With all of the other insanity going on, apparently, the UK decided to step up its war on encryption with an order against Apple.
For many years now, there has been a war on encryption. Encryption, of course, is what helps make our digital society function. Without encryption, e-commerce wouldn’t even be a thing. What’s more, digital safety would be significantly harder, transactions simply wouldn’t happen because it would be too unsafe, and it helps protect people from criminals among other things.
For the security establishment, however, the problem is that they can’t spy on your every move so easily. For them, they want unfettered access to everyone’s daily lives right down to the tiniest of details. What’s more, they don’t want pesky annoying things like paperwork or court oversight getting in the way of their big brother ambitions. They long made dubious claims about how their calls is for security reasons, though those claims have routinely not held up. This includes the notorious “missed call” to stop 9/11, the “going dark” claims, and the claim that iPhones are impossible to break into and that Apple refuses to cooperate in all cases.
Still, this effort to do away with personal privacy have been a constant effort for a long time. One effort that has been going on for more than half a decade is the effort to implement a backdoor to all encryption. We noted these efforts to do so at least as far back as 2018, though it wouldn’t be at all surprising if that has been going on a lot longer.
The premise, as they love to tell you, is that the security establishment wants a backdoor to the encryption that only the “good guys” can use. They say that they are all for ensuring the bad guys don’t have access to it, but they are the ones with the right to break that encryption, so only they should be allowed to break that encryption. The problem is, as anyone with any real knowledge about security, is that this is asking the impossible. You can’t create a weakness for only “the good guys” to use. This is because any weakness built in is just that, a weakness. The “bad guys” will, sooner or later, exploit this weakness for their own nefarious purposes.
The response to this logical counterpoint for the security establishment, generally speaking, is that they just need to “nerd harder”. After all, they are smart people, so why not just get a little smarter and break their own encryption for law enforcement? It’s an unconvincing argument because those people demanding “safe” back doors are literally asking for the impossible.
Back in October, this impossibility was beautifully demonstrated when AT&T’s so-called “good guys” only wiretap system was compromised by China via Salt Typhoon and people had their communications spied upon for a considerable length of time which was described as “months or longer”.
This is why there are plenty of security experts who point out that the moment you start intentionally breaking the security, the “bad guys” will eventually find that weakness and endanger us all.
One major front of this war on encryption is the UK which has been pushing this anti-encryption stance hard. In 2023, Signal said that if they are being asked to break their encryption, then they would simply leave the UK altogether. This warning largely fell on deaf ears as the UK’s Online Safety Act became law. In response, several small websites announced that the would be shutting down as a direct consequence of all of this.
As it turns out, the decision to shut down may have been a wise one.
For those sticking around, they are already being asked to break their encryption. One of those companies was apparently Apple. From TechDirt:
In a stunning escalation that confirms our worst fears, the UK government has finally shown its true hand on encryption — and it’s even worse than we predicted. According to a bombshell report from Joseph Menn at the Washington Post, British officials have ordered Apple to create a backdoor that would allow them to access encrypted content from any Apple user worldwide.
This comes after years of the UK government’s steadily mounting assault on encryption, from the Investigatory Powers Act to the Online Safety Act. While officials repeatedly insisted they weren’t trying to break encryption entirely, those of us following closely saw this coming. Apple even warned it might have to exit the UK market if pushed too far.
Security officials in the United Kingdom have demanded that Apple create a back door allowing them to retrieve all the content any Apple user worldwide has uploaded to the cloud, people familiar with the matter told The Washington Post.
The British government’s undisclosed order, issued last month, requires blanket capability to view fully encrypted material, not merely assistance in cracking a specific account, and has no known precedent in major democracies.
Let’s be super clear here: The UK government is demanding that Apple fundamentally compromise the security architecture of its products for every user worldwide. This isn’t just about giving British authorities access to British users’ data — it’s about creating a master key that would unlock everyone’s encrypted data, everywhere.
This is literally breaking the fundamental tool that protects our privacy and security. Backdoored encryption is not encryption at all.
For anyone out there that has any concern about their personal privacy, this should be an earth shattering development. What’s more, it should prompt people to no longer trust any encryption service provided by Apple. Unless Apple makes a huge announcement saying they are leaving the country as a result, or that they are legally fighting this order, then their security services simply cannot be trusted. Not only will the government have access to your information, but anyone out there with nefarious purposes who happen to have the same access – authorized or not.
The thing is, it’s not just me saying these things. Others out there are calling these developments a global emergency. From TechCrunch:
While it’s not yet clear how the U.K. order works in practice — removing Advanced Data Protection would only make the cloud data of U.K. citizens available to law enforcement — news of the order sparked concerns that the security for millions of Apple device owners all over the world could be weakened.
Security and privacy advocates also say that the U.K. could set a dangerous global precedent that authoritarian regimes and cybercriminals will be eager to exploit — any backdoor developed for government use would inevitably be exploited by hackers and other governments.
Thorin Klosowski, a privacy activist at the U.S.-based Electronic Frontier Foundation, also warned in a blog post that the U.K.’s demands will have global ramifications that make the secret order an “emergency for us all.” James Baker at the Open Rights Group said last week that the plans are “frightening … and would make everyone less safe.”
The Computer & Communications Industry Association (CCIA), a U.S. tech industry group that represents the IT and telecoms industries, said the hacks carried out by the “Typhoon” group of Chinese-backed hackers makes it clear that “end-to-end encryption may be the only safeguard standing between Americans’ sensitive personal and business data and foreign adversaries.”
“Decisions about Americans’ privacy and security should be made in America, in an open and transparent fashion, not through secret orders from abroad requiring keys be left under doormats,” the CCIA said.
Chris Mohr, president of U.S.-based Software Information Industry Association, also issued a similar warning, calling the U.K. order “both ill-advised and dangerous.”
“Particularly in the wake of Salt Typhoon, we need policies to make information more (not less) secure,” said Mohr, referring to the China-backed group that targeted phone companies. “We call on the Trump Administration and the U.S. Congress to take a firm stand against this troubling development.”
“The lesson will be repeated until it is learned: there is no backdoor that only lets in good guys and keeps out bad guys,” according to the Electronic Frontier Foundation. “It’s time for all of us to recognize this, and take steps to ensure real security and privacy for all of us.”
What we are witnessing is a worst case scenario unfolding. Government is breaking the encryption citizens use to protect themselves. You want to talk about protecting citizens from foreign adversarial countries, encryption is a critical component to keeping people safe. Yet, the UK government here is doing the opposite and putting people’s lives at risk. Why? So they can also spy on the daily lives of ordinary citizens with as little oversight as possible. It’s a horrible development in the world of security and one we all hope won’t be repeated elsewhere. In these completely insane times that we live in, though, that is totally up in the air.
