Apple has criticised UK proposals that would give the government power to veto tech companies’ new security features ahead of their release.
A proposed amendment to the Investigatory Powers Act 2016 would allow the Home Office to veto updates before they are released to the public by issuing a technical capability notice (TCN). If an update was vetoed, it could not be released in any other country, and the public would not be informed.
Apple has warned that this change to the law could seriously compromise security, such as by delaying vital security updates.
“We’re deeply concerned that the proposed amendments to the Investigatory Powers Act now before Parliament place users’ privacy and security at risk,” the company said in a statement. “It’s an unprecedented overreach by the government and, if enacted, the UK could attempt to secretly veto new user protections globally, preventing us from ever offering them to customers.”
Privacy and civil rights groups – including Liberty, the Open Rights Group, Privacy International, and Big Brother Watch – jointly criticised the proposed changes in a statement earlier this month, warning that the bill would, in effect, “[transform] private companies into arms of the surveillance state”. They also said that it would expand the state’s surveillance powers and weaken safeguards for the collection of personal datasets by intelligence agencies.
The bill originated in the House of Lords, in which it has reached its third and final reading.
In addition to the issuing of TCNs, other proposed changes to the Investigatory Powers Act include aiding ‘target detection’ with a new condition for the use of internet connection records, and loosening regulations for the storage and analysis of some bulk personal datasets.
A government spokesperson told the BBC: “We have always been clear that we support technological innovation and private and secure communications technologies, including end-to-end encryption, but this cannot come at a cost to public safety.”
Last year, Apple threatened to pull its FaceTime and iMessages services from the market rather than compromise on security in accordance with these amendments.
The UK government has previously faced pushback from other technology companies over new laws on privacy and security. For instance, a proposal to allow government agencies to scan messages for harmful content (such as child abuse imagery) before being encrypted resulted in WhatsApp threatening to withdraw its platform from the UK. The proposal did not make it into the Online Safety Bill, with the government conceding that it is not “technically feasible” without violating encryption.