71
votes
Apple threatens to pull FaceTime and iMessage in the UK over proposed surveillance law changes
Link information
This data is scraped automatically and may be incorrect.
- Authors
- Hartley Charlton, Tim Hardwick, Juli Clover, Joe Rossignol
- Published
- Jul 20 2023
- Word count
- 380 words
it's surprising this news is not a bigger deal.
You're not kidding, Googling "UK investigatory powers act" returns a gov.uk link and a Wikipedia article, both concerning the 2016 IPA.
I'm baffled as to why this isn't making headlines.
When I end up debating some Europeans (not all, but an alarming number) on freedoms I am astounded by how willing they are to roll over and surrender their freedoms as soon as someone says the words "for the children" or "hate speech".
The road to hell truly is paved with good intentions.
That attitude is hardly exclusive to Europeans. In America, many internet and free press restrictions have been "to protect children from pornography". Moral panics are easily steered towards restricting freedoms.
True, but the issue is that Europe is basically what the US's future looks like.
Europe is already there and just seem to accept it.
What we call "abuses of power" in the US, Europe calls unchallenged laws.
In Europe you can already be arrested for posting something offensive online. In the US, only actual threats with a realistic danger attached can do this. I'm sure the US will get that restrictive eventually, but we actually have our freedoms enshrined as inalienable rights, a lot of countries in Europe don't even have that, or are severely more restricted or outright missing important rights.
Using the pornography example, in countries like Australia (technically not part of Europe but when I say "Europe", it's really just for lack of a better term to mean similar countries), making and distributing porn is illegal, and it seems ambiguous as to whether even watching it is legal, although clearly not enforced.
This is obviously not the case in the US, but it's not impossible to end up that way in the future.
Australian here, it is way more complicated than that. Watching porn (barring porn depicting illegal acts) is totally legal. Distributing porn online is technically against the law, but only enforced after a complaint - and only if the server is Australian. The laws here are a little confusing (no doubt on purpose) but as far as I’m aware, selling porn physically (CD, VHS, etc.) is only illegal in the states, not territories and ordering the porn from either the ACT or NT and having it delivered to a state is legal. All of this being said, I have never heard of anyone being arrested, fined or otherwise punished (EDIT: punished by law) for anything porn related (apart from, again, porn depicting illegal acts).
Unrelated to what I’ve said above, and even though you acknowledged it - Australia is not technically not European, it is not European. We’re also a huge country with - much like the USA - different states with different laws, there are some that are significantly more lax than the others, so it’s hard to define an “Australian Law”. You probably could have picked a better country as an example.
I think a core difference which makes the eu accept it is that it’s not being abused by cops as much and they’re not as blood thirsty.
Us police departments constantly use those Israeli fake cell towers to intercept things and get data during protests and what not.
So sure the laws might be worse in the eu but I think in practice the citizens are better protected from their governments.
It’s not like there’s any repercussions when these types of laws get violated in the US , in Europe at least the union sometimes steps in to give fines and forces law changes although not enough.
Patriot Act
I find this take interesting, and I’d genuinely be curious to hear more about your thoughts on it?
I’m absolutely no fan of the UK approach, I’ve just written a long post above going into detail on that, but I actually felt the day-to-day pressure of the state in my life more acutely when I lived in the US - from the police barging in to a party I was at to see if anyone was underage (much to the bemusement of a Danish friend and I who were chatting on the balcony), to receiving vaguely threatening letters about signing up for a mandated military draft(!), to the fact that it was legally impossible for anyone to set up a coffee shop or other community business on a corner of the surprisingly walkable (but purely residential) neighbourhood I was in, to the absence of any public space in which I could simply exist without being subject to the rules of whichever private entity its ownership and management had been ceded to.
I’m trying hard not to make a comparative value judgement about which “type” of freedoms are more important - frankly I think that both approaches have huge problems and I’m astounded how all countries have so many people that are willing to give up freedoms and advocate against their own interests - but I absolutely wouldn’t see the US as more free, or more willing to defend freedom, than the UK.
I'm not gonna argue that many US police aren't complete dicks, we definitely need better standards and training 100%, as well as police that actually care for the community they protect.
If you're talking about your selective service, that comes with citizenship automatically once you're 18, there's no signing up, they just send you a card in the mail. Citizens can be drafted in time of war, well currently just any able-bodied men at least. Otherwise I'm not sure what you mean.
The vending stuff is a bit weird, I think you're required to have a vending license (which is either free or like $20 in my area) and (since it's presumably on public property rather than in a private building) permission (from the city I think?) to use the public property you set it up on, but if nobody complains it's fine. If someone complains, the police will come and make you pack up and leave.
I'm not sure of what you're specifically talking about but it probably varies by state and local laws.
But imo these aren't really related to the kinds of issues I'm talking about.
In the UK you can get arrested and potentially get jail time for being offensive online. That alone is by definition less free than the US in terms of expression. Although this may be coming soon to the US unfortunately.
UK has laws against "grossly offensive" speech.
For example:
Woman guilty of 'racist' Snap Dogg rap lyric Instagram post
This is just completely insane to me.
First thing I'll say is yes, that example is indeed absurd and it's a stain on the UK's legal system that it can happen. No arguments from me there at all. Unfortunately, we could probably go back and forth all day with examples of terrible situations in both countries' legal systems - the small saving grace being that those examples are comparatively rare on both sides.
That's not really what I was trying to discuss, though. The part I'm more interested is the philosophical side: you're coming from a fairly confident assumption that the US is in a better overall position than Western Europe on the matter, and I think there's a lot more depth to what does and doesn't constitute freedom. To me, the one or two "major" freedoms fiercely protected in the US - particularly that of speech, which I agree is extremely important and wish the UK had a better legal framework around - often feel outweighed by the sheer volume of "small" freedoms that fall by the wayside in American life.
The examples I gave deliberately weren't the big, flashy, headline issues - and I hope you don't mind me saying that the way you approached them was very much that of someone so immersed in a culture that it's difficult to spot the bits that aren't universal. I'm not suggesting that these are the only things to consider, and they're pretty far from even being the biggest, but it's made for some fascinating examples!
Policing, I'm glad we pretty much agree on, although as I recall (this was years ago now) the guy was actually fairly polite. My shock was more that having the armed enforcement branch of the government come to your friend's home on the assumption that a 19 year old maybe had a beer was considered totally normal to 90% of the people there. That kind of casual intrusion on our lives was just totally alien to me, and to the other couple of Europeans I was there with.
I was indeed talking about selective service, and I'm a little surprised you focused on the signing up part rather than the "government can force you to go to war" part? Or even the sexism part, to be honest. It does apply to immigrants as well, which is how I (and presumably a further 27% of the US population) came upon it in a form other than an automatic registration. Thankfully, I know the likelihood of it being used is incredibly slim, and unlike my other examples it doesn't really have any daily impact - but it has been used in a war of invasion within living memory, and again the fact it's still so normalised is part of what shocks me.
This next one, on the other hand, has a massive impact on daily life. Nothing to do with $20 street vending fees, I was talking about the fact that putting a few small shops, a cafe, a local restaurant within walking distance of home is literally against the law in much of the country. If it were purely a natural difference in cultural preference that would be one thing, but no, the government enforces it - more than anything else that encapsulates what I'm saying about the loss of a thousand small freedoms.
Replace keep "for the children" and add in "national defense" and you have the United States's special brand of policy window. We gave up so many of our inalienable rights after 9/11 it still makes my head spin.
In my experience the UK has a lot of laws and structures that are terrible on paper but turn out to be more or less followed in spirit rather than letter. The US leans more towards things that sound fairly reasonable and turn out to have far reaching negative consequences as soon as the courts get their hands on them.
That’s absolutely not my way of saying I think the UK approach is a good thing - I said last time this topic came up that it just means there’s a framework in place to make everything much worse very quickly, and it makes it all the harder to rally public support against these kind of laws because “the last one turned out fine, what are you complaining about?” (it often did not, of course, but it also generally didn’t turn out as badly as the law as written would suggest).
Now combine that with a well oiled right wing media machine that also strays from the American model: far less loud, abrasive brainwashing in the vein of Fox, but still just as pervasive and influential in its own quieter and more outwardly respectable way. What you’ll end up with is a population who’ll shrug and let it pass as the government does some truly abhorrent things, and that’s if they even know it’s happening in the first place.
The final cherry on top is that, bluntly put, the country is fucked. The government has no credibility and are simply clinging on until they legally have to call an election and get steamrolled, the economy is in freefall, nobody can afford anything, and the consequences of Brexit are finally reaching a point that even the most ardent fantasist can’t claim it was a good idea. If it was hard to rally support for nebulous concepts like privacy before, imagine how tough it is now the bottom is falling out of Maslow’s hierarchy of needs over here.
Yeah I agree. There’s something about the complacency about surveillance that’s really scary in the UK.
I wrote to my Labour MP about this and got a canned response back around protecting kids.
They do not understand generally what in Earth it means for people. Encryption is just something their bank talks about, not on a personal level.
The reason it isn't spoken about? Is because half the damn country just so not care. "I've got nothing to hide, nothing to fear" is the rhetoric that was reenfroced by Cameron years ago. But this has been a slow slide for decades.
"Half the country" feels like a fairly optimistic estimate, I suspect it's more in the 70-80% range, if not more.
Serious question though, why should we expect people to care? E2E messaging is relatively new, and I would bet a decent proportion of Whatsapp/iMessage users don't even know they have it right now. Why would people care about something they didn't ask for, don't have a need for, don't understand, and (for some of them) don't even know they are using?
Given all the other terrible stuff this government is doing, stuff that people understand and are impacted by like the cost of living crisis, the NHS crisis, climate change, the covid enquiry, all the lies and sleaze, the literal rivers of shit and beaches covered in turds, not to mention wanting to stuff humans into barges or pack them off to Rwanda and everything else the government have done just this week - why would some incomprehensible "computer nerd stuff" be news?
I'm not saying I don't understand this or care (a bit, I only care a bit, but I do care), I'm just saying you shouldn't be surprised when people don't care, nor should we condemn them for not doing so.
On the plus side, every time the government tries this crap the big messaging firms say they'll pull out of the UK rather than comply and every time the government appear to realise that even they can't go that far. More than half the population of this country uses Whatsapp, including lots of businesses.
This argument drives me batshit.
I have nothing to hide. That doesn’t mean that I want to give these fuckwitts access to my conversations, even if they are just about what we are planning to have for dinner.
Tell you what, I bet these evil people we need protecting from are having these conversations from their houses. Why don’t we give our wonderful protectors the keys to the front door of every property? Better yet, let’s pass a law that says you have to leave the door open… it’s for the children!
/rant
It's rare that you side with a company threatening to pull out of a country over a law. But that's absolutely wild, makes removing net neutrality look like a good idea.
Apple has been for a while now staking their reputation as being a personal privacy focused company.
Sure, it might all be marketing and PR. But they have been talking privacy for a while and their actions have for the most part followed their talk.
Though they did recently consider the automatic CSAM scanning thing...
Chinese users don’t get that privacy. The UK just doesn’t have much leverage on Apple.
And afaik the latest versions of iOS do scan your photos for explicit material. Not sure if it’s the same thing as the CSAM scanning they proposed back then but for sure they now have the feature to block/blur explicit material on kid’s accounts
EDIT: Source regarding the scanning of media.
This was on the main reasons I moved over to iPhone and have been slowly “de-googling” my life. It might be marketing and PR, like you said, but at least they’re talking about it.
De-googled android is a thing.
If you really want privacy, move to something like GrapheneOS or similar. You could even install it on your android phone and just keep using it if it's a supported model.
Apple's lip service isn't worth any more than Google's, except that Apple is a lot more expensive and vastly more limited.
Sounds like Apple is doing the right thing here. That’s just authoritarian.
I am no fan of apple, but I definitely agree.
Apple is and has been a shining example of how we should want companies to respond to government bullshit. None of them, Apple included, may actually give a damn about you as a person, but Apple frequently tells governments to fuck off. I respect that.
Edit:
Upon posting this, I realize that my comment may come across as a blindness regarding the less savory things Apple does. I want to be clear that I understand. My point is relative. No company cares about you or your privacy enough to break the law, and Apple has absolutely done things that I wish they hadn't. Relative to the alternatives, however, Apple has a damn strong history in this arena.
This is another fantastic PR moment for their team that will brush past the fact there are already far too many backdoors allowing for lawful and illicit access. Its kind if annoying but I'm not going to genuinely argue against Apple and Meta when they are finally dragged kicking and screaming to the correct position.
Absolutely crazy
Perhaps one way this gets quashed is that all the UK MPs use WhatsApp for their parliamentary discussions, and WhatsApp is also going to kick up a fuss about this. These geriatric technological philistines have no idea what the ramifications of their law changes really are, but if something directly affects them, they're likely to roll over.
Here's the thing, Tildes. The current UK government are in free fall. Polls are predicting next year's election will be at best a resounding defeat, and at worst the complete destruction of the Conservative party. This is a government who promised to halve inflation, and went about doing so by doing absolutely fuck all. They are a completely ineffective bunch of morons, incapable of organising a pissup in a brewery (unless said brewery belongs to one of their mates and it's a publicly funded pissup of course). For the better part of this current term they have been mostly doing what i like to call 'government by headlines and good vibes.' They all spout slogans and trite responses about "getting on with the job" but as far as they're concerned the job is letting the country take care of itself and skimming a bit off the top.
Actually doing anything involves hard work, and the assistance of a civil service which successive conservative governments have demonised, defunded, and decimated. I don't doubt that there are still members of the conservative party (a party who once had MPs I liked and respected) who are willing to put in the graft. But the current lot are utterly unable to do anything because they are mostly inexperienced, and lacking in the necessary support they need because the last guy to hold their job fired Terry the civil servant in the latest round of budget cuts, and she was the only one who knew how to unlock the password protected excel sheet that is propping up an entire department of governance.
These are short-sighted, popularity-hungry, morally reprehensible, useless sacks of meat and bone, counting down the days until the electorate inevitably and finally tells them to fuck the fuck off.
So will this legislation pass? Well even if it gets through the commons (which I am far from allowing), it also has to pass the Lords. Which despite attempts to stack it with Conservative cronies, still appears to collectively have a moral backbone. Even then, legislation like this has been endlessly proposed and quietly shelved, proposed and quietly shelved, proposed and quietly shelved since 2010. I would be willing to bet that a goodly proportion of MPs in government know that this is totally unworkable, but that that isn't the point. The point is looking like they have a plan and are doing something. The point is the headlines and news stories and division. The point is to keep it in the forefront of their voters' minds that they are the responsible stewards of your children's safety, and not to actually deliver anything remotely approaching what is proposed, because doing something would be, well, doing something.
/rant
tldr: this government is utterly useless, we've been down this road many, many times before and the legislation always gets canned, so I confidently expect this to be quietly put back on the shelf of "headlines that are good for us" within 12 months.
To be fair to Boris's administration, they did turn out to be pretty good at organising a piss-up in 10 Downing Street. During a time when it was illegal to have piss-ups. Then they bragged about it on Whatsapp.
You have made my day. Thank you.
Chapeau
With polls such as those, there is a fair chance they'll have an extremely successful election.
So often, polling makes it seem like the result is in the bag and people refrain from actually showing up to vote to make it happen. But the ones that don't want to see the poll prediction come true do show up to vote.
That's not the same thing, though. iCloud is encrypted, but not e2e encrypted. Apple always has the key. Even in the US, if the US government serves Apple a subpoena, they are legally obligated, and able, to provide them with any data on iCloud. Like the article says, e2e encrypted content, like iMessage, is still e2e encrypted, and Apple still can't give it up, because it cannot read the data if they wanted to, whether that be in China or in the US. Math is math.
Obviously the move to have Chinese data locality means that the Chinese government can have a easier time accessing that data, as there is still ostensibly a process you have to go through in the US to obtain such an order, but it's very different from the UK telling Apple they need to remove e2e encryption on iMessage and replace it with a scheme where Apple and the UK government can unilaterally decrypt content on the services.
You can decrypt E2E for communication, you just need to have one of the devices and it has to be unlocked.
That is not always true anymore for iCloud.
Besides what the stu2b50 already pointed out, I would just like to say that the UK holds less power over Apple than China does. Not only is the UK market smaller, China also holds the vast majority of manufacturing for iPhones. You can only fight back proportional to how much power you have over the other party.
This is true, but people can't claim the high ground for Apple when they only do right when it's easy.
Not that my anecdote is very relevant to this story - but most Brits I know use Whatsapp or others like Telegram and Signal to message. iMessage isn't as widely used there as it is in the US. I wonder if that's still the case/accurate?
Both of those companies also announced that they will pull out if this passes.
Signal might move the UK servers, but I'll continue to use it.
Moving the servers doesn’t help against this legislation, because the uk government can compel signal to issue an app update that disables encryption without telling you, or siphoned your clear text messages straight to them.
Hot take here but I wish they made it an option to remove it entirely from your phone here too. iMessage is in my opinion a dangerous and inferior product and security risk to the entire phone+account.
I always make sure its switched off when I log into everything because its just not safe nor particularly reliable from my recollection. Signal is superior to both it and Whatsapp and I wish more people would give it a chance.
Dangerous how, and inferior to what? If the alternative is SMS I'm going to have to disagree with you... SMS is awful in terms of message delivery, and messages are also not encrypted and your carrier can see all of them. iMessage is a far better experience than normal SMS, and actually supports end-to-end encryption, so it's arguably a far safer option. AFAIK the main concern is that iCloud backups by default are not encrypted (though the option to have completely encrypted iCloud backups has been added recently). I'm also a Signal user and would prefer to use it, but I'm not going to complain if a message is sent over iMessage instead of SMS --- I still consider that a win.
Y'all are missing or burying the lede: SMS doesn't allow for the type of deep exploits that are only possible with Apple's "integrated" apps/services like iMessage and iCloud Calendar and Safari/Webkit etc.
This is not a Signal problem and its disingenuous to keep raising this point when there's zero evidence or track record of that. Apple doesn't trust Signal so they don't let Signal access shit it doesn't need to or that would be irresponsible for it to have access to and Signal itself sure as heck isnt irresponsibly baking in functionality or integration that could lead to nebulous outcomes at runtime.
Apple does not feel that way about its own products or is at least willfully blind to it to satisfy some other stakeholder who pays nothing for any device and yet demands an invisible veto on every policy or feature decision on questionable motivations.
This is an Apple problem. It basi ally only ever is an Apple problem. We're talking about serious fatal exploits that essentially allowed foreign agents to in a completely illegal and unautheoized manner take over your phone and use it against you all without your knowledge. Zero clicks required.
It was ready-to-go out of the box because Apple potentially built it to be so or at least was not equally diilligent in governing over its own product responsibly in order to prevent it in the first place.
There's a Cellebrite manual that urges the use of the stock apps (especially the heavily network-based ones) because those are the lowest-hanging fruits that they can develop exploits for the easiest and fastest. Because they always have corners cut that allow for novel functionality that cumulatively add uo to full exploit-chains that result in malicious access.
I don't think I can really be missing the point when I asked a question? None of this is context that was provided in your original post, and I'm still not sure what "deep exploits" you're talking about. Pretty much all you have said in the previous message and this one is that "iMessage is dangerous!"... But it is still not clear to me how it is dangerous, and I think a specific example or two of how it's dangerous (preferably with a citation) would really help clear things up.
Also if we're so worried about Apple pushing malicious code to iPhones or whatever... Why would you get an iPhone and disable iMessage? Why would you think that the SMS functionality on iOS, which uses the same messaging app as iMessage, is safe?
Do you mean urges against the use of stock apps? I mean there is some truth in larger platforms being bigger targets, of course, but things like Signal are pretty big targets as well. As to the quality of stock apps vs. third party apps... I don't know if that's so clear cut, and I'm going to need a citation on that. iMessage is certainly something that Apple cares a lot about, so it's not like there's no resources behind it. Either way, this doesn't sound like an exclusively Apple problem?
I'm just not sold on this at all, and I'm not sure why you say SMS doesn't allow for the same kinds of "deep exploits" as iMessage. There have been remote code execution exploits involving MMS on Android in the past, like the Stagefright issue:
https://arstechnica.com/information-technology/2015/07/950-million-android-phones-can-be-hijacked-by-malicious-text-messages/
https://en.wikipedia.org/wiki/Stagefright_(bug)
https://tildes.net/~tech/1a6o
Just thought I'd respond succinctly with an update from the field
Yeah, I thought the timing of that was funny, haha :). It's a little unclear to me if this is only an iMessage issue, or any app that uses PassKit (and iMessage just happens to be the easiest vector).
I use Signal with a couple people and it's ok, but compared to iMessage it's kinda clunky, especially the desktop client which feels like an afterthought. I get that security has a price but that's the sort of thing that turns off less-technical users and stymies mass adoption.
Can't comment on WhatsApp because nobody I know uses it.
UK is not the EU… they not even in it anymore