Skip to main content

It’s not just iMessage: UK government could ban Apple security updates

Everyone in the tech industry facepalms almost every time legislators try to pontificate on technology, but the British government appears to be trying to set a new record. After putting iMessage and FaceTime at risk, the government is now suggesting that it might ban some Apple security updates.

Under the latest plans, tech companies would need to notify the British government before rolling out a security fix but might be refused permission if it blocks a vulnerability that’s being exploited by security services…

A six-year tale of technical illiteracy

The British government’s desire to ban end-to-end encryption dates back to at least 2017. Even six years ago, the country’s former head of MI5 told them what a dangerous idea that was.

The British government wants to ban end-to-end encryption altogether, arguing that it hampers the work of the security services. Support for Apple’s position – and opposition to that of the British Home Secretary – has now come from an unlikely source.

In a BBC Radio 4 interview cited by Gizmodo, the former head of the Security Service (more commonly known as MI5) has said that while strong encryption does make their job harder, it is the lesser evil.

“I think the way cyberspace is being used by criminals, and by governments, is a potential threat to the UK’s interests more widely – and it’s very important that we should be seen and be a country where people can operate securely. And that’s very important for our commercial interests, as well as our national security interests, so encryption is very positive.”

Since then, the government has persisted in the nonsensical idea that it is somehow possible to allow it to spy on people without also letting bad guys do the same.

Most recently, Apple said that it would remove iMessage and FaceTime entirely from the UK rather than remove E2E encryption.

Apple security updates would require permission

The latest idiocy is highlighted by Just Security.

Device manufacturers would likely also have to notify the government before making available important security updates that fix known vulnerabilities and keep devices secure. Accordingly, the Secretary of State, upon receiving such an advance notice, could now request operators to, for instance, abstain from patching security gaps to allow the government to maintain access for surveillance purposes.

Again, the sheer stupidity of this cannot be overemphasized. In the vast majority of cases, Apple learns about a security vulnerability because someone else discovered it. It might be that a security researcher finds it and quietly notifies Apple before a hacker does the same, or it may be that it comes to light when it is exploited in malware. In either case, the longer Apple waits to patch it, the more dangerous it becomes. And not patching it is not an option.

Top comment by Applesauce

Liked by 15 people

Countries are the modern world biggest problem.

A country is nothing more than a cooperation which the employees are its citizens.

It’s really sad to see how “democratic” countries such as the UK are ignoring the most basic rule of human rights which is privacy, in excuse of fighting terror, national security or kids safety.

View all comments

John Gruber, who drew my attention to the above piece, also returns to the iMessage issue to observe that E2E encryption is not a feature that can be switched on or off but is, instead, fundamental to the design of a messaging app.

Just yesterday, we learned that when Meta decided to switch to E2E encryption for Facebook Messenger, it had to build a completely new version of the app from scratch.

It quickly became apparent that transitioning our services to E2EE would be an incredibly complex and challenging engineering puzzle. We would have to rewrite almost the entire messaging and calling code base from scratch.

Hospital emergency rooms across the UK are likely to be declaring a major incident to deal with the rash of injuries caused by the force of facepalming and banging heads against desks throughout the tech sector.

Photo: Brandon Grasley/CC2.0

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications