Apple has threatened to pull iMessage and FaceTime from the UK, as planned changes to UK surveillance laws could affect iPhone users’ privacy.
The company has become a vocal opponent of what it views as UK government moves against online privacy, and said last month that provisions in the forthcoming online safety bill could endanger message encryption.
Apple’s latest concerns centre on the Investigatory Powers Act 2016, which gives the Home Office the power to seek access to encrypted content via a technology capability notice (TCN).
End-to-end encryption, which ensures only the sender and recipient of a message can see its content, is a key tech privacy feature and is a hard-fought battleground between governments and tech firms.
Apple said the proposed changes included a provision that would give the UK government oversight of security changes to its products, including regular iOS software updates. The Home Office consultation proposes “mandating” operators to notify the home secretary of changes to a service that could have a “negative impact on investigatory powers”.
Apple wrote in a submission to the government that such a move would in effect grant the home secretary control over security and encryption updates globally, when allied to further proposals strengthening requirements for non-UK companies to implement changes worldwide if – like Apple – they operate via a global platform.
The proposals would “make the Home Office the de facto global arbiter of what level of data security and encryption are permissible”, Apple wrote.
Apple also expressed concern over a proposed amendment that it says would allow the government to immediately block implementation of a security feature while a TCN is being considered, instead of letting the feature continue to be used pending an appeal.
In comments implying that encrypted products such as FaceTime and iMessage could ultimately be endangered in the UK, Apple said it never built a “backdoor” into its products for a government to use, and it would withdraw security features in the UK market instead.
End-to-end encryption is the core security technology for FaceTime and iMessage and is viewed by Apple as an intrinsic part of those services.
“Together, these provisions could be used to force a company like Apple, that would never build a backdoor, to publicly withdraw critical security features from the UK market, depriving UK users of these protections,” Apple said.
The company said the proposals would “result in an impossible choice between complying with a Home Office mandate to secretly install vulnerabilities into new security technologies (which Apple would never do), or to forgo development of those technologies altogether and sit on the sidelines as threats to users’ data security continue to grow.”
On Wednesday the House of Lords approved a government amendment on the online safety bill related to scrutiny of encrypted messaging. Under the amendment, Ofcom, the communications watchdog, would have to await a report from a “skilled person” before ordering a messaging service to use “accredited technology” – which could enable the scanning of message content – for example to identify child sexual abuse material.
The provision in the bill is widely seen by privacy campaigners as a means of potentially forcing platforms such as WhatsApp and Signal to break or weaken end-to-end encryption.
A government spokesperson said:
“The Investigatory Powers Act 2016 is designed to protect the public from criminals, child sex abusers and terrorists. With strong independent oversight, the act regulates how intrusive investigatory powers by public authorities are used.
“We keep all legislation under review to ensure it is as strong as it can be and this consultation is part of that process – no decisions have yet been made.”