Apple appeal to Investigatory Powers Tribunal may be the first case of its type:
Apple reportedly filed an appeal in hopes of overturning a secret UK order requiring it to create a backdoor for government security officials to access encrypted data.
"The iPhone maker has made its appeal to the Investigatory Powers Tribunal, an independent judicial body that examines complaints against the UK security services, according to people familiar with the matter," the Financial Times reported today. The case "is believed to be the first time that provisions in the 2016 Investigatory Powers Act allowing UK authorities to break encryption have been tested before the court," the article said.
A Washington Post report last month said UK security officials "demanded that Apple create a backdoor allowing them to retrieve all the content any Apple user worldwide has uploaded to the cloud," including "blanket capability to view fully encrypted material."
Apple has publicly criticized the law, warning last year that the UK government is claiming power to demand access to the data of users in any country, not just the UK.
Apple responded to the recent order by pulling its Advanced Data Protection (ADP) service from the UK. The optional level of encryption for iCloud prevents even Apple from seeing user data. "Apple can no longer offer Advanced Data Protection (ADP) in the United Kingdom to new users and current UK users will eventually need to disable this security feature," Apple said last month.
"As we have said many times before, we have never built a backdoor or master key to any of our products or services and we never will," Apple also said.
Backdoors demanded by governments have alarmed security and privacy advocates, who say the special access would be exploited by criminal hackers and other governments. Bad actors typically need to rely on vulnerabilities that aren't intentionally introduced and are patched when discovered. Creating backdoors for government access would necessarily involve tech firms making their products and services less secure.
The order being appealed by Apple is a Technical Capability Notice issued by the UK Home Office under the 2016 law, which is nicknamed the Snoopers' Charter and forbids unauthorized disclosure of the existence or contents of a warrant issued under the act.
[...] Under the law, Investigatory Powers Tribunal decisions can be challenged in an appellate court.
(Score: 1) by BigJ on Saturday March 08, @01:29PM (6 children)
So Apple is putting up a fight. What about Google? Have they already complied?
(Score: 0) by Anonymous Coward on Saturday March 08, @01:49PM (1 child)
I suppose it depends upon whether Google offers end-to-end encryption services.
(Score: 3, Funny) by DannyB on Monday March 10, @02:10PM
If Google doesn't have it already, squeak up and demand end to end ROT13 asap.
Stop asking "How stupid can you be?" Some people apparently take it as a challenge.
(Score: 3, Touché) by Username on Saturday March 08, @02:49PM (3 children)
It's controlled opposition. They have backdoor ways into all their products. Would you want terrorists aka customers to know that you have access? That you're giving the cia and mossad access?
(Score: 3, Interesting) by The Vocal Minority on Sunday March 09, @03:22AM (2 children)
What evidence is there of this?
(Score: 3, Informative) by Username on Monday March 10, @04:40PM (1 child)
https://epic.org/documents/epic-v-nsa-google-nsa-relationship/ [epic.org]
It was the third result on google.
(Score: 2) by The Vocal Minority on Saturday March 15, @04:36AM
Sorry, I had read "controlled opposition" to mean that you were referring to Apple as well. The Snowden reporting did seem to indicate that they were voluntarily handing user data over to the American government, contrary to what appears to be happening here (not that the NSA and FBI are necessarily always working that closely together).
https://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/ [washingtonpost.com]
(Score: 2) by janrinok on Saturday March 08, @03:40PM (10 children)
Not much more to say....
I am not interested in knowing who people are or where they live. My interest starts and stops at our servers.
(Score: 3, Insightful) by corey on Saturday March 08, @08:56PM (9 children)
And is why I have an iPhone these days. But I don’t put content in iCloud, other than app songs and backup in case my phone ends up in the toilet one day.
I’m no Apple fanboi, but whenever people throw Apple under the bus of being an anti privacy company (and in the same bucket as Google, a very different type of company), I usually put up a defence citing the time in the US a decade ago where the FBI wanted access to that shooter dudes phone and Apple refused. They ended up getting access via that Israeli company. I figured that was Apple’s true colours. I’ve never heard of Google having the same fight publicly.
(Score: 2) by DadaDoofy on Saturday March 08, @10:38PM (8 children)
"But I don’t put content in iCloud, other than app songs and backup in case my phone ends up in the toilet one day."
You do realize Apple will happily hand over those iCloud back-ups to any authority with a warrant, right? And you are aware iCloud back-ups contain the private key used to encrypt your phone, right? If you want something closer to privacy, back up your phone to a local device.
(Score: 2, Informative) by Anonymous Coward on Sunday March 09, @01:23AM
Isn't the whole point of this article to say that Advanced Data Protection enabled means that private key you mentioned is encrypted from even Apple?
(Score: 3, Insightful) by Mykl on Sunday March 09, @03:39AM (6 children)
While I agree that local backups are more secure than putting something up there into the Cloud, you're wrong about Apple being able to unlock backups. To provide end-to-end encryption for everything but to then have free access to backup files would render all of their security positioning worthless.
(Score: 2, Disagree) by DadaDoofy on Sunday March 09, @01:05PM (5 children)
No, I'm not wrong.
"The encryption keys from your trusted devices are secured in Apple data centers, so Apple can decrypt your data on your behalf whenever you need it."
https://support.apple.com/en-us/102651 [apple.com]
(Score: 2) by janrinok on Sunday March 09, @02:22PM (4 children)
From the TFA:
Did you bother to read the link that you provided?
I am not interested in knowing who people are or where they live. My interest starts and stops at our servers.
(Score: 2) by DadaDoofy on Sunday March 09, @04:26PM (3 children)
"Apple can no longer offer Advanced Data Protection (ADP) in the United Kingdom"
Did you bother to read your own comment? If they use iCloud back-up, Apple's going to have their key.
(Score: 3, Informative) by janrinok on Sunday March 09, @05:50PM (1 child)
But that is only half of the encryption key. Unless they have the actual device they cannot decrypt the content with Advanced Data Protection.
The UK is demanding access to all Apple Phones. Are people expected to hand their phones in each night so that various governments can decrypt their messages. I even highlighted it for you.
I am not interested in knowing who people are or where they live. My interest starts and stops at our servers.
(Score: 2) by corey on Sunday March 09, @10:35PM
Thanks for clarifying that to DadaDoofy. I made sure I had ADP turned on before enabling any backups. And I’m not in the UK.
(Score: 2) by corey on Sunday March 09, @10:39PM
Mate I’m in Australia, but the UK. And I made sure I had ADP turned on before emailing any iCloud services. I did a bit of research and Apple state that they cannot decrypt data with ADP on, and therefore if I were to lose my password, it’s gone and unrecoverable. That’s fine by me.
(Score: 3, Interesting) by jman on Sunday March 09, @01:28PM (2 children)
Since it's Apple's encryption, they know the hash, so can presumably view any content in its raw form.
I'm hoping that hash is their most highly guarded secret.
But, as in U.S. and many country's security apparatus, Apple should have no problem with some form of SCIF, having the entity that wants to view the decrypted content - provided their request is necessary - come, physically to them to view it.
Since this is digital info, Apple could of course securely upload it to any of their offices around the world, then securely delete it after viewing was complete.
And of course, no fishing expiditions. You tell them exactly what you're looking for and why, best time frame in which to look, and if the request is for a valid cause they show you what's found, if anything.
Apple would have their own version of NSA staff who first review based on the search criteria, then provide any relevant results.
They're the ones (rightfully) touting the need for privacy, but since they're also the ones making the privacy possible, Apple must be the stewards of information if their tech is used to commit crimes.
(Score: 2) by agr on Monday March 10, @05:34PM (1 child)
By "hash" I assume you mean encryption algorithm. The ones Apple uses, likely AES, are publicly known and widely available. What is secret is the encryption key used to protect the user's data and that is generated by the user and not known to Apple under their advanced data protection system. Thus Apple has no way to decrypt the user's information. What the UK wants is for Apple to modify their software to secretly steal the user's encryption key and make it available to the UK government on demand, a so called back door. This Apple refuses to do. And the UK wants that backdoor to be built into Apple products sold anywhere in the world, not just the UK. Even the Trump administration objects to that.
(Score: 2) by jman on Monday March 10, @07:22PM
Ah, thanks for the clarification. Yes, was talking about the encryption key, had assumed Apple supplied it, rather than it being created on the device.