New UK government surveillance laws are so over-reaching that tech companies can’t possibly meet all of their requirements, according to Apple, which argues the measures will make the online world far less safe.
Apple, WhatsApp, Meta all threaten to quit UK messaging
The UK Home Office is pushing proposals to extend the Investigatory Powers Act (IPA) with a range of proposals that effectively require messaging providers such as Apple, WhatsApp, or Meta to install backdoors into their services. All three services are now threatening to withdraw messaging apps from the UK market if the changes move forward.
They’re making those threats for a very good reason: you cannot create a backdoor into software that will only be used by so-called “good guys.” Any flaws will be identified and exploited in a range of attacks.
It is noteworthy that Apple sees these laws as so repressive to free speech and so invasive, while also being impossible to maintain, that it would have to cease offering messaging services in the UK — even though it continues to offer these in allegedly censorious China.
A threat to security
Further, the regulation the UK is attempting to pass is so draconian that it even lacks a review system and insists that tech firms share any security updates with the government before they’re released. That puts a big block on fast security responses to all kinds of attacks, and means global audiences are left vulnerable while the Home Office decides what to do.
There are many arguments against the foolish proposals in the bill in Apple’s lengthy response, which points out that the UK already has a broad set of rules to govern this. (The new rules also suggest the Home Office will seize power to monitor messages of users located in other countries.)
“Together, these provisions could be used to force a company like Apple, that would never build a backdoor, to publicly withdraw critical security features from the UK market, depriving UK users of these protections,” the company warned.
The extended powers could dramatically disrupt the global market for security technologies, Apple also warns, “putting users in the UK and around the world at greater risk.”
Impossible to follow law under international obligations
I won’t go into all the arguments here — you should read them in their complete form — but one set of criticisms is particularly important: even if Apple could follow the UK law, it would be unable to do so under also existing international legal precedents.
In other words, the UK proposals are not in line with regulations already in place across its allied nations, including the US and European Union (EU). Apple argues the UK law would, “impinge on the right of other governments to determine for themselves the balance of data security and government access” in their own countries. In plain English, it means the UK is deliberately putting itself in conflict with laws like the EU’s…
2023-07-21 14:48:02
Link from www.computerworld.com