Labour’s busybodies want to spy on the data of Apple users around the world, the Washington Post has reported. Unable to learn from the serious hazards always inherent in backdoors, as highlighted by China’s recent exploitation of American CALEA backdoors, Home Office staff have sent a demand to Apple that it deliberately introduces a weakness to its encrypted iCloud storage systems. Such a weakness would enable government agencies to observe private content to their hearts’ content – and would also enable any other malicious actors, such as foreign powers and cybercriminal gangs, to spy in a similar manner. There is not, and can never be, a way to backdoor or otherwise weaken a security system in such a manner that only the ‘good guys’ can get in. Big Brother Watch has described it as “an unprecedented attack on privacy rights that has no place in any democracy” which “will not stop with Apple”.
The Home Office is reported to have used Snoopers’ Charter powers, foolishly passed in 2016 by a supposedly Conservative Government and now eagerly exploited by Labour, to make its demand. Furthermore, the Home Office considers it acceptable, by quoting the letter of deeply undemocratic legislation whilst ignoring all moral and practical considerations as well as considerations about how such a demand shows up Britain on the international stage as bad place to do business, to ban Apple from reporting on even the existence of their demand. A report has nonetheless managed to reach the Washington Post and expose the situation.
At the time of writing this article, Donald Trump has not weighed in on this matter. However given Trump’s own experience as a target of censorship, and with mass surveillance being a close ally to censorship, I expect he won’t be too happy to find a self-important British Government trying to compromise the security of the products of a major US corporation. Trump’s inner circle for his second Presidency include: J.D. Vance, who has spoken out against backdoors; Tulsi Gabbard, who highlighted her decency by declining to denigrate Edward Snowden as a “traitor”; and R.F. Kennedy Jr, who has long been suspicious of the intelligence community. It would not be surprising for Trump presently to phone Starmer and unleash a firehose of criticism, as has been amusingly imagined for as long as Starmer has been in power. Ron Wyden, a Democrat Senator who has consistently stood against mass surveillance even when his party aligned itself with the intelligence complex, has recommended that “Trump and Apple better tell the UK it can go straight to hell”.
During Trump’s first campaign and Presidency, in which he was under the influence of people like Mike Pompeo and Jeff Sessions, he criticised Apple’s encryption using the typical politician’s lines about a supposed need for law enforcement to have such capabilities for eavesdropping on criminal organisations. The reality of course is that terrorists, drug dealers and gangsters are most successfully stopped with human intelligence – moles within their mobs. The NSA’s Section 215 phone metadata collection programme only ever managed to catch one terrorist, or more accurately catch a San Diego taxi driver who transferred $8,500 to Somali militants with links to Al Qaeda and who wasn’t in the business of preparing any terrorist attacks. As Snowden remarked, if sophisticated surveillance really worked then why was Israel not able to gain forewarning of Hamas’s atrocities of October 7th? Trump’s years spent on the receiving end of the censorship-industrial complex’s fury should have shown him first hand the dangers of giving extreme powers to appendages of government bureaucracy. Trump hasn’t yet been concluding his speeches with Censorship Delenda Est but if Roman history was his thing he probably would.
Furthermore, given his wishes for the United States to build up a strategic reserve of Bitcoins, he would be very unwise to tolerate any attacks on cryptographic products, simply on account of the precedents they set. If cryptography is routinely undermined then trust in Bitcoin will collapse. As it is in many senses a crowd-fiat currency, one where its value derives from the fact that its multitude of users believe it to have value, its price would collapse too and never recover.
It is in many ways more difficult to convince people of the dangers of mass surveillance than of the dangers of censorship without close inspection of the arguments made by governments in favour of surveillance, which can even sound patriotic. But throughout history governments have routinely abused any emergency powers they were able to get hold of. We have seen in the subpostmasters Horizon scandal the devastation unleashed when it is easy for busybodies to trawl through data to find suspects. Mass surveillance is like a PCR test: decide what you want to find and hunt hard enough and something will turn up even where there is nothing. False positives easily occur, and whilst, as a result of that surveillance, innocent people are being persecuted, resources are drawn away from dealing with real criminals and terrorists. When advocates of mass surveillance talk about tracking down needles in a haystack, remind them that what they’ll find this way are the equivalent of blunt needles which pose minimal real danger, and they’ll find enough of those to make spotting the pointy needles much harder. Actually the situation is even worse: persecuting enough ‘blunt needles’ can generate the grievances necessary to turn minimally risky disaffected people into violent attacker material.
The Washington Post‘s report indicates that the target of the Home Office demand is what Apple calls Advanced Data Protection, an optional feature which must be enabled by a user and which then makes use of end-to-end encryption for backups uploaded to iCloud. This means they are encrypted with a user’s key before being transferred to Apple’s servers. This is in contrast to situations where cloud storage can be encrypted with a key under the control of the storage company, which it uses to decrypt files for a user when that user supplies valid login details to it. As a general rule, any storage service which lets you perform a password reset via a code sent to your email or phone is encrypted by the company’s key not the user’s. Apple warns when enabling Advanced Data Protection that if a user loses his key then there is absolutely no way to get the encrypted data back. To reuse the language of one of the most ridiculous statements a politician has made this century, no amount of appeals to the laws of Australia can bypass the laws of mathematics (in 2017, then PM Malcolm Turnbull said: “The laws of mathematics are very commendable but the only law that applies in Australia is the law of Australia.”). In the end-to-end encrypted case, only threatening each individual user for his key, or watching over his shoulder as he enters that key or using device-compromising malware to perform an equivalent of such shoulder-surfing, can let a third party decrypt the files. In the latter case, however, that third party need only threaten or compromise the storage company so as to gain the keys to the files of all users at once. Note that a user of either type of cloud storage can still further protect himself, at least where the files are being uploaded from a fully functional computer. And by fully functional I mean a Linux or Windows machine, or one of Apple’s laptops or desktops, rather than a phone or tablet where such functionality might not be available. This is done by encrypting the files locally, with a different password to that used for the cloud service’s login, whilst packing them in to something like an AES-256 encrypted 7zip archive, then uploading this already encrypted archive to the cloud service. Even in the case of phones and tablets it has been suggested that as many such devices can run apps which will interpret Python or other programming languages, it could be possible to create a script which could be run to read files from the device’s internal storage, perform cryptographic operations on them, and save the encrypted versions as separate files before uploading those copies to the cloud. In scenarios where a cloud backup service is backdoored, or compromised by any other means, the contents of a file locally encrypted before upload are still immune from being snooped on. The ease by which a user, at least of a fully functional computer, can provide himself with this extra protection, even if cloud encryption is backdoored, shows the utter stupidity of a government to demand this. If Apple does not stand up to Labour’s Government and expose its impotence, then many among the affected users definitely could.
A further piece of context worth noting here is that, in trying to backdoor Apple’s products, the Labour Government, headed by a human rights lawyer who treats obedience to every letter of even the most absurd legislation as if it were a virtue, is going against one of the most rational among recent decisions of the European Court of Human Rights. Since the catastrophic over-reaction to Covid, the concept of human rights has been stealthily shifted away from providing protections for individuals against an overbearing state and towards attempting to let courts insert themselves as intermediaries in every human affair. Today’s human rights lawyers forget a crucial fact, expressed particularly well by commenter ‘stewart’ on this website: “Real rights don’t have to be granted, they can only be taken away, a right is only a right if someone doesn’t have to give it to you because it’s yours already.” Here we see a government which claims to champion human rights ignoring one of the few recent examples in which the concept still bears a close resemblance to the original form it took in the aftermath of World War II, as insurance against repeating the horrors thereof. The opposition, by which I mean Reform here as the Conservatives will find it difficult to make this kind of argument when they are responsible for inventing the dangerous powers the Labour Government is now using, should highlight this two-tier attitude to human rights as more evidence of Labour’s unfitness for rule. The Conservatives could of course be making this point themselves had they selected someone like Sir David Davis as leader in 2005. No government has any legitimate business in compromising the security of every Apple user in the UK, much less every Apple user in the world. But for a government to do so under excuses of preventing crime and violence, whilst happily letting real crime and violence spiral out of control on the streets, is laughable. How can minsters and officials hold a straight face whilst claiming they are acting on behalf of national security, all as they compromise national security not only with the dangers caused by backdoors, but also by actions such as trying to pay to hand over Chagos to a China-linked country which is hostile not only to Britain but to the native Chagossians themselves. How can they hold a straight face when talking of a need to detect terrorists when so many attacks are by people that security services were already aware of but did nothing about – a pattern repeated around the world not just in the UK.
Furthermore, there is something deeply morally troubling in most situations where technology companies appease government demands. Whilst the behaviour of companies which expect users to abide by impenetrable terms of service longer than a novel is in no way saintly, there is nonetheless the idea of a contract or agreement, unfair as it might be, between the tech company and the user. The government of whichever country a user happens to be in isn’t involved in that relationship between them; it appears as a third party which nobody invited. Signal, the encrypted messenger service, seems to understand this idea; it sees its mission as being to provide secure mobile communications to anyone know needs them, so it makes a point of continuing to provide its fully secured service in countries where governmental demands force it to – on paper – pull out. Alas, it doesn’t seem to have a Linux desktop standalone client yet. Elon Musk showed a similar spirit when he made Starlink services temporarily free for users in Brazil after Judge Alexandre ‘Voldemort‘ de Moraes blocked payments to Starlink’s company as part of a censorship effort against an entirely separate company of Musk’s, X. Delta Chat and Mozilla are among other companies which have stood up to demands on occasions.
Unfortunately, many other tech companies have not been so enlightened. Antivirus protection company Kaspersky decided that when pulling out of the USA it would suddenly uninstall its software from the computers of its users and have a different antivirus product installed in its place. The users reported being given no meaningful opportunity to decline the installation of an alternative product they had not chosen. After the date that the US Government ordered Kasperksy exit the country, Kasperksy didn’t have any practical way to collect user’s payments, but it would have been technically feasible for it to have provided a goodwill period of continued software functionality to its users as a thank you. Of-course, the US Government has every right to decide not to have Kasperksy on Government computers and to stop Government contractors using it too, due to concerns that Kaspersky may be pressured by another government, Russia’s. And the US Government has every right to urge the public not to run software if it believes it may serve the interests of a despotic regime. But in thinking it was its right to determine what software someone could run merely because someone happened to be within US borders it went beyond its moral remit. From a simple moral perspective Kasperksy should not have played along with this, much less then replaced its software with an entirely different antivirus package without user consent.
Google installed a Covid tracking app onto users’ phones without their consent, and which reinstalled itself every time users tried to remove it, when pressured to do so by the state of Massachusetts.
The Telegram messaging app appeared to capitulate to governmental demands to betray user IP addresses to inquisitors. Telegram’s boss Pavel Durov was under duress from the French who arrested him, among other things for “providing cryptology services aiming to ensure confidentiality without certified declaration“, in August. Telegram, whilst being sometimes described as amateur in terms of the quality of its cryptography and therefore not a competitor to Signal at the technical level, is much more optimised for broadcast messaging than Signal is. It has been popular on free speech grounds, so maybe, just maybe, Durov was trying to buy himself a little breathing room. Maybe he’s just claimed he’ll share data with authoritarian authorities but has no intention of ever actually doing so. But even if he was just making the claim in an attempt to extricate himself from the unjust predicament he has been placed in, in some ways the damage is done. A promise to governments of this kind, even if he sticks to the principles he so eloquently expressed in an excellent interview with Tucker Carlson and never abides by that promise, has chilling effects on free speech, as per the panopticon principle. If the capitulation is not a bluff, but indeed the full deal, that is worse still.
TikTok blocked itself in the USA when Biden’s deadline elapsed. In many ways this looked like a marketing ploy of the ‘See how much you need me when I’m not there’ kind, although how anyone could need or want a product designed to promote goldfish-grade attention spans is hard to fathom. In TikTok’s case there could have been some technical complications, in particular that many of the US users had their account data stored in data centres not owned by TikTok’s parent company within the USA. TikTok couldn’t simply tell users to use a VPN, as Musk did for X in Brazil, and which Brazilians did in record numbers , because in TikTok’s case the very data the US users would need to access was on third party servers, which could have been subjected to US Government pressure even if TikTok had stood firm. But these technical complications didn’t, in practice, matter: the US Government decided that with a new President taking office within days it wouldn’t actually enforce any ban, so TikTok’s self-blocking seemed to be a stunt. It is plausible that TikTok could instead have posted an on-app-opening announcement to the effect of “TikTok has been banned in your country, if you accept the ban click okay to close, if you favour the first amendment, click REJECT to continue opening”; it could have logged the numbers of people clicking either way and shown the results as a poll.
It is worth contrasting these examples with open source software, for which any attempt to coerce with threats the main developers into introducing features which work against the user’s interests would be spotted quickly. Failing everything else a ‘fork’ of the project, differing from the main branch in not including the unwelcome changes, could be created. A recent attempt by parties unknown to place a backdoor in an update for the XZ Utils package for Linux was detected and stopped in its tracks before the update was distributed to anyone except software testing volunteers. The attempted backdooring took years of preparation and still failed because someone testing the software noted the updated version ran 500 milliseconds slower than before; he then analysed the source code to see why and found the cunningly hidden malicious code. For comparison, the effort required to place a backdoor in closed source software can be as minimal as a government asking for one to be inserted, and detection is much more difficult. The concept of open source software does rather lend itself to preaching, but the value of software which isn’t vulnerable to government meddling is indeed a message worth repeating. Even with perfect laws to protect freedom of speech on the statute books, they would count for little if the technical architecture to enable ideas to be freely exchanged without reliance on potentially biased, or government compromised, corporate middlemen was not there. If your free speech is dependent on a platform which could be turned against you then it is not truly free.
As a self-admitted Linux evangelist I am of course no particular fan of Apple. But it achieved 8.4 million sales of iPhones alone in Britain in 2023 and its brand has a 64% approval rating against an 18% dislike. This compares to a government with a net approval rating of minus-45% ; two thirds of the public disapprove of it and the Labour party only achieved 33.7% of the popular vote. Supposedly penniless students on fashionable courses are ready to part with sums starting at £999 (MacBook Air) for an Apple laptop. One would be hard pressed to find anyone voluntarily passing such sums to a British Government in expectation of quality service in return. We have yet to see whether Apple will repay the faith that British consumers have put in it and stand up for the interests of the British public, or whether it will bow to the decrees of Starmer’s stasi. It has some form in refusing backdooring requests, but has also had incidences in which it has complied with dictators’ demands to the detriment of dissidents around the word. Apple should ask itself whether the most unpopular Government in recent British history, a relic of the discredited Davos-centric establishment ideology which brought us ‘fact’-checks and lockdowns and is now being roundly rejected by voters all around the world, would actually dare to do anything about it if Apple openly defied it.
Dr R P completed a robotics PhD during the global over-reaction to Covid. He spends his time with one eye on an oscilloscope, one hand on a soldering iron and one ear waiting for the latest bad news.
To join in with the discussion please make a donation to The Daily Sceptic.
Profanity and abuse will be removed and may lead to a permanent ban.