The amendments to the Investigatory Powers Bill, allegedly intended to make people safer, will undoubtedly make UK digital infrastructure a tempting target as the regulations will be weaken security there. The biggest problem for Apple, other than the steady erosion of encryption, is that essential security and privacy updates might be delayed or never appear — and without any transparency or scrutiny at all.
If passed, the law would mean that every tech security update must be reviewed by UK authorities before release, which will immediately delay distribution of vital security patches.
Hackers will immediately see this means any patched vulnerabilities will be secured in the UK last, making the nation an incredibly attractive target to attack. Hackers are organized enough to spot and exploit weakness. It’s what they do.
And if the UK rejects an update, that update cannot be released in any other nation and the public would not be informed of the decision.
And if the UK rejects an update, that update cannot be released in any other nation and the public would not be informed of the decision.
That sounds like the UK wants every software and hardware vendor to flee its market.
I don’t see how that part is supposed to play out anyway.
What happens if the UKHO rejects an update, but it is then rolled out everywhere else?
So, did someone tell them the Empire is long gone and after Brexit, UK’s all on their own now?
…which you btw can also clearly see by Apple freely attacking them in this article. They are neither afraid nor do they feel the need to appease.
“We doubled our domestic software industry!”
The UK has always had a very authoritarian streak.
People often think of this as a Tory problem, but it makes Labour jizz their pants just as much.
And if the UK rejects an update, that update cannot be released in any other nation and the public would not be informed of the decision.
So,… say, I find a major bug in a widely used software and inform the vendor. Said vendor informs the UK bodies and they reject the update and it is bound by the decision to stay silent and don’t patch it. What stops me now to go full public disclosure of the matter? From my perspective I told them the big, I might even have confirmation, that it’s worked on and then… silence. The only way to get this patched in a timely manner would be massive public pressure.
Police knocking on your door stop you. This is clearly an attempt to protect their own backdoors from being patched so they can continue eavesdropping
First - if I’m not from the UK, thats very unlikely. At least because the UK wants it to happen and not for other reasons.
Second - the moment the information is out, it’s too late. Their zero day is burned.
Third - the police needs to know where to knock. If I publish the information in a way that can be associated with my identity and I’m the one that alerted the vendor, sure. But even if I’m a completely random person that immediately goes full disclosure - doing so may in a way that identifies me might hurt me anyways, depending on my jurisdiction. So for individuals it might be the smarter play to make it less traceable.
Fourth - imagine Google’s Project Zero or another “huge player” finds the Bug and alerts the vendor. Google e.g. has a policy to fully disclose the bug, if there’s no fix within a specified time-frame. This might be extended for reasons, but only of there’s a good reason. If the vendor cannot say why they don’t patch, well that’s none of these reasons.
You’re missing the point. They are blocking the security patches themselves. “Google has a policy to…” is invalid when a nation state, especially not one with one of the strongest intelligence gathering apparatus in the world, has a law telling them what to do.
Google already works with the intelligence agencies. It would be naive to assume otherwise
A completely random person anonymously putting the information out online is not the person releasing the security patch. That’s probably why they are focusing of the updates themselves. Easier to hold someone responsible
Is this the whole save the children by having no encryption thing again?
deleted by creator
Wild to think anyone is stupid enough to think the uk has that kinda pull.