Apple has called for substantial modifications to the UK’s controversial investigatory powers bill, arguing it would “weaken security” for law-abiding customers.
“We believe it would be wrong to weaken security for hundreds of millions of law-abiding customers so that it will also be weaker for the very few who pose a threat,” Apple said in a statement to the bill committee, released on Monday.
“In this rapidly evolving cyber-threat environment, companies should remain free to implement strong encryption to protect customers.”
“The creation of back-doors and intercept capabilities would weaken the protections built into Apple products and endanger all our customers,” the company stated. “A key left under the doormat would not just be there for the good guys. The bad guys would find it too.”
In November, when the bill was presented to the House of Commons, Apple chief executive Tim Cook told The Telegraph that the creation of such back-doors “can have very dire consequences”.
“We believe very strongly in end-to-end encryption and no back-doors,” he said at the time.
As it is currently framed, the bill would make it difficult for companies such as Apple to build a sense of trust with users, the company said.
“For the consumer in, say, Germany, this might represent hacking of their data by an Irish business on behalf of the UK state under a bulk warrant – activity which the provider is not even allowed to confirm or deny,” Apple said. “Maintaining trust in such circumstances will be extremely difficult.”
Companies would be placed in an “unreasonable” and legally risky position, in being forced to attempt to comply with contradictory domestic and international laws, according to Apple.
“When these laws inevitably conflict, the businesses will be left having to arbitrate between them, knowing that in doing so they might risk sanctions,” Apple said. “That is an unreasonable position to be placed in.”
Internet service providers argued in November a provision of the bill that obliges them to store browsing data on their users for a year would create a dangerous situation for users, since such data would constantly be at risk of being stolen by hackers, and would be so expensive that users could see service prices rise.
The government said in November that the current bill has been scaled back from its 2012 predecessor, but critics criticised its lack of independent oversight for the warrants authorising access to the user data collected by ISPs. Without such oversight, the bill essentially opens the door to indiscriminate mass surveillance, critics said.
The bill is currently at the committee stage.
Are you a security pro? Try our quiz!