U.K. demand for a back door to Apple data threatens Americans, lawmakers say

Original Article ↗ Hacker News Discussion ↗

Scope and Nature of the UK Demand

  • Many see the UK’s move as a “dramatic overreach”: compelling Apple to add an OS-level decryption capability (for ADP/E2EE data), potentially affecting devices and users who never set foot in the UK.
  • Commenters stress this is different from traditional surveillance or lawful access to server-side data: it is a systemic encryption backdoor, not just access to data already visible to a provider.
  • Comparisons are drawn to Australia’s TCN regime, where agencies can secretly order code changes and gag the implementers.

Overreach, Hypocrisy, and Extraterritoriality

  • Multiple comments note the irony: US lawmakers objecting to UK extraterritorial demands while the US asserts similar reach via the CLOUD Act, Patriot Act, FATCA, and global financial reporting.
  • Others cite PRISM, ECHELON, Crypto AG, Intel ME, Cisco “bugs,” and Chinese requirements as evidence that great powers already enjoy backdoor-like access, often secretly.
  • Some argue the UK is merely “catching up” to an already “horrible state of things”; others insist a mandatory endpoint backdoor is a qualitative escalation.

Effectiveness vs Security Risk

  • Security-focused commenters emphasize that any deliberate vulnerability will eventually be found and abused by criminals or hostile states, citing recent hacks (e.g., Salt Typhoon) as cautionary tales.
  • There is debate over whether such access would materially help law enforcement:
    • One side: most criminals are unsophisticated and will keep using default tools, so backdoors will expose 90–99% of them.
    • Other side: criminals adapt quickly and can switch to independent E2EE; the main impact will be on ordinary users and small-time offenders, while increasing the attack surface for serious adversaries.

Normalization of Surveillance and “Thought Crime”

  • Several UK-based commenters say the public largely accepts pervasive CCTV, intrusive laws like the Snooper’s Charter, and social-media-based policing framed around “protecting children” or stopping terrorism.
  • Long subthreads dispute whether the UK has slid into “thought policing” (arrests or police visits over posts, memes, protests, abortion-clinic vigils, anti-royal slogans).
  • Critics see a pattern of chilling speech and logging “non-crime hate incidents”; defenders counter that high‑profile cases often involved incitement, that courts have pushed back, and that similar overreach exists in the US and elsewhere.

Conflicting Legal Regimes and Corporate Options

  • Commenters worry that if each state demands its own backdoor and also bans others’ backdoored systems, global services become untenable.
  • GDPR and EU data-boundary rules are cited as a different kind of “overreach,” but most agree data-access laws (CLOUD Act, UK Online Safety/Investigatory powers) are far more invasive than privacy regulations.
  • Some propose that Apple (and possibly other giants) threaten to exit the UK rather than comply, arguing the UK economy and tech ecosystem are too fragile to risk losing them; others counter that governments historically can and do force compliance, and shareholders might not tolerate large market exits.

Government vs Corporate Privacy Threats

  • One camp argues the central danger is government, not corporations: companies mainly want to sell things, whereas states can jail, bankrupt, or kill. Therefore, the focus should be on stopping governments from compelling or purchasing data.
  • Another camp responds that corporations are themselves powerful, often intertwined with governments, and engage in union-busting, personalized pricing, lock‑in, and data brokerage; privacy “from both” is necessary.
  • Apple’s current posture is seen as mixed: strong marketing around E2EE and ADP, but default non‑E2EE iCloud backups and broad compliance with secret legal orders mean that in practice a large portion of users’ Apple data is already accessible to Five Eyes with little friction.