A back door – a “master key” in this case – is still a back door. Someone still has the ability to snoop on your data. It’s worse in this case because if the “master key” is implemented (and you can bet that Apple would be forbidden to say that they’ve developed one), you are under the false impression that your data can not be decrypted by others.
2 Likes
Agreed. That’s why having non-subject-matter experts (politicians/bureaucrats) make security related decisions/demands in the name of “public safety” is even more problematic. What’s the old phrase (and I’m trying to keep this somewhat clean): “the road to the underworld is paved with good intentions”?
2 Likes
I’d say yes. But turning on ADP requires either setting a trusted contact or adding a recovery key to your account. So losing your only trusted device would require using whichever of those methods you chose - recovery contact or recovery key - to regain access to your Apple account.
See Set up a recovery key for your Apple Account - Apple Support and Set up an account recovery contact - Apple Support
Personally I don’t worry too much about this. I have four Macs as trusted devices, in two different locations, plus my iPhone, a spare “just in case” iPhone that I travel with, and an iPad.
I have not yet set up a recovery contact - the obvious would be my wife, but I just haven’t gotten around to it yet. I do have a recovery key and multiple ways which don’t require access to my Apple account or iCloud to access it just in case.
Note that iCloud Keychain requires that you provide the passcode to one of your trusted Apple devices in order to gain access to the keychain. Hopefully for most of us that is not a problem.
Backdoor has a specific meaning and implication in cybersecurity - it’s a method that would allow someone to bypass authentication or encryption for anything that is stored. One would say that if the UK (in this case) was demanding a backdoor that would allow them to decrypt any blob of encrypted information with just that single backdoor method. This is reportedly not what the UK government wants. What allegedly is being asked instead is that Apple be able to provide decrypted data when asked under the powers of the “snooper’s charter”. It would not be a single method, not a “master key” - Apple would (as they do with any account that does not have ADP enabled now) have their own copies of keys for any iCloud encrypted data. The UK authority would request access to all of the iCloud data for a specific iCloud account, and Apple would be able to provide the decrypted data - not a key to decrypt the encrypted blob. It’s not a single master key for all encrypted data, so if that key was leaked, it would not be useful to the person who acquired it.
As I said, it’s being pedantic to say it’s not a true backdoor - but words have meanings. What the original article in the Washington Post suggested by using that wording was that the UK would have access to all iCloud data on demand. That does not appear to be what the UK is demanding.
Also do not use iCloud for device backups (this really is what the UK intelligence agencies want - what you store in iCloud in files probably doesn’t matter as much). Also don’t sync the Notes app to iCloud, or sync contacts, or calendars, or reminders (if you want those to be secure as well.) Cryptomator would have no effect there, either
Sure. But considering that the original law was passed by a Conservative government and demands are now being made under that law by a Labour government, clearly throwing the old bums out last year changed nothing. Since a new general election doesn’t need to called for another four years, probably the best solution is the one that appears to have been used in this case: leak the details and hope to embarrass the government into forcing a retreat from this demand letter. I have a feeling that it won’t work - not enough people care about this enough to make a political difference.
4 Likes
Joseph Menn of the Washington Post has an update regarding the opinion of the new US director of intelligence.
Bruce Schneier’s take:
“There are other end-to-end encrypted cloud storage providers. Similar levels of security are available for phones and laptops. Once the UK forces Apple to break its security, actions against these other systems are sure to follow.”
And more.
1 Like
Everything has to wind down, too. So movie rentals have to reach the end of the rental period or watching period, all subscriptions have to reach their natural end (tricky with yearly subscriptions if the end is far away),
This has two really bad impact:
- One has to wait potentially a very long time (Nov in my case) - as you pointed out.
- Worse is that some subscriptions will lapse earlier so one has to either do without them until the last subscription lapses (I don’t really want to be without Overcast, its subscription is renewing earlier) or one has to keep renew some subscriptions trying to time all expirations close to each other.
It’s a system which is made to prevent people from changing countries for their Apple accounts. Even being able to just stop the subscriptions and lose the money paid for what remains would be better.
I thought that turning on ADP would disable web access to iCloud, full stop. I learned that Apple designed a method for trusted devices to unlock the data in the news about the UK changes. So now I’m thinking maybe I should turn ADP on.
Is there a TidBITS article that does the usual deep-dive into the pros and cons of turning on Advanced Data Protection?
India’s population overtook China’s in April 2023:
1 Like
Unfortunately this links to Migrate purchases from one Apple Account to another Apple Account - Apple Support which mentions as one condition:
- Make sure both accounts are set to the same country and region for purchases.
So this can’t be used as a workaround to change country.
It seems that the only way is to create a completely new identity and either repurchase previously apps and subscriptions or switch to the older account in the AppStore with the risk that this switching may be blocked for 90 days (hasn’t happened to me so far, getting apps from three countries).
It would be great if Apple would simplify the process for those wanting to migrate their account when ADP is disabled but the number of users with UK account having moved to another country and with ADP on is likely too small for Apple to care.
It has been reported that the UK wanted not just access to UK user accounts or accounts of people in the UK, but global. But if that is true, how would turning off the ADP option for UK users alone be anywhere near sufficient to satisfy these overreaching UK demands? If I traveled to their country right now my ADP would still be active and they’d be as helpless in trying to hack into my account as before. So are they just going to roll over (“ah fish sticks and figgy pudding, guess we can’t pull a quick willy on Apple after all”) or are they going to double down? And if the latter, how would they do that and what options would Apple then have (apart from nuclear, i.e. saying goodbye to the UK market)?
I think anyone would be simply guessing. We just don’t know. As I said before: perhaps Apple is hoping that the publicity this has generated (mostly negative), plus the negative reaction from US intelligence (at least the public reaction - who knows if behind the scenes US intelligence actually wants this), will force the UK to accept this as a compromise they can live with, though if that happens I wouldn’t be surprised to start seeing stories suggesting that UK intelligence services were unable to stop CSAM networks / terrorism / whatever because they lacked the intelligence that would have been available from encrypted iCloud data, because two can play the negative press game.
One possibility is for police/custom officers to force you to disable ADP when crossing the border. Schedule 7 of the Terrorism Act allows police officers to detain anyone entering the UK at the border without suspicion. Not responding to their questions is a criminal offence and there’s no right to a lawyer during this detention. It is supposed to be used to foil terrorist plots but has been used discriminately against Muslims and Kurds as well as antifa and some other activists. Last time I saw its use in the news was when it was used against a French book publisher.
The Financial Times is reporting that apparently Apple is taking the UK to court to fight this clandestine backdoor nonsense. The article is behind a paywall so the best I can offer here is this MR article (released just a tad before the 9to5Mac article) about the original FT piece.
Edit: this here worked nicely to get around the paywall.
1 Like
BBC news article. There will be a hearing on Friday, apparently. Bear in mind that “secret” means only “not in public”. Given that it’s announced on the national broadcaster, it’s hardly a secret any more.
And, of interest only to pedants such as me, he’s not “Lord Rabinder Singh”. If he were a peer, he’d be “Rabinder, Lord Singh”; but as he isn’t, he’s Lord Justice Singh, a judge of the Court of Appeal.
I always correct “Lady Ada Lovelace” to “Ada, Lady Lovelace.”
Also pedantically interesting is that the third Earl of Stanhope, the creator of the iron hand press in 1800 (who released it without patent), is often styled even in his own writing as Earl Stanhope, though he should properly be Charles Mahone, third Earl of Stanhope, or Charles Mahone], Earl Stanhope. Things were apparently looser in 1800!
So is the proper form of address for, say, aging rockers:
Mick, Sir Jagger
Elton, Sir John
Paul, Sir McCartney
…and how about Charles, Sir Barkley?
;-)
No. All three Britons you mention (I can’t comment on Charles Barkley, or even on Barkley Charles) are knights, not peers, and so all are correctly addressed in the vocative as Sir firstname and in the third person as Sir firstname surname.
Their wives are correctly addressed as Lady surname or as firstname, Lady surname. Unless their fathers are earls, marquesses or dukes, it is wrong to call them Lady firstname.
It really isn’t difficult.
2 Likes
Say the Germans about their grammer.
I like the saying that fish don’t notice water as they have been imersed in it all of their lives.
2 Likes
OK, enough of this discussion of grammatical pedantry. It’s all fun and games until someone loses an i.
7 Likes