Weekly output: Musk digitally deleting USAID, Arm vs. Qualcomm, U.K. vs. Apple, 8K TV, Bletchley Park

One of this week’s published stories began with reporting weeks ago; another began with notes and photos taken months ago. 2/3/2025: Musk’s Minions Deleting Digital Presence of US International Development Agency, PCMag I could not just write about the weird digital erasure Elon Musk and his goons have been inflicting on the online presence of the U.S. Agency for International Development without…

View On WordPress

Apple's encryption capitulation

I'm on a 20+ city book tour for my new novel PICKS AND SHOVELS. Catch me in NYC on TOMORROW (26 Feb) with JOHN HODGMAN and at PENN STATE THURSDAY (Feb 27). More tour dates here. Mail-order signed copies from LA's Diesel Books.

The UK government has just ordered Apple to secretly compromise its security for every iOS user in the world. Instead, Apple announced it will disable a vital security feature for every UK user. This is a terrible outcome, but it just might be the best one, given the circumstances:

https://www.bbc.com/news/articles/cgj54eq4vejo

So let's talk about those circumstances. In 2016, Theresa May's Conservative government passed a law called the "Investigative Powers Act," better known as the "Snooper's Charter":

https://www.snooperscharter.co.uk/

This was a hugely controversial law for many reasons, but most prominent was that it allowed British spy agencies to order tech companies to secretly modify their software to facilitate surveillance. This is alarming in several ways. First, it's hard enough to implement an encryption system without making subtle errors that adversaries can exploit.

Tiny mistakes in encryption systems are leveraged by criminals, foreign spies, griefers, and other bad actors to steal money, lock up our businesses and governments with ransomware, take our data, our intimate images, our health records and worse. The world is already awash in cyberweapons that terrible governments and corporations use to target their adversaries, such as the NSO Group malware that the Saudis used to hack Whatsapp, which let them lure Jamal Khashoggi to his death. The stakes couldn't be higher:

https://pluralistic.net/2025/02/04/citizen-lab/#nso-group

Encryption protects everything from the software updates for pacemakers and anti-lock braking to population-scale financial transactions and patient records. Deliberately introducing bugs into these systems to allow spies and cops to "break" encryption when they need to is impossible, which doesn't stop governments from demanding it. Notoriously, when former Australian PM Malcolm Turnbull was told that the laws of mathematics decreed that there is no way to make encryption that only stops bad guys but lets in good guys, he replied "The laws of mathematics are very commendable but the only law that applies in Australia is the law of Australia":

https://www.eff.org/deeplinks/2017/07/australian-pm-calls-end-end-encryption-ban-says-laws-mathematics-dont-apply-down

The risks don't stop with bad actors leveraging new bugs introduced when the "lawful interception" back-doors are inserted. The keys that open these back-doors inevitably circulate widely within spy and police agencies, and eventually – inevitably – they leak. This is called the "keys under doormats" problem: if the police order tech companies to hide the keys to access billions of peoples' data under their doormats, eventually, bad guys will find them there:

https://academic.oup.com/cybersecurity/article/1/1/69/2367066

Again, this isn't a theoretical risk. In 1994, Bill Clinton signed a US law called CALEA that required FBI back-doors for data switches. Most network switches in use today have CALEA back-doors and they have been widely exploited by various bad guys. Most recently, the Chinese military used CALEA backdoors to hack Verizon, AT&T and Lumen:

https://pluralistic.net/2024/10/07/foreseeable-outcomes/#calea

This is the backdrop against which the Snooper's Charter was passed. Parliament stuck its fingers in its ears, covered its eyes, and voted for the damned thing, swearing that it would never result in any of the eminently foreseeable harms they'd been warned of.

Which brings us to today. Two weeks ago, the Washington Post's Joseph Menn broke the story that Apple had received a secret order from the British government, demanding that they install a back-door in the encryption system that protects cloud backups of iOS devices:

https://www.washingtonpost.com/technology/2025/02/07/apple-encryption-backdoor-uk/

Virtually every iOS device in the world regularly backs itself up to Apple's cloud backup service. This is very useful: if your phone or tablet is lost, stolen or damaged, you can recover your backup to a new device in a matter of minutes and get on with your day. It's also very lucrative for Apple, which charges every iOS user a few dollars every month for backup services. The dollar amount here is small, but that sum is multiplied by the very large number of Apple devices, and it rolls in every single month.

Since 2022, Apple has offered its users a feature called "Advanced Data Protection" that employs "end-to-end" encryption (E2EE) for these backups. End-to-end encryption keeps data encrypted between the sender and the receiver, so that the service provider can't see what they're saying to each other. In the case of iCloud backups, this means that while an Apple customer can decrypt their backup data when they access it in the cloud, Apple itself cannot. All Apple can see is that there is an impenetrable blob of user data on one of its servers.

2022 was very late for Apple to have added E2EE to its cloud backups. After all, in 2014, Apple customers suffered a massive iCloud breach when hackers broke into the iCloud backups of hundreds of celebrities, leaking nude photos and other private data, in a breach colloquially called "Celebgate" or "The Fappening":

https://en.wikipedia.org/wiki/2014_celebrity_nude_photo_leak

Apple almost rolled out E2EE for iCloud in 2018, but scrapped the plans after Donald Trump's FBI leaned on them:

https://www.reuters.com/article/world/exclusive-apple-dropped-plan-for-encrypting-backups-after-fbi-complained-sour-idUSKBN1ZK1CO/

Better late than never. For three years, Apple customers' backups have been encrypted, at rest, on Apple's servers, their contents fully opaque to everyone except the devices' owners. Enter His Majesty's Government, clutching the Snooper's Charter. As the eminent cryptographer Matthew Green writes, a secret order to compromise the cloud backups of British users is necessarily a secret order to compromise all users' encrypted backups:

https://blog.cryptographyengineering.com/2025/02/23/three-questions-about-apple-encryption-and-the-u-k/

There's no way to roll out a compromised system in the UK that differs from non-British backups without the legion of reverse-engineers and security analysts noticing that something new is happening in Britain and correctly inferring that Apple has been served with a secret "Technical Capability Notice" under the Snooper's Charter:

Even if you imagine that Apple is only being asked only to target users in the U.K., the company would either need to build this capability globally, or it would need to deploy a new version or “zone”1 for U.K. users that would work differently from the version for, say, U.S. users. From a technical perspective, this would be tantamount to admitting that the U.K.’s version is somehow operationally distinct from the U.S. version. That would invite reverse-engineers to ask very pointed questions and the secret would almost certainly be out.

For Apple, the only winning move was not to play. Rather than breaking the security for its iCloud backups worldwide, it simply promised to turn off all security for backups in the UK. If they go through with it, every British iOS user – doctors, lawyers, small and large business, and individuals – will be exposed to incalculable risk from spies and criminals, both organized and petty.

For Green, this is Apple making the best of an impossible conundrum. Apple does have a long and proud history of standing up to governmental demands to compromise its users. Most notably, the FBI ordered Apple to push an encryption-removing update to its phones in 2016, to help it gain access to a device recovered from the bodies of the San Bernardino shooters:

https://www.eff.org/deeplinks/2016/02/eff-support-apple-encryption-battle

But it's worth zooming out here for a moment and considering all the things that led up to Apple facing this demand. By design, Apple's iOS platform blocks users from installing software unless Apple approves it and lists it in the App Store. Apple uses legal protections (such as Section 1201 of the US Digital Millennium Copyright Act and Article 6 of the EUCD, which the UK adopted in 2003 through the Copyright and Related Rights Regulations) to make it a jailable offense to reverse-engineer and bypass these blocks. They also devote substantial technical effort to preventing third parties from reverse-engineering its software and hardware locks. Installing software forbidden by Apple on your own iPhone is thus both illegal and very, very hard.

This means that if Apple removes an app from its App Store, its customers can no longer get that app. When Apple launched this system, they were warned – by the same cohort of experts who warned the UK government about the risks of the Snooper's Charter – that it would turn into an attractive nuisance. If a corporation has the power to compromise billions of users' devices, governments will inevitably order that corporation to do so.

Which is exactly what happened. Apple has already removed all working privacy tools for its Chinese users, purging the Chinese App Store of secure VPN apps, compromising its Chinese cloud backups, and downgrading its Airdrop file-transfer software to help the Chinese state crack down on protesters:

https://pluralistic.net/2022/11/11/foreseeable-consequences/#airdropped

These are the absolutely foreseeable – and foreseen – outcomes of Apple arrogating total remote control over its customers' devices to itself. If we're going to fault Theresa May's Conservatives for refusing to heed the warnings of the risks introduced by the Snooper's Charter, we should be every bit as critical of Apple for chasing profits at the expense of billions of its customers in the face of warnings that its "curated computing" model would inevitably give rise to the Snooper's Charter and laws like it.

As Pavel Chekov famously wrote: "a phaser on the bridge in act one will always go off by act three." Apple set itself up with the power to override its customers' decisions about the devices it sells them, and then that power was abused in a hundred ways, large and small:

https://pluralistic.net/2023/09/22/vin-locking/#thought-differently

Of course, there are plenty of third-party apps in the App Store that allow you to make an end-to-end encrypted backup to non-Apple cloud servers, and Apple's onerous App Store payment policies mean that they get to cream off 30% of every dollar you spend with its rivals:

https://www.reddit.com/r/privacy/comments/1iv072y/endtoend_encrypted_alternative_to_icloud_drive/

It's entirely possible to find an end-to-end encrypted backup provider that has no presence in the UK and can tell the UK government to fuck off with its ridiculous back-door demands. For example, Signal has repeatedly promised to pull its personnel and assets out of the UK before it would compromise its encryption:

https://pluralistic.net/2023/03/05/theyre-still-trying-to-ban-cryptography/

But even if the company that provides your backup is impervious to pressure from HMG, Apple isn't. Apple has the absolute, unchallenged power to decide which apps are in its App Store. Apple has a long history of nuking privacy-preserving and privacy-enhancing apps from its App Store in response to complaints, even petty ones from rival companies like Meta:

https://www.theverge.com/2022/9/29/23378541/the-og-app-instagram-clone-pulled-from-app-store

If they're going to cave into Zuck's demand to facilitate spying on Instagram users, do we really think they'll resist Kier Starmer's demands to remove Signal – and any other app that stands up to the Snooper's Charter – from the App Store?

It goes without saying that the "bad guys" the UK government claims it wants to target will be able to communicate in secret no matter what Apple does here. They can just use an Android phone and sideload a secure messaging app, or register an iPhone in Ireland or any other country and bring it to the UK. The only people who will be harmed by the combination of the British government's reckless disregard for security, and Apple's designs that trade the security of its users for the security of its shareholders are millions of law-abiding Britons, whose most sensitive data will be up for grabs by anyone who hacks their accounts.

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2025/02/25/sneak-and-peek/#pavel-chekov

Image: Mitch Barrie (modified) https://commons.wikimedia.org/wiki/File:Daytona_Skeleton_AR-15_completed_rifle_%2817551907724%29.jpg

CC BY-SA 2.0 https://creativecommons.org/licenses/by-sa/2.0/deed.en

--

Kambanji https://www.flickr.com/photos/kambanji/4135216486/

CC BY 2.0 https://creativecommons.org/licenses/by/2.0/

--

Rawpixel https://www.rawpixel.com/image/12438797/png-white-background

apple disables iCloud encryption in UK after government order

FYI for anyone in the UK with an iPhone.

Apple disabled end-to-end encryption because the UK Government sent Apple a Secret Order to put in a backdoor and Apple decided to turn it off instead since adding a backdoor would do the same thing for the UK.

This isn't bashing Apple by the way. One of the few times I side with them on something. Better to let everyone know they don't have privacy in the UK rather than letting their Government pretend they don't have access.

Signal has long said it'd "rather shut down or leave a market" than add a backdoor or weaken its encryption.

Apple also had this option when it was ordered by the UK government to build an iCloud backdoor. Apple could have said — without violating secrecy laws — why it was leaving the UK, rather than weaken the security of all of its UK customers.

Instead, Apple capitulated to the demand to keep operating, and prioritized its profits over its customers' security.

Im Vereinigten Königreich kämpft Apple derzeit gegen die Einführung sogenannter Hintertüren in die Ende-zu-Ende-Verschlüsselung des Unternehmens: Diese würden der Polizei und den Geheimdiensten ermöglichen, verschlüsselte Inhalte, darunter Dokumente, Sprachaufzeichnungen und Fotos, bei Bedarf zu entschlüsseln und mitlesen zu können. Sicherheitsexperten warnen: Die Entscheidung könnte weitreichende Folgen für den Einsatz von starker Verschlüsselung haben – und das nicht nur für Kundinnen und Kunden von Apple in Großbritannien.

Anfang Februar hatte die Washington Post als Erste berichtet, dass die britischen Behörden Apple aufgefordert hätten, eine Hintertür in den iCloud-Speicher des Unternehmens einzubauen. Dabei ging es nicht nur darum, Zugriff auf die Inhalte einzelner Konten zu erhalten, sondern um die Möglichkeit, jederzeit jeden iCloud-Account entschlüsseln zu können. [...]

Dass iCloud im Fokus der Behörden steht, hat einen Grund, und der heißt ADP: Advanced Data Protection, erweiterter Datenschutz. Im Dezember 2022 hatte Apple diese Option für seine Nutzerinnen und Nutzer angekündigt. Ist ADP aktiviert, werden zahlreiche Inhalte, die von einem Apple-Gerät aus in iCloud hochgeladen werden, Ende-zu-Ende verschlüsselt. Die Verschlüsselung findet lokal auf dem iPhone oder Mac statt und die dafür notwendigen Schlüssel sind auf dem jeweiligen Gerät hinterlegt. Weder Apple noch Dritte können so die Inhalte in der Cloud entschlüsseln, ohne Zugriff auf das Endgerät zu haben.

[...] Cloudspeicher wie iCloud, Dropbox, Samsung Cloud oder auch Google Photos verschlüsseln zwar prinzipiell alle Inhalte, die von Nutzern hochgeladen werden. Allerdings erst, nachdem diese auf den Servern der Unternehmen gelandet sind. Das bedeutet, dass die Unternehmen über die jeweiligen Schlüssel verfügen und diese, wenn sie per Beschluss dazu aufgefordert werden, mit Strafverfolgungsbehörden teilen können oder müssen. Für die Behörden sind Cloudspeicher ein beliebtes Mittel, um an Informationen zu gelangen. [...]

Bei Strafverfolgern in zahlreichen Ländern stieß die Funktion auf Kritik. Ihr Argument: Starke Verschlüsselung erschwere es ihnen, Straftaten zu verhindern und aufzuklären. Stattdessen helfe sie Terroristen bei der Planung von Anschlägen oder Menschen, die Inhalte wie Fotos von Kindesmissbrauch teilen. [...]

Nach Gesprächen, die sich offenbar über die vergangenen zwei Jahre hinzogen, hat die britische Regierung Apple nun dazu aufgefordert, eine Hintertür in ADP einzubauen. Als rechtliche Grundlage für die Forderung dient der Investigatory Powers Act (IPA) aus dem Jahr 2016. Dieses von den Kritikern Snooper's Charter – Schnüfflergesetz – getaufte Gesetz hat die elektronischen Überwachungsfähigkeiten der britischen Polizei und Geheimdienste deutlich erweitert. Es sieht zudem vor, dass Unternehmen dazu aufgefordert werden können, "technische Kapazitäten aufzubauen, um rechtmäßige Anfragen nach Daten im Rahmen des IPA zu beantworten", wie es in dem Gesetz heißt.

Vergangene Woche hat Apple auf seiner Website deshalb angekündigt, die Advanced Data Protection im Vereinigten Königreich auszusetzen. Eine Erklärung fehlt, was nicht überrascht: Gemäß des IPA darf ein betroffenes Unternehmen nämlich nicht öffentlich machen, wenn es die Aufforderung erhalten hat, technische Maßnahmen zu ergreifen. Von Apple gibt es deshalb auch keine Stellungnahme jenseits der allgemeinen Ansage, "niemals eine Hintertür oder einen Generalschlüssel in unsere Produkte oder Dienstleistungen einzubauen". Wobei einige Experten behaupten, das sei längst geschehen.

Wie verschiedene Medien am Dienstag berichten, habe Apple nun Einspruch vor dem sogenannten Investigatory Powers Tribunal eingereicht. Dabei handelt es sich um ein unabhängiges Gericht, das Beschwerden gegen die britischen Sicherheitsdienste prüft. Wie die Financial Times schreibt, sei es das erste Mal, dass die Bestimmungen zur Aushebelung von Verschlüsselung vor Gericht geprüft werden. Eine mögliche Entscheidung – sowohl für als auch gegen Apple – könnte also weitreichende Folgen haben.

Tatsächlich steht nämlich nicht nur die Option auf starke Verschlüsselung in Großbritannien auf dem Spiel, sondern weltweit. Die Bürgerrechtsorganisation Electronic Frontier Foundation (EFF) schreibt, dass es keinen technischen Kompromiss gebe "zwischen einer starken Verschlüsselung, die Daten schützt, und einem Mechanismus, der einer Regierung einen besonderen Zugang zu diesen Daten ermöglicht". Eine Hintertür in Ende-zu-Ende-Verschlüsselung sei letztlich nur eine zusätzliche Schwachstelle, die für Hackerangriffe, Identitätsdiebstahl und Betrug genutzt werden könne.

[...]

Apple cedează presiunilor autorităților britanice: Criptarea end-to-end pentru iCloud, dezactivată în Marea Britanie

Apple a confirmat oficial că renunță la criptarea end-to-end oferită prin sistemul Advanced Data Protection (ADP) pentru utilizatorii iCloud cu conturi nou create în Regatul Unit, urmând ca și utilizatorii existenți să fie afectați de această decizie. Acest pas marchează un compromis semnificativ în politica de confidențialitate a companiei americane, realizat în urma presiunilor exercitate de…

The UK no longer has end to end encryption thanks to Keir Starmer’s Labour government reanimating the zombie policy that is the Snoopers Charter, first peddled by Theresa May’s Tory government and rejected by the public.

Apple withdrawing end-to-end encrypted backups from the UK "creates a dangerous precedent which authoritarian countries will surely follow".

UK now likened to authoritarian regimes and why Starmer won’t challenge Trump since he is in lock step with US policies, openly goes after sick, disabled, pensioners and poorest, increasing their hardship rather than tax the mega rich. US policy is UK policy.

So what does this mean for Apple users in the UK?

All your data in the cloud is no longer secure in comparison to having ADP enabled and can be accessed by the government upon request. The GDPR is all but dead in the UK, there are now so many government policies that snoop on us by the back door with even news outlets online now charging us for access without *cookies enabled (data farming you whilst you read with no option to opt out unless you pay)

I checked with the ICO myself and it is a fully approved policy despite its contradiction to the rights of consent, removed in the process.

If you want a workaround here are my suggestions

Cancel your iCloud storage, your data will stay on the cloud until the renewal date, use that time to back it up locally or on a flash drive.

Change your iMessage settings to delete audio messages after 2 minutes and permanently delete messages after 30 days.

Alternatively, use a third party messaging app with a delete on read feature and disable Apple iMessage altogether.

If you are tech savvy you can set up a USB drive or flash drive directly into your router hub (you should have at least one USB slot, some have two) and use FTP to back up over wifi, you can do this on any device, you don’t need a desktop.

Use a VPN service or set one up. If you’re really technical you can use a Raspberry Pi to do this, but you will need to hard code it. Think Mr Robot.

This change does not impact sensitive data like medical details which remain end to end encrypted.

If you want to learn more on the sweeping bills being pushed through government and any action your can take visit Big Brother Watch: https://bigbrotherwatch.org.uk

*If you want to read news articles without paying for the privilege of not handing over your cookie data, simply disable javascript within your browsers settings and refresh the browser page. Remember to turn it back on when your done. Alternatively disable all cookies but know this will impact your online experience and access.

When the Horror Writer Battled a Real‑Literary Monster

Darkness dripped through the gaps in my curtains as I hunched over my keyboard, the single lamp by my side flickering like a wounded heartbeat. I’d been chasing the perfect macabre sentence for hours when an alert pinged: a new post by Mr. Humble.

I clicked—and the world went white.

I. The Awakening of Infinite Rage

His words poured across my screen in molten lines: equal parts smoky invocation and razor‑edged truth. You could feel them coil around your mind, tightening with each heartbeat. He didn’t just write: he bled letters onto the page. Then, with a final flourish, he unleashed the Emberstorm Tag—🔥🔥🔥🔥🔥—and it spread like wildfire through the platform.

The dashboard lit up. Notifications screamed. Reblogs soared into the tens of thousands. The rage embedded in every syllable was vast—an ocean of fury with no shore in sight. Even the veterans of Tumblr, hardened veterans of midnight poem‑rants and fandom flame‑wars, paused in stunned silence.

II. Rallying the Midnight Scribes

We responded en masse. Linguists wielded punctuation like battleaxes, fandom knights rallied behind their favorite tropes, and academics conjured frameworks to analyze the onslaught. We formed the Brotherhood of the Blue Cursor—a ragged band of creators determined to stand against the limitless tide.

But every attempt to counter‑post, to dilute his impact with reason or irony, only fueled his inferno. His cadence was a living entity: it consumed context, obliterated nuance, and demanded worship.

III. The First Great Sacrifice

On the third night, Mira—the poet whose sinewy stanzas could carve glaciers from the sky—stepped forward. She tweeted her final warning: “To cage his flame, one must become the ember.” With that, she deleted her entire archive, sacrificing seven years of work in a single keystroke. The Brotherhood gasped as her blog transformed into a pale echo of itself, and for a precious moment, Mr. Humble’s ember lost its tether.

We saw our chance and launched a coordinated “Sealpost”—a chain of countersong prose, each post a sigil binding the next. But his rage roared back, slamming us with reblogs and crushing our words under the weight of his infinite blaze.

IV. The Siege of Sundered Dashboards

Tumblr’s code began to shudder. Moderators drew up emergency protocols. Yet every time they tried to “Extinguish Campaign,” the ember slipped through their fingers, spreading into hidden tags and private messages. It was as if the platform itself conspired with him.

We retreated to our hidden enclaves—private chats, encrypted communities—where we could plan in whispers. There, I uncovered the legend of the Bleeding Quill: an ancient relic said to absorb unlimited fury but remain uncharged itself. Only by filling its well could a single, final seal be poured.

V. The Last Stand

We lured Mr. Humble’s rage into a trap. On the night of the Blood Moon, we coordinated a simultaneous “Reblog + Seal” across fifty of our strongest blogs. Each crafted a post saturated with grief, defiance, longing, and hope—an emotional prism reflecting every facet of human experience.

As our posts went live, the Bleeding Quill—summoned by a secret invocation—appeared on my screen, its nib hovering above a digital parchment. I began to write the final seal: a chain of arcane tags, hashtags, and encoded prose designed to bind the rage within.

His counterstrike was immediate. Notifications exploded. My screen crackled with every note, every like, every reblog feed. The ember became a nova of fury, pressing against the walls of our trap.

In the code‑streaked fury of that moment, sacrifices piled high:

Mira, having already gifted us her archive, negated her own presence entirely to lighten the seal’s load.

Donovan, the fandom archivist, deleted his backup servers to keep the ember from escaping.

Elara, the semi‑retired philosopher‑poet, locked her entire iCloud in a final gesture of devotion.

I watched their avatars vanish one by one as the Quill drank their losses, its tip glowing blood‑red. My own hands shook.

Then—

With a final incantation, I pressed Publish.

VI. Aftermath and the Fragile Peace

For a heartbeat, the screen went still. The Dashboard’s hum stilled. The ember’s roar died to a single, echoing crackle… and then it was gone.

Tumblr blinked back to life as if awakening from a fever dream. Tags sorted themselves, notifications stabilized, and the moderators—wide‑eyed—found no trace of the Blaze. Our blogs were untouched, save for the sealpost itself, which stood like a monolith in the archives.

When dawn broke, the world was changed. Mr. Humble’s account remained, but silent. An empty shell echoing with the potential of what might rise again. The Brotherhood of the Blue Cursor, battered and diminished, tended its wounds—and began to rebuild.

VII. Echoes of Infinity

They say his rage slumbers, waiting for the next slip, the next unchecked ember. And they whisper that somewhere in Tumblr’s deepest code, a faint glow dances behind dormant tags, a reminder that infinite fury, once born, is never truly destroyed—only contained.

As for me, I keep my Bleeding Quill close. And every midnight, I wonder: will I be called to write another seal? Or will I be watching from the other side, a witness to the god I helped cage?

Either way, I will be ready. Because in the world of words, the fiercest monsters are never myths—they are the cadences we dare to unleash.

Apple has effectively told the UK government to get lost when it comes to inserting a worldwide surveillance backdoor into its iCloud encryption. Instead of playing along with Britain’s ever-expanding digital police state, the tech giant has chosen to pull its most secure data protection feature — Advanced Data Protection (ADP) — for users in the UK. Because nothing says “we respect your privacy” like stripping away the very feature designed to protect it.

The whole mess started when the British government, wielding the notoriously invasive Investigatory Powers Act (a law that might as well be named the “We Own Your Data Act”), demanded that Apple sabotage its own encryption. The UK’s authorities wanted a golden key to every citizen’s iCloud storage, under the guise of “public safety.” But here’s the wider issue: the directive wouldn’t only affect Brits — it would have compromised Apple’s encryption system worldwide.

just lost all my downloaded fics to the void of icloud (it’s saying it’s encrypted and i can’t find any of them) :/ if y’all could recommend some finished buddie fics that y’all like with over 1 chapter in the replies or tags, i would really appreciate it cos i go back to work tmrw and quite frankly i’m freaking out 😭

EU’s proposed Chat Control law has become a bone of contention between members of the bloc. First proposed by the European Commissioner for Home Affairs Ylva Johansson in May 2022 as part of bloc’s push to combat child sexual abuse online, the framework of the bill has now come under fire, earning itself a derisive term “Chat Control”. 

France, Germany and Poland have particularly refused to accept a clause that allows for mass scanning of private messages by breaking end-to-end encryption. Some tech companies, along with trade associations, and privacy experts have all vehemently opposed the regulation. 

On the other hand, Interior Ministers of Spain and Ireland have supported the proposal. Separately, a network of organisations and individuals, advocating for children’s rights in Europe, have lashed out at EU leaders for failing to tackle child sexual abuse online. 

What are the concerns of those against the proposal?

Scanning end-to-end encrypted messages has remained a controversial issue. That’s because there is no way to do this without opening risky backdoors that can be accessed by third parties who can exploit the vulnerability, in turn ending the promise of end-to-end encryption.

Tech firms that treaded the encryption bypassing path have have often been made to retreat. In 2021, Apple announced NeuralHash, a feature that could automatically scan iCloud photo libraries of individual devices for child sexual abuse material, or CSAM. Employees and activist groups expressed concerns over the loss of privacy. A year later, Apple said it had abandoned the initiative. 

Another looming issue the iPhone maker recognised in the process was how authoritarian governments could potentially misuse the feature by using it as a tool to target individuals who oppose the regime.

Erik Neuenschwander, Director of user privacy and child safety at Apple, admitted this in a note saying, “It would […] inject the potential for a slippery slope of unintended consequences. Scanning for one type of content, for instance, opens the door for bulk surveillance and could create a desire to search other encrypted messaging systems across content types.” 

When brining in a similar clause through the UK’s Online Safety Bill, lawmakers attempted to make way for client-side scanning of private and encrypted messages. The proposal was postponed after receiving pushback from encrypted messaging app owners like WhatsApp and Signal. The duo threatened to leave the UK if such a law was passed. In its final stages, in September, 2023, the House of Lords considered the potential security threat that the clause would bring saying it would not implement scanning until it was “technically feasible.” 

What is the status of EU’s Chat Control law?

On June 30, a new draft of the proposal is set to be be reviewed. Legislators have now left the idea of scanning text messages and audio, and are instead targetting shared photos, videos and URLs with an adjustment to appease the naysayers. 

Another tweak in the making could be people’s consent in sharing material being scanned before being encrypted. But this compromise has been largely called out as a farcical one. A report by Euractiv which has been confirmed by internal documents show that if a user refuses the scanning, they will simply be blocked from sending or receiving images, videos and links hardly leaving them with a choice.

Despite these measures, EU’s enforcement of such regulations have seen exemptions to the rule. In November 2023, the European Commission reportedly published a proposal to amend the regulation on a temporary derogation of the E-Privacy Directive against CSAM. Under the regulation, specific online communications service providers were allowed to sift through or scan messages to detect, report and remove online child sexual abuse material or CSAM and content that solicits children. The regulation is set to expire in early August . The initial plan on the table was to simply extend this regulation for another three years. But, according to media reports, plans for further extensions were stalled in February this year.

Meredith Whittaker, President of Signal app called the measures to assuage concerns as “cosmetic”, and has signed a joint statement along with a group of over 60 other organisations like Mozilla, Proton, Surfshark and Tuta, voicing out her concerns. Whittaker has echoed her earlier warning saying Signal will leave the UK rather than undermine end-to-end encryption. 

A blog, co-authored by Riana Pfefferkorn, a research scholar at the Stanford Internet Observatory and Callum Voge, director of government affairs and advocacy at the Internet Society, notes, ”If government surveillance is a concern in an established democratic entity like the EU, what hope is there for beleaguered democracies like Turkey, India and Brazil, much less autocracies?”

Apple has removed its Advanced Data Protection (ADP) feature for UK users, a move prompted by government demands for access to cloud data. ADP, which offered end-to-end encryption for iCloud backups, will no longer be available for new users, while existing users must eventually disable it.

This decision weakens iCloud security, allowing Apple to access user data, such as iMessages, when legally compelled. Critics warn this leaves UK users vulnerable to privacy risks, as governments and tech giants clash over encryption. Apple expressed disappointment, citing rising data breaches, but emphasized its commitment to avoiding backdoors that could be exploited by hackers. The change highlights the ongoing tension between privacy and surveillance in the digital age.

Apple ordered to open encrypted user accounts globally to UK spying

https://www.theverge.com/news/608145/apple-uk-icloud-encrypted-backups-spying-snoopers-charter

Everyone shits on Apple but damn, I'm going through all the security shit you can turn on and it's a lot, even if you're not paying for iCloud+.

Apple already restricts apps from talking to one another as much as it can, but you can additionally request apps not track you on top of that. Your data is already encrypted, but you can choose to encrypt your data to the point where even if the "cloud" got hacked, no one would be able to read it - it can only be accessed on approved devices. Messages between iPhone users using Messages are already E2E encrypted, as are Facetime calls, but you can turn on Contact Key Verification, which ensures that when you're texting someone in your contacts, you're actually texting them (this is marketed towards folks who are "high priority targets" for hackers, like journalists, social rights activists, and politicians).

On top of that, the cheapest iCloud+ plan is $3 a month, and for that, you get even more security measures on top of 200GB of storage. You can create random email aliases for when sites force you to put an email it just to read the content. You can turn on a private relay that anonymizes your IP address.

I'm still a fan of not having all your eggs in one basket (aka not being totally dependent on one single company for everything) but hot diggety. Apple has won me back in a big way.