I‘ve done such a thorough job of de-Googling that I forgot to show up for a meeting with someone, because I hadn’t checked my Google calendar in ages. (No, they were not amused.) In my defense, I proceeded to explain to them that having de-Googled, I was also in the process of de-Appling, which is a special bonus level that those of us in the UK have unlocked.
If you’re reading this in the sunlit uplands, you need to start that too.
You need to start that because, as we recently learned, at some point in the very near future Apple is withdrawing its Advanced Data Protection (ADP) feature from the UK altogether as a result of the Home Office TCN through the Investigatory Powers Act.
Users who already had ADP enabled when the first TCN became public in February will be required to manually switch it off or lose their iCloud account.
I am not going to explain the chapter and verse of the legal saga today, because I prefer to do that for people who pay me to explain them the chapter and verse.
But I will say that the shutdown of ADP is Apple being on the right side of the geopolitical fight, as inconvenient as that may be to you and me.
When the whole debacle blew up in January, Apple announced that ADP would no longer be available for new users, but would remain unaffected for those of us who already had it activated. That assurance was nothing to sleep on, and so we have been waiting for the inevitable. Apple’s September update confirmed that its days are numbered:
So what does that mean for you? Again, from their September update:
Our communication services, like iMessage and FaceTime, remain end-to-end encrypted globally, including in the UK.
Users in the UK who have not already enabled Advanced Data Protection will no longer have the option to do so. That means the 10 iCloud data categories covered by ADP will be protected by Standard Data Protection, and UK users will not have a choice to benefit from end-to-end encryption for these categories: iCloud Backup; iCloud Drive; Photos; Notes; Reminders; Safari Bookmarks; Siri Shortcuts; Voice Memos; Wallet Passes; and Freeform.
This means that if you already had ADP activated, and e2ee is critical to your personal or operational security, you need to get everything in that list – iCloud Backup, iCloud Drive, Photos, Notes, Reminders, Safari Bookmarks, Siri Shortcuts, Voice Memos, Wallet Passes, and Freeform – off of iCloud sooner rather than later.
Once you’ve done that, go into your iCloud settings, click on Manage, then click on each thing individually to purge it off iCloud.
I’m not going to tell you where to move your stuff other than to say that if you’re moving it from one big tech company to another, you’re just being daft. Likewise, if you’re moving your stuff to a non-e2ee service, don’t bother. If you need an e2ee service try Proton. They have a Black Friday sale on.
If you have a lot of Notes, first download the Exporter app from the app store. It does what it says on the tin. You’ll end up with a folder full of markdown files which you can upload elsewhere. E2EE being the dealbreaker, I chose Standard Notes. I know a lot of folk who prefer Obsidian or Joplin. Whatever you choose, do not use a non-E2EE note service.*
You know as well as I do that you need to be moving everything you can out of the American stack anyway so just stick this task on your to-do list, which should not be Reminders, and get it done.
What about the non-e2ee stuff in iCloud?
The full list of what lives in iCloud and how it is or is not encrypted is here.
We know from the tiny bits of the TCN saga which have been publicly disclosed, thanks to the only two media outlets that are bothering to cover it, that the first TCN was not just for the end-to-end encrypted data protected by ADP. It was for anything on iCloud, full stop, worldwide:
…however, the new IPT filing states the TCN “is not limited to” data stored under ADP, suggesting the UK government sought bulk interception access to Apple’s standard iCloud service, which is much more widely used by the company’s customers. The TCN also included “obligations to provide and maintain a capability to disclose categories of data stored within a cloud-based backup service”, the filing states, which suggests the government sought to tap messages or passwords that were backed up in the cloud as well. “The obligations included in the TCN are not limited to the UK or users of the service in the UK; they apply globally in respect of the relevant data categories of all iCloud users,” the IPT filing adds. Tim Bradshaw and Anna Gross at the Financial Times (£)
This means that you have some serious thinking to do about what you intend to trust to the Apple stack altogether going forward, even things like passwords.
I can’t tell you what to do but once again, you have options. Educate yourself. Consider the opsec and persec needs not just of yourself, but for the people around you who could be adversely affected by insecure data going walkies out of your account.
What if I’m not in the UK?
This impacts the UK only: as their September update noted, Advanced Data Protection continues to be available everywhere else in the world.
It does mean that if you have someone in the UK on your team, you need to factor them in as part of your threat model. We are all liabilities to our own opsec now.
If you’re not in the UK, and you don’t have ADP activated, take 10 seconds to do it right now, you lucky sod.
Settings > Your name Apple Account > iCloud > Advanced Data Protection
What about that second TCN?
On the 1st of October, the Home Office issued a second TCN against Apple for the same as before, but only for British citizens’ data. World-leading!
Those who follow my work know that this phrase made me spew a double barrel of Glaswegian swearing. British citizens’ data, as opposed to British users’ data? The dividing line here is not e.g. being located in the UK or having registered an account here, but what it says on your passport? How is Apple going to know that, much less roll it out? (/s)
Did Apple just publicly state that they’re going to be removing a security layer and adding a nationality check layer?
We don’t know.
We don’t know because as with the first TCN, that information only became available in the public domain due to someone leaking it to the media. That’s all there is to know. Everything else is confidential and NCND. There is nothing else to say because nothing else is known. If someone who did know something was sitting across from me right now, and they told me, they would be committing a crime.
Those of us who care about these things enough to show up in difficult places are keeping tabs on both TCNs, and the wider legal and technical implications of both, as best we possibly can. Don’t expect to hear anything more until January, when the Liberty/PI challenge on the first TCN goes to the Investigatory Powers Tribunal. In the interim, if you want me to bore you about ECHR case law and how the UK’s review into Article 8 seems a little too coincidentally timed, pick a pub.
Otherwise, please make sure you de-Apple, de-Google, and de-American Stack yourself when you have time, clarity, and focus to do it. Start today.
In the meantime please follow and support the only media coverage being produced about the second TCN, which comes from Bill Goodwin at Computer Weekly and Tim Bradshaw and Anna Gross at the Financial Times (£).
Above all, please remember that this is the sunlit uplands. That’s the thing about Brexit Britain having decided to go it alone where tech regulation is concerned. It did not become the vanguard of a “world-leading” third way.
It became a small and inconsequential thing easily thrown under a bus.
*For the love of the wee man do not use a non-e2ee notetaking app which has been abandoned by an owner who has a track record of personally snooping through user data when he’s in a mood, i.e. if he’s breathing.
