Again, this isn't a theoretical risk. In 1994, Bill Clinton signed a US law called CALEA that required FBI back-doors for data switches. Most network switches in use today have CALEA back-doors and they have been widely exploited by various bad guys. Most recently, the Chinese military used CALEA backdoors to hack Verizon, AT&T and Lumen:

pluralistic.net/2024/10/07/for…

7/

This is the backdrop against which the Snooper's Charter was passed. Parliament stuck its fingers in its ears, covered its eyes, and voted for the damned thing, swearing that it would never result in any of the eminently foreseeable harms they'd been warned of.

8/

Which brings us to today. Two weeks ago, the *Washington Post*'s Joseph Menn broke the story that Apple had received a secret order from the British government, demanding that they install a back-door in the encryption system that protects cloud backups of iOS devices:

washingtonpost.com/technology/…

Virtually every iOS device in the world regularly backs itself up to Apple's cloud backup service.

9/

This is very useful: if your phone or tablet is lost, stolen or damaged, you can recover your backup to a new device in a matter of minutes and get on with your day. It's also very lucrative for Apple, which charges every iOS user a few dollars every month for backup services. The dollar amount here is small, but that sum is multiplied by the *very* large number of Apple devices, and it rolls in every single month.

10/

Since 2022, Apple has offered its users a feature called "Advanced Data Protection" that employs "end-to-end" encryption (E2EE) for these backups. End-to-end encryption keeps data encrypted between the sender and the receiver, so that the service provider can't see what they're saying to each other. In the case of iCloud backups, this means that while an Apple *customer* can decrypt their backup data when they access it in the cloud, Apple itself cannot.

11/

All Apple can see is that there is an impenetrable blob of user data on one of its servers.

2022 was very late for Apple to have added E2EE to its cloud backups. After all, in 2014, Apple customers suffered a massive iCloud breach when hackers broke into the iCloud backups of hundreds of celebrities, leaking nude photos and other private data, in a breach colloquially called "Celebgate" or "The Fappening":

en.wikipedia.org/wiki/2014_cel…

12/

Apple *almost* rolled out E2EE for iCloud in 2018, but scrapped the plans after Donald Trump's FBI leaned on them:

reuters.com/article/world/excl…

Better late than never. For three years, Apple customers' backups have been encrypted, at rest, on Apple's servers, their contents fully opaque to everyone except the devices' owners. Enter His Majesty's Government, clutching the Snooper's Charter.

13/

As the eminent cryptographer Matthew Green writes, a secret order to compromise the cloud backups of British users is *necessarily* a secret order to compromise *all* users' encrypted backups:

blog.cryptographyengineering.c…

14/

Three questions about Apple, encryption, and the U.K.

Two weeks ago, the Washington Post reported that the U.K. government had issued a secret order to Apple demanding that the company include a “backdoor” into the company’s end-to-e…

^{A Few Thoughts on Cryptographic Engineering}

There's no way to roll out a compromised system in the UK that differs from non-British backups without the legion of reverse-engineers and security analysts noticing that something new is happening in Britain and correctly inferring that Apple has been served with a secret "Technical Capability Notice" under the Snooper's Charter:

15/

> Even if you imagine that Apple is only being asked only to target users in the U.K., the company would either need to build this capability globally, or it would need to deploy a new version or “zone”1 for U.K. users that would work differently from the version for, say, U.S. users. From a technical perspective, this would be tantamount to admitting that the U.K.’s version is somehow operationally distinct from the U.S. version.

16/

> That would invite reverse-engineers to ask very pointed questions and the secret would almost certainly be out.

For Apple, the only winning move was not to play. Rather than breaking the security for iCloud backups worldwide, it promised to turn off *all* security for UK backups. If they go through with it, every UK iOS user - doctors, lawyers, small and large business, individuals - will be exposed to incalculable risk from spies and criminals, both organized and petty.

17/

For Green, this is Apple making the best of an impossible conundrum. Apple *does* have a long and proud history of standing up to governmental demands to compromise its users. Most notably, the FBI ordered Apple to push an encryption-removing update to its phones in 2016, to help it gain access to a device recovered from the bodies of the San Bernardino shooters:

eff.org/deeplinks/2016/02/eff-…

18/

EFF to Support Apple in Encryption Battle

We learned on Tuesday evening that a U.S. federal magistrate judge ordered Apple to backdoor an iPhone that was used by one of the perpetrators of the San Bernardino shootings in December.

^{Electronic Frontier Foundation}

But we must zoom out here and consider all the things that led up to Apple facing this demand. By design, iOS blocks users from installing software unless Apple approves it and lists it in the App Store. Apple uses legal protections (like Section 1201 of the US Digital Millennium Copyright Act and Article 6 of the EUCD, which the UK adopted in 2003 through the Copyright and Related Rights Regulations) to make it a jailable offense to reverse-engineer and bypass these blocks.

19/

They also devote substantial technical effort to preventing third parties from reverse-engineering its software and hardware locks. Installing software forbidden by Apple on your own iPhone is thus both illegal and very, very hard.

This means that if Apple removes an app from its App Store, its customers can no longer get that app.

20/

When Apple launched this system, they were warned - by the same cohort of experts who warned the UK government about the risks of the Snooper's Charter - that it would turn into an attractive nuisance. If a corporation has the power to compromise billions of users' devices, governments will *inevitably* order that corporation to do so.

21/

Which is *exactly* what happened. Apple has already removed all working privacy tools for its Chinese users, purging the Chinese App Store of secure VPN apps, compromising its Chinese cloud backups, and downgrading its Airdrop file-transfer software to help the Chinese state crack down on protesters:

pluralistic.net/2022/11/11/for…

22/

These are the absolutely foreseeable - and foreseen - outcomes of Apple arrogating remote control over its customers' devices to itself. If we fault Theresa May's Conservatives for refusing to heed warnings of the risks of the Snooper's Charter, we must be just as critical of Apple for chasing profits at the expense of billions of its customers in the face of warnings that its "curated computing" model would *inevitably* give rise to the Snooper's Charter and laws like it.

23/

As Pavel Chekov famously wrote: "a phaser on the bridge in act one will always go off by act three." Apple set itself up with the power to override its customers' decisions about the devices it sells them, and then that power was abused in a hundred ways, large and small:

pluralistic.net/2023/09/22/vin…

24/

Of course, there are plenty of third-party apps in the App Store that allow you to make an end-to-end encrypted backup to non-Apple cloud servers, and Apple's onerous App Store payment policies mean that they get to cream off 30% of every dollar you spend with its rivals:

reddit.com/r/privacy/comments/…

25/

It's entirely possible to find an end-to-end encrypted backup provider that has no presence in the UK and can tell the UK government to fuck off with its ridiculous back-door demands. For example, Signal has repeatedly promised to pull its personnel and assets out of the UK before it would compromise its encryption:

pluralistic.net/2023/03/05/the…

But even if the company that provides your backup is impervious to pressure from HMG, *Apple isn't*.

26/

Apple has the absolute, unchallenged power to decide which apps are in its App Store. Apple has a long history of nuking privacy-preserving and privacy-enhancing apps from its App Store in response to complaints, even petty ones from rival companies like Meta:

theverge.com/2022/9/29/2337854…

27/

The OG App, an ad- and Reels-free Instagram clone, is pulled from the App Store

The OG App promised an Instagram experience without Reels, recommendations, and ads. Just a day after debuting on the App Store, the OG App was pulled. Meta says it’s taking “all appropriate enforcement actions.”

^{Mia Sato (The Verge)}

If they're going to cave into Zuck's demand to facilitate spying on Instagram users, do we really think they'll resist Kier Starmer's demands to remove Signal - and any other app that stands up to the Snooper's Charter - from the App Store?

It goes without saying that the "bad guys" the UK government claims it wants to target will be able to communicate in secret no matter what Apple does here.

28/

They can just use an Android phone and sideload a secure messaging app, or register an iPhone in Ireland or any other country and bring it to the UK. The only people who will be harmed by the combination of the British government's reckless disregard for security, and Apple's designs that trade the security of its users for the security of its shareholders are millions of law-abiding Britons, whose most sensitive data will be up for grabs by anyone who hacks their accounts.

29/

I'm on a 20+ city book tour for my new novel *Picks and Shovels*.

Catch me in NYC TOMORROW (Feb 26) with JOHN HODGMAN:

eventbrite.com/e/cory-doctorow…

And at PENN STATE on THURSDAY (Feb 27):

bellisario.psu.edu/assets/uplo…

More tour dates here:

martinhench.com

Mail-order signed copies from LA's Diesel Books:

dieselbookstore.com/picks-and-…

30/

Image:
Mitch Barrie (modified)
commons.wikimedia.org/wiki/Fil…

CC BY-SA 2.0
creativecommons.org/licenses/b…

--

Kambanji
flickr.com/photos/kambanji/413…

CC BY 2.0
creativecommons.org/licenses/b…

--

Rawpixel
rawpixel.com/image/12438797/pn…

eof/

Winter Fire

Getting cold enough to start using the fireplace. Chimney sweep came and did his stuff today. Have whiskey, need fire!

^Flickr