Apple lodges challenge to UK digital surveillance bill, rails against weak encryption
In an "unprecedented" move, Apple on Monday issued a formal challenge to the UK House of Parliament over a proposed Investigatory Powers Bill that would leave services like iMessage open to backdoors and intercept capabilities.
Apple's eight-page submission to a parliamentary committee tasked with investigating the legislation takes issue with software backdoors, forced access to encrypted devices and overseas warrants, reports BBC. Protections against these three potentialities, and others relating to government snooping, are at the bedrock of Apple's stance on data privacy.
"The bill threatens to hurt law-abiding citizens in its effort to combat the few bad actors who have a variety of ways to carry out their attacks," Apple writes, according to reports Independent.ie. "The creation of backdoors and intercept capabilities would weaken the protections built into Apple products and endanger all our customers. A key left under the doormat would not just be there for the good guys. The bad guys would find it too."
Dubbed by some media outlets as the Snooper's Charter, the bill's language suggests a change to existing UK law that Apple argues leaves room for the creation of backdoors into services protected by end-to-end encryption. Backdoor access to personal communications is a contentious topic.
"A key left under the doormat would not just be there for the good guys. The bad guys would find it too," Apple said, echoing CEO Tim Cook's statement on backdoors from February.
Proponents of the UK bill, including Prime Minister David Cameron, say enhancing the government's data collection capabilities is a step toward thwarting terrorist plots. Encrypted digital communications has become a hot button topic after certain discreet messaging apps were connected to the recent attacks on Paris. The claims were unfounded, but fanned debate nonetheless.
"Some have asserted that, given the expertise of technology companies, they should be able to construct a system that keeps the data of nearly all users secure but still allows the data of very few users to be read covertly when a proper warrant is served," Apple's submission reads. "But the Government does not know in advance which individuals will become targets of investigation, so the encryption system necessarily would need to be compromised for everyone."
Apple brings up a separate issue of extra-territoriality, which require companies submit to UK law enforcement warrants for information. Under current law, and rules provided in the proposed bill, Apple would be forced to hand over data stored on offshore servers.
"The bill would attempt to force non-UK companies to take actions that violate the laws of their home countries," Apple said. "This would immobilise substantial portions of the tech sector and spark serious international conflicts. It would also likely be the catalyst for other countries to enact similar laws, paralysing multinational corporations under the weight of what could be dozens or hundreds of contradictory country-specific laws."
Perhaps more importantly, tech companies like Apple fear that adhering to a UK policy on extra-territoriality would open the door for other countries -- China and Russia -- to demand the same treatment.
Apple also has concerns about hardware hacking, or being forced to surreptitiously unlock and root around in customer devices at the will of UK authorities. This particular issue has raised the ire of U.S. officials, as strong encryption measures built into iOS 8 and iOS 9 make it impossible for even Apple to decrypt newer devices.
The UK parliamentary committee in charge of the Investigatory Powers Bill is expected to tender a final report in February.
Apple's eight-page submission to a parliamentary committee tasked with investigating the legislation takes issue with software backdoors, forced access to encrypted devices and overseas warrants, reports BBC. Protections against these three potentialities, and others relating to government snooping, are at the bedrock of Apple's stance on data privacy.
"The bill threatens to hurt law-abiding citizens in its effort to combat the few bad actors who have a variety of ways to carry out their attacks," Apple writes, according to reports Independent.ie. "The creation of backdoors and intercept capabilities would weaken the protections built into Apple products and endanger all our customers. A key left under the doormat would not just be there for the good guys. The bad guys would find it too."
Dubbed by some media outlets as the Snooper's Charter, the bill's language suggests a change to existing UK law that Apple argues leaves room for the creation of backdoors into services protected by end-to-end encryption. Backdoor access to personal communications is a contentious topic.
"A key left under the doormat would not just be there for the good guys. The bad guys would find it too," Apple said, echoing CEO Tim Cook's statement on backdoors from February.
Proponents of the UK bill, including Prime Minister David Cameron, say enhancing the government's data collection capabilities is a step toward thwarting terrorist plots. Encrypted digital communications has become a hot button topic after certain discreet messaging apps were connected to the recent attacks on Paris. The claims were unfounded, but fanned debate nonetheless.
"Some have asserted that, given the expertise of technology companies, they should be able to construct a system that keeps the data of nearly all users secure but still allows the data of very few users to be read covertly when a proper warrant is served," Apple's submission reads. "But the Government does not know in advance which individuals will become targets of investigation, so the encryption system necessarily would need to be compromised for everyone."
Apple brings up a separate issue of extra-territoriality, which require companies submit to UK law enforcement warrants for information. Under current law, and rules provided in the proposed bill, Apple would be forced to hand over data stored on offshore servers.
"The bill would attempt to force non-UK companies to take actions that violate the laws of their home countries," Apple said. "This would immobilise substantial portions of the tech sector and spark serious international conflicts. It would also likely be the catalyst for other countries to enact similar laws, paralysing multinational corporations under the weight of what could be dozens or hundreds of contradictory country-specific laws."
Perhaps more importantly, tech companies like Apple fear that adhering to a UK policy on extra-territoriality would open the door for other countries -- China and Russia -- to demand the same treatment.
Apple also has concerns about hardware hacking, or being forced to surreptitiously unlock and root around in customer devices at the will of UK authorities. This particular issue has raised the ire of U.S. officials, as strong encryption measures built into iOS 8 and iOS 9 make it impossible for even Apple to decrypt newer devices.
The UK parliamentary committee in charge of the Investigatory Powers Bill is expected to tender a final report in February.
Comments
If they try to pass this stupid law I say drop them from all Apple devices and services.
When they open a new orifice for the whole world to up their *ss I am sure the Chinese, the Russians and not to mention ISIS will gladly oblige.
Conitnue to poke a finger in the political fools' eyes. Here in the US, now in the UK, and everywhere else you can.
and you better believe the chinese will use that backdoor, bye bye freedom of privacy.
It's basically Apple saying at the end: "And by the way, you wrote this law incorrectly" (by pointing out the obvious jurisdictional flaw).
It seems clear that the bill was written by a politician instead of an actual lawyer.
I think he's more just a typical old-school Tory. It's just that his methods and statements seem extreme in light of you know, the modern world, civilisation, etc.
Britain as a whole is very much living in the past IMO, but the Tory party probably more than the rest of them. Cameron still believes in class privilege, white male rule, and all that other nonsense although he's far too cowardly and duplicitous to say it out loud.
The fact of the matter is that of all the ways to die in the world, the chances of being killed by a terrorist are extremely small.
You are more far more likely to be killed by a police officer than by a terrorist.
I'd rather take my chances with the terrorists and have rock solid encryption available.
sadly the title does not correspond with the content, do yourself a favor and read this very well written
column on the issue os encryption and the madness of giving the key to the government
Clearly written for any non tech politician out there legislating on matters they clearly don't understand
http://www.mondaynote.com/2015/12/14/lets-outlaw-math/
But, unfortunately, I doubt it'll be the only privacy we lose in the years ahead -
I only wish it actually did result in some degree of security in return...but it doesn't.
It isn't as though terrorists were unable to communicate and hatch schemes before -
sacrificing privacy to force them to find a new way of doing what they've always done is a fool's exchange.
Given the abject fear governments can incite by the threat of terrorism, one wonders what the possibilities are that governments, at the very least,
welcome terror events, as a goad to encourage us to accept their agenda...and, at the very most?
What are these "storm troopers for democracy" (/s, if that wasn't obvious), really capable of?
I love my country, but I do not trust my government.
if lawmakers undermine the security and privacy of Apple and the iPhone, it will destroy the stock and the company in short order.
Google's move to diversify and break up the company into many smaller, independent companies is starting to look pretty smart right about now. Cook and the board of directors better get off their asses and start pouring some serious resources into combatting the political wolves at their door and simultaneously work on their "second act". What do you do after making the most profitable and desirable phone in the world?
Not really: the playing field across ALL smartphone manufacturers would remain the same as any law about security would equally effect all manufacturers of such phones. And from my reading of the coverage ApplePay wouldn't be effected and that's the area of security that most concerns me and IS a differentiator between other phones and the iPhone.
Sean The Bomber and his cohorts can just go back to one time pads and unencrypted "cryptic" text messages. and completely avoid the whole thing. "How about we have lunch Tuesday" sort of thing, meaning the act takes place Wednesday at midnight.... Politicians are morons when it comes to this issue.