Mac Does Stuff

UK demands access to Apple users’ encrypted data

Image shows the picture of a padlock to describe encryption.

Written by

Mark Coughlan

in

,

This story has been doing the rounds this week, and it’s blowing my mind that there isn’t more noise about it.

Image shows the BBC News Headline 'UK demands access to Apple Users' encrypted data
News headlineScreenshot

The UK is demanding that Apple put in a back-door to their encryption system that would allow the government to view anyone’s data held in iCloud. Not only that, Apple are, by law, not allowed do tell us that’s what the government is doing. I could not be more WTF without turning myself inside out.

The scope of this is also huge – it’s access to encrypted data worldwide, not just for people in the UK. I mean, come on. I see the US has already started to kick off about it.

They urge her to give the UK an ultimatum: "Back down from this dangerous attack on US cybersecurity, or face serious consequences." The BBC has contacted the UK government for comment. "While the UK has been a trusted ally, the US government must not permit what is effectively a foreign cyberattack waged through political means", the US politicians wrote. If the UK does not back down Ms Gabbard should "reevaluate US-UK cybersecurity arrangements and programs as well as US intelligence sharing", they suggest.
Screenshot of BBC News

I can partially – I think, so far – accept that the government’s intentions are not to generally search and analyse people’s data through some form of mass surveillance…but I can’t imagine that conversation hasn’t come up. No doubt using the ‘won’t you think of the children‘ defence.

This idea of opening up a back-door into end-to-end encrypted services is a bit terrifying from a technical perspective and from a general understanding point of view. Do you genuinely think that it’s beyond the realms of thought that a method to exploit that back-door wouldn’t be found…? Or do you think it would only ever be used by the good guys.

I was having this conversation with a few non-techie friends recently (I have some), and they didn’t see the problem. Here’s the thing though, it would mean the government could see their data, but any bad-actor with half a brain would still easily be able to protect their stuff.

The only data this gives the government access to are idiot criminals and every member of the public. Let me explain. 

Let’s say I’m a bad guy, and I want to have a conversation with another bad guy – let’s call him Donald. Now, I want to use publicly available end-to-end encrypted services such as WhatsApp or iMessage, but I know the government has access to that data via their back-door (fnarr).

Oh my! What do I do! Well, I do what any sane person would do and encrypt my data using my own keys before I used that service that the government has access to. Hell, I could use far stronger encryption than was originally implemented in WhatsApp or iCloud anyway.

So where are now in that scenario? The bad guys have secure comms, and everyone else’s data is exposed to the government. I suppose there’s an argument that if the government saw you were using private encryption that you’d stand out, but what are they going to do…outlaw the use of encryption?

This is such a bizarre and unnecessary attack on public privacy, obviously designed and implemented by people who have little idea of how encrypted communications work.

Imagine what other back-doors they’ve asked for – HTTPS for example, for your banking apps or everything else?

Why you’re not furious about it is beyond me.

Comments

One response to “UK demands access to Apple users’ encrypted data”

  1. Apple pulls data protection tool – Mac Does Stuff

    […] recently wrote about how the UK Government had demanded access to user’s data worldwide…. and things have moved on. Apple have not fully complied with the order as far as […]

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts