Anna Gross, Tim Bradshaw, and Lauren Fedor, reporting for the Financial Times (syndicated without paywall at Ars Technica):

Sir Keir Starmer’s government is seeking a way out of a clash with the Trump administration over the UK’s demand that Apple provide it with access to secure customer data, two senior British officials have told the Financial Times. The officials both said the Home Office, which ordered the tech giant in January to grant access to its most secure cloud storage system, would probably have to retreat in the face of pressure from senior leaders in Washington, including Vice President JD Vance.

“This is something that the vice president is very annoyed about and which needs to be resolved,” said an official in the UK’s technology department. “The Home Office is basically going to have to back down.”

Both officials said the UK decision to force Apple to break its end-to-end encryption — which has been raised multiple times by top officials in Donald Trump’s administration — could impede technology agreements with the US.

“One of the challenges for the tech partnerships we’re working on is the encryption issue,” the first official said. “It’s a big red line in the US — they don’t want us messing with their tech companies.”

One dystopian element of the UK’s Investigatory Powers Act is that when companies are issued demands under the law — which critics in the UK call “the Snoopers’ Charter” — it’s a criminal offense subject to imprisonment to reveal to anyone that the UK government issued the demand. You will recall that after receiving this demand, in February this year Apple pulled iCloud Advanced Data Protection from users in the UK.

What I don’t like about the Financial Times’s framing of this is that they describe it only in terms of politics between the Trump administration and Starmer’s. This is not merely about a foreign government “messing with their tech companies”. It’s fundamentally about privacy and security. It is a human rights and civil liberties issue, first and foremost. The Trump administration is on the correct and just side of this issue. Whether they’re on the correct side for the right reasons, I don’t know, but that’s what’s most important here. A secret backdoor is abhorrent from all perspectives: privacy, security, civil liberties. (Not to mention impossible cryptographically with E2EE — mandating a backdoor is effectively banning E2EE, which is why Apple pulled Advanced Data Protection from the UK.)

Conversely, one reason the UK went through with this demand is that the Biden administration was, disgracefully, on the wrong side of this, choosing to look the other way and lie to Congress about what the UK was planning to do.

Juli Clover, MacRumors:

Apple today provided developers with the fourth betas of iOS 26 and iPadOS 26 for testing purposes, with the updates coming two weeks after Apple seeded the third betas.

MacOS, WatchOS, tvOS, and VisionOS too, all in lockstep. Also, a good first look at what’s changed in iOS 26 beta 4 from beta 3. Some of the things Apple is tweaking between betas need more than minor tweaking. Also: Apple Intelligence summaries for news notifications are back.

CHM:

Come and explore an extraordinary showcase of historical computers, from pristine originals to ingenious modern hacks. Computer enthusiasts around the world look forward to the annual Vintage Computer Festival.

Experience hands-on demos of historical systems from the 1960s through the 1990s, learn preservation tips, and try out brands like Apple, Atari, Commodore, Tandy/Radio Shack, and more.

It’s in Mountain View, so I can’t make it, but given all the recent nostalgia that’s been in the air regarding the early PC era, I wish I could.

Ellen Nakashima, Yvonne Wingett Sanchez and Joseph Menn, reporting for The Washington Post:

The U.S. government and partners in Canada and Australia are investigating the compromise of SharePoint servers, which provide a platform for sharing and managing documents. Tens of thousands of such servers are at risk, experts said, and Microsoft has issued no patch for the flaw, leaving victims around the world scrambling to respond.

The “zero-day” attack, so called because it targeted a previously unknown vulnerability, is only the latest cybersecurity embarrassment for Microsoft. Last year, the company was faulted by a panel of U.S. government and industry experts for lapses that enabled a 2023 targeted Chinese hack of U.S. government emails, including those of then-Commerce Secretary Gina Raimondo.

This most recent attack compromises only those servers housed within an organization — not those in the cloud, such as Microsoft 365, officials said. After first suggesting that users make modifications to or simply unplug SharePoint server programs from the internet, the company on Sunday evening released a patch for one version of the software. Two other versions remain vulnerable and Microsoft said it is continuing to work to develop a patch.

“Just pull the plug” — classic Microsoft security.

With access to these servers, which often connect to Outlook email, Teams and other core services, a breach can lead to theft of sensitive data as well as password harvesting, Netherlands-based research company Eye Security noted. What’s also alarming, researchers said, is that the hackers have gained access to keys that may allow them to regain entry even after a system is patched. “So pushing out a patch on Monday or Tuesday doesn’t help anybody who’s been compromised in the past 72 hours,” said one researcher, who spoke on the condition of anonymity because a federal investigation is ongoing.

Sounds bad.

The nonprofit Center for Internet Security, which staffs an information-sharing group for state and local governments, notified about 100 organizations that they were vulnerable and potentially compromised, said Randy Rose, the organization’s vice president. Those warned included public schools and universities. The process took six hours Saturday night — much longer than it otherwise would have, because the threat-intelligence and incident-response teams have been cut by 65 percent as CISA slashed funding, Rose said.

Another DOGE success story.

Reuters:

Italian tax authorities argue that free user registrations with X, LinkedIn and Meta platforms should be seen as taxable transactions as they imply the exchange of a membership account in return for a user’s personal data.

The issue is especially sensitive given wider trade tensions between the EU and the administration of U.S. President Donald Trump. Italy is claiming 887.6 million euros ($1.03 billion) from Meta, 12.5 million euros from X and around 140 million euros from LinkedIn. [...]

According to several experts consulted by Reuters, the Italian approach could affect almost all companies, from airlines to supermarkets to publishers, who link access to free services on their sites to users’ acceptance of profiling cookies.

Charging a VAT on free account signups does not strike me as a good idea.