The Backdoor Requirement
The UK Home Office is requiring Apple to improve its assistance to law enforcement in providing evidence in UK’s legal cases. While this isn’t new with law enforcements around the world being able to require access via a lawful methods through subpoenas and warrants, the difference here is the method outlined in this notice. This requirement from a “technical capability notice” under the Investigatory Powers Act (IPA) would be considered a “backdoor” rather than a legal notice due to its wide overreach. While regular encrypted data stored on Apple’s servers can be unencrypted by Apple, data encrypted using “Advanced Data Protection” cannot be unlocked by Apple, as it’s end-to-end encrypted.
Major Issues with the Request
There are some major issues with this request, and to be honest, its happened before. Many countries like to know what their citizens are thinking and doing on their devices. Australia, US, China, India and others either have implemented some sort of back door or are considering strengthening their access to users data. This request is probably the furthest a country has gone, requesting access to non-UK citizens data.
The demand, issued last month, relates to Apple’s Advanced Data Protection (ADP) service, which heavily encrypts personal data uploaded and stored remotely in Apple’s cloud servers, according to the Post, which said this was a “blanket” request that applied to any Apple user worldwide. The ADP service uses end-to-end encryption, a form of security that means only the account holder can decrypt the files and no one else can – including Apple.
“Don’t talk about Fight Club”
First off, the act of even acknowledging that this notice was sent to a company is considered illegal. It seems to be the first rule of fight club, “don’t talk about fight club”. This is the epitome of government “trust us, we’re the good guys” that continues to make everyone question the legitimacy of government power.
I don’t understand why this needs to be a secret. Yes, there are benefits of not sharing your sources and make it difficult for criminals to operate without looking over their shoulder, but what about the rest of the good, upstanding citizens? It just reeks of guilty until proven innocent, except those that are being investigated don’t know what put them on the watch list in the first place and now have been socially ostracized even if they did nothing wrong. I’m looking at you, six degrees of separation.
Data, then Actionable Data
Governments want to understand and foil attempts of mass killings and other bad things, but come on, unless the UK government has the ability to be proactive, absorbing this much information, much of this TCN will be moot, and a reactive legal method would be required anyway, so why require everyone to reduce their safety and security against bad actors because you want an easier less legally stressful method of doing your job?
Even if this can make it through all the legal loopholes, if ONE bad thing happens, the citizens will be wondering why the government didn’t stop it. They have access to all the data, they should have been able to stop it.
I’d also be curious how this would be admissible in court. “Oh we had a backdoor, and found the information “technically legally” but we can’t talk about fight club. What will it do for the rest of legal structures based on evidence? Can I just say “we don’t talk about fight club” and thats good enough?
Citizen? Non-Citizen? Who Cares!
Lets also talk about the fact that this affects citizens and non-citizens. This is where I’m sketched out. No, the UK can’t decide to access a non-UK citizens data. Not only does that breach so many other laws, what will it do with that data? It’s not like it can act on that information, unless they plan on passing it over to the Five Eyes Intelligence.
Technical Requirements
What about the technical requirements. Yes, Apple can respond to technically legal requests, but as for how much data they can access, its down to how its encrypted. If users enable Advanced Data Protection these requests become a lot more difficult to process since Apple won’t have access to backups like they could if this is not enabled. Either way, if this becomes a requirement, Apple will have to find to work within the confines of this requirement if they follow it completely, or pull out of the country completely. It still doesn’t stop users from just selecting that they aren’t in the UK and enable that feature either way.
It Won’t Happen.
While there is a non-zero chance this will happen, Apple’s built their core business on the privacy of its users.
In other words, it won’t happen.
The problem is the attack on privacy from corporations, governments and bad actors will continue to escalate, and either the dam will break and all the data will be laid bare for all to see, or privacy will be relegated to those who can afford it, government officials who will want to act in their own best interests without recourse, and people who are capable enough to enable it for themselves. IE criminals organizations and technically savvy people, who will end up being criminal organizations in the eyes of the government.
This is not a world of technology that I want to be part of. Privacy is a right, not a privilege. Yes, bad actors need to be caught, but at what cost are we willing to do that? Are we willing to assume everyone's guilty until proven innocent?
Bad actors will always find other methods to serve there purposes privately. Hell, they’ll move back to pigeons and paper if its needed, will the government require all paper stocks and trees to be controlled? Pen and ink? Pigeons?
コメント