"The thing is, Apple has made it abundantly clear in no uncertain terms that they will refuse any request by any government to knowingly insert backdoors into their software."
They may say that, and it might even be true, but then again, If they were requested by the US they couldn't speak about it nor refuse without explicit court permission.
In the U.S., gag orders under the Stored Communications Act (SCA) (18 U.S.C. § 2705(b)) and National Security Letters (NSLs) under the USA PATRIOT Act prevent companies from disclosing they were compelled to comply with law enforcement or intelligence agency requests.
Key Regulations:
Stored Communications Act (SCA) – 18 U.S.C. § 2705(b)
Allows law enforcement to obtain a court-ordered non-disclosure order preventing a company from telling users or the public about the request.
Typically applies to subpoenas, warrants, or other legal demands for electronic communications.
National Security Letters (NSLs) – USA PATRIOT Act (18 U.S.C. § 2709)
Used by the FBI to request customer information from telecom companies, ISPs, and financial institutions.
NSLs often come with an automatic gag order, preventing disclosure.
Companies may challenge NSLs in court, but they remain secret unless a judge rules otherwise.
Foreign Intelligence Surveillance Act (FISA) Orders – 50 U.S.C. § 1805
Under FISA Section 702, the government can issue secret surveillance orders, and recipients are prohibited from disclosing them unless explicitly allowed.
Executive Orders & National Security Directives
Certain classified government surveillance programs, like PRISM, may be protected under Executive Orders (e.g., EO 12333) and other national security laws.
Cloud Act (2018)
While mainly about cross-border data access, it allows the U.S. to enter agreements with foreign governments and may include secrecy provisions regarding data requests.
The scariest thing is that PRISM was revealed in 2013 - 12 years ago - thus "the intelligence community" has had 12 years to move this same approach forward. I could be remembering wrong, but the only repercussions for the PRISM leak fell on the leaker: Snowden.
How many people would have to know about it? If they can keep the team that implements it to say, 50 or fewer engineers, it wouldn't be much at all to gag them with an NDA.
Not just an NDA, but probably an NSL[1]-style non-disclosure requirement. How many are willing to go to jail or exile in a foreign country to reveal this kind of thing?
My guess is that, were this to come to pass, the engineers tasked with implementing (and maintaining) it would be located in the UK. That way, if they do get in trouble with this for leaking, the UK's jurisdiction comes into play.
Even as shitty as some say the United States is, no one's being extradited to the UK for violating that. Nor, for that matter, would they be able to much punish them with breach of contract, once people start crowing about human rights violations.
> "The thing is, Apple has made it abundantly clear in no uncertain terms that they will refuse any request by any government to knowingly insert backdoors into their software."
How could you prove fraud in court, if the government has classified all the evidence and refuses to admit any of it happened? The government has gagged them, making it illegal for those managers to even plead guilty!
Great article. Something they eluded to but didn't explicitly call out is the "good guys" I.e. the government who use the law to get access can be bad guys for many reasons.
One is individual actors. See recent cases of how MI5 agents covered up DV using their privileges. Bad people love power, and they just need to get the right job.
Another is a bad government, such as a repressive controlling style government gaining control and having everyone's personal data in a lake.
I think thats the right mindset to have in cases where power increases.
I’m really exhausted with this sovereign citizen crap, but when the government is trying to accrue more powers its worthwhile asking what else can be done with it.
For a prescient example: my mother welcomed policies that made protesting more-or-less illegal. “Just Stop Oil” had been doing a lot of nuisance things and she felt it justified. As did the right wing.
Now, when the far-right started marching[0] she was horrified to learn the extent of the new powers and said it was orwellian.
I use her as an example because I think HN leans left, but it will be the right wing folks who dislike government most. Obviously as a left winger myself- when the right wing government was installing anti-protest measures I was horrified, and was much more keen to point out they it could be used against people like my mum.
The government aren’t your friends, they are either changable- meaning all rules have to be solid enough to be used fairly even if the ruling party changes a lot, or: you’re living in something other than democracy, which is largely considered bad.
People are massively choosing sides, colours, flags, identities. It's not about left or right. It's about personal opinions and identity, and one side having the power to violently disagree with you, to the point of no recourse. It does not matter if it's a left or right boot that stomps you in the face.
I see the same thing in my parents, where actions become scary when "the other side" does them. It's a myopic arms race to the bottom of rational understanding.
The trouble, I think, isn't that the left is worried about government power. It's that they're infatuated with its potential to dole out all sorts of entitlements and welfare. It's not so much that you won't want it to have the ability to limit protests, it's just that you want to make sure your guys are in charge first and that they're limiting protests you dislike.
>I’m really exhausted with this sovereign citizen crap,
I couldn't ask for a better example of my assertion above. For the moment, ignore their lunatic legal theories (rarely can one win cases in court by insulting judges and dismissing their powers to adjudicate). Their sentiment, at least, should be something you're sympathetic for. These aren't people who are disposing of liquid mercury in the local river or selling children to the coal mine as slaves. They're goofballs who want to drive down the road with their own homemade license plate. Rarely, if ever, do you read a story where they're doing something dangerous or harmful. Instead, it's always about them flaunting an attitude that the government shouldn't have power over them in the mundane activities of daily life. Despite that, they're among the most-hated of outgroups among the left. Why? Because when the fringe left is in charge, someday in the near future, it will be just as embarrassing to them that the sovereign citizens give them no respect as it is currently to the not-leftist-enoughs in charge now.
Democratic governments start good, then, operate through the only hammer they have: legislation. After a few decades, there are more things one cannot do than can do without lawyers, committees and councils breathing down your neck.
So the people get restless, and want to tear it all down, in the hope that we can start again fresh.
But I agree with the gist of it. Right now there are no democratic governments that are good for people. We live in barely disguised oligarchy run by thieves, imbeciles and sociopaths.
As an immigrant to Britain, I am appalled to see how fast inept legislators keep making things worse every time they try to fix them, and how the average voter keeps voting for the parties with the silliest and most destructive of ideas. I am so glad to be out of this place in the next few months. Looking forward to Reform to completely destroy the little that's left; hopefully a better place will rise out of the ashes. See you in 30 years, Britain.
That's a very wrong reading of history. Our democracies didn't "start good", slavery was legal, workers had very few rights and strikes were brutally broken by a police whose only job was to protect the interests of the aristocracy turned bourgeoisie. The weight of a country's law book is no indication of the freedom of its citizen.
Our period of instability has been brought upon by a discontent stemming from ever increasing economic inequalities. This isn't the first time it happens: look at the 30s. Europe turned to fascism and was demolished by pointless wars, America turned to social democracy with FDR and the new deal, and became the first hyperpower.
I am firmly in the camp that democracies are tolerable because they're the least worst of other alternatives. But they're very far away from any notion of good. They're pretty terrible and exploitable. They don't provide any practical countermeasure against greed, lies and general stupidity, which are very real human behaviours.
There are effective ways for large populations to organize and fairly delegate power amongst themselves with the goal of efficient resource management and maximizing collective benefits. But it first requires that said population understands the working of said organization and have an objective idea of the trade-offs at play.
1993 — feels so far away now. Even us techies have become either posers or corporate lackeys, and no one is left to fight for privacy in the digital space.
> Even us techies have become either posers or corporate lackeys, and no one is left to fight for privacy in the digital space.
I have a feeling that this depends a lot on the country:
In the USA, there is now big money to be made in programming jobs, so a lot of people have become what you call "posers or corporate lackeys". Money makes it easy to look away from mass surveillance.
On the other hand, in Germany, you can live off of being a programmer, but you very likely won't become rich this way. Additionally in Germany there is, based on the experience of two dictatorships on German soil in the 20th century (where the crimes of the GDR have barely accounted for), much more of a privacy culture at least in some circles than I observe in many other countries.
The crazy thing with allowing for backdoors is that the most capable or trusted advisaries get in first, aka: other nation states and former employees.
Yeah, almost makes you wonder who's actually behind it. Wouldn't be a bad political psyop for a UK/democracy adversary to go after.
If the intelligence agencies don't know that their own tools can and will be used against them (and all the data on their own citizens they've kindly gathered for their adversaries) they are willfully ignorant. No excuses.
This is political move, quid pro quo just like everything else. I wonder what UK got in exchange for some public heat (maybe not that much since common folks font care about this)
They haven't given anything. We've moved from a government of looney idealogues to a government of insecurity. Labours' actions can be pretty well understood as a need to be taken seriously by the Very Serious People, be that finance, big tech or the security services.
There's really no need to be conspiratorial about this. Law enforcement has always had a way of reading your communications, and the Uk government believes that shouldn't stop because e2e is becoming the default. Nobody is blackmailing them.
It's not that they don't understand it's that they don't care. The UK doesn't really respect the right to privacy generally.
Walk down any street in the UK you see multiple CCTV cams watching you. Buy something at the supermarket and you'll have at least 1 or 2 facial recognition cams put in your face. The police routinely deploy facial recognition software on random passers by in the street and monitor our social media posts to ensure no one is saying anything hurtful. On entering the UK border police can detain you without grounds and force you to answer their questions (you have no right to silence). They can also force you to provide them with access to your personal devices and if you don't cooperate you'll be charged as a terrorist. They can (and do) legally use this power for arbitrary reasons all the time.
In light of this the idea that the UK would be concerned that someone's iPhone data isn't kept completely private is absurd. This just isn't a concern of the UK state. The concern is that people currently have too much privacy and we cannot be trusted with that.
When I saw the headline I thought, "what click-baity hyperbole is this now?" That was the attitude I had when I went to read the story, then I got to this part:
> and while I always encourage readers to explore other options by privacy-first companies, I (among many other privacy enthusiasts) still touted this as a win for giving the everyday user an easy, effective way to protect their data.
Actual. Nuance. It's been a few weeks since I've seen that in my feeds.
Isn't Apple doing client side encryption? It sounds like there is a key kept in the phone that is used to encrypt the stuff in the cloud. I am not seeing more than one "end" here. What aspect of their scheme causes the article to refer to it as "end to end encryption"?
I think this is important because the UK is effectively cracking down here on the very idea of keeping things private. We don't have to bring messaging into this; this is a case of an individual attempting to keep their personal stuff to themselves. Most people would consider that a perfectly normal thing to be able to do.
I think it's actually valuable to hear from one of the former Tory ministers who was in favour of the bill says[1]. I don't necessarily agree with him, but it's interesting to hear he essentially argues that you don't have the security you think you do. If a bad actor wants to pwn you they'll do it on your device and you can't stop them. I think that's broadly true of some actors. If you personally are being targetted by a motivated opponent then yes, they will likely target your personal device first and then encrypted cloud is essentially moot. It's also an interesting idea to not say "We need this to tackle CSAM" but instead to say "We need this so that these companies can't enable CSAM whilst claiming to be unaware" - I think on a practical level that does hold more water.
At the end of the day though, he doesn't address the clearest problem with these backdoors which is that the payoff value of being able to blanket unencrypted cloud data is of such high value it's extremely likely to get exploited, and for the average person you're more worried about being exposed as part of a broad attack on infrastructure not a targeted attack on your individually.
It's also pretty difficult to give credence to the idea that they need this tool to tackle CSAM or organised crime. The reason you can't believe that is because they don't tackle CSAM or organised crime by and large. The UK government simply hasn't prioritized policing that, so we're not in a context of "we're doing all we can but we need more powers", we're in the context of "We can't be bothered, curtail people's rights so our job is easier". I'm sure Apple is not in favour of CSAM, but Apple isn't a member of the British police responsible for investigating and tackling CSAM, why are we trying to recruit them to be?
I don't think that's very persuasive. Targeted compromise of iPhones is incredibly expensive, and relatively hard for mere criminals to access. If that's the only way for a bad actor to access your data, you've instantly taken everyone but the most wildly sophisticated (and wealthy) criminals and state actors off the table.
Meanwhile iCloud backups are available not only to sophisticated folks who can compromise Apple's servers, but also to anyone who can social-engineer a password recovery flow or bribe an Apple customer service agent.
Second, re: CSAM, the iCloud ADP system is focused on backing up your personal devices. It is not designed to share data with other users. So a criminal can have CSAM on their phone and simply turn off iCloud Backup (and thus be "invisible") or they can use ADP. The two things are equivalent, and both assume a sophisticated user. I'm sure there's some bizarre and painful scheme where you could use ADP to distribute CSAM to other folks, but there are many easier ways to do that. Once you grant the CSAM point, you're just saying it's necessary for all personal device data to be constantly available for search by the government. (And while I disagree with that opinion, it is an opinion and should be fully fleshed out.)
> If a bad actor wants to pwn you they'll do it on your device and you can't stop them. I think that's broadly true of some actors.
I mean that is correct in the literal sense. Both Google and probably Samsung can hack my device remotely by remote code execution via targeted updates. So American and South Korean authorities.
But I don't think any "bad actor" could do it?
Like, the Foobarland police. Is that a reasonable take?
I flat do not trust that the motivations for the legislation are what the government says.
The UK has a history of covering up child abuse by establishment figures, not least Prince Andrew. They are not actually concerned with preventing child abuse.
Successive UK governments have tried to remove or weaken encryption over the years since the 90's. There have been a succession of excuses, but mostly "think of the children".
The various MI* agencies have said publicly that they cannot carry out their duties (that of spying on UK citizens) while E2E encryption is available.
IF they had the courage of their convictions they would just lay out their case for a society with no privacy, have the argument, and accept the conclusion. But I realise this is politically naive.
The thing about weaponising child abuse to destroy democracy and privacy, is that no one can openly protest against it, because who the hell is against protecting children from abuse? Especially in Britain, where the spectre of child abuse happening basically in plain sight, is still fresh in anyone's mind (Savile & co.)
Child abuse is the trojan horse. Any resistance and fight for privacy has been on a ticking clock since legislators discovered they have the ultimate weapon to pass any form of anti-democratic regulation. Slap "it's for the children!" on top of it, and the masses will applaud and cheer for more spying and more profiling by the government.
Couldn't we ask same thing about financial fraud. That is should government have AI to scan every single message send by everyone to see if they are responding to some scam? Maybe direct those matching certain criteria automatically to teams of people who are allowed to read through that correspondence?
That too would be doing something. And maybe even net benefit for many individuals.
But that's expanding government's role even further to cover even more forms of abuse. Are you saying "if they're going to scan for CP they might as well scan for fraud too"?
On tech forums you're supposed to pretend that child abuse doesn't exist and that it can always be waved away as an excuse. Granted, once they have the ability to snoop they will, but it's a legit reason in this case.
The vast majority of CSAM, terrorists and criminals don't practice any Infosec at all. Even if that were the case, just because someone uses a particular technology for nefarious means that doesn't mean I or anyone law abiding shouldn't have the right to use said technology.
In most Western countries, you don't have many choices these days: conservatives, conservatives disguised as Liberals, the idioticly popular populist party that sets the agenda because it tops the polls, the crazy far left. Any in any case it's always the blue Tories or the red Tories that win.
To quote a Spanish punk band, en esta democracia, siempre gobiernan los mismos,
solo cambia el maquillaje.
> They are not actually concerned with preventing child abuse.
Wasn't Starmer even part of the political forces trying to cover abuses up? To not "rock the boat" or something like that?
You don't need to marry Musk, but I think he was on point here. Their surveillance ambitions are clear as well, because negative press is of course unfortunate.
> The UK has a history of covering up child abuse by establishment figures, not least Prince Andrew.
Can we please reference Jimmy Saville instead? Jimmy Saville is an entirely deplorable example of what it is that you're getting at and he got away with blatant and horrific acts until he died.
Conversely Prince Andrew is a crap example because what he is accused of (sex with a 17 year old in London in 2001) is actually entirely legal in the UK (age of consent is 16). So to hold him up as a prime example of a problem is just an Americanism.
> Can we please reference Jimmy Saville instead? Jimmy Saville is an entirely deplorable example of what it is that you're getting at and he got away with blatant and horrific acts until he died.
> So to hold him up as a prime example of a problem is just an Americanism.
These girls were trafficked and groomed by Epstein and Maxwell. Even if the woman was older it would still be deeply immoral as these girls/women were trafficked.
Even if it isn't child abuse, they will put up someone abhorrent that you have to defend the rights for, these are usually boogiemen like Islamic Extremists, Neo-nazis, Misogynists etc.
There is plenty of information available about Prince Andrew's relationship with Jeffrey Epstein and even a photo of Prince Andrew with his arm around the young girl in question. Even the Royal Family have tacitly admitted this by essentially socially ostracising e.g. removing him from official events.
Having a friend turn out to be (very) dodgy isn't evidence you are a child abuser. Not to mention the lass the accusations surround was 17 and therefore not a child.
Far too much internet hysteria and not enough facts.
With time privacy is getting more and more difficult to the point where I'm not sure you can/will have real privacy living life normally so releasing the dirty laundry of everyone will even the playing field to where everyone's at least a bit of a freak but we hopefully just accept it since we're also not who we are on Linkedin.
While true privacy is probably optimal I've been quite curious about the idea of a "no privacy society" recently and the more I think about it the less of a terrible idea it seems if it keeps getting more and more difficult to maintain privacy for normal people and especially in the realm of politics.
If you know everything about the people high up they can't really be blackmailed and I'm not really sure anyone would care that big shot X enjoys gambling or some kinky sex once in a while.
tl;dr: If privacy is/gets impossible to maintain for normal people it might be worth just displaying everyone's dirty laundry so no one can pretend they're saints from their elaborate privacy castle. No idea how you'd go about implementing it realistically. It's mostly a shower thought.
Does anyone know any good discussions in that direction?
This is a law for the peasantry not the nobility. Due to international treaties (e.g. Five Eyes) it'll allow federal agencies in the United States to spy on US citizens using the UK as proxy.
The greatest irony is that Western societies are slowly becoming the dystopia they once accused China of being and evidently nobody cares.
Yeah. That's the implementation issue. It'd need to go top->down somehow.
And I wouldn't say nobody cares. It's just that a lot of what's happening is quite technical for normal people and in many countries you can't even really do much about it. At this point you're getting bent over by your government, other peoples governments, awkward techbros with visions, weirdos with business plans, etc..
> It's just that a lot of what's happening is quite technical for normal people
What's the point of news media if not to explain these issues to the general public in a way they can understand? If we lived in a free and open society that values personal privacy and opposes government overreach, this would be prime-time news, plastered across the front pages of every newspaper.
I don't see a practical difference between what's happening here and what's happening in China, except that the Western world is considerably more nuanced in how it controls the (global) narrative. We've been living in an Orwellian nightmare for a long time.
The Salt Typhoon example doesn't seem relevant, as it looks like it's down to unsecured routers?
One more relevant question on this would be something like internet connection records, which when they were introduced everyone said would definitely get leaked.
Not true however and contradicts itself later. They have inserted backdoors, the backdoors exist. Them holding the keys to it does not magically make it not exist.
Since ProtonMail was mentioned in a context, I wonder what is the fate of the Proton infrastructure in UK, also having encrypted storage of various items similar to iCloud. And the alike (Tresorit, ...). Are they the next?
Although it is only partially parallel topic but my current pet peeve about the generic true uninterest of data safety in the UK is the practice of property agents requesting full set of data only necessary at the time of contract - or not even then, like the name of your children - just to start talk about viewing a rental property. Not for the viewing, not for applying for tenancy, no, before even talking about if there is available timeslots for viewing. First reply from them: fill this (very long) form. Some even ask for recent credit check reports uploaded on sending in interest for viewing opportunities. And people comply on masses without apparent hesitation. Years of degrading practice (8 years ago it was much different and less privacy intrusive) means several hundrends of thousands (millions?) people's deep personal data is flowing around in unencrypted emails or forms stored in the third party system (not even at the property agents) the agents dedicate for this purpose, very very fragmented in procedure and solutions and granularity. Apparently there is no objection of the masses as this is a practice property agents escalated to this level claiming "industry practice" when trying to complain. Feels like being alone, refusing, then being refused - I know, I am problematic not handing over all my data on first ask. I wonder what the Information Commissioner's Office will say about the matter. I reported one of the many cases. Only out of curiosity as the matter will be mute not only because of the 16 weeks turnaround for comment - 8 are already passed, and by then we will be out of the UK, for other reasons too - which is awfully slow for anyone affected but by the extent of uninterest for privacy from the UK masses. Property agents are just one tiny part of the pattern actually, asking for your data as the first move is a generic thing from almost all services I came accross. A representative example: - How much would this cost? - What is your name, phone number, address and email address? - the question comes instead of an answer despite that the price depends not the slightest on those data. And this is working this way for very long time. I have a bit of scepticism about if the UK population would ever fight back - risking put into the group of pedofiles by public opinion. I can imagine more arguing for it. As 'Good people have nothing to hide' principle. The "Get Involved" links are for the idealistic ones alone.
>While there are no doubt a handful of evil people who would abuse E2EE to better cover their harmful tracks, it also benefits ordinary, law-abiding users by giving them a huge defensive boost against data breaches, massive data collection, unchecked mass surveillance, and a myriad of other threats online
Very few people care about such things.
Or rather, very few people understand such thing well enough to care about them.
It goes deeper than that in the UK. There's a large (and electorally powerful, as they're often older) proportion of the population who want, no expect, the government to step in and regulate social harms, and has a genuine belief that the good outweighs the harms.
Unfortunately as a nation our culture appears to have shifted away from taking personal responsibility for anything. It's always someone else's fault now. Some else's responsibility. Someone else's job.
I have seen many comments that this has become worse since the isolation period caused by COVID. I tend to agree but I also think it goes deeper than that. We have some problems in our society that have been festering for much longer and have root causes like inequality, lack of opportunity, and a lack of constructive facilities and positive role models.
I hear a lot from friends who work in education about children coming to school with profoundly disturbing attitudes and other children who have experienced nasty forms of abuse. And yes - absolutely the schools and the government should push back against problems like bullying and misogyny and racism where they can.
But maybe the answer here isn't just trying to lock up this week's negative social media influencer or introduce unusual and potentially dangerous concepts like regulating online content that is "harmful" yet not illegal or expecting governments to spy on us all and interfere in our lives more often. Maybe we should first be asking why so many kids think they have nothing better to do than spend all day watching that nasty online content in the first place. Maybe we should be asking why so many kids are given unsupervised and unregulated access to ideas they aren't ready to deal with yet.
That's about education and children but you can pick almost any hot button topic and find similar examples. Try immigration or people who live entirely off state benefits. You can find plenty of examples where people advocate for papering over social problems but there's a sad lack of discussion about properly fixing the cracks underneath. Those are the real social harms we should be trying to reduce. Unfortunately their perpetrators are often among the first to assume it must be someone else's problem.
> Unfortunately as a nation our culture appears to have shifted away from taking personal responsibility for anything.
That's as old as hierarchy. The Hillsborough disaster was in the 90s: every one tried to shift the blame. The different sex abuse scandals (Rotherham, Rochdale, Telford etc.)? Same shit started early 90s and still going on with looking for people other than police to blame.
I think that it's not just on that scale anymore though - it shifted to affect literally everything in your personal sphere too. Dropped the knife and hurt yourself? Blame manufacturer for making such slippery handle! Drove without adjusting speed for the conditions and ended up in a hedge? Better complain to the local council for not setting the right speed limit! Failed an assignment at school? It must have been badly written!
I could keep going and going and going. It's so incredibly rare to hear "yeah that's my fault" nowadays, the first reaction is almost always to immediately blame anything else as if it's a magic get out of jail card(because actually, it is a lot of the time).
> There's a large (...) proportion of the population who...
That's sadly true in a lot of places. Throw in all the optimism vigilantes - who react badly to any suggestion that the police & justice systems aren't straight out of some "Happy Sunshine Good Guys" children's book - plus all the folks who are trivial to stampede with claims that the gov't somehow needs Yet Another Power (to fight pedophiles, terrorists, or whatever pushes their buttons), and the convenient de-emphasis of history in recent decades...
Yeah. Outside of those currently being beaten with the short & dirty end of the stick, freedom has very few supporters.
> Here’s a poll from 2019, showing 91% of the US cares:
This is a wrong poll, because "privacy" is too broad of a term to meaningfully to assess. Privacy is a "good" thing, so people, of course, respond "I care" because they want to feel good about themselves and care about good things. In reality they don't understand what privacy is and at what price or comes (in terms of inconvenience).
>Support for increasing regulation was at about 71% then and still is.
That's even better. I remember GDPR being legislated, and everyone was extremely fascinated by how much it "protects" the users, and literally a few days after GDPR came into power, my messenger company blocked me with the following message: "according to GDPR, we must keep your personal data private and secret, and since at the moment we don't have any of your personal data, we can't keep them secret, so we're blocking you. Please, upload a photocopy of you passport by following this link (link) to get unblocked".
Again, the word "regulation" is perceived as a "good thing", because the opposite of "regulation" is "chaos, anarchy", and people are afraid of anarchy. If people actually understood what "regulation" means, support would have been way way lower.
Of course people care about 'privacy'. It would be more interesting if the poll asked something like "Do you care more about privacy or what a Kardashian had for breakfast?"
> very few people understand such thing well enough to care about them
Even understanding the risks, there's little that can be done about it.
Use a credit card? Need a mortgage? Care about discounts when buying groceries? Have friends that post photos on social media? Live in a small country?
Privacy is simply unavailable if you want to live in a modern society.
Privacy is simply unavailable if you want to live in a modern society.
I think that's unnecessarily defeatist. Privacy has never been a black and white concept. We all share some information with some other people for good reasons.
The big change with modern technology has been how easily information can be collected at a massive scale and how many people end up with access to that information and for what purposes they can then use it. Almost none of this change was inevitable or necessary to function in a modern society. Governments could step in to legally regulate the businesses making a fortune off data capitalism any time they wanted to. They just haven't.
A cynic might suggest that this is because those businesses have made an awful lot of money. Some of that goes back to the governments in tax revenues. No doubt some of it also goes back to the politicians in campaign contributions.
A different cynic might suggest that our governments are typically made up of career politics/media/economics types who are woefully underequipped to even understand the capabilities and implications of the technology that has become such a core part of our lives in the past 20-30 years and so almost totally fail to perceive or mitigate the threats it poses.
We already have some well-intentioned data protection laws in the UK and some more that we inherited from the pre-Brexit EU GDPR. But their implementation has not been very effective at challenging the culture of harvesting whatever personal data businesses can and then attempting to monetise it. Meanwhile like any regulation they introduce a compliance cost for everyone.
A better attempt in the same spirit but written by people who actually knew what they were doing and enforced by people who had both good intentions and sufficient resources could undermine a lot of the more toxic practices that have built up since the likes of Facebook and Google made planetary scale corporate surveillance a thing.
We could get a long way just by banning two practices - keeping or using personal details provided to make purchases for anything other than administering those sales and incorporating phone-home surveillance into physical products where that surveillance has nothing to do with why a normal customer would buy that product (think TVs, laptops, or cars).
It would also help if governments could lead by example on this issue. They necessarily deal with a lot of sometimes sensitive personal data. They - not just national/federal government but all the spin-out agencies and more local forms of government as well - also have a tendency to abuse data collection powers granted to them by broad surveillance law for debatable reasons.
>We could get a long way just by banning two practices - keeping or using personal details provided to make purchases for anything other than administering those sales and incorporating phone-home surveillance into physical products where that surveillance has nothing to do with why a normal customer would buy that product (think TVs, laptops, or cars).
Don't get me wrong, but I don't believe that the government can do anything good in this respect.
The only thing they can really do is to try to make data hoarding less profitable than it is now.
For example it should be not just perfectly legal, but encouraged to scrape and repost bigtech data elsewhere. So that if you're unhappy with Google keeping your data on Google drive, you could switch to another cloud provider and they would already have all the same data.
That is, instead of going from "all your data is supposedly protected, but actually not" to "all your data is private", we should go from "all your data is supposedly protected, but actually not" to "all your data is public, deal with it".
The only thing they can really do is to try to make data hoarding less profitable than it is now.
FWIW I think this is a very practical response far more often than people realise. "Follow the money" is advice as old as money itself. Making behaviours we don't like unprofitable is one of the most reliable ways we have ever found to guide commercial organisations away from those behaviours.
For example it should be not just perfectly legal, but encouraged to scrape and repost bigtech data elsewhere. So that if you're unhappy with Google keeping your data on Google drive, you could switch to another cloud provider and they would already have all the same data.
Again FWIW I agree with busting the data hoarding walled gardens and supporting data portability. I couldn't disagree with you more strongly about making it all public by default but I also don't think that's the only way to solve the portability problem.
If you're arguing that GDPR was poorly implemented and often did more harm than good then I'm afraid you're preaching to the choir here. It is one of my go-to examples of where I do believe that governments should be regulating the potentially harmful behaviours of organisations to protect the little guy but the people who wrote the actual rules we have today didn't really understand the problem or the possible solutions and they blew it.
that's why I have long maintained CCP is the biggest threat to all citizens currently living in relatively free societies right now. Our democratic governments are only seemingly disgusted but whoever holds real power are ENTICED "what do you mean with these new tools and policies you've kept a billion people under control"
The CCP first and foremost keeps control by keeping their people happy, and controlling the narrative in such a way that the people are happy.
Surveillance in China is a Damocle's sword at worst - hardly used in an enforcement capacity, transgressions (like using VPNs) are mostly ignored, and it's very easy to slip through the cracks. Everyone is breaking laws all the time - they're a tool only selectively used. Police will look the other way as long as you don't force their hand. Funnily enough you don't even need a surveillance state to create bullshit laws that you selectively enforce. They made a surveillance state... and don't really use it.
I'm more afraid of surveillance states in a western countries, because they have a much better track record of consequently enforcing laws as written. If they make it illegal to say bad things about the party and use encryption, you can be sure enforcement will go beyond just silently deleting your critical Facebook post and killing your SSH connection. They'll throw the book at you.
> Surveillance in China is a Damocle's sword at worst
> Police will look the other way as long as you don't force their hand.
This is a recipe for massive corruption. Selective enforcement allows low-level bureaucrats and law enforcement officers to "decide" to enforce the law based on criteria like "has this person paid me this month".
A consistently-enforced surveillance state under a democracy is "better" in the sense that its injustice is more obvious to the electorate and there's at least a chance to repeal it at the voting booth.
...is an accurate description of "prior restraint".
The government (in the US at least) isn't allowed to discriminate based on the content of your speech even if it goes against "controlling the narrative in such a way that the people are happy". IIRC, the burden is on the government to prove the censorship is the result of a compelling public interest and there are no lesser solutions which can be employed.
> Police will look the other way as long as you don't force their hand.
They usually don't need to look the other way because people will do it secretly not talk about it openly and most people by a mile would never even use it (because it is illegal and most people don't want to do illegal stuff unless it's necessary and it is not necessary)
You don't need to enforce laws strictly to create an obedient population that does not dare think, you just need to have those laws and do a few show trials
> They usually don't need to look the other way because people will do it secretly not talk about it openly and most people by a mile would never even use it
Let me know when there are people talking about VPN [edit: for accessing censored information] as VPN (not masking with euphemisms) under their actual name on a popular website which is not banned in PRC and so not only used by the people already on VPN in the first place
> how do you think companies which has international business operate in China? how they communicate with their clients how they advertise in YouTube?
I actually happen to know. They have subsidiaries in HK and elsewhere.
> how developers of Microsoft in China pull their docker images?
That their employees use VPN is true. I did not write precisely. iirc like in Russia using VPN for "technical purposes" is actually legal. Using it to access censored information (which is what we are talking about) is not. So if you are not an IT worker and have no excuse and you use VPN to use Twitter... THEN police would have to look the other way. How often does that happen? Probably almost never because people would not shout about the fact that they do it
Not secretly, at least in terms of "翻墙" (circumventing the GFW). It is commonly talked about in mainland chatgroups and on websites, sometimes with euphemisms (e.g. "科学上网" (surfing the web scientifically), etc.), but no one really bats an eyelid when talking about it.
In any case, I find it amusing that the case of UK disallowing E2EE could come back to CCP so quickly. Maybe without the example of CCP, other governments wouldn't realize the greatness of censorship? /s
Source: being a native who lives in mainland China.
And in case people think this is just propaganda, I can vouch for this as someone that lived in China for a few years as a foreigner and currently live in the UK.
Everyone does it, it's normal, even police do it… I am much more concerned about going afoul of the government here in the uk than back in china
If you are in a tech savvy bubble everyone uses VPN. Sometimes because your job requires it (which makes it legal). Outside of it no regular person uses VPN. Guess which circle has more people.
Police is a bad example because they obviously can do whatever they want that's not even a question. What are they gonna do put themselves behind bars?
You just literally supported my point that people talk about it secretly. They talk about VPN anonymously and/or using various terms that are not "VPN" or its Mandarin equivalent.
The term you gave as "circumvent the GFW" actually literally means "climb over the wall". Guess which one is illegal. Yes double meaning words are famous in PRC just like in USSR and this basically illustrates what I mean. You need to be in the know, in the circle or bubble to even understand what is talked about
> in mainland chatgroups and websites ... no one really bats an eyelid when talking about it
Techies talk techie things. There are more non techies than techies. My point is from police's perspective 90% of the people they deal with don't use VPN.
"The thing is, Apple has made it abundantly clear in no uncertain terms that they will refuse any request by any government to knowingly insert backdoors into their software."
They may say that, and it might even be true, but then again, If they were requested by the US they couldn't speak about it nor refuse without explicit court permission.
In the U.S., gag orders under the Stored Communications Act (SCA) (18 U.S.C. § 2705(b)) and National Security Letters (NSLs) under the USA PATRIOT Act prevent companies from disclosing they were compelled to comply with law enforcement or intelligence agency requests.
Key Regulations:
Apple can state all they want, but since the disclosure of PRISM, I will not believe anything they say. The general population will, however.
The scariest thing is that PRISM was revealed in 2013 - 12 years ago - thus "the intelligence community" has had 12 years to move this same approach forward. I could be remembering wrong, but the only repercussions for the PRISM leak fell on the leaker: Snowden.
As back in the 90s lots of "pedophiles" will be found in controversial investigations
Apple built their castle in someone else's kingdom.
So, indeed, there's little they can do about it.
On the other hand, if they are forced to implement a backdoor then many people will have to know about it.
How many people would have to know about it? If they can keep the team that implements it to say, 50 or fewer engineers, it wouldn't be much at all to gag them with an NDA.
Not just an NDA, but probably an NSL[1]-style non-disclosure requirement. How many are willing to go to jail or exile in a foreign country to reveal this kind of thing?
[1] https://en.wikipedia.org/wiki/National_security_letter
My guess is that, were this to come to pass, the engineers tasked with implementing (and maintaining) it would be located in the UK. That way, if they do get in trouble with this for leaking, the UK's jurisdiction comes into play.
Even as shitty as some say the United States is, no one's being extradited to the UK for violating that. Nor, for that matter, would they be able to much punish them with breach of contract, once people start crowing about human rights violations.
> "The thing is, Apple has made it abundantly clear in no uncertain terms that they will refuse any request by any government to knowingly insert backdoors into their software."
Jail the responsible managers for fraud.
How could you prove fraud in court, if the government has classified all the evidence and refuses to admit any of it happened? The government has gagged them, making it illegal for those managers to even plead guilty!
> How could you prove fraud in court, if the government has classified all the evidence and refuses to admit any of it happened?
There exist other government than the US government - in this case the UK government.
I don't suppose Apple run any warrant canaries do they?
What would the point of that be? They're too big not to have warrants served on a daily basis.
Great article. Something they eluded to but didn't explicitly call out is the "good guys" I.e. the government who use the law to get access can be bad guys for many reasons.
One is individual actors. See recent cases of how MI5 agents covered up DV using their privileges. Bad people love power, and they just need to get the right job.
Another is a bad government, such as a repressive controlling style government gaining control and having everyone's personal data in a lake.
There are no good governments.
I think thats the right mindset to have in cases where power increases.
I’m really exhausted with this sovereign citizen crap, but when the government is trying to accrue more powers its worthwhile asking what else can be done with it.
For a prescient example: my mother welcomed policies that made protesting more-or-less illegal. “Just Stop Oil” had been doing a lot of nuisance things and she felt it justified. As did the right wing.
Now, when the far-right started marching[0] she was horrified to learn the extent of the new powers and said it was orwellian.
I use her as an example because I think HN leans left, but it will be the right wing folks who dislike government most. Obviously as a left winger myself- when the right wing government was installing anti-protest measures I was horrified, and was much more keen to point out they it could be used against people like my mum.
The government aren’t your friends, they are either changable- meaning all rules have to be solid enough to be used fairly even if the ruling party changes a lot, or: you’re living in something other than democracy, which is largely considered bad.
[0]: https://en.wikipedia.org/wiki/2024_United_Kingdom_riots
People are massively choosing sides, colours, flags, identities. It's not about left or right. It's about personal opinions and identity, and one side having the power to violently disagree with you, to the point of no recourse. It does not matter if it's a left or right boot that stomps you in the face.
I see the same thing in my parents, where actions become scary when "the other side" does them. It's a myopic arms race to the bottom of rational understanding.
The trouble, I think, isn't that the left is worried about government power. It's that they're infatuated with its potential to dole out all sorts of entitlements and welfare. It's not so much that you won't want it to have the ability to limit protests, it's just that you want to make sure your guys are in charge first and that they're limiting protests you dislike.
>I’m really exhausted with this sovereign citizen crap,
I couldn't ask for a better example of my assertion above. For the moment, ignore their lunatic legal theories (rarely can one win cases in court by insulting judges and dismissing their powers to adjudicate). Their sentiment, at least, should be something you're sympathetic for. These aren't people who are disposing of liquid mercury in the local river or selling children to the coal mine as slaves. They're goofballs who want to drive down the road with their own homemade license plate. Rarely, if ever, do you read a story where they're doing something dangerous or harmful. Instead, it's always about them flaunting an attitude that the government shouldn't have power over them in the mundane activities of daily life. Despite that, they're among the most-hated of outgroups among the left. Why? Because when the fringe left is in charge, someday in the near future, it will be just as embarrassing to them that the sovereign citizens give them no respect as it is currently to the not-leftist-enoughs in charge now.
This is certainly an opinion.
Dumping mercury in a local river is indeed bad, but driving without a license[0] increases the likelihood that you kill someone.
It's not either/or; you're choosing to break rules- many of which are written in blood.
Being "quirky" does not give you indemnity to potentially destroy a family.
[0]: https://www.youtube.com/watch?v=yY9HzjdLbo8
>but driving without a license[0] increases the likelihood that you kill someone.
You're somewhat prone to magical thinking. I can't wait for your misinterpreted statistics that, in your head, prove you correct.
HackerNews frowns on trolling, and you're not very good at it anyway.
I'm not trolling. You frown on unliked opinions.
Do not make villains out of a group just because some of them dislike you. Not wanting to participate in society is not a left right question.
Prisoner's dilemma is a broader category than the name suggests.
A good government is one that changes the payout matrix in our daily equivalents so people choose cooperation over defection.
(But what prevents the government from defecting?)
There are better and worse governments. Blanket statements like yours only serve to empower the worse governments.
I doubt this was the essential point. Even if it is currently well intended and behaves perfectly, the "goodness" of government is irrelevant.
It is that you cannot rely on government to be good. So you need checks and balances and also privacy to shield you from government overreach.
Democratic governments start good, then, operate through the only hammer they have: legislation. After a few decades, there are more things one cannot do than can do without lawyers, committees and councils breathing down your neck.
So the people get restless, and want to tear it all down, in the hope that we can start again fresh.
But I agree with the gist of it. Right now there are no democratic governments that are good for people. We live in barely disguised oligarchy run by thieves, imbeciles and sociopaths.
As an immigrant to Britain, I am appalled to see how fast inept legislators keep making things worse every time they try to fix them, and how the average voter keeps voting for the parties with the silliest and most destructive of ideas. I am so glad to be out of this place in the next few months. Looking forward to Reform to completely destroy the little that's left; hopefully a better place will rise out of the ashes. See you in 30 years, Britain.
That's a very wrong reading of history. Our democracies didn't "start good", slavery was legal, workers had very few rights and strikes were brutally broken by a police whose only job was to protect the interests of the aristocracy turned bourgeoisie. The weight of a country's law book is no indication of the freedom of its citizen.
Our period of instability has been brought upon by a discontent stemming from ever increasing economic inequalities. This isn't the first time it happens: look at the 30s. Europe turned to fascism and was demolished by pointless wars, America turned to social democracy with FDR and the new deal, and became the first hyperpower.
Fair enough, I agree with your argument.
I am firmly in the camp that democracies are tolerable because they're the least worst of other alternatives. But they're very far away from any notion of good. They're pretty terrible and exploitable. They don't provide any practical countermeasure against greed, lies and general stupidity, which are very real human behaviours.
There are effective ways for large populations to organize and fairly delegate power amongst themselves with the goal of efficient resource management and maximizing collective benefits. But it first requires that said population understands the working of said organization and have an objective idea of the trade-offs at play.
> such as a repressive controlling style government gaining control and having everyone’s personal data in a lake
… and having an AI too mine it and persecute anyone who dissents while they work on their mind reading chips?
https://www.activism.net/cypherpunk/manifesto.html
1993 — feels so far away now. Even us techies have become either posers or corporate lackeys, and no one is left to fight for privacy in the digital space.
> Even us techies have become either posers or corporate lackeys, and no one is left to fight for privacy in the digital space.
I have a feeling that this depends a lot on the country:
In the USA, there is now big money to be made in programming jobs, so a lot of people have become what you call "posers or corporate lackeys". Money makes it easy to look away from mass surveillance.
On the other hand, in Germany, you can live off of being a programmer, but you very likely won't become rich this way. Additionally in Germany there is, based on the experience of two dictatorships on German soil in the 20th century (where the crimes of the GDR have barely accounted for), much more of a privacy culture at least in some circles than I observe in many other countries.
They're drowned out by the eternal September, but they're out there.
Expecting most of the population to care about privacy is extraordinary.
The crazy thing with allowing for backdoors is that the most capable or trusted advisaries get in first, aka: other nation states and former employees.
Yeah, almost makes you wonder who's actually behind it. Wouldn't be a bad political psyop for a UK/democracy adversary to go after.
If the intelligence agencies don't know that their own tools can and will be used against them (and all the data on their own citizens they've kindly gathered for their adversaries) they are willfully ignorant. No excuses.
Who else? Five eyes, obviously.
This is political move, quid pro quo just like everything else. I wonder what UK got in exchange for some public heat (maybe not that much since common folks font care about this)
They haven't given anything. We've moved from a government of looney idealogues to a government of insecurity. Labours' actions can be pretty well understood as a need to be taken seriously by the Very Serious People, be that finance, big tech or the security services.
Always always always assume stupidity over villany.
There's really no need to be conspiratorial about this. Law enforcement has always had a way of reading your communications, and the Uk government believes that shouldn't stop because e2e is becoming the default. Nobody is blackmailing them.
It's not that they don't understand it's that they don't care. The UK doesn't really respect the right to privacy generally.
Walk down any street in the UK you see multiple CCTV cams watching you. Buy something at the supermarket and you'll have at least 1 or 2 facial recognition cams put in your face. The police routinely deploy facial recognition software on random passers by in the street and monitor our social media posts to ensure no one is saying anything hurtful. On entering the UK border police can detain you without grounds and force you to answer their questions (you have no right to silence). They can also force you to provide them with access to your personal devices and if you don't cooperate you'll be charged as a terrorist. They can (and do) legally use this power for arbitrary reasons all the time.
In light of this the idea that the UK would be concerned that someone's iPhone data isn't kept completely private is absurd. This just isn't a concern of the UK state. The concern is that people currently have too much privacy and we cannot be trusted with that.
> other nation states
The UK might be the country least likely to be confused with a nation-state. It’s an empire, or at least the remnants of one.
When I saw the headline I thought, "what click-baity hyperbole is this now?" That was the attitude I had when I went to read the story, then I got to this part:
> and while I always encourage readers to explore other options by privacy-first companies, I (among many other privacy enthusiasts) still touted this as a win for giving the everyday user an easy, effective way to protect their data.
Actual. Nuance. It's been a few weeks since I've seen that in my feeds.
So how does this work when I visit the UK with my iPhone. Will it auto-decrypt? Will I be locked out of certain functions?
Isn't Apple doing client side encryption? It sounds like there is a key kept in the phone that is used to encrypt the stuff in the cloud. I am not seeing more than one "end" here. What aspect of their scheme causes the article to refer to it as "end to end encryption"?
I think this is important because the UK is effectively cracking down here on the very idea of keeping things private. We don't have to bring messaging into this; this is a case of an individual attempting to keep their personal stuff to themselves. Most people would consider that a perfectly normal thing to be able to do.
I think it's actually valuable to hear from one of the former Tory ministers who was in favour of the bill says[1]. I don't necessarily agree with him, but it's interesting to hear he essentially argues that you don't have the security you think you do. If a bad actor wants to pwn you they'll do it on your device and you can't stop them. I think that's broadly true of some actors. If you personally are being targetted by a motivated opponent then yes, they will likely target your personal device first and then encrypted cloud is essentially moot. It's also an interesting idea to not say "We need this to tackle CSAM" but instead to say "We need this so that these companies can't enable CSAM whilst claiming to be unaware" - I think on a practical level that does hold more water.
At the end of the day though, he doesn't address the clearest problem with these backdoors which is that the payoff value of being able to blanket unencrypted cloud data is of such high value it's extremely likely to get exploited, and for the average person you're more worried about being exposed as part of a broad attack on infrastructure not a targeted attack on your individually.
It's also pretty difficult to give credence to the idea that they need this tool to tackle CSAM or organised crime. The reason you can't believe that is because they don't tackle CSAM or organised crime by and large. The UK government simply hasn't prioritized policing that, so we're not in a context of "we're doing all we can but we need more powers", we're in the context of "We can't be bothered, curtail people's rights so our job is easier". I'm sure Apple is not in favour of CSAM, but Apple isn't a member of the British police responsible for investigating and tackling CSAM, why are we trying to recruit them to be?
[1]https://x.com/BenWallace70/status/1893936287477912035
I don't think that's very persuasive. Targeted compromise of iPhones is incredibly expensive, and relatively hard for mere criminals to access. If that's the only way for a bad actor to access your data, you've instantly taken everyone but the most wildly sophisticated (and wealthy) criminals and state actors off the table.
Meanwhile iCloud backups are available not only to sophisticated folks who can compromise Apple's servers, but also to anyone who can social-engineer a password recovery flow or bribe an Apple customer service agent.
Second, re: CSAM, the iCloud ADP system is focused on backing up your personal devices. It is not designed to share data with other users. So a criminal can have CSAM on their phone and simply turn off iCloud Backup (and thus be "invisible") or they can use ADP. The two things are equivalent, and both assume a sophisticated user. I'm sure there's some bizarre and painful scheme where you could use ADP to distribute CSAM to other folks, but there are many easier ways to do that. Once you grant the CSAM point, you're just saying it's necessary for all personal device data to be constantly available for search by the government. (And while I disagree with that opinion, it is an opinion and should be fully fleshed out.)
> If a bad actor wants to pwn you they'll do it on your device and you can't stop them. I think that's broadly true of some actors.
I mean that is correct in the literal sense. Both Google and probably Samsung can hack my device remotely by remote code execution via targeted updates. So American and South Korean authorities.
But I don't think any "bad actor" could do it?
Like, the Foobarland police. Is that a reasonable take?
I flat do not trust that the motivations for the legislation are what the government says.
The UK has a history of covering up child abuse by establishment figures, not least Prince Andrew. They are not actually concerned with preventing child abuse.
Successive UK governments have tried to remove or weaken encryption over the years since the 90's. There have been a succession of excuses, but mostly "think of the children".
The various MI* agencies have said publicly that they cannot carry out their duties (that of spying on UK citizens) while E2E encryption is available.
IF they had the courage of their convictions they would just lay out their case for a society with no privacy, have the argument, and accept the conclusion. But I realise this is politically naive.
Child abuse is an excuse. It is a red herring.
The thing about weaponising child abuse to destroy democracy and privacy, is that no one can openly protest against it, because who the hell is against protecting children from abuse? Especially in Britain, where the spectre of child abuse happening basically in plain sight, is still fresh in anyone's mind (Savile & co.)
Child abuse is the trojan horse. Any resistance and fight for privacy has been on a ticking clock since legislators discovered they have the ultimate weapon to pass any form of anti-democratic regulation. Slap "it's for the children!" on top of it, and the masses will applaud and cheer for more spying and more profiling by the government.
So what _are_ they supposed to do about the children? The alternative (doing nothing) is not good.
Or do you think that government should shrink their responsibilities and everyone should watch out for their own kids?
Couldn't we ask same thing about financial fraud. That is should government have AI to scan every single message send by everyone to see if they are responding to some scam? Maybe direct those matching certain criteria automatically to teams of people who are allowed to read through that correspondence?
That too would be doing something. And maybe even net benefit for many individuals.
But that's expanding government's role even further to cover even more forms of abuse. Are you saying "if they're going to scan for CP they might as well scan for fraud too"?
No I am asking wouldn't that be as good reason. Or even protect lot more people.
On tech forums you're supposed to pretend that child abuse doesn't exist and that it can always be waved away as an excuse. Granted, once they have the ability to snoop they will, but it's a legit reason in this case.
The vast majority of CSAM, terrorists and criminals don't practice any Infosec at all. Even if that were the case, just because someone uses a particular technology for nefarious means that doesn't mean I or anyone law abiding shouldn't have the right to use said technology.
First thing would not to vote for Starmer who probably was involved in covering up polically inconvenient child abuse.
Better start with that or few people will believe your intent.
In most Western countries, you don't have many choices these days: conservatives, conservatives disguised as Liberals, the idioticly popular populist party that sets the agenda because it tops the polls, the crazy far left. Any in any case it's always the blue Tories or the red Tories that win.
To quote a Spanish punk band, en esta democracia, siempre gobiernan los mismos, solo cambia el maquillaje.
You didn’t mention the greens, who typically are moderate left-progressive, environment focused, and used to working in coalition.
> They are not actually concerned with preventing child abuse.
Wasn't Starmer even part of the political forces trying to cover abuses up? To not "rock the boat" or something like that?
You don't need to marry Musk, but I think he was on point here. Their surveillance ambitions are clear as well, because negative press is of course unfortunate.
> The UK has a history of covering up child abuse by establishment figures, not least Prince Andrew.
Can we please reference Jimmy Saville instead? Jimmy Saville is an entirely deplorable example of what it is that you're getting at and he got away with blatant and horrific acts until he died.
Conversely Prince Andrew is a crap example because what he is accused of (sex with a 17 year old in London in 2001) is actually entirely legal in the UK (age of consent is 16). So to hold him up as a prime example of a problem is just an Americanism.
> Can we please reference Jimmy Saville instead? Jimmy Saville is an entirely deplorable example of what it is that you're getting at and he got away with blatant and horrific acts until he died.
His case comes up on Thursday.
> So to hold him up as a prime example of a problem is just an Americanism.
These girls were trafficked and groomed by Epstein and Maxwell. Even if the woman was older it would still be deeply immoral as these girls/women were trafficked.
Child abuse being used here is just to appeal to emotions of the public.
https://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalyp...
Even if it isn't child abuse, they will put up someone abhorrent that you have to defend the rights for, these are usually boogiemen like Islamic Extremists, Neo-nazis, Misogynists etc.
> child abuse by establishment figures, not least Prince Andrew
Citation needed. (That's quite a serious allegation you are making).
There is plenty of information available about Prince Andrew's relationship with Jeffrey Epstein and even a photo of Prince Andrew with his arm around the young girl in question. Even the Royal Family have tacitly admitted this by essentially socially ostracising e.g. removing him from official events.
Having a friend turn out to be (very) dodgy isn't evidence you are a child abuser. Not to mention the lass the accusations surround was 17 and therefore not a child.
Far too much internet hysteria and not enough facts.
With time privacy is getting more and more difficult to the point where I'm not sure you can/will have real privacy living life normally so releasing the dirty laundry of everyone will even the playing field to where everyone's at least a bit of a freak but we hopefully just accept it since we're also not who we are on Linkedin.
While true privacy is probably optimal I've been quite curious about the idea of a "no privacy society" recently and the more I think about it the less of a terrible idea it seems if it keeps getting more and more difficult to maintain privacy for normal people and especially in the realm of politics.
If you know everything about the people high up they can't really be blackmailed and I'm not really sure anyone would care that big shot X enjoys gambling or some kinky sex once in a while.
tl;dr: If privacy is/gets impossible to maintain for normal people it might be worth just displaying everyone's dirty laundry so no one can pretend they're saints from their elaborate privacy castle. No idea how you'd go about implementing it realistically. It's mostly a shower thought.
Does anyone know any good discussions in that direction?
> If you know everything about the people high up
This is a law for the peasantry not the nobility. Due to international treaties (e.g. Five Eyes) it'll allow federal agencies in the United States to spy on US citizens using the UK as proxy.
The greatest irony is that Western societies are slowly becoming the dystopia they once accused China of being and evidently nobody cares.
Yeah. That's the implementation issue. It'd need to go top->down somehow.
And I wouldn't say nobody cares. It's just that a lot of what's happening is quite technical for normal people and in many countries you can't even really do much about it. At this point you're getting bent over by your government, other peoples governments, awkward techbros with visions, weirdos with business plans, etc..
> It's just that a lot of what's happening is quite technical for normal people
What's the point of news media if not to explain these issues to the general public in a way they can understand? If we lived in a free and open society that values personal privacy and opposes government overreach, this would be prime-time news, plastered across the front pages of every newspaper.
I don't see a practical difference between what's happening here and what's happening in China, except that the Western world is considerably more nuanced in how it controls the (global) narrative. We've been living in an Orwellian nightmare for a long time.
The news media is in many cases simply stenographers for the state/government/corporate interests.
The Salt Typhoon example doesn't seem relevant, as it looks like it's down to unsecured routers?
One more relevant question on this would be something like internet connection records, which when they were introduced everyone said would definitely get leaked.
https://en.wikipedia.org/wiki/Collection_of_Internet_Connect...
But from their internal position they fully compromised the system used for wiretapping. https://en.wikipedia.org/wiki/2024_United_States_telecommuni...
Undisclosable backdoors. Very democratic./sarcasm
> knowingly insert backdoors into their software
Not true however and contradicts itself later. They have inserted backdoors, the backdoors exist. Them holding the keys to it does not magically make it not exist.
Who have? And how?
First they came for the socialists, and I did not speak out— Because I was not a socialist.
Then they came for the trade unionists, and I did not speak out— Because I was not a trade unionist.
Then they came for the Jews, and I did not speak out— Because I was not a Jew.
Then they came for me—and there was no one left to speak for me.
A great piece, pls attribute.
Crypto wars
https://en.wikipedia.org/wiki/Crypto_Wars
https://gigazine.net/gsc_news/en/20191223-lotus-notes-nsa-ba...
https://archive.nytimes.com/www.nytimes.com/interactive/2013...
https://www.eff.org/document/crypto-wars-governments-working...
https://theintercept.com/2014/10/17/draft-two-cases-cited-fb...
https://arstechnica.com/tech-policy/2015/01/uk-prime-ministe...
https://www.extremetech.com/defense/203275-the-nsa-wants-fro...
https://theintercept.com/2015/12/28/recently-bought-a-window...
https://arstechnica.com/tech-policy/2016/01/yet-another-bill...
https://cyberlaw.stanford.edu/blog/2020/01/earn-it-act-how-b...
https://www.washingtonpost.com/graphics/2020/world/national-...
https://www.wired.com/story/europe-break-encryption-leaked-d...
https://www.newscientist.com/article/2396510-mathematician-w...
https://www.theregister.com/2024/04/25/asio_afp_accountable_...
Since ProtonMail was mentioned in a context, I wonder what is the fate of the Proton infrastructure in UK, also having encrypted storage of various items similar to iCloud. And the alike (Tresorit, ...). Are they the next?
Although it is only partially parallel topic but my current pet peeve about the generic true uninterest of data safety in the UK is the practice of property agents requesting full set of data only necessary at the time of contract - or not even then, like the name of your children - just to start talk about viewing a rental property. Not for the viewing, not for applying for tenancy, no, before even talking about if there is available timeslots for viewing. First reply from them: fill this (very long) form. Some even ask for recent credit check reports uploaded on sending in interest for viewing opportunities. And people comply on masses without apparent hesitation. Years of degrading practice (8 years ago it was much different and less privacy intrusive) means several hundrends of thousands (millions?) people's deep personal data is flowing around in unencrypted emails or forms stored in the third party system (not even at the property agents) the agents dedicate for this purpose, very very fragmented in procedure and solutions and granularity. Apparently there is no objection of the masses as this is a practice property agents escalated to this level claiming "industry practice" when trying to complain. Feels like being alone, refusing, then being refused - I know, I am problematic not handing over all my data on first ask. I wonder what the Information Commissioner's Office will say about the matter. I reported one of the many cases. Only out of curiosity as the matter will be mute not only because of the 16 weeks turnaround for comment - 8 are already passed, and by then we will be out of the UK, for other reasons too - which is awfully slow for anyone affected but by the extent of uninterest for privacy from the UK masses. Property agents are just one tiny part of the pattern actually, asking for your data as the first move is a generic thing from almost all services I came accross. A representative example: - How much would this cost? - What is your name, phone number, address and email address? - the question comes instead of an answer despite that the price depends not the slightest on those data. And this is working this way for very long time. I have a bit of scepticism about if the UK population would ever fight back - risking put into the group of pedofiles by public opinion. I can imagine more arguing for it. As 'Good people have nothing to hide' principle. The "Get Involved" links are for the idealistic ones alone.
>While there are no doubt a handful of evil people who would abuse E2EE to better cover their harmful tracks, it also benefits ordinary, law-abiding users by giving them a huge defensive boost against data breaches, massive data collection, unchecked mass surveillance, and a myriad of other threats online
Very few people care about such things.
Or rather, very few people understand such thing well enough to care about them.
It goes deeper than that in the UK. There's a large (and electorally powerful, as they're often older) proportion of the population who want, no expect, the government to step in and regulate social harms, and has a genuine belief that the good outweighs the harms.
Unfortunately as a nation our culture appears to have shifted away from taking personal responsibility for anything. It's always someone else's fault now. Some else's responsibility. Someone else's job.
I have seen many comments that this has become worse since the isolation period caused by COVID. I tend to agree but I also think it goes deeper than that. We have some problems in our society that have been festering for much longer and have root causes like inequality, lack of opportunity, and a lack of constructive facilities and positive role models.
I hear a lot from friends who work in education about children coming to school with profoundly disturbing attitudes and other children who have experienced nasty forms of abuse. And yes - absolutely the schools and the government should push back against problems like bullying and misogyny and racism where they can.
But maybe the answer here isn't just trying to lock up this week's negative social media influencer or introduce unusual and potentially dangerous concepts like regulating online content that is "harmful" yet not illegal or expecting governments to spy on us all and interfere in our lives more often. Maybe we should first be asking why so many kids think they have nothing better to do than spend all day watching that nasty online content in the first place. Maybe we should be asking why so many kids are given unsupervised and unregulated access to ideas they aren't ready to deal with yet.
That's about education and children but you can pick almost any hot button topic and find similar examples. Try immigration or people who live entirely off state benefits. You can find plenty of examples where people advocate for papering over social problems but there's a sad lack of discussion about properly fixing the cracks underneath. Those are the real social harms we should be trying to reduce. Unfortunately their perpetrators are often among the first to assume it must be someone else's problem.
> Unfortunately as a nation our culture appears to have shifted away from taking personal responsibility for anything.
That's as old as hierarchy. The Hillsborough disaster was in the 90s: every one tried to shift the blame. The different sex abuse scandals (Rotherham, Rochdale, Telford etc.)? Same shit started early 90s and still going on with looking for people other than police to blame.
I think that it's not just on that scale anymore though - it shifted to affect literally everything in your personal sphere too. Dropped the knife and hurt yourself? Blame manufacturer for making such slippery handle! Drove without adjusting speed for the conditions and ended up in a hedge? Better complain to the local council for not setting the right speed limit! Failed an assignment at school? It must have been badly written!
I could keep going and going and going. It's so incredibly rare to hear "yeah that's my fault" nowadays, the first reaction is almost always to immediately blame anything else as if it's a magic get out of jail card(because actually, it is a lot of the time).
> There's a large (...) proportion of the population who...
That's sadly true in a lot of places. Throw in all the optimism vigilantes - who react badly to any suggestion that the police & justice systems aren't straight out of some "Happy Sunshine Good Guys" children's book - plus all the folks who are trivial to stampede with claims that the gov't somehow needs Yet Another Power (to fight pedophiles, terrorists, or whatever pushes their buttons), and the convenient de-emphasis of history in recent decades...
Yeah. Outside of those currently being beaten with the short & dirty end of the stick, freedom has very few supporters.
> Very few people care about such things.
This is untrue. Here’s a poll from 2019, showing 91% of the US cares:
https://www.pewresearch.org/short-reads/2019/11/15/key-takea...
Support for increasing regulation was at about 71% then and still is.
> Here’s a poll from 2019, showing 91% of the US cares:
This is a wrong poll, because "privacy" is too broad of a term to meaningfully to assess. Privacy is a "good" thing, so people, of course, respond "I care" because they want to feel good about themselves and care about good things. In reality they don't understand what privacy is and at what price or comes (in terms of inconvenience).
>Support for increasing regulation was at about 71% then and still is.
That's even better. I remember GDPR being legislated, and everyone was extremely fascinated by how much it "protects" the users, and literally a few days after GDPR came into power, my messenger company blocked me with the following message: "according to GDPR, we must keep your personal data private and secret, and since at the moment we don't have any of your personal data, we can't keep them secret, so we're blocking you. Please, upload a photocopy of you passport by following this link (link) to get unblocked".
Again, the word "regulation" is perceived as a "good thing", because the opposite of "regulation" is "chaos, anarchy", and people are afraid of anarchy. If people actually understood what "regulation" means, support would have been way way lower.
Of course people care about 'privacy'. It would be more interesting if the poll asked something like "Do you care more about privacy or what a Kardashian had for breakfast?"
So you blame the law for being banned by a company that doesn't want to obey it? How does it make the law wrong?
What do you mean? They obeyed it to the letter.
So the law should have prohibited to stop servicing users?
> very few people understand such thing well enough to care about them
Even understanding the risks, there's little that can be done about it.
Use a credit card? Need a mortgage? Care about discounts when buying groceries? Have friends that post photos on social media? Live in a small country?
Privacy is simply unavailable if you want to live in a modern society.
Privacy is simply unavailable if you want to live in a modern society.
I think that's unnecessarily defeatist. Privacy has never been a black and white concept. We all share some information with some other people for good reasons.
The big change with modern technology has been how easily information can be collected at a massive scale and how many people end up with access to that information and for what purposes they can then use it. Almost none of this change was inevitable or necessary to function in a modern society. Governments could step in to legally regulate the businesses making a fortune off data capitalism any time they wanted to. They just haven't.
A cynic might suggest that this is because those businesses have made an awful lot of money. Some of that goes back to the governments in tax revenues. No doubt some of it also goes back to the politicians in campaign contributions.
A different cynic might suggest that our governments are typically made up of career politics/media/economics types who are woefully underequipped to even understand the capabilities and implications of the technology that has become such a core part of our lives in the past 20-30 years and so almost totally fail to perceive or mitigate the threats it poses.
>Governments could step in
The OP-post is exactly about the (UK) government stepping in. (With disastrous consequences)
Not exactly aimed at data capitalism though.
We already have some well-intentioned data protection laws in the UK and some more that we inherited from the pre-Brexit EU GDPR. But their implementation has not been very effective at challenging the culture of harvesting whatever personal data businesses can and then attempting to monetise it. Meanwhile like any regulation they introduce a compliance cost for everyone.
A better attempt in the same spirit but written by people who actually knew what they were doing and enforced by people who had both good intentions and sufficient resources could undermine a lot of the more toxic practices that have built up since the likes of Facebook and Google made planetary scale corporate surveillance a thing.
We could get a long way just by banning two practices - keeping or using personal details provided to make purchases for anything other than administering those sales and incorporating phone-home surveillance into physical products where that surveillance has nothing to do with why a normal customer would buy that product (think TVs, laptops, or cars).
It would also help if governments could lead by example on this issue. They necessarily deal with a lot of sometimes sensitive personal data. They - not just national/federal government but all the spin-out agencies and more local forms of government as well - also have a tendency to abuse data collection powers granted to them by broad surveillance law for debatable reasons.
>We could get a long way just by banning two practices - keeping or using personal details provided to make purchases for anything other than administering those sales and incorporating phone-home surveillance into physical products where that surveillance has nothing to do with why a normal customer would buy that product (think TVs, laptops, or cars).
Don't get me wrong, but I don't believe that the government can do anything good in this respect.
The only thing they can really do is to try to make data hoarding less profitable than it is now.
For example it should be not just perfectly legal, but encouraged to scrape and repost bigtech data elsewhere. So that if you're unhappy with Google keeping your data on Google drive, you could switch to another cloud provider and they would already have all the same data.
That is, instead of going from "all your data is supposedly protected, but actually not" to "all your data is private", we should go from "all your data is supposedly protected, but actually not" to "all your data is public, deal with it".
The only thing they can really do is to try to make data hoarding less profitable than it is now.
FWIW I think this is a very practical response far more often than people realise. "Follow the money" is advice as old as money itself. Making behaviours we don't like unprofitable is one of the most reliable ways we have ever found to guide commercial organisations away from those behaviours.
For example it should be not just perfectly legal, but encouraged to scrape and repost bigtech data elsewhere. So that if you're unhappy with Google keeping your data on Google drive, you could switch to another cloud provider and they would already have all the same data.
Again FWIW I agree with busting the data hoarding walled gardens and supporting data portability. I couldn't disagree with you more strongly about making it all public by default but I also don't think that's the only way to solve the portability problem.
>We already have some well-intentioned data protection laws in the UK and some more that we inherited from the pre-Brexit EU GDPR.
See my experience with GDPR: https://news.ycombinator.com/item?id=43155582
If you're arguing that GDPR was poorly implemented and often did more harm than good then I'm afraid you're preaching to the choir here. It is one of my go-to examples of where I do believe that governments should be regulating the potentially harmful behaviours of organisations to protect the little guy but the people who wrote the actual rules we have today didn't really understand the problem or the possible solutions and they blew it.
that's why I have long maintained CCP is the biggest threat to all citizens currently living in relatively free societies right now. Our democratic governments are only seemingly disgusted but whoever holds real power are ENTICED "what do you mean with these new tools and policies you've kept a billion people under control"
The CCP first and foremost keeps control by keeping their people happy, and controlling the narrative in such a way that the people are happy.
Surveillance in China is a Damocle's sword at worst - hardly used in an enforcement capacity, transgressions (like using VPNs) are mostly ignored, and it's very easy to slip through the cracks. Everyone is breaking laws all the time - they're a tool only selectively used. Police will look the other way as long as you don't force their hand. Funnily enough you don't even need a surveillance state to create bullshit laws that you selectively enforce. They made a surveillance state... and don't really use it.
I'm more afraid of surveillance states in a western countries, because they have a much better track record of consequently enforcing laws as written. If they make it illegal to say bad things about the party and use encryption, you can be sure enforcement will go beyond just silently deleting your critical Facebook post and killing your SSH connection. They'll throw the book at you.
> Surveillance in China is a Damocle's sword at worst
> Police will look the other way as long as you don't force their hand.
This is a recipe for massive corruption. Selective enforcement allows low-level bureaucrats and law enforcement officers to "decide" to enforce the law based on criteria like "has this person paid me this month".
A consistently-enforced surveillance state under a democracy is "better" in the sense that its injustice is more obvious to the electorate and there's at least a chance to repeal it at the voting booth.
Both are generally terrible however.
This!!!
...is an accurate description of "prior restraint".
The government (in the US at least) isn't allowed to discriminate based on the content of your speech even if it goes against "controlling the narrative in such a way that the people are happy". IIRC, the burden is on the government to prove the censorship is the result of a compelling public interest and there are no lesser solutions which can be employed.
> Police will look the other way as long as you don't force their hand.
They usually don't need to look the other way because people will do it secretly not talk about it openly and most people by a mile would never even use it (because it is illegal and most people don't want to do illegal stuff unless it's necessary and it is not necessary)
You don't need to enforce laws strictly to create an obedient population that does not dare think, you just need to have those laws and do a few show trials
> They usually don't need to look the other way because people will do it secretly not talk about it openly and most people by a mile would never even use it
try search '同城' in twitter :)
You know what secretly means?:)
Let me know when there are people talking about VPN [edit: for accessing censored information] as VPN (not masking with euphemisms) under their actual name on a popular website which is not banned in PRC and so not only used by the people already on VPN in the first place
well... try search 'VPN' in weibo
We don't need to use VPN secretly
how do you think companies which has international business operate in China? how they communicate with their clients? how they advertise in YouTube?
how developers of Microsoft in China pull their docker images?
how Tony sell his LED signs?
> how do you think companies which has international business operate in China? how they communicate with their clients how they advertise in YouTube?
I actually happen to know. They have subsidiaries in HK and elsewhere.
> how developers of Microsoft in China pull their docker images?
That their employees use VPN is true. I did not write precisely. iirc like in Russia using VPN for "technical purposes" is actually legal. Using it to access censored information (which is what we are talking about) is not. So if you are not an IT worker and have no excuse and you use VPN to use Twitter... THEN police would have to look the other way. How often does that happen? Probably almost never because people would not shout about the fact that they do it
Not secretly, at least in terms of "翻墙" (circumventing the GFW). It is commonly talked about in mainland chatgroups and on websites, sometimes with euphemisms (e.g. "科学上网" (surfing the web scientifically), etc.), but no one really bats an eyelid when talking about it.
In any case, I find it amusing that the case of UK disallowing E2EE could come back to CCP so quickly. Maybe without the example of CCP, other governments wouldn't realize the greatness of censorship? /s
Source: being a native who lives in mainland China.
And in case people think this is just propaganda, I can vouch for this as someone that lived in China for a few years as a foreigner and currently live in the UK.
Everyone does it, it's normal, even police do it… I am much more concerned about going afoul of the government here in the uk than back in china
If you are in a tech savvy bubble everyone uses VPN. Sometimes because your job requires it (which makes it legal). Outside of it no regular person uses VPN. Guess which circle has more people.
Police is a bad example because they obviously can do whatever they want that's not even a question. What are they gonna do put themselves behind bars?
You just literally supported my point that people talk about it secretly. They talk about VPN anonymously and/or using various terms that are not "VPN" or its Mandarin equivalent.
The term you gave as "circumvent the GFW" actually literally means "climb over the wall". Guess which one is illegal. Yes double meaning words are famous in PRC just like in USSR and this basically illustrates what I mean. You need to be in the know, in the circle or bubble to even understand what is talked about
> in mainland chatgroups and websites ... no one really bats an eyelid when talking about it
Techies talk techie things. There are more non techies than techies. My point is from police's perspective 90% of the people they deal with don't use VPN.