UK government warned by Apple it will not comply with proposed updates to Investigatory Powers Act, and could withdraw FaceTime, iMessage
Proposed updates by the UK government to its hugely controversial Investigatory Powers Act 2016 (IPA), has prompted a stark warning from a major tech player.
The government has already opened an eight-week consultation on the proposed amendments to the IPA, which already enables the storage of people’s internet browsing records for 12 months and authorises the bulk collection of personal data.
Now the Guardian newspaper has reported that Apple has warned the government that its planned changes to UK surveillance laws could affect iPhone users’ privacy going forward,, which it will not accept.
This in turn could force it to withdraw security features, which could ultimately lead to the closure in the UK of services like FaceTime and iMessage.
FaceTime, iMessage warning
So what exactly is the UK government proposing, that would prompt such an extreme warning from a major tech firm?
Well for a start the Investigatory Powers Act 2016, or Snooper’s Charter 2.0 as it is sometimes known, is already hugely unpopular within the tech industry, but now the government is seeking to update the IPA.
In December 2016, the European court of justice had deemed Britain’s data surveillance laws illegal.
Apple’s latest concerns centre on the Home Office, which has the power to seek access to encrypted content via a “technology capability notice” [TCN], which requires the removal of “electronic protection” of data.
According to written submissions by Apple and quoted by the Guardian newspaper, the proposed changes to the IPA includes a provision that would give the UK government oversight of security changes to Apple products, including regular iOS software updates.
This is because the Home Office consultation proposes “mandating” operators (i.e. Apple etc) to notify the home secretary of changes to a service that could have a “negative impact on investigatory powers”.
Apple wrote in a submission to the government that such a move would effectively grant the home secretary control over security and encryption updates globally, the Guardian reported.
The proposals would “make the Home Office the de facto global arbiter of what level of data security and encryption are permissible”, Apple reportedly wrote.
Apple also expressed concern over a proposed amendment that, it says, would allow the UK government to immediately block implementation of a security feature while a TCN is being considered, instead of letting the feature continue to be used pending an appeal.
Then in comments implying encrypted products such as FaceTime and iMessage could ultimately be endangered in the UK, Apple said it would never built a “backdoor” into its products for the government to use, and would withdraw security features in the UK market instead.
“Together, these provisions could be used to force a company like Apple, that would never build a backdoor, to publicly withdraw critical security features from the UK market, depriving UK users of these protections,” Apple was quoted by the Guardian as writing.
In further comments, Apple said the proposals would “result in an impossible choice between complying with a Home Office mandate to secretly install vulnerabilities into new security technologies (which Apple would never do), or to forgo development of those technologies altogether and sit on the sidelines as threats to users’ data security continue to grow”.
Online safety bill
It comes after Apple last month objected to another piece of UK legislation on privacy grounds, namely the spy powers in the Online Safety Bill that could force tech firms to scan encrypted messages for child abuse images.
Apple was the latest tech giant to signal its opposition to the Online Safety Bill. In April Meta’s WhatsApp and six other providers of end-to-end encrypted messaging services urged the UK government to “urgently rethink” the Online Safety Bill.
They will not comply with it, they say, with Signal threatening to “walk” from the UK.
The House of Lords last week demanded changes to the Online Safety Bill, centred on social media algorithms.
On Wednesday the House of Lord passed amendments and the government now expects a report to be written before the powers are used by Ofcom.
The House of Lords amendments to the Online Safety Bill say that a “skilled person” must write a report for communications regulator Ofcom before it uses the new powers to compel a firm to scan messages.
In previous versions of the bill this was optional.