the two nations' efforts to secure a trade agreement.
>
> In February, Apple [3]withdrew its most secure cloud storage service , iCloud Advanced Data Protection, from the UK. "Apple is still unable to offer Advanced Data Protection in the United Kingdom to new users," Apple said on Wednesday. "We are gravely disappointed that the protections provided by ADP are not available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy." It added: "As we have said many times before, we have never built a back door or master key to any of our products or services and we never will."
[1] https://arstechnica.com/tech-policy/2025/10/uk-once-again-demands-backdoor-to-apples-encrypted-cloud-storage/
[2] https://apple.slashdot.org/story/25/08/19/0345252/us-spy-chief-gabbard-says-uk-agreed-to-drop-backdoor-mandate-for-apple
[3] https://apple.slashdot.org/story/25/02/21/1529255/apple-removes-cloud-encryption-feature-from-uk-after-backdoor-order
From a brit (Score:2)
Go f yourself with a cactus please.
Re: (Score:2)
As a fellow Brit, I concur with the rider that said fucking should be performed repeatedly and sideways.
There are only two choices... (Score:5, Insightful)
...security or no security
It's impossible to design a system that is secure against the bad guys and insecure against the good guys
It's also impossible to define who the good guys are, or guarantee that they will always be good
Lawyers and politicians need an education in tech reality
Re: There are only two choices... (Score:2)
I suspect they might implement a two tier system. Presumably they make enough from the UK they wonâ(TM)t exit so I expect a second system to be rolled out with a completely insecure design. The rest of the world with continue to run as before.
Security is non-binary (Score:2)
> ...security or no security
Yes but to be fair any system that allows for decryption of the data is insecure because, if you can encrypt the data then so can the bad guys even if that means they have to turn up at your house and hold a gun to your head to get the decryption key. Hence, if you want to reduce security to a simple binary choice we always chose the 'no security' option because absolute security is rather pointless.
Re: (Score:2)
^a million percent^
If I encrypt an email and send it to you, your computer HAS to either have the decryption key already, or it HAS to include the key with the message... otherwise, what's the point? You'll just get an email of junk. If it's a thing that's done in the browser, then the browser, once again, has to have the key (or the email provider). If it's an open-source standard, then it's well known how to decrypt it... "if you have instructions how to scramble these letters, it's pretty much useless
Re:There are only two choices... (Score:5, Insightful)
I do not consider that to be 'tech reality', I consider it to be simple logic.
The point of encryption is secrecy. Effective secrecy against bad guys means effective secrecy against governments because there exists governments in the world that are bad guys.
Therefore If I want to design secrecy effective against North Korea it requires me to design secrecy effective against the UK.
In addition, if you do not recognize the need for secrecy against North Korea is greater than your need to know what I am hiding than you are NOT a good guy.
Say no to cloud (Score:4, Insightful)
This is why you NEVER use cloud storage. If you have no choice but to use cloud storage you should be encrypting the data outside of the cloud or any "backup / syncing" software required for the cloud. If it's encrypted in the cloud the cloud provider 100% has the private key to decrypt, If it's encrypted in their backup / syncing software they most likely can also have a copy of the private key or have a backdoor to decrypt. If you encrypt it separately then only you have the private key and the only way anyone is decrypting it is to brute force it or use a vulnerability to break it.
Re: (Score:2)
> This is why you NEVER use cloud storage. If you have no choice but to use cloud storage you should be encrypting the data outside of the cloud or any "backup / syncing" software required for the cloud. If it's encrypted in the cloud the cloud provider 100% has the private key to decrypt, If it's encrypted in their backup / syncing software they most likely can also have a copy of the private key or have a backdoor to decrypt. If you encrypt it separately then only you have the private key and the only way anyone is decrypting it is to brute force it or use a vulnerability to break it.
More to the point, this is why governments — the United States government in particular — need to demand that Apple open up their platform to allow third-party backup tools so that users can choose whether to use iCloud backups, Google Drive backups, Dropbox backups, CrashPlan backups, a not-yet-existing tool that backs up to a NAS on your home network whenever you're at home and to an encrypted disk image on iCloud when you aren't, etc. That puts the backup companies in competition with one an
Re: (Score:2)
Yes as a terrorist I would take some precautions and not use cloud storage. But what do you mean "this is why" you don't use cloud storage in a general sense? Someone can request access to data. That is very vague. What does this mean for the average Brit?
That is what most of these discussions miss. The average Brit is going to see your post, shrug, and keep happily putting their holiday pics up on their Cloud storage, giving precisely zero fucks if some government secret service operative is masturbating t
but we all know (Score:2)
they (uk) just ask the american alphabet organisation for that info and those organisations get the same in return from the uk.
UK government = Privacy Rapists (Score:2)
> The UK government has issued a new order to Apple to create a backdoor into its cloud storage service
UK government is a Privacy Rapist. 'nuff said.
Re: (Score:2)
They're just jealous the NSA has backdoors into Apple and the USG isn't sharing. We know this is true from the Snowden Leaks.
Re: (Score:1)
obviously you have proof of this.
(notice is not a question, and i don't want to hear your nonsense.) links or shut the fuck up.
Google cares more about your privacy than Apple (Score:2)
Maybe not to the NSA, but they do have this exact sharing agreement with China. It's one of those reasons why you can get an iPhone in China but not an Android phone with Google. For all Apple's claims of protecting your privacy, in the end with China, they showed they don't care about your privacy but Google does. Kinda funny that Google is the ones who are more privacy protecting than Apple is.
https://support.apple.com/en-us/111754
Of course other governments are going to want the same deal China has. So I
Re: (Score:2)
Not just Apple, either (for the US-side)... I really don't think any country has an encryption scheme that the government can't crack.
Re: (Score:2)
Can you clarify? You say that all governments have computationally-feasible attacks of Rijndael, Serpent and Twofish, that cryptanalysts have no idea exist?
Re: (Score:2)
(scroll down)
Told ya.
The schemes don't have to be attacked... the governments aren't going to let an "encryption scheme they can't decrypt" exist, end of story. If they did, someone could get hired at the Pentagon and just email documents without a care in the world.
Re: (Score:2)
> The schemes don't have to be attacked... the governments aren't going to let an "encryption scheme they can't decrypt" exist,
But secure "schemes" already exist! You can encrypt storage devices using known algorithms provided by the linux kernel, which you can compile yourself from a tarball downloaded from kernel.org (gentoo user FTW). I admit I have not read the source, but many eyes have.
I agree with if it's about commercial cloud offers, but elsewhere you can deploy your own crypto. Your only vulnerability is the "trusting trust" paper which is theoretical.
encryption (Score:2)
Key exchange over an untrusted medium has always been a problem. Its why the one true crypto method that can't be broken is OTP (one-time pad). That works because the key exchange is offline/beforehand. But in real world situations where this isn't possible, public/private key encryption with sufficient difficulty probably is good enough (IMHO). How hard it is to break likely comes down to the implementation. If you can't personally audit every code line, trust is involved, so it better be someone trustwort
Re: (Score:3)
> Nothing has indicated Apple has "played ball" with the govt as far as backdoors, and from some stories (unlocking terrorists phones) it seems as though the govt doesn't have any.
There's one simple metric to know whether the government has access to encrypted data: angry calls by law enforcement agencies making repeated requests for lawmakers to force companies to allow access to encrypted data.
Consider how, until several years ago, the FBI and other US TLAs were arguing all the time for access to encryption, with media reporting on that almost non-stop. Consider how they all stopped talking about it a few years later, and to this day still say little to nothing about it. Now, what'
Re: UK government = Privacy Rapists (Score:2)
Everything Snowden exposed has been patched long since. He let those companies know they were compromised; they figured out how and took care of it. That doesn't mean governments aren't paying people to find new ways in, of course, but what they had before is certainly gone.
Re: (Score:2)
US Government = Free Speech of Russia Comedians can’t make a comment about possible shooter political affiliation. Repeaters can’t report on Pentagon without vetting and clearance of material obtained from public records. Beachgoers can’t arrange seashells into the pattern 86 47 and post an image on social media. Basically 1984.
Re: (Score:2)
* Reporters not repeaters. And holy shit, is there a way to write formatted text in this binfire website? Maybe even markdown or something. Jesus wow.
Re: (Score:2)
Did you try markup? HTML works.
Re: (Score:2)
Yeah but manually entering html tags in 2025 is a bit of a ball-ache. Do you seriously add angle bracket letter P close angle bracket on every paragraph? At least they finally got Unicode working, kinda.
Re: (Score:2)
> Yeah but manually entering html tags in 2025 is a bit of a ball-ache. Do you seriously add angle bracket letter P close angle bracket on every paragraph?
Slashdot is a testament to the 90s web, a site frozen in time.
> At least they finally got Unicode working, kinda.
LOL
Re: (Score:1)
I find myself often putting angle brackets "P" and other tags while typing on other sites...haha.
I have it so ingrained from being here for so long...
Re: (Score:2)
If entering BR tags is trivial by your definition (taking nine taps and a couple of seconds on mobile) then hitting ENTER twice on the enter key is zero cost, taking a hundred milliseconds or so.
Re: (Score:2)
Using this site on a mobile device is absolutely masochistic.
Re: (Score:2)
> Free Speech of Russia Comedians canâ(TM)t make a comment about possible shooter political affiliation.
Bullshit. What happened was a disgusting display by the people celebrating the dead person's death, praising the shooter, and then you have the retard on TV say "Oh the shooter's maga" when it turns out he'd been radicalized into his actions by trans and trans-supporting loons. Shooter has a trans lover.
But before any of that was known, that idiot had to go on TV and throw the blame at one group, when it was the exact opposite group that radicalized him.
I feel for his parents. I grieve for the nation. I
Re: (Score:2)
> and then you have the retard on TV say "Oh the shooter's maga"
Except that's not what he said. The actual quote: "We hit some new lows over the weekend with the MAGA gang desperately trying to characterize this kid who murdered Charlie Kirk as anything other than one of them, and doing everything they can to score political points from it." Yes, it's not too much of a stretch to go from those precise words to "oh the shooter's maga", but it's still stretching his words and not what he said.
Re: (Score:2)
Exactly.
In the early hours and days after the shooting, the MAGA gang indeed WERE desperately trying to characterise the kid who murdered Charlie Kirk as anything other than one of them, and indeed WERE doing everything they can to score political points from it. It’s funny because it is true. And it is exactly as Kimmel said. And it is free speech. And they got him taken off air for saying it.
1984.
Re: (Score:2)
I agree with both you and Kimmel: from my viewpoint that uninformed deflection was for sure going on, amongst much other speculation. I actually had a "which was absolutely happening" comment in there, after Kimmel's quote, but I deleted it. My goal was to stay as neutral and on-point as possible.
Re: UK government = Privacy Rapists (Score:1)
The UK needs to keep their fucking nose out if the internet. They're already inconveniencing billions on a daily basis and cost companies significant sums of money.
Re: (Score:2)
well if your american then perhaps you should put your computer back in its box & return it because the brits invented them