Dan Q

Tag: uk

Spring is coming

A lunchtime dog walk was made especially delightful by the growing warmth of the approaching British springtime. It’s really bright and pretty out, this afternoon!

A French Bulldog in a harness but no lead stands in front of a empty field, under bright blue skies with sparse clouds. Bare wintery trees can be seen in the background, bathed in warm yellow light.

×

UK’s secret Apple iCloud backdoor order is a global emergency, say critics

This is a repost promoting content originally published elsewhere. See more things Dan's reposted.

In its latest attempt to erode the protections of strong encryption, the U.K. government has reportedly secretly ordered Apple to build a backdoor that would allow British security officials to access the encrypted cloud storage data of Apple customers anywhere in the world.

The secret order — issued under the U.K.’s Investigatory Powers Act 2016 (known as the Snoopers’ Charter) — aims to undermine an opt-in Apple feature that provides end-to-end encryption (E2EE) for iCloud backups, called Advanced Data Protection. The encrypted backup feature only allows Apple customers to access their device’s information stored on iCloud — not even Apple can access it.

Sigh. A continuation of a long-running saga of folks here in the UK attempting to make it easier for police to catch a handful of (stupid) criminals1… at the expense of making millions of people more-vulnerable to malicious hackers2.

If we continue on this path, it’ll only be a short number of years before you see a headline about a national secret, stored by a government minister (in the kind of ill-advised manner we know happens) on iCloud or similar and then stolen by a hostile foreign power who merely needed to bribe, infiltrate, or in the worst-case hack their way into Apple’s datacentres. And it’ll be entirely our own fault.

Meanwhile the serious terrorist groups will continue to use encryption that isn’t affected by whatever “ban” the UK can put into place (Al Qaeda were known to have developed their own wrapper around PGP, for example, decades ago), the child pornography rings will continue to tunnel traffic around whatever dark web platform they’ve made for themselves (I’m curious whether they’re actually being smart or not, but that’s not something I even remotely want to research), and either will still only be caught when they get sloppy and/or as the result of good old-fashioned police investigations.

Weakened and backdoored encryption in mainstream products doesn’t help you catch smart criminals. But it does help smart criminals to catch regular folks.

Footnotes

1 The smart criminals will start – or more-likely will already be using – forms of encryption that aren’t, and can’t, be prevented by legislation. Because fundamentally, cryptography is just maths. Incidentally, I assume you know that you can send me encrypted email that nobody else can read?

2 Or, y’know, abuse of power by police.

Repost posted at UTC on .

No comments

Note #25585

After a night that alternated between raining and freezing winds here, at the edge of Storm Éowyn, this morning my skylight has ice patterns on it that look beautiful and almost organic.

Skylight window viewed from the inside. The outside has a layer of ice punctuated by thinner patches of whirling, seaweed-like patterns that crisscross around it as if formed by a living thing.

×

Note posted at UTC on .

No comments