Apple has warned against a new proposal to expand the digital surveillance powers available to national intelligence agencies that it would be better off discontinuing its iMessage and FaceTime services in the UK than bowing to government pressure.
The development, first reported by BBC News, makes the iPhone maker the latest to join a chorus of voices protesting upcoming changes to the 2016 Investigative Powers Act (IPA) that would effectively nullify encryption protections.
Specifically, the Online Safety Bill requires businesses to deploy technology that scans encrypted messaging apps and other services for child sexual exploitation and abuse (CSEA) material and terrorism content. It also requires messaging services to clear consultations with the Home Office before releasing security features and, if necessary, take steps to disable them immediately without informing the public.
While this fact does not explicitly call for the removal of end-to-end encryption, it effectively weakens the encryption as the company providing the service must scan, flag and delete all messages. This is seen as a disproportionate measure that allows the government to conduct mass interception and surveillance.
Apple told the British broadcaster that such clauses “pose a serious and direct threat to data security and information privacy”.
Earlier this year, a number of messaging apps that currently offer encrypted chat, including Element, Signal, Threema, Viber, Meta-owned WhatsApp and Wire, released an open letter urging the UK government to rethink its approach and “encourage businesses to offer more privacy and security to their citizens.”
“This bill does not provide explicit protections for encryption and, if implemented as written, could empower OFCOM to seek to enforce proactive scanning of private messages on end-to-end encrypted communications services, thereby defeating the purpose of end-to-end encryption and violating the privacy of all users,” the letter reads.
Apple previously announced its own plans to flag potentially problematic and inappropriate content in iCloud Photos, but abandoned it last year after backlash from digital rights groups over concerns that the feature could be abused to compromise user privacy and security.
Shielding Against Insider Threats: Mastering SaaS Security Posture Management
Worried about insider threats? We’ve got you covered! Join us for this webinar to explore practical strategies and proactive security secrets using SaaS Security Posture Management.
join today
This isn’t the first time there’s been a battle between end-to-end encryption and the need to combat serious online crime.
In May 2021, WhatsApp sued the Indian government to block internet regulations that would force messaging apps to be decrypted by incorporating traceability mechanisms to identify the “first originator of information” or risk facing criminal penalties. This lawsuit is still pending.
Apple’s refusal to play ball is consistent with the company’s public position on privacy and positions it as a “privacy hero” among other companies keen to collect user data to serve targeted ads.
But it also feels hollow given the fact that all messages sent to and from non-Apple devices are unencrypted, and SMS does not support end-to-end encryption, which can open the door for government surveillance.
