U.K. orders Apple to let it spy on users’ encrypted accounts

Original Article ↗ Hacker News Discussion ↗

Scope of the UK Demand and Democratic Legitimacy

  • The order is understood to target Apple’s Advanced Data Protection (ADP), i.e. end‑to‑end encrypted iCloud backups, and would also bar Apple from telling users that protection had been weakened.
  • Several UK commenters reject the framing that this has “democratic endorsement,” noting low vote shares under first‑past‑the‑post and that both major parties (Conservative and Labour) have long pushed expansive surveillance (RIPA, Investigatory Powers Act, key‑disclosure powers).
  • Some argue this is driven more by the security establishment (Home Office, intelligence agencies) than by electoral mandates.

Extraterritorial Reach and Five Eyes Concerns

  • A major flashpoint is that the UK appears to be demanding access not only to UK users’ data but to encrypted data worldwide.
  • Commenters link this to existing Five Eyes practices: allies spy on each other’s citizens and share results, circumventing domestic limits. Many assume US agencies would quietly benefit from any UK‑mandated iCloud backdoor.
  • Others note likely conflicts with EU privacy law, consumer‑protection rules against deceptive security claims, and human‑rights jurisprudence.

Apple’s Options and Credibility on Privacy

  • Proposed responses range from:
    • Disabling ADP (or all iCloud) in the UK.
    • Withdrawing from the UK market entirely and using that as public leverage.
  • Some think Apple has enough market power in the UK to call the government’s bluff; others think the UK could counter with fines, asset seizures, or blocking services.
  • Apple’s past behavior in China and participation in US surveillance programs makes many skeptical that it will hold a hard privacy line if serious business interests are at stake.

Crime‑Fighting vs Privacy and Technical Reality

  • One camp stresses the value of access to cloud histories and backups for prosecuting “ordinary” serious crime (drugs, abuse, terrorism), arguing that many criminals are technically unsophisticated and do use default cloud services.
  • The opposing camp argues:
    • Any backdoor fatally breaks security for everyone; there is “no half‑crypto.”
    • Sophisticated actors can and do use independent encryption, self‑hosted storage, or steganography, so bulk weakening mainly hurts ordinary users.
    • Historical abuse of powers and ratcheting surveillance justifies deep distrust of “we’ll only use it for the worst crimes.”

Technical Details and Workarounds

  • ADP currently is opt‑in and little‑used; by default, many iCloud backups and messaging/cloud backups elsewhere are not end‑to‑end encrypted.
  • Some advocate local, user‑controlled encryption (encrypted local iTunes/macOS backups, tools like Cryptomator, NAS at home) and avoiding large cloud providers entirely for sensitive data.

Wider Political and Civil‑Liberties Context

  • Thread sentiment is broadly that the UK has evolved into a “surveillance‑heavy nanny state,” with anti‑protest laws, key‑disclosure powers, and broad interception authorities.
  • Debate emerges over UK party politics (Labour, Conservatives, smaller parties) but many conclude that, on surveillance, the main parties are aligned.
  • Several see this as part of a global pattern: democracies converging on expansive digital surveillance while legal and technical safeguards erode.