Like many people who have bought a new Apple laptop recently. The move to USB-C / Thunderbolt 3 has been extremely disruptive. I spent a fortune on new accessories. One thing I wasn’t prepared to do was throw away my Belkin hubs and Apple Cinema monitors. I tried Apple’s own Thunderbolt 2 – Thunderbolt 3 adapter; and it worked inconsistently. One day I would switch on my computer and the monitor or hub wouldn’t work. For apparent no reason, on a seemingly random basis.
StarTech are a Canadian company who have been involved in unsexy, but necessary parts of the technology and video industry. Their focus is purely on interconnectivity of different video display standards. Whilst they aren’t a well known brand like Logitech or Belkin, there are probably some of their products used by your office sys.admin. They used to make a well respected Thunderbolt 2 hub, that didn’t seem to ship to the UK. So in desperation I decided to give their adaptors a chance.
Let’s get the negative aspects about them out of the way first. They are bulky, with the electronics coming in a case about the size of a stack of playing cards, rather than a small pack of chewing gum like Apple’s own convertors. They’re in a shade of dark grey only a sys.admin could love.
But once you get over these cosmetic issues you get a product that just works. It is ironic that I had to go to a non-Apple supplier to get this most Apple of attributes. I can wholeheartedly recommend these convertors.
More on my trials and tribulations with USB-C / Thunderbolt 3 here.
Over time, I pulled together online ad and tech data points. It happened because I have had to compile data and visualise it based on desk and primary research. I thought that these slides may be of use to other people. So I have compiled them here. As I have time, I will try to update them with new data.
There are here as JPGs and as a presentation on SlideShare which I have linked to at the bottom of the presentation.
I decided to take a macro view looking at major email and OTT messaging platforms using monthly active users as a measure of adoption. This took a long slog of time to do as I had to go back and trawl quoted MAU (monthly active user) numbers from the dawn of the internet for people like Hotmail and Yahoo!. The numbers came from a wide range of sources.
What’s interesting in this graph is how the internet dot.com time felt like a rocket ship, yet saw a gentle rise in user numbers in comparison to later smartphone based services like WhatsApp, WeChat et al. Google didn’t manage to cash in as big despite owning Android, but instead acted as a spring board for new players.
Brandwatch had a set of snapshot numbers that are rather different to the ones I had from my research
The IPA Databank is an amazing source of quality planning information and work around the optimum number of channels in advertising campaign. The data is in sharp contrast to the 300+ channels that Machine Zone’s CMO Gabe Leydon claims that they work with to have an optimal communications mix.
My former boss Salim Mitha used to constantly go on about how online was underspent in comparison to the amount of consumer attention that it received. More up to date data shows that its channels like OOH (out of home) and radio which are currently underspend with online rapidly coming to parity between time spent and percentage of advertising budget spent.
Of course audience spend does not take into account the context under which the audience experiences the brand.
I also have additional information on the health of the media industry and adoption of wearables in the statistics attached. More on consumer behaviour here.
I ended up giving a lot of thought about the concept of technology adoption and what it really means. I have been spending a bit of time with the family over the Christmas period as the Carroll family CTO. Reading some of the statistics out there about technology adoption got me thinking whilst I was doing my role as CTO.
In my role as family CTO I had my work cut out for me. My first task on Christmas morning was to recover their Apple ID so that the iPad could be used effectively.
Their mobile communications needs pose a far thornier problem for me and I have been given some thought to my parents and their battered feature phones.
The problem that I have is that its getting increasingly difficult to get them the kind of phone that they want:
Focused on voice
Really simple-to-use SMS
Good haptic feedback (just like what real buttons do)
Something that can be easily locked
Something that can be obtained SIM-free
Something that is physically robust
Something that I can troubleshoot easily
It is a tough call. I have been down this route before. I gave them my old Palm Treo 650 a number of years ago and it got them thinking about digital photography, but it failed as a phone. It’s failures were:
Being too complicated
Providing too many choices
Having too confusing a keyboard
The software was also buggy as hell, but I could trouble shoot any problems they had from my memory of using it a few years before they got their hands on it. The Treo 650 eventually gave up the ghost as the family digital camera, to be replaced by the iPad. My friends who have managed to get their parents using Weixin/WeChat on a mobile phone are not particularly good case studies for what I need to do. There is an absolute unwillingness to have phones with a data package: it is hard for them to understand the vagaries of the mobile phone company tariffs; email is something that they can pick up at home. They never hit the wall on their data allowance from the ISP so it never occurs as a consideration to them.
There is also something about the iPad which means it is accepted as something different to a complex smartphone device and more accepted despite the similar pictures-under-glass interface.
Instead a market stall provided a Samsung feature phone with a late Series 40-esque interface which pushes the envelope in terms of my Dad’s comfort level using it. Meanwhile my Mum soldiers on with an old Nokia. My immediate gut reaction is to go to eBay and pick up something like the Nokia 225 or a Samsung Solid Immerse GT-B2710 for the both of them.
I know other people who have faced similar conundrums and have gone with a Windows Phone (it fails my spec because I wouldn’t be able to troubleshoot it for them), but the tiles front page presents what could be a senior-friendly experience in their eyes. The shy and retiring Tomi Ahonen got hold of some Nokia data looking at phone activations and was both astonished and angry. Roughly a third of Nokia Lumia phones which went out form the factories were never activated. His theory was that a combination of high handset failure rate, unsold inventory from the messy switch over to Windows Phone 8 and possible channel stuffing might be involved.
I don’t know what might justify a 26 million handset short fall, but I could imagine an appreciable amount of them might be due to people using a smartphone as a feature phone. Not having a data plan, being perfectly happy for a phone to be a phone. Is a smartphone still a smartphone if its used as a feature phone?
Extending this analogy further, a large amount of ‘smart TVs’ are now being sold and being touted as the new, new thing in terms of internet eyeballs. Web TV isn’t particularly new as an idea, Combining the web in a TV format has been going since at least the mid-1990s when Steve Perlman founded what would later become MSN TV.
We know that a large amount of homes are buying TVs that are smart, but how do they use them? Are they just using them for the delivery of Apple TV like services; a cable box over IP or are they doing ‘lean forward’ activity one would expect of a smart TV like email, Facebook updates and the like?
I suspect most smart TVs are video delivery mechanisms and that’s pretty much it, are they then really smart? All of this may sound like semantics, but they could feed into the decisions of advertisers, in terms of platforms and creative execution. They are also likely to feed back into product management in the the consumer electronics sector, where TV makers enjoy (if thats the right word) razor-thin margins.
From an information security point-of-view, how would you explain to smart TV owners with ‘dumb TV’ usage patterns that their set may be at risk of being hacked and how they should spend money to protect themselves. A worst case scenario maybe a Sony Bravia (or other manufacturers for that matter) bot army of TVs may never be shut down because consumer apathy to the perceived security risk.
Hong Konger Andrew Tse explained the complex history of Eurasians in Hong Kong and the role of compradores. Eurasians were the offspring of Europeans and middle Eastern Jews with local women.
During the 19th century, Hong Kong was segregated. Mixed race couples couldn’t marry. Eurasians didn’t easy fit in with either the Chinese community or westerners. This segregation also had its advantages. Information didn’t flow between the communities.
Eurasian families looked more towards the Chinese community and over time built up status within it.
The compradores were people who acted as an agent for foreign organisations engaged in investment, trade, or economic or political exploitation. They even helped finance deals when there was low trust. The compradore was a valuable person for western trading houses based in Hong Kong and the families built multi-generational wealth.
After the second world war, Chinese community understanding of English increased with education. China became closed off with the civil war and Hong Kong itself became a manufacturing hub. With the rise of Hong Kong manufacturing there would be a further decline in the need for compradores to help navigate business deals. Hong Kong also had the common law legal system for contract disputes. The compradore role faded away. Instead of becoming compradores, Eurasians worked within the major companies rising to senior positions. Mr Tse’s own career in the aviation sector is empirical evidence of their success.
They became prominent business people and philanthropists in their own right. The Tung Wah Group of Hospitals benefited from their philanthropy. Tung Wah Group of Hospitals is the oldest and largest not-for-profit organisation in Hong Kong.
Over time, mixed race marriage was no longer restricted and Hong Kong had its native-born entrepreneurs like Li Ka-shing to govern the old Taipan businesses like Hutchison-Whampoa.
A century after the Eurasian community had first formed in Hong Kong and became compradores their identity was still a sensitive subject. Peter Hall’s book In The Web that outlined this history was restrained from being published until after the death of certain prominent community members who didn’t wish to be ‘outed’ as Eurasian.
As a synopsis of the book puts it:
Peter Hall’s book, ‘In the Web,’ brings to light the mysteries that lay behind his family and the other Hong Kong Eurasian families intertwined with it. Because it attempts to lift the stone firmly left in place for over a century, this work will not be welcomed by those who prefer conjecture to be left to outsiders.
Hall himself came from a Eurasian background, was interned by the Japanese and worked for prominent property developer Hongkong Land.
The prominence of the Eurasian community has dissipated, for a number of reasons:
Some of them moved overseas, in common with many richer Hong Kongers in the run up to the handover.
Some family lines have became re-assimilated in the Chinese community.
Many of them died defending Hong Kong during the Japanese invasion.
Branding
Q&A: Juanita Zhang on How Chinese Brands Can Win Globally | Branding in Asia – One critical insight is the power of unapologetic differentiation, especially as Chinese brands move beyond the ‘outbound 2.0’ era. The initial wave of success often rode on e-commerce efficiency, providing commodity-level products and leveraging vast data insights. However, we’ve observed that many brands then dwell too much in ‘end-user insight,’ optimizing for existing demand rather than proactively building aspirational gravity. The brands that truly succeed don’t try to be all things to all people; they identify a unique, compelling value proposition and own it fiercely.
McDonald’s US sales drop by most since height of pandemic | FT – Kempczinski said his company had surveyed consumers in top global markets about their views on the US, American brands and McDonald’s.While there had been no change to public opinion on the McDonald’s brand, he said more people signalled they would be cutting back on buying American brands. The surveys also revealed an 8 to 10-point rise in “anti-American sentiment”, he said, notably in northern Europe and Canada.
The Death of the Amex Lounge: Why the Upper Middle Class Isn’t Special Anymore – There’s something happening to the upper middle class in the United States that no one is talking about. They are going through an existential crisis. I first noticed it at the airport. A line 20 people deep for the American Express lounge. Then, once you get inside, more lines for food/drinks and not an open chair in sight. Then I saw it in the housing market. I have friends with $10,000+ monthly mortgage payments on modest homes. Ten grand a month and they still don’t own a mansion. Today, buying a 3-bedroom apartment in Jersey City (where I live) would cost me anywhere from $9,300-$14,000 a month (all-in). I could rent the same unit for around $6,000-$7,000 a month.
Ethics
The 50something man has a PR problem | Influence Online – “Ageism is the last ‘ism’ we need to tackle. Anecdotally, I’m hearing a lot about the 50+ demographic struggling to find new roles because employers perceive them as being so old that they can’t learn new skills or that their tech isn’t up to scratch. All their knowledge is being lost – and because AI is replacing entry-level jobs – there’s a lack of new people coming in to learn from them. Acknowledging ageism exists would be a great start…”
Finance
Buy now, pay later, in debt forever? – The Face – or how generation Z credit rating is being impacted by Klarna, Affirm et al which are the digital equivalent of the ‘tally man’ of the early to mid 20th century. Reading all this reminded me of working at MBNA as a student and hearing people’s horror stories as they tried to transfer over scorecard debit to pay it down at a more rational rate.
The story of Nongfu water is the story of the wild, wild west of Chinese business. The health claims still shock me, despite everything I knew about the Chinese market.
What Is “Broke Man Propaganda?” | Cosmopolitan & Yes, it is classist to dehumanise ‘broke’ men | Dazed – “Poverty is not the fault of the poor,” she continues. “I find it very cruel to talk about John – a character who loves Lucy, a beautiful character being played beautifully by Chris – in such cruel terms as ‘broke boy’ or ‘broke man’.” She goes on: “I think that is a very troubling result of the way that wealthy people have gotten into our hearts [and convinced us] it’s your fault if you’re poor, or you’re a bad person if you’re poor. So, it doesn’t make me laugh, actually. It just makes me feel very concerned that anybody would talk about my movie and my characters [like that], and think about it in such classist terms.”
Poblacion is the old part of Makati, the central business district of Manila in the Philippines. I have been to Makati for work in the past and to my regret missed visiting Poblacion.
Otherwise Makati is full of anonymous office blocks, business hotels that look the same the world over and Starbucks coffee shops.
The Washington Postalleged that the British government had served a technical capability notice against Apple in December 2024 to provide backdoor global access into encrypted Apple iCloud services. The BBC’s subsequent report appears to support the Post’s allegations. And begs philosophical question about what it means when the government has a copy of your ‘digital twin’?
What is a technical capability notice
A technical capability notice is a legal document. It is issued by the UK government that compels a telecoms provider or technology company that compels them to maintain the technical ability to assist with surveillance activities like interception of communications, equipment interference, or data acquisition. When applied to telecoms companies and internet service providers, it is usually UK only in scope. What is interesting about the technical capability notice allegedly served against Apple is extra-territorial in nature. The recipient of a technical capability notice, isn’t allowed to disclose that they’ve been served with the notice, let alone the scope of the ask.
Apple outlined a number of concerns to the UK parliament in March 2024:
Breaks systems
Lack of accountability in the secrecy
Extra-territoriality
Tl;DR – what the UK wants with technical capability notices is disproportionate.
Short history of privacy
The expectation of privacy in the UK is a relatively recent one. You can see British spy operations going back to at least the 16th century with Sir Francis Walsingham. Walsingham had a network that read couriered mail and cracked codes in Elizabethan England.
By Victorian times, you had Special Branch attached to the Metropolitan Police and related units across the British Empire. The Boer War saw Britain found permanent military intelligence units that was the forerunner of the current security services.
By world war one the security services as we now know them were formed. They were responsible to intercept mail, telegraph, radio transmissions and telephone conversations where needed.
Technology lept forward after World War 2.
ECHELON
ECHELON was a cold war era global signals intelligence network ran by Australia, Canada, New Zealand, the UK and the US. It originated in the late 1960s to monitor the military and diplomatic communications of the Soviet Union and its Eastern Bloc allies during the Cold War, the ECHELON project became formally established in 1971.
ECHELON was partly inspired by earlier US projects. Project SHAMROCK had started in 1940 and ran through to the 1970s photographing telegram communications in the US, or transiting through the US. Project MINARET tracked the electronic communications of listed American citizens who travelled abroad. They were helped in this process by British signals intelligence agency GCHQ.
In 2000, the European Commission filed a final report on ECHELON claimed that:
The US-led electronic intelligence-gathering network existed
It was used to provide US companies with a competitive advantage vis-à-vis their European peers; rather like US defence contractors have alleged to undergone by Chinese hackers
Capenhurst microwave tower
During the cold war, one of the main ways that Irish international data and voice calls were transmitted was via a microwave land bridge across England and on to the continent.
Dublin Dame Court to Holyhead, Llandudno and on to Heaton Park. Just next to the straight line path between Llandudno and Heaton Park was a 150 foot tower in Capenhurst on the Wirral. This siphoned off a copy of all Irish data into the British intelligence system. The Capenhurst tower wasn’t that secret, word got about it in the area after it had been built and pretty close guesses were made as to its usage.
Post-Echelon
After 9/11, there were widespread concerns about the US PATRIOT Act that obligated US internet platforms to provide their data to US government, wherever that data was hosted. After Echelon was exposed, it took Edward Snowden to reveal PRISM that showed how the NSA was hoovering up data from popular internet services such as Yahoo! and Google.
RAMPART-A was a similar operation taking data directly from the world’s major fibre-optic cables.
US programme BULLRUN and UK programme Edgehill were programmes designed to crack encrypted communications.
So privacy is a relatively new concept that relies the inability to process all the data taken in.
Going after the encrypted iCloud services hits different. We are all cyborgs now, smartphones are our machine augmentation and are seldom out of reach. Peering into the cloud ‘twin’ of our device is like peering into our heads. Giving indications of hopes, weaknesses and intent. Which can then be taken and interpreted in many different ways.
What would be the positive reasons to do a technical capability notice?
Crime
Increasing technological sophistication has gone hand in hand with the rise of organised crime groups and new criminal business models such as ‘Klad‘. Organised crime is also transnational in nature.
But criminals have already had access to dedicated criminal messaging networks, a couple of which were detailed in Joseph Cox’ Dark Wire . They use the dark web, Telegram and Facebook Marketplace as outlets for their sales.
According to Statista less than six percent of crimes in committed in the UK resulted in a charge or summons in 2023. That compares to just under 16 percent in 2015.
Is going after Apple really going to result in an increased conviction rate, or could the resources be better used elsewhere?
Public disorder
Both the 2011 and 2024 riots caught the government off-guard. Back in 2011, there was concern that the perpetrators were organising over secure BlackBerry messaging. The reality that the bulk of it was being done over social media. It was a similar case with the 2024 public disturbances as well.
So gaining access to iCloud data wouldn’t be that much help. Given the effort to filter through it, given that the signals and evidence were out there in public for everyone to see.
The big challenge for the police was marshalling sufficient resources and the online narrative that took on a momentum of its own.
Paedophiles
One of the politicians strongest cards to justify invasion of privacy is to protect against nonces, paedos and whatever other label you use to describe the distribution of child sexual abuse images. It’s a powerful, emotive subject that hits like a gut punch. The UK government has been trying to explore ways of understanding the size of abuse in the UK.
Most child abuse happens in the home, or by close family members. Child pornography rings are more complex with content being made around the world, repeatedly circulated for years though various media. A significant amount of the content is produced by minors themselves – such as selfies.
The government has a raft of recommendations to implement from the The Independent Inquiry into Child Sexual Abuse. These changes are more urgently needed like getting the police to pay attention to vulnerable working-class children when they come forward.
Terrorism
The UK government puts a lot of work into preventing and combating terrorism. What terrorism is has evolved over time. Historically, cells would mount terrorist attacks.
Eventually, the expectation of the protagonist surviving the attack changed with the advent of suicide tactics. Between 1945 and 1980, these were virtually unheard of. The pioneers seem to have been Hezbollah against UN peacekeepers in Lebanon.
This went on to influence 9/11 and the London bombings. The 9/11 commission found that the security services didn’t suffer from a lack of information, but challenges in processing and acting on the information.
More recently many attacks have been single actors, rather than a larger conspiracy. Much of the signs available was in their online spiral into radicalisation, whether its right-wingers looking to follow the example of The Turner Diaries, or those that look towards groups like ISIS.
Axel Rudakubana’s actions in Southport doesn’t currently fit into the UK government’s definition of terrorism because of his lack of ideology.
I am less sure what the case would be for being able to access every Apple’s cloud twin of their iPhone. The challenge seems to be in the volume of data and meta data to sift through, rather than a lack of data.
Pre-Crime
Mining data on enough smartphones over time may show up patterns that might indicate an intent to do a crime. Essentially the promise of predictive crime solving promised in the Tom Cruise dystopian speculative future film Minority Report.
Currently the UK legal system tends to focus on people having committed a crime, the closest we have to pre-crime was more intelligence led operations during The Troubles that were investigated by the yet to be published Stalker/Sampson Inquiry.
There are so many technical, philosophical and ethical issues with this concept – starting with what it means for free will.
What are the negative reasons for doing a technical capability notice?
The UK Government supports strong encryption and understands its importance for a free, open and secure internet and as part of creating a strong digital economy. We believe encryption is a necessary part of protecting our citizens’ data online and billions of people use it every day for a range of services including banking, commerce and communications. We do not want to compromise the wider safety or security of digital products and services for law abiding users or impose solutions on technology companies that may not work within their complex systems.
Extra-territorial reach
Concerns about the US PATRIOT Act and PRISM saw US technology companies lose commercial and government clients across Europe. Microsoft and Alphabet were impacted by losing business from the likes of UK defence contractor BAE Systems and the Swedish government.
The UK would likely experience a similar effect. Given that the UK is looking to biotechnology and technology as key sectors to drive economic growth, this is likely to have negative impact on:
British businesses looking to sell technology services abroad (DarkTrace, Detica and countless fintech businesses). They will lose existing business and struggle to make new sales.
Britain’s attractiveness to inbound investments be it software development, regional headquarter functions or infrastructure such as data centres. Having no exposure to the UK market may be more attractive to companies handling sensitive data.
You have seen a similar patten roll out in Hong Kong as more companies have moved regional headquarters to Singapore instead.
The scope of the technical capability notice, as it is perceived, damages UK arguments around freedom-of-speech. State surveillance is considered to have a chilling effect in civilian discussions and has been criticized in the past, yet the iCloud backdoor access could be considered to do the exactly same thing as the British government opposes in countries like China, Hong Kong and Iran.
Leverage
The UK government has a challenge in terms of the leverage that it can bring to bear on foreign technology multinationals. While the country has a sizeable market and talented workforce, it’s a small part of these companies global revenues and capabilities.
They can dial down services in the UK, or they can withdraw completely from the UK marketplace taking their jobs and infrastructure investment with them. Apple supports 550,000 jobs through direct employment, its supply chain, and the iOS app economy. In 2024, Apple claimed that it had invested over £18 billion over the previous five years.
In terms of the number of people employed through Apple, it’s a big number, let me try to bring it to life for you. Imagine for a moment if every vehicle factory (making cars, tractors,, construction vehicles, race cars and wagons), parts plant, research and development, MOT station, dealership and repair shop in the UK fired half their staff. That is the toll that Apple leaving the UK would have on unemployment.
Now think about how that would ripple through the community. Less goods bought in the supermarket, less pints poured in a pub or less frequent hair cuts given.
Where’s the power in the relationship between the tech sector and the government?
Precedent
Once it is rumoured that Apple has given into one country’s demands. The equivalent of technical capability notices are likely to be employed by governments around the world. Apple would find it hard not to provide similar access to other 5is countries, China, India and the Gulf states.
Even if they weren’t provided with access, it’s a lot easier to break in when you know that a backdoor already exists. A classic example of this in a different area is the shock-and-awe felt when DeepSeek demonstrated a more efficient version of a ChatGPT-like LLM. The team had a good understanding of what was possible and started from there.
The backdoor will be discovered, if not by hackers then by disclosure like the Capenhurst microwave tower that was known about soon after it went up, or by a Edward Snowden-like whistle-blower given the amount of people that would have access to that information in allied security apparatus.
This would leave people vulnerable from around the world to authoritarian regimes. The UK is currently home to thousands of political emigres from Hong Kong who are already under pressure from the organs of the Chinese state.
From a domestic point-of-view while the UK security services are likely to be extremely professional, their political masters can be of a more variable quality. An authoritarian populist leader could put backdoors allowed by a technical capability notice to good use.
Criminal access
The hackers used by intelligence services, especially those attributed to China and Russia have a reputation for double-dipping. Using it for their intelligence masters and then also looking to make a personal profit by nefarious means. Databases of iCloud data would be very tempting to exploit for criminal gain, or sell on to other criminals allowing them to mine bank accounts, credit cards, conduct retail fraud.
It could even be used against a country’s civilians and their economy as a form of hybrid warfare that would be hard to attribute.
In the past intelligence agencies were limited in terms of processing the sea of data that they obtained. But technology moves on, allowing more and more data to be sifted and processed over time.
What can you do?
You’ve got nothing to hide, so why worry? With the best will in the world, you do have things to hide, if not from the UK government then from foreign state actors and criminals – who are often the same people:
Your bank account and other financial related logins
Personal details
Messages that could be taken out of context
I am presuming that you don’t have your children’s photos on your social media where they can be easily mined and fuel online bullying. Your children’s photos on your phone could be deep faked by paedophiles or scammers.
Voice memos that can be used to train a voice scammer’s AI to be good enough
Client and proprietary information
Digital vehicle key
Access to academic credentials
Access to government services
So, what should you do?
Here’s some starting suggestions:
Get rid of your kids photos off your phone. Get a digital camera, have prints made to put in your wallet, a photo album book, use an electronic picture frame that can take an SD card of images and doesn’t connect to the web or use a cloud service.
Set up multi-factor authentication on passwords if you can. It won’t protect you against a government, but it will make life a bit more difficult for criminals who may move on to hacking someone else’s account instead – given that there is a criminal eco-system to sell data en-masse.
Use the Apple password app to generate passwords, but keep the record off them offline in a notebook. If you are writing them down, have two copies and use legible handwriting.
You could delete ‘important’ contacts from your address book and use an old school filofax or Rolodex frame for them instead. You’re not likely to be able to do this with all your contacts, it wouldn’t be practical. If you are writing them down, have two copies and use legible handwriting.
Have a code word with loved ones. Given that a dump of your iCloud service may include enough training data for a good voice AI, having a code word to use with your loved ones could prevent them from getting scammed. I put this in place ages ago as there is enough video out there on the internet of me in a public speaking scenario to train a passable voice generative AI tool.
Use Signal for messaging with family and commercially sensitive conversations.
My friend and former Mac journalist Ian Betteridgerecommended using an alternative service like Swiss-based Proton Cloud. He points out that they are out of the legal jurisdiction of both the US and UK. However, one has to consider history – Crypto AG was a Swiss-based cryptography company actually owned by the CIA. It gave the intelligence agency access to secure communications of 120 countries including India, Pakistan and the Holy See. Numerous intelligence services including the Swiss benefited from the intelligence gained. So consider carefully what you save to the cloud.
if you are not resident in the UK, consider using ‘burn devices’ with separate cloud services. When I worked abroad, we had to do client visits in an authoritarian country. I took a different cellphone and laptop to protect commercially sensitive information. When I returned these were both hard reset by the IT guy and were ready for future visits. Both devices only used a subset of my data and didn’t connect to my normal cloud services, reducing the risk of infiltration and contamination. The mindset of wanting to access cloud services around the world may be just the thin end of the wedge. Countries generally don’t put down industrial and political espionage as justifications for their intelligence services powers.
What can criminals do?
Criminals already have experience procuring dedicated secure messaging services.
While both dark web services and messaging platforms have been shut down, there is an opportunity to move the infrastructure into geographies that are less accessible to western law enforcement: China, Hong Kong, Macau or Russia for instance. A technical capability notice is of no use. The security services have two options to catch criminals out:
Obtain end devices on the criminal:
While they are unlocked and put them in a faraday cage to prevent the device from being wiped remotely.
Have an informant give you access to their device.
Crack the platform:
Through hacking
Setting the platform up as a sting in the first place.
If the two criminals are known to each other a second option is to go old school using a one-time pad. This might be both having the same edition of a book with each letter or word advancing through the book .
So if you used the word ‘cat’ as the fourth word on line 3 of page 2 in a book you might get something like 4.3.2, which will mean nothing if you don’t have the same book and if the person who wrote the message or their correspondent don’t use 4.3.2 to signify cat again. Instead they would move onwards through the book to find the next ‘cat’ word. A sleuthing cryptographer may be able to guess your method of encryption by the increasing numbers, but unless they know the book your feline secret is secure from their efforts.
Above is two pages from an old one-time pad issued by the NSA called DIANA.
The point is, those criminals that really want to evade security service understanding their business can do. Many criminals in the UK are more likely to rely on a certain amount of basic tactics (gloves, concealing their face, threatening witnesses) and the low crime clearance rate in the UK.
Instead of a technical capability notice, these criminals are usually caught by things like meta analysis (who is calling who, who is messaging who, who is transferring money etc.), investigative police work including stings, surveillance and informers.
Why?
Which begs the questions:
Why Apple and why did they choose to serve it in December 2024?
What trade-offs have the UK government factored in considering the potiential impact on its economic growth agenda and political ramifications?
The who-and-why of the leak itself? Finally, the timing of the leak was interesting, in the early days of the Trump administration.
I don’t know how I feel about the alleged technical capability notice and have more questions than answers.
