Apple lodges challenge to UK digital surveillance bill, rails against weak encryption

Posted:
in General Discussion edited December 2015
In an "unprecedented" move, Apple on Monday issued a formal challenge to the UK House of Parliament over a proposed Investigatory Powers Bill that would leave services like iMessage open to backdoors and intercept capabilities.




Apple's eight-page submission to a parliamentary committee tasked with investigating the legislation takes issue with software backdoors, forced access to encrypted devices and overseas warrants, reports BBC. Protections against these three potentialities, and others relating to government snooping, are at the bedrock of Apple's stance on data privacy.

"The bill threatens to hurt law-abiding citizens in its effort to combat the few bad actors who have a variety of ways to carry out their attacks," Apple writes, according to reports Independent.ie. "The creation of backdoors and intercept capabilities would weaken the protections built into Apple products and endanger all our customers. A key left under the doormat would not just be there for the good guys. The bad guys would find it too."

Dubbed by some media outlets as the Snooper's Charter, the bill's language suggests a change to existing UK law that Apple argues leaves room for the creation of backdoors into services protected by end-to-end encryption. Backdoor access to personal communications is a contentious topic.

"A key left under the doormat would not just be there for the good guys. The bad guys would find it too," Apple said, echoing CEO Tim Cook's statement on backdoors from February.

Proponents of the UK bill, including Prime Minister David Cameron, say enhancing the government's data collection capabilities is a step toward thwarting terrorist plots. Encrypted digital communications has become a hot button topic after certain discreet messaging apps were connected to the recent attacks on Paris. The claims were unfounded, but fanned debate nonetheless.

"Some have asserted that, given the expertise of technology companies, they should be able to construct a system that keeps the data of nearly all users secure but still allows the data of very few users to be read covertly when a proper warrant is served," Apple's submission reads. "But the Government does not know in advance which individuals will become targets of investigation, so the encryption system necessarily would need to be compromised for everyone."

Apple brings up a separate issue of extra-territoriality, which require companies submit to UK law enforcement warrants for information. Under current law, and rules provided in the proposed bill, Apple would be forced to hand over data stored on offshore servers.

"The bill would attempt to force non-UK companies to take actions that violate the laws of their home countries," Apple said. "This would immobilise substantial portions of the tech sector and spark serious international conflicts. It would also likely be the catalyst for other countries to enact similar laws, paralysing multinational corporations under the weight of what could be dozens or hundreds of contradictory country-specific laws."

Perhaps more importantly, tech companies like Apple fear that adhering to a UK policy on extra-territoriality would open the door for other countries -- China and Russia -- to demand the same treatment.

Apple also has concerns about hardware hacking, or being forced to surreptitiously unlock and root around in customer devices at the will of UK authorities. This particular issue has raised the ire of U.S. officials, as strong encryption measures built into iOS 8 and iOS 9 make it impossible for even Apple to decrypt newer devices.

The UK parliamentary committee in charge of the Investigatory Powers Bill is expected to tender a final report in February.
«1

Comments

  • Reply 1 of 29
    Are the British security experts really that dumb?
    If they try to pass this stupid law I say drop them from all Apple devices and services.
    When they open a new orifice for the whole world to up their *ss I am sure the Chinese, the Russians and not to mention ISIS will gladly oblige.

    latifbpjbdragonshamino
  • Reply 2 of 29
    I wonder if the compromise is to make everyone absolutely secure but then un-secure the devices of the ones the governments have warrants for. AFTER the warrant is served.. any new data (messages, etc) is made available to law enforcement. It would be similar to wire taps in old tech. The government can tap a phone line with proper authorization but it can't get previous conversations before the tap went into effect. No volume data collection for no reason except.. "just in case we can go back and find stuff". Privacy is not guaranteed for those the government has warrants for.. it isn't now and in my opinion it should never be. If the government has reason to suspect someone and has gone through the right channels to conduct surveillance on you then (explained to judge and got a warrant) then it has the right to look through your windows, go through your garbage and track your car. What it doesn't have the right to do is track your car and save all your trash in a warehouse without a warrant so that if anything ever happens they can get a warrant and look back at your history. Leaving a door open for all to enter is just plain stupid... no matter how secure you think the door is.
    radarthekat
  • Reply 3 of 29
    irelandireland Posts: 17,751member
    Cameron is one of the most anti-democratic British leaders I've seen in a long time. These guys want to know everything we do. It makes civilised countries feel like Nazi Germany. The so-called "good guys" become more scary every year.
    edited December 2015 lostkiwichiaargonautwilliamlondonredgeminipajbdragon
  • Reply 4 of 29
    irelandireland Posts: 17,751member
    Are the British security experts really that dumb?
    If they try to pass this stupid law I say drop them from all Apple devices and services.
    When they open a new orifice for the whole world to up their *ss I am sure the Chinese, the Russians and not to mention ISIS will gladly oblige.

    Not to mention the US and the UK governments themselves. They've no right to our data. They forget they work for us.
    lostkiwichiaargonautwilliamlondonredgeminipajbdragon
  • Reply 5 of 29
    Go Apple!

    Conitnue to poke a finger in the political fools' eyes. Here in the US, now in the UK, and everywhere else you can.
    redgeminipajbdragon
  • Reply 6 of 29
    Are the British security experts really that dumb?
    No, they're not. But the British Government is.
    lostkiwichiaargonautredgeminipa
  • Reply 7 of 29
    not to mention that no terroirst plot has been spoiled by any government agency's snooping methods. 

    and you better believe the chinese will use that backdoor, bye bye freedom of privacy.
    chiaredgeminipajbdragon
  • Reply 8 of 29
    I love the part on "extra-territoriality."  :)

    It's basically Apple saying at the end: "And by the way, you wrote this law incorrectly" (by pointing out the obvious jurisdictional flaw).    

    It seems clear that the bill was written by a politician instead of an actual lawyer.  
    shamino
  • Reply 9 of 29

    ireland said:
    Cameron is one of the most anti-democratic British leaders I've seen in a long time. These guys want to know everything we do. It makes civilised countries feel like Nazi Germany. The so-called "good guys" become more scary every year.
    I think he's more just a typical old-school Tory.  It's just that his methods and statements seem extreme in light of you know, the modern world, civilisation, etc.  

    Britain as a whole is very much living in the past IMO, but the Tory party probably more than the rest of them.  Cameron still believes in class privilege, white male rule, and all that other nonsense although he's far too cowardly and duplicitous to say it out loud.  
    lostkiwichiaargonaut
  • Reply 10 of 29
    foggyhillfoggyhill Posts: 4,767member
    serendip said:
    I wonder if the compromise is to make everyone absolutely secure but then un-secure the devices of the ones the governments have warrants for. AFTER the warrant is served.. any new data (messages, etc) is made available to law enforcement. It would be similar to wire taps in old tech. The government can tap a phone line with proper authorization but it can't get previous conversations before the tap went into effect. No volume data collection for no reason except.. "just in case we can go back and find stuff". Privacy is not guaranteed for those the government has warrants for.. it isn't now and in my opinion it should never be. If the government has reason to suspect someone and has gone through the right channels to conduct surveillance on you then (explained to judge and got a warrant) then it has the right to look through your windows, go through your garbage and track your car. What it doesn't have the right to do is track your car and save all your trash in a warehouse without a warrant so that if anything ever happens they can get a warrant and look back at your history. Leaving a door open for all to enter is just plain stupid... no matter how secure you think the door is.
    Not sure how that'd be done unless there is a rotating encryption key, but if you could do that they wouldn't have access anyway, so hey! And when they issue a warrant they usually want access to things before the warrant, or there is no point... They might as well just put a bug and camera on you then and forget the phone...
    jbdragon
  • Reply 11 of 29
    I'm going to repeat the same exact thing I said in the other thread about Tom Cotton:

    The fact of the matter is that of all the ways to die in the world, the chances of being killed by a terrorist are extremely small.

    You are more far more likely to be killed by a police officer than by a terrorist. 

    I'd rather take my chances with the terrorists and have rock solid encryption available.
    montrosemacschiajbdragonbrakken
  • Reply 12 of 29
    bluefire1bluefire1 Posts: 1,152member
    Wouldn't it be nice if the Parliament actually wanted to know what the British people wanted before voting on any such measure. 
  • Reply 13 of 29
    serendip said:
    I wonder if the compromise is to make everyone absolutely secure but then un-secure the devices of the ones the governments have warrants for. AFTER the warrant is served.. any new data (messages, etc) is made available to law enforcement. It would be similar to wire taps in old tech. The government can tap a phone line with proper authorization but it can't get previous conversations before the tap went into effect. No volume data collection for no reason except.. "just in case we can go back and find stuff". Privacy is not guaranteed for those the government has warrants for.. it isn't now and in my opinion it should never be. If the government has reason to suspect someone and has gone through the right channels to conduct surveillance on you then (explained to judge and got a warrant) then it has the right to look through your windows, go through your garbage and track your car. What it doesn't have the right to do is track your car and save all your trash in a warehouse without a warrant so that if anything ever happens they can get a warrant and look back at your history. Leaving a door open for all to enter is just plain stupid... no matter how secure you think the door is.
    The problem with this is that this ability to decrypt gives potentially unprecedented access to so many vital, private aspects of our lives. It's not like listening in on a phone conversation or being able to tap a phone line can give a phone hacker access to bank and credit card information, SS#, or other means to steal someone's identity. Computers provide access to SO much more than a phone conversation or number. And computer technology and thus the ability to hack and break encryption is so much more widely available as well. It's Pandora's Box to open up decryption and absolutely shouldn't happen.
    jbdragon
  • Reply 14 of 29
    yuck9yuck9 Posts: 112member
    ireland said:
    Are the British security experts really that dumb?
    If they try to pass this stupid law I say drop them from all Apple devices and services.
    When they open a new orifice for the whole world to up their *ss I am sure the Chinese, the Russians and not to mention ISIS will gladly oblige.

    Not to mention the US and the UK governments themselves. They've no right to our data. They forget they work for us.
    So when the USA Passes a law then Apple just drops the US as well huh ? Get Real.

  • Reply 15 of 29
    Are the British security experts really that dumb?
    I very much doubt GCHQ are dumb, but the politicians certainly are when it comes to tech matters.
    chiaargonautjbdragon
  • Reply 16 of 29
    The best argument against this madness was made by Jean Louis Gasee, in his monday note  column 
    sadly the title does not correspond with the content, do yourself a favor and read this very well written 
    column on the issue os encryption and the madness of giving the key to the government

    Clearly written for any non tech politician out there legislating on matters they clearly don't understand

    http://www.mondaynote.com/2015/12/14/lets-outlaw-math/
    chia
  • Reply 17 of 29
    From this point on I'm going to prefix all my emails, WhatsApp and iMessage messages with "David Cameron is a tool". Just for larks.
  • Reply 18 of 29
    boredumbboredumb Posts: 1,418member
    In a country so in-love with down-your-throat video surveillance, Apple's challenge would seem unlikely to succeed.
    But, unfortunately, I doubt it'll be the only privacy we lose in the years ahead -
    I only wish it actually did result in some degree of security in return...but it doesn't.  

    It isn't as though terrorists were unable to communicate and hatch schemes before -
    sacrificing privacy to force them to find a new way of doing what they've always done is a fool's exchange.

    Given the abject fear governments can incite by the threat of terrorism, one wonders what the possibilities are that governments, at the very least,
    welcome terror events, as a goad to encourage us to accept their agenda...and, at the very most?  
    What are these "storm troopers for democracy" (/s, if that wasn't obvious), really capable of?   
    I love my country, but I do not trust my government.
  • Reply 19 of 29
    Apple has become "the iPhone company" (in terms of the vast majority of their profits and now, because so much of Apple is tied to the dominance of iPhone, lawmakers everywhere represent the biggest existential threat to the company.

    if lawmakers undermine the security and privacy of Apple and the iPhone, it will destroy the stock and the company in short order.

    Google's move to diversify and break up the company into many smaller, independent companies is starting to look pretty smart right about now. Cook and the board of directors better get off their asses and start pouring some serious resources into combatting the political wolves at their door and simultaneously work on their "second act". What do you do after making the most profitable and desirable phone in the world?
    edited December 2015 shamino
  • Reply 20 of 29
    jfc1138jfc1138 Posts: 3,090member
    Apple has become "the iPhone company" (in terms of the vast majority of their profits and now, because so much of Apple is tied to the dominance of iPhone, lawmakers everywhere represent the biggest existential threat to the company.

    if lawmakers undermine the security and privacy of Apple and the iPhone, it will destroy the stock and the company in short order.

    Google's move to diversify and break up the company into many smaller, independent companies is starting to look pretty smart right about now. Cook and the board of directors better get off their asses and start pouring some serious resources into combatting the political wolves at their door and simultaneously work on their "second act". What do you do after making the most profitable and desirable phone in the world?
    "destroy the stock and the company"
    Not really: the playing field across ALL smartphone manufacturers would remain the same as any law about security would equally effect all manufacturers of such phones. And from my reading of the coverage ApplePay wouldn't be effected and that's the area of security that most concerns me and IS a differentiator between other phones and the iPhone.

    Sean The Bomber and his cohorts can just go back to one time pads and unencrypted "cryptic" text messages. and completely avoid the whole thing. "How about we have lunch Tuesday" sort of thing, meaning the act takes place Wednesday at midnight....  Politicians are morons when it comes to this issue.
    edited December 2015 monstrosityshamino
Sign In or Register to comment.