The UK is still trying to backdoor encryption for Apple users

Original Article ↗ Hacker News Discussion ↗

Device Control, OTA Updates, and Ownership

  • Several argue that as long as OEMs can silently push OTA updates to locked-down devices, any “backdoor” is effectively a front door.
  • Root problem is seen as users not truly owning their hardware: trusted computing, locked bootloaders, and proprietary OSes prevent independent verification.
  • Proposed remedies: fully FOSS OS outside app sandboxes, open hardware specs, reproducible builds, and user-controlled build/deploy chains; others note even that is hard in practice.

Apple, Governments, and Market Incentives

  • Some hope Apple will refuse UK demands or withdraw from the market; others doubt this given Apple’s past concessions in China and general corporate profit motives.
  • One view: capitulating to China is “unique” and strategically unavoidable, but giving in to the UK would create a global precedent and flood of similar demands.
  • Consensus that relying on big companies to protect rights is misguided; this is fundamentally a political struggle between citizens and states.

Advanced Data Protection (ADP) and Encrypted Backups

  • Confusion and debate over what the UK is targeting: encrypted iCloud backups versus ADP itself.
  • Clarified by several: ADP was blocked for new UK users; the current demand focuses on iPhone iCloud backups where Apple still holds decryption capability.
  • Disagreement about how many users actually enable ADP; some claim it’s a rounding error, others push back and demand evidence.
  • Discussion on whether encryption where the provider holds keys is “really” encryption; many say it’s effectively not, at least against state actors.
  • Concern about how Apple could forcibly disable ADP for existing UK users without data loss, and what defines a “UK user” (region, residency, App Store account, etc.).

Cloud, Threat Models, and Alternatives

  • Some say the real step toward “1984” was centralizing personal data in large cloud silos; compelled access via warrants is then inevitable.
  • Safety-deposit-box analogy: provider-held keys trade privacy for recoverability; ADP is framed as the “only you have the key” option.
  • Suggestions include self-hosting and standardized sync protocols so devices can point to user-owned servers.

Legal Compulsion and Civil Liberties

  • UK and France cited as examples where refusing to reveal passwords/keys can itself be a crime, with substantial prison terms.
  • Many express alarm that anti-encryption measures are sold as anti-crime/child-abuse tools while steadily normalizing surveillance, with little public pushback.
  • Some blame poor civic education and public apathy about privacy and freedom.

Who Wants This and Why?

  • Multiple comments argue there is no real democratic constituency for backdoors; demand is driven by security services and intelligence agencies.
  • Others broaden this to entrenched power centers (civil services, media, billionaires), but there’s disagreement over who actually drives policy.
  • Strong fear that once such backdoors exist and are normalized, rollback will be politically and technically impossible.