Apple Warns Proposed UK Law Could ‘Secretly Veto’ Global User Protections

Apple is “deeply concerned” that proposed changes to British surveillance legislation could give the U.K. government unprecedented powers to secretly prevent software updates from being released in an any other country (via BBC News).

The UK government is planning to update the Investigatory Powers Act (IPA), which came into effect in 2016 and allows the British Home Office to outlaw certain encrypted services by issuing something called a Technical Capability Notice (TCN).

Dubbed by critics as a “Snooper’s Charter,” the updated Act of Parliament could also allow the Home Office to decline security and privacy updates without telling the public.

The bill proposes changes including:

• Creating a new condition for the use of internet connection records to aid “target
  detection.”
• Introducing an alternative, less stringent regulatory regime for the retention and
  examination of bulk personal datasets where individuals have little or no
  expectation of privacy (such as publicly available online telephone directories).
• A new notification requirement which can be issued to selected
  telecommunications operators requiring them to inform the government of
  proposed changes to their products or services that could negatively impact the
  current ability of agencies to lawfully access data.

Apple opposes the requirement to inform the Home Office of any changes to product security features before they are released, the requirement for non-U.K.-based companies to comply with changes that would affect their product globally, and having to take action immediately if requested to disable or block a feature without review or an appeals process.

“We’re deeply concerned the proposed amendments to the Investigatory Powers Act (IPA) now before Parliament place users’ privacy and security at risk,” said Apple in a statement.

“It’s an unprecedented overreach by the government and, if enacted, the UK could attempt to secretly veto new user protections globally preventing us from ever offering them to customers.”

In a July 2023 letter to the Home Office, Apple argued that the proposed changes “would suppress innovation, stifle commerce, and — when combined with purported extraterritorial application — make the Home Office the de facto global arbiter of what level of data security and encryption are permissible.”

The company also said it would consider pulling services such as FaceTime and iMessage from the U.K. rather than compromise future security.

Earlier this month, civil liberties groups including Big Brother Watch, Liberty, Open Rights Group and Privacy International, issued a joint briefing opposing aspects of the bill.

The groups said the proposed changed could “force technology companies, including those based overseas, to inform the government of any plans to improve security or privacy measures on their platforms so that the government can consider serving a notice to prevent such changes.”

“This would be effectively transforming private companies into arms of the surveillance state and eroding the security of devices and the internet,” the groups added.

The proposed changes will be debated in the House of Lords on Tuesday. The proposed amendments follow a review of existing legislation and updates to laws regarding the storage of internet browsing records and the bulk collection of personal data.