Apple's Best Option: Decentralize iCloud

Original Article ↗ Hacker News Discussion ↗

Alleged UK Order & Its Scope

  • Discussion centers on a reported secret UK Investigatory Powers Act order compelling Apple to provide blanket access to iCloud data, including Advanced Data Protection (ADP), potentially for “any user anywhere in the world.”
  • It’s noted that such orders must be kept secret, similar to US National Security Letters, so details and Apple’s actual response are inherently unclear.

Legal Conflicts and GDPR

  • Some argue Apple simply “can’t comply” for EU users because of GDPR and other countries’ privacy laws; others point out GDPR has explicit law-enforcement and third‑country exceptions where “adequate” protections exist.
  • Several commenters think if Apple did comply with a UK global-access mandate, the EU and other jurisdictions would eventually react, potentially making it impossible to serve all markets with a single global cloud design.

Apple’s Strategic Options

  • Options discussed:
    • Flat refusal and risk fines / being forced out of the UK.
    • Comply only for UK users by disabling ADP or adding a UK‑only backdoor.
    • Quietly backdoor everything and rely on secrecy.
    • Restructure: separate legal entities and infrastructures per region (UK, EU, US, etc.), similar to the China iCloud setup.
    • Threaten to leave the UK and turn it into a public “we refuse to spy on you” campaign.
  • There’s disagreement whether the UK or Apple has more leverage; some think losing Apple would be politically disastrous for the UK, others think Apple won’t abandon a large services market.

Decentralization & Technical Ideas

  • Many like the blog’s idea of decentralizing iCloud (protocols like IMAP/CalDAV; user‑selectable or self‑hosted endpoints; Time Capsule–style hardware; “Apple Cloud Edge”).
  • Counterpoint: as long as Apple controls OS updates and signing keys, governments can legally compel it to ship surveillance code; decentralization doesn’t solve the core legal problem.
  • Others note most users would still choose the “official” iCloud due to bundles and convenience, so a UK‑mandated backdoor would still capture the majority.

Politics, Intelligence, and US Role

  • Strong political undertone: UK portrayed by some as authoritarian, surveillance‑obsessed, and using “think of the children” narratives; others push back on exaggerated “failed state” rhetoric.
  • Speculation that Five Eyes partners (especially the US) might quietly favor such an order as a way to access data globally.
  • A minority argue the opposite: that US political leadership could threaten trade tariffs or sanctions to protect US tech firms, forcing the UK to retreat. This is contested and explicitly framed as conjecture.

Impact on Users & Personal Responses

  • Users ask what this means concretely: could authorities silently clone full device backups, access photo libraries, passwords, messages? The consensus: if Apple complies, ADP can be weakened or bypassed without notice; verification would be hard.
  • Some propose abandoning cloud services entirely and reverting to local or self‑hosted backups; others highlight the practical difficulty of replacing iCloud‑style sync and backup for non‑experts.

Apple’s Incentives and Precedents

  • Multiple comments stress Apple’s enormous and growing services revenue (iCloud storage upsells are ubiquitous) and desire for tight ecosystem control; decentralization is seen as against its financial interests.
  • Apple’s past stance in the San Bernardino case is cited as evidence it can resist governments, but many doubt it will take the same risk now, especially given its willingness to accommodate China through a local iCloud operator.
  • One line of argument: complying with a UK backdoor sets a precedent that other governments will demand, potentially creating mutually incompatible legal requirements and making compliance “suicidal” for Apple’s global business.