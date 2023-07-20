



Apple has warned that a change in plans for UK surveillance law could force the decommissioning of security features, impact iPhone users’ privacy, and ultimately lead to the shutdown of services like FaceTime and iMessage in the country.

U.S. tech companies have become vocal in denouncing the government’s move against online privacy after last month’s statement that provisions in an upcoming online safety bill would jeopardize message encryption.

Apple’s latest concerns center around the Investigative Powers Act of 2016, which gives the Department of the Interior the power to seek access to encrypted content through technical feature notices. [TCN]which requires removing the electronic protection of the data.

End-to-end encryption, which ensures that only the sender and recipient of a message can see its contents, is a key technology privacy feature and a hotly contested battleground between governments and technology companies.

Apple said the changes included provisions for government oversight of security changes to its products, including regular iOS software updates. Interior ministry consultations have proposed requiring telecom operators to notify the interior minister of changes in services that could adversely affect investigative powers.

In a government filing, Apple wrote that such measures would give the Home Secretary effective control over global security and encryption updates, in conjunction with further proposals to tighten requirements for implementing changes around the world if companies outside the UK operate through global platforms, as Apple does.

Apple writes that the proposal would effectively make the Home Office a global arbiter on what level of data security and encryption is acceptable.

Apple also expressed concern over proposed amendments that would allow the government to immediately block the implementation of security features during TCN consideration, instead allowing them to continue using the features pending appeal.

In comments suggesting that encryption products such as FaceTime and iMessage could end up being compromised in the UK, Apple said it has never built a government-useable backdoor into any of its products and instead intends to withdraw security features from the UK market. End-to-end encryption is a core security technology for FaceTime and iMessage, and Apple considers it an essential part of these services.

Combined, these clauses could be used to force companies like Apple, which never build backdoors, to publicly withdraw important security features from the UK market, stripping UK users of those protections, Apple said.

In a further comment, the company said the proposal would face an impossible choice: to comply with the Home Office’s order to covertly embed vulnerabilities in new security technologies (which Apple never does), or to abandon development of those technologies altogether and sit on the sidelines as threats to users’ data security continue to mount.

Alan Woodward, a professor of cybersecurity at the University of Surrey who signed an open letter warning against proposed online safety bills that could dilute encryption, said Apple’s submission for the 12-week consultation was grounded.

“If the government pushes ahead regardless, Apple will only join a growing group of vendors exiting the UK,” he added. UK users could be one of the most isolated and unstable groups in the world. No one wins in that scenario.

Apple’s filing comes after the House of Lords on Thursday approved a government amendment to the Online Safety Bill related to scrutiny of encrypted messages. Under the bill, communications watchdog Ofcom would have to wait for expert reports before ordering messaging services to use certified technology that could scan message content, such as identifying child sexual abuse content.

The bill’s provisions are widely perceived by privacy activists as a possible means of forcing platforms like WhatsApp and Signal to break or weaken end-to-end encryption.

Dr Natalie Moreno, a partner at the UK law firm Adolshaw Goddard, which specializes in data protection, cybersecurity and AI, said she had little information about how detailed the Ofcom report would be and whether the skilled person would be a political appointment or a technical expert.

She said that once governments are empowered to intercept private messaging services, there is no going back.

The child safety charity NSPCC has warned that the high-pitched debate over the online safety bill has blinded child sexual abuse victims’ rights to safety.

We have asked the Home Office for comment.

