Skip to main content

Apple voices opposition to UK bill that would force it to weaken iOS encryption

lead-iphone

Last month in the UK, a bill that could significantly change how Apple is able to encrypt user data on iOS was introduced. Called the Investigatory Powers Bill, it has the potential to require Apple to hold a key to encrypted smartphones and services such as iMessage and FaceTime. While Apple didn’t comment on the bill at the time, it has now, as expected, spoken out against it in a written submission to the UK House of Parliament.

In the submission, Apple argued that the bill would hurt law-abiding citizens in an effort to simply attempt to combat the few “bad actors” who attempt to carry out attacks. The company went on to explain that many think it is possible to create a system that keeps all user data secure, while only allowing data to be accessed when a proper warrant is served. The issue with this thinking, Apple says, is that the government does not know in advance who would be a target of investigation (via Independent.ie).

This written submission echoes Tim Cook’s comments yesterday on 60 Minutes in which he said there is no reason for there to be backdoor access to consumer data. Cook believes that if there is backdoor access, it is inevitable that someone with negative intentions will gain access.

The bill has been supported by UK Prime Minister David Cameron. Should the bill become a law, Apple would be forced to stop encrypting iPhones, iMessage, and FaceTime beyond its access. Apple’s full letter to the UK House of Parliament can be read below:

“The bill threatens to hurt law-abiding citizens in its effort to combat the few bad actors who have a variety of ways to carry out their attacks. The creation of backdoors and intercept capabilities would weaken the protections built into Apple products and endanger all our customers. A key left under the doormat would not just be there for the good guys. The bad guys would find it too.

Some have asserted that, given the expertise of technology companies, they should be able to construct a system that keeps the data of nearly all users secure but still allows the data of very few users to be read covertly when a proper warrant is served. But the Government does not know in advance which individuals will become targets of investigation, so the encryption system necessarily would need to be compromised for everyone.

The best minds in the world cannot rewrite the laws of mathematics. Any process that weakens the mathematical models that protect user data will by extension weaken the protection. And recent history is littered with cases of attackers successfully implementing exploits that nearly all experts either remained unaware of or viewed as merely theoretical.

The bill would attempt to force non-UK companies to take actions that violate the laws of their home countries. This would immobilise substantial portions of the tech sector and spark serious international conflicts. It would also likely be the catalyst for other countries to enact similar laws, paralysing multinational corporations under the weight of what could be dozens or hundreds of contradictory country-specific laws.

Those businesses affected will have to cope with a set of overlapping foreign and domestic laws. When these laws inevitably conflict, the businesses will be left having to arbitrate between them, knowing that in doing so they might risk sanctions. That is an unreasonable position to be placed in.

If the UK asserts jurisdiction over Irish or American businesses, other states will too. We know that the IP bill process is being watched closely by other countries. For the consumer in, say, Germany, this might represent hacking of their data by an Irish business on behalf of the UK state under a bulk warrant – activity which the provider is not even allowed to confirm or deny. Maintaining trust in such circumstances will be extremely difficult.”

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

  1. Tim LeVier - 8 years ago

    I’d like to see the back-door access that the US and UK governments have built into their encrypted devices and systems.

    • David Kaplan - 8 years ago

      a backdoor for the government is a backdoor for everybody… Privacy and security aren’t enemies…

    • John Smith - 8 years ago

      Government systems do have a ‘backdoor’ as you describe it.

      The front page and the user conditions invariably make it very clear that the messages are secured against outside access but CAN be made available to supervisors/security personnel in the case of any alleged wrongdoing.

      In reality, this argument pretty much shoots down the bogus ‘security’ argument Cook and others are pushing.

      Here’s a question for Cook – does Apple employee email allow Apple to examine mail sent on company devices/company time if they suspect crime ? Pretty much every corporation I know does exactly that. If Apple can do that, how come he claims he can’t do it securely for law enforcement access?

      • createoffshorecompany - 8 years ago

        If emails were encrypted end to end then no – Apple could not decrypt them. Not without the user’s PGP key. If I worked in an office and encrypted my communications with PGP then people could get my emails but wouldn’t be able to decrypt them.

  2. Apple is a US based company, not a UK based company. Tim Cook needs to tell Cameron to suck his ass.

    • srgmac - 8 years ago

      Then they would ban Apple products from being sold there…

      • rnc - 8 years ago

        I don’t believe the UK is a dictatorship, that something like that would be possible.

      • createoffshorecompany - 8 years ago

        I think they should just stop selling devices in the UK – the same as Blackberry did in Pakistan when requested.

    • Avieshek - 8 years ago

      How did you add that twitter handle?

    • Jonnie F (@jonnyp42) - 8 years ago

      I assume you’re from the US? It amusing to get advice on jurisdictional issues from someone that lives in a country that considers the reach of its laws global and yet rejects laws that have been put in place perfectly legally by democratic governments in other jurisdictions.

      Besides, this proposed law is part of the neverending game that is Westminster, talk tough, over ask and then concede it’s how all legislative programmes work.

      • transamken - 8 years ago

        You have a worthless queen and want to talk about dictatorship? How’s the gun ban working for you guys, oh yeah working on banning pointy knives cause you retards haven’t figured out its not the tool but the mentally ill person using the tool. Next thing you know you guys will ban rocks and think it’s a great idea.

  3. iSRS - 8 years ago

    Laws like this one will usher in a cyber “dark ages” – all of he progress of the Internet age will be undone. The “world” wide web will be crippled, and each country will have their own network. Users will only be able to access the meteors of their own country.

  4. Jake Becker - 8 years ago

    Disgusting and terrifying government actions as per usual……

  5. It is completely unworkable and not just from the freedom of the individual point of view. You cant tell one type of data from another in the ether, not really — so you end up with backdoors into every financial transaction and more. So all those digitally transforming enterprise businesses and financial houses and, indeed, gig economy fintech players — they all suddenly have back doors they do not control — and as Tim says once there is a door the key gets caught eventually. So it doesn’t just limit civil liberty it kills digital business. And you don’t need to be an economics nerd to know that even a .1 percent reduction in economic growth in Europe right now would and will have significant consequences on the nations there. It’s like everything else about the current administration in the UK, dogmatic, stupid, reactionary and, in this case certainly, utterly, utterly wrong. Fight this!

    • 89p13 - 8 years ago

      Cameron seems to be a lapdog for Washington, so he may be “floating” this at their behest – and everyone is watching for the fallout. It’s just more “Big Brother” that Steve and Apple parodied so well in the 1984 Apple commercial!

      They are coming for our freedoms under the guise of “Terrorism.” Remember what Snowden released over the past couple of years.

      • Aunty T (@AuntyTroll) - 8 years ago

        “It’s just more “Big Brother” that Steve and Apple parodied so well in the 1984 Apple commercial!”. Did you keep a straight face when typing that?

        The days of Apple freeing people from the shackles of Big Brother changed when they launched the iPhone. It was the realisation that if THEY themselves shackled people to the hardware AND the software and gave their users zero flexibility to change anything then they would corner the market and become rich in the process. They are a total parody of the entity they sought to discredit in the advert – with the exception that Apple are rather more blatant andsuccessful at doing it. I mean do you REALLY think Tim Cook et al care about YOU and YOUR SECURITY that much? Hint: They don’t. What they do care about though is what is in your wallet.

        1984 indeed.

    • avieshek - 8 years ago

      How do you add twitter to u’r name

  6. 89p13 - 8 years ago

    Well, Fuck David Cameron and I hope Apple chooses to stop selling iPhone products in the U.K.

    Should this become an issue in the US of A – I will stop buying new iPhones and not update my iOS. All the terrorists will do is switch to another media / medium, much the like the spies in the 60’s / 70’s / 80’s and 90’s did before encryption became so easy and commonplace. Cold drops, messages in the classified section of a national newspaper or —- GOD FORBID — Snail Mail or some other low tech means that the Governments will have to work to find / decode.

    IMO – It’s all FUD – and they just want access to everyone’s texts / messages / media.

    It’s Time For ANOTHER Revolution.

    YMMV!

    • Kevin Roa - 8 years ago

      Snail mail has much greater protections. At least in the USA. Could be a growth market.

  7. rnc - 8 years ago

    UK, birthplace of Alan Turing, still doesn’t get cryptography?

  8. Kevin McManamon - 8 years ago

    I’d put money on the UK pushing for this so that GCHQ and the NSA et al can exploit these backdoors. The govt doesn’t want access to encrypted data to follow up on leads/threats, they want this access so they can try to figure out who the bad people are in the first place. The agencies are in such a terrible state right now that the only way they know how to “spy” is by sifting through everyone’s information (signals intelligence).

    The govt understands exactly what Tim Cook is explaining, that “bad” people will be able to access everyone’s devices. These governments are counting on it. This is effectively the govt wanting to kick in everyone’s front door to see if there’s anything illegal going on inside your house. It needs to be stopped.

  9. Marc Orcutt - 8 years ago

    If that is what they want, go ahead and give it to them. Leave everything completely unencrypted for UK customers. Apple is correct in that, if there is a way to decrypt the info, hackers could very well get it, so there is no point giving people the illusion security. In addition, it puts Apple in the position of constantly having to evaluate government requests for information, if they feel the request has received due process or proper legal authorization, dealing with civil suits arising from letting the government have access to user data, etc. UK citizens elected their politicians, so this must be what they want, just give it to them.

  10. charismatron - 8 years ago

    Because this is exactly the kind of legislation everyone and their dog is clamouring for! Forget a living wage, affordable housing, or low-priced to free higher education: it’s a key into Apple’s encrypted services we’re all out in the streets about. /ffs

  11. John Smith - 8 years ago

    “Cook believes that if there is backdoor access, it is inevitable that someone with negative intentions will gain access.”

    I’m going to call that bogus.

    If Apple can’t offer a secure ‘backdoor” (as he calls it) then how come I have a ‘recovery key’ for FileVault-2 on one of my MacBooks? Is that not secure?

    Blackberry offer trusted, secure messaging for 99.999% of their customers, whilst supporting legitimate law enforcement requests for the other 0.001% who’s criminal behaviour justifies a warrant. Blackberry is the system some people HAVE to use because of it’s security.

    Microsoft, and even security oriented ‘Hushmail,’ offer email with an assurance of security/confidentiality – but both make it clear … don’t use our service if you want to do something criminal: we do cooperate with lawful warrants.

    If it really is true that Apple are so technically inept that they can’t secure our messages/mail/devices, complete with a secure system to allow legitimate access, then we should all be worried. These people have my personal information, credit card info etc – if they are inept then that’s worrying.

    I think the security claim is bogus. Apple do this as a straightforward and cynical marketing decision. Post Snowden frenzy, Apple believed they could lose sales due to being a US company – taking this OTT law enforcement obstruction position is intended to counter that.

    This is about dollars, not the security of ordinary honest customers.

    • “If Apple can’t offer a secure ‘backdoor” (as he calls it)” – No, not “as he calls it”; this IS what it’s called.

      Blackberry: Hacked. Microsoft: Hacked. Apple: Not Hacked. Need I say more? The fact that you think is this about dollars and not the security of customers just blows my mind. You’re one of THOSE people.

      • John Smith - 8 years ago

        “Backdoor” is what it’s been called when – example – a developer leaves a covert entry into some system he coded. The language is deliberately intended to imply something dodgy/insecure. Here’s another language. In the UK the mobile phone companies call it a ‘law enforcement gateway’ – if the cops want to locate the mobile phone of some kid who is lost, they can. If you think you can use it to locate a kid’s phone, please give it a try and let us know the results.

        When was blackberry messenger hacked? Post a link for me – I would genuinely like to read of it.

        Apple not hacked? – How about the celebrities who got their iCloud photos downloaded/outed in 2014. I will post a link:

        https://en.wikipedia.org/wiki/2014_celebrity_photo_hack

        As I say, if apple is so technically inept that they can’t provide secure access while still providing security against outsiders then we should all be worried.

        If you believe – without questioning – everything that multi-national corporations say then good luck to you my friend. Whether they are leveraging ease of use or security: sales and profit is always the bottom line.

      • Greg Buser - 8 years ago

        John Smith, Celebrities had their ICloud accounts hacked due to weak passwords not because of an Apple vulnerability. If you want your account secure, don’t use your dog’s name or your mom’s birth date as a password.

      • Avieshek - 8 years ago

        I connected my twitter account but how to display like yours?

    • Howie Isaacks - 8 years ago

      A recovery key for FilveVault is NOT a back door. It’s a method for idiots who forget their passwords to get back into their Macs. Since I have mine setup so allow my iCloud account to unlock my Macs, I don’t have recovery keys. Most people don’t really understand all of this, so I doubt Apple’s stance on security is driving its sales in a major way. What is driving their sales is that Apple makes great products. Since they don’t have a desire to mine our data, they can make their devices secure. The government has no right to my data. Ever.

  12. Howie Isaacks - 8 years ago

    Apple should stop selling iOS devices in the UK if this thing passes.

  13. freediverx - 8 years ago

    If this bill passes, Apple should halt sales to the UK and then let the UK’s people decide whether they prioritize having the best smartphone or supporting government surveillance and security theater.

  14. I’m curious as to how this would work if a non UK citizen came to the uk, also how would it affect people who where law abiding in there own country that can legally send secure messages but the recipient can’t legally receive them if encrypted. It makes a mockery of a business model just so a country can have access to data, that to be honest should be irrelevant if the security forces are doing there job already.

    As a side not, once a person has been arrested, it would be very easy for a judge to order a suspect to unlock his mobile device, and any refusal would be contempt of court and would result in that person being locked up until they DO unlock it. So passwords are not the issue, but they want free for all access which goes against everything the law was designed for, innocent until proven guilty, and the government simply failed (as it does in so many areas) to keep up with technology…!

  15. Kevin Roa - 8 years ago

    Remember people this has nothing to with terrorists or saving the children. It has everything to do with governments being able to blackmail it’s citizens.

Author

Avatar for Chance Miller Chance Miller

Chance is an editor for the entire 9to5 network and covers the latest Apple news for 9to5Mac.

Tips, questions, typos to chance@9to5mac.com