Skip to main content

Investigatory Powers Act a serious threat to global privacy, says Apple

Apple says that plans to increase the scope and powers of the UK’s Investigatory Powers Act is “a serious and direct threat to data security and information privacy” – not just to British citizens, but to all tech users worldwide.

The company says that the British government is trying to make itself “the de facto global arbiter of what level of data security and encryption are permissible” after a report last week noted that companies like Apple could be banned from issuing security updates without permission …

17 years of trying to ban privacy

I said last week that the British government has been threatening to ban the end-to-end encryption used in messaging apps like iMessage and FaceTime for at least six years. However, a friend reminded me that, while the names of the various proposed laws have changed, the efforts actually go back much further than this – some 17 years, in fact!

It was in 2006 that a previous government first put forward the idea of banning strong encryption, under what what was then known as the Intercept Modernisation Programme.

The Investigatory Powers Act 2016 (IPA) actually implemented many of the proposed powers, including granting the government the power to issue orders to tech companies to break encryption by building backdoors into their products. Apple strongly objected to this at the time.

The company has also said that it would withdraw iMessage and FaceTime from the UK market rather than drop end-to-end encryption, but it seems even this might not be enough.

Britain thinks it is a world government, says Apple

Apple shared with us its response to the consultation process, stating that the existing act already claims worldwide jurisdiction.

The IPA’s existing authorities are broad and already pose a significant risk to the global availability of important security technologies […] The IPA purports to apply extraterritorially, permitting the Home Office to assert that it may impose secret requirements on providers located in other countries and that apply to their users globally.

The additional powers proposed would make matters even worse.

The new powers the Home Office seeks—expanded authority to regulate foreign companies and the ability to pre-screen and block innovative security technologies—could dramatically disrupt the global market for security technologies, putting users in the UK and around the world at greater risk […]

Under this proposal, it’s possible that a non-UK company could be forced to undermine the security of all its users, simply because it has a UK user base.

Indeed, says Apple, the government is claiming that it would have this global power even if a company completely withdrew from the UK.

The Home Office proposes that the extraterritorial scope of the IPA should apply to providers in any country, regardless of whether the provider has any physical presence in the United Kingdom.

Apple agrees the law could ban security updates

Just Security argued that the expanded powers of the IPA would mean that companies like Apple would require permission from the British government before they could issue security updates. Apple agrees with this assessment.

In effect, the UK seeks authority that no other country has — to prohibit a company from releasing a security feature unless the UK receives advance notice. The result, inevitably, is that a company must choose whether to subject itself to the preferences of the Home Office or deprive users around the world of critical security features.

The iPhone maker points to the conflicts that would be created with numerous privacy laws worldwide, including Europe’s GDPR and the US CLOUD Act.

Proposed amendments must be rejected

Apple says that the proposals represent a serious privacy threat, and should be rejected.

The Home Office’s proposals to expand the IPA’s extraterritorial reach and to grant itself the power to pre-clear and block emerging security technologies constitute a serious and direct threat to data security and information privacy. To ensure that individuals have the tools to respond to the ever-increasing threats to information security, the Home Office’s proposal should be rejected.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications