Apple Objects To Spy Clause In UK Online Safety Bill

Apple adds to criticism of spy powers in Online Safety Bill that could force messaging firms to scan encrypted messages

A full blown clash between the tech industry and the UK government has moved one step closer, after another major tech player announced its opposition to the upcoming legislation.

Apple this week told the BBC that the UK’s controversial Online Safety Bill should be amended to protect encryption, after it included what many refer to as a spy clause.

Apple is the latest tech giant to signal its opposition to the Online Safety Bill. In April Meta’s WhatsApp and six other providers of end-to-end encrypted messaging services urged the UK government to “urgently rethink” the Online Safety Bill.

They said it presented an “unprecedented threat to the privacy, safety and security” of UK citizens and those they communicate with around the world.

Online Safety Bill

WhatsApp and fellow messaging firm Signal have also said they would rather pull out of the UK than comply with the bill’s requirements.

The firms cited a United Nations warning that the bill and its effective backdoor requirements constitute a “paradigm shift that raises a host of serious problems with potentially dire consequences”.

The Online Safety Bill, currently going through Parliament, contains powers that could enable communications regulator Ofcom to order platforms to use accredited technology to scan the contents of messages.

The government said these powers would only be used as “a last resort, and only when stringent privacy safeguards have been met.”

Apple opposition

But Apple told the BBC the bill should be amended to protect encryption.

“End-to-end encryption is a critical capability that protects the privacy of journalists, human rights activists, and diplomats,” Apple reportedly said.

“It also helps everyday citizens defend themselves from surveillance, identity theft, fraud, and data breaches,” Apple told the BBC. “The Online Safety Bill poses a serious threat to this protection, and could put UK citizens at greater risk.”

“Apple urges the government to amend the bill to protect strong end-to-end encryption for the benefit of all,” Apple concluded.

CSAM scanning

Apple has already gone through its own problems similar to this UK scanning requirements.

Apple surprised many in August 2021, when it suddenly announced that it would scan an iPhone’s photo libraries being uploaded to the iCloud for known images of child sexual abuse.

That prompted 90 privacy groups to urge the tech giant to abandon plans to scan children’s messages, and the iPhone’s of adults for child sexual abuse material (CSAM) images.

Apple abandoned its implementation after campaigners accused the iPhone maker of creating a backdoor for encryption, by scanning encrypted messages of children using AI, for sexual red flags.

In April 2022 Apple said it does have a Messaging feature designed to blur images containing nudity sent to children.

But now Apple has clearly signalled its opposition to any UK measure that weakens the privacy of end-to-end encryption.

Government response

The government told the BBC that companies must prevent child abuse on their platforms, but end-to-end encryption (E2EE) stops anyone but the sender and recipient from reading the message.

WhatsApp has used end-to-end encryption since 2016.

Police, the government and some high-profile child protection charities maintain that E2EE prevents law enforcement from identifying the sharing of CSAM images.

The government told the BBC that “companies should only implement end-to-end encryption if they can simultaneously prevent abhorrent child sexual abuse on their platforms.”

“We will continue to work with them to seek solutions to combat the spread of child sexual abuse material while maintaining user privacy,” the government reportedly said.

The government says it is possible to provide technological solutions that allows encrypted messages to be scanned for child abuse material.

However tech experts argue the only way of doing that would be to install software that would scan messages on the phone or computer before they are sent – which is called client-side scanning.

This, critics say, would fundamentally undermine the privacy of messages.

If the company refused to comply with the scanning demand, it could face fines of up to 4 percent of its parent company annual turnover – unless it pulled out of the UK market entirely.

Meanwhile the digital civil liberties campaigners The Open Rights Group has sent an open letter to minister Chloe Smith, protesting the outsourcing surveillance of encrypted content to messaging firms.