Everyone in the tech industry facepalms almost every time legislators try to pontificate on technology, but the British government appears to be trying to set a new record. After putting iMessage and FaceTime at risk, the government is now suggesting that it might ban some Apple security updates.

  • jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    58
    ·
    edit-2
    1 year ago

    https://www.justsecurity.org/87615/changes-to-uk-surveillance-regime-may-violate-international-law/

    Linking to the original article and not an article summarizing the article.

    TLDR The UK government wants service providers in the UK to request permission to apply updates including security updates. They may deny that permission for national security reasons.

    Ie if the government wants it broken so they can keep exploiting it they will prevent anybody from getting patched.

  • graphite@lemmy.world
    link
    fedilink
    English
    arrow-up
    35
    ·
    1 year ago

    Under the latest plans, tech companies would need to notify the British government before rolling out a security fix but might be refused permission if it blocks a vulnerability that’s being exploited by security services…

    I suppose these days it’s cheaper to find some half baked vulnerability and pray it lasts a while instead of just adding back doors in the devices

    • ikidd@lemmy.world
      link
      fedilink
      English
      arrow-up
      22
      ·
      1 year ago

      That’s the stupidest fucking thing I’ve heard from a government that seems to take pride in how stupid and authoritarian their legislation can get. They’re giving the US a run for it’s money.

    • umami_wasabi@lemmy.ml
      link
      fedilink
      English
      arrow-up
      8
      arrow-down
      1
      ·
      1 year ago

      Or wait the service provider submit a fix, deny it, and then exploit. Even cheaper than find one cuz they just need to wait to be summitted.

  • BigVault@kbin.social
    link
    fedilink
    arrow-up
    23
    ·
    1 year ago

    Hospital emergency rooms across the UK are likely to be declaring a major incident to deal with the rash of injuries caused by the force of facepalming and banging heads against desks throughout the tech sector.

    The NHS is struggling enough as it is.

  • KelsonV@lemmy.world
    link
    fedilink
    English
    arrow-up
    16
    ·
    1 year ago

    I was expecting this to be a half-baked plan to block something using a less-than-half-baked definition that would also cover security updates.

    The fact that someone actually thinks explicitly blocking security updates is a good idea is just appalling.

  • amzd@kbin.social
    link
    fedilink
    arrow-up
    15
    ·
    1 year ago

    Ok so Apple would have to disclose the vulnerability to follow proposed EU rules then can’t implement the fix in UK? That seems like a disaster waiting to happen

    • Powerpoint@lemmy.ca
      link
      fedilink
      English
      arrow-up
      15
      ·
      1 year ago

      The UK did allow Brexit to happen, they haven’t exactly been making the best decisions.

    • LeTak@lemm.ee
      link
      fedilink
      English
      arrow-up
      8
      ·
      1 year ago

      Imagine Apple shares a patch and the UK does not approve the install. Ok nice. Now everyone knows a vulnerability that affects most of the Apple devices in UK. What could go wrong.

      • pivot_root@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        Next step: require all security patches to be submitted to the UK government for review before disclosing it to any other government or to the public.

  • lustrum@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    10
    ·
    edit-2
    1 year ago

    This might have worked a decade ago. Companies are EXTREMELY hot on device patches now. I work for a big company and we have a week to install the latest iOS patches on our phone. We get regular updates when software is out. If windows gets a certain patch behind the system can’t update, it requires a full flash.

    The same with banning encryption, the average Joe might not care but big companies have a lot to protect in IP and legally. Imagine a US company wanting send IP to a UK company for design/validation/manufacturing. They just won’t because our devices/networks will be vulnerable to IP being stolen