Apple ordered to open encrypted user accounts globally to UK spying
Apple ordered to open encrypted user accounts globally to UK spying
The secret order would give the UK access to encrypted backups belonging to any user — not just Brits.
cross-posted from: https://infosec.pub/post/23398982
Apple has reportedly been ordered by the UK government to create a backdoor that would give security officials access to users’ encrypted iCloud backups. If implemented, British security services would have access to the backups of any user worldwide, not just Brits, and Apple would not be permitted to alert users that their encryption was […]
I cannot see how they could comply with both that and the GDPR, so the UK is asking Apple to choose between operating in the UK and operating in the 27 countries of the EU. Tough call.
I was just thinking that this would have to interfere with the laws of other countries.
That’s pretty wild to ask that of Apple. I could see the law being able to apply to their own citizens and residents, but not the whole world.
Reminder for anyone using iCloud— enable advanced data protection. This will encrypt almost all your data on iCloud in a way that Apple cannot simply access because they don’t have the key you setup during the enable process. This includes encrypting messages, photos, phone backups, and more which are usually not e2e encrypted. Only some data such as health, passwords, and maps are e2e by default on iCloud.
Of course, in that scenario you have to trust Apple because none of their code is open source and thus can't be scrutinised.
Use Cryptomator before uploading things to iCloud that way it’s already encrypted. Then when/ if Apple manage to decrypt your data all they get is more encrypted data