Monday 29 August 2016

Apple makes new intervention in encryption row

Published 21/12/2015 | 22:05

Apple chief executive Tim Cook at Independent House
Apple chief executive Tim Cook at Independent House

Apple has formally challenged the British government’s bid to introduce new laws that would force companies to weaken their encryption.

  • Go To

In an unprecedented move, it has submitted written evidence before the Investigatory Powers Bill scrutiny committee in the UK House of Parliament.

The tech giant claims that the proposed new law, which purports to help British authorities fight terrorism, would weaken the security of “hundreds of millions” of people who use Apple’s iMessage and Facetime communications platforms.

“The bill threatens to hurt law-abiding citizens in its effort to combat the few bad actors who have a variety of ways to carry out their attacks,” said Apple’s submission.

“The creation of backdoors and intercept capabilities would weaken the protections built into Apple products and endanger all our customers. A key left under the doormat would not just be there for the good guys. The bad guys would find it too.”

British Prime Minister David Cameron has been a keen proponent of the parliamentary bill, arguing that it is necessary to intercept and prevent terrorist attacks.

“Do we want to allow a means of communication between two people which even in extremis with a signed warrant from the home secretary personally that we cannot read?” he said in a parliamentary debate on the issue earlier this year.

“My answer to that question is no, we must not. The first duty of any government is to keep our country and our people safe."

But this approach has been decried by a number of senior tech industry executives as misguided, with encryption seen as a basic standard rather than an ultimate one.

“Some have asserted that, given the expertise of technology companies, they should be able to construct a system that keeps the data of nearly all users secure but still allows the data of very few users to be read covertly when a proper warrant is served,” said Apple’s submission to the UK parliamentary committee.

“But the Government does not know in advance which individuals will become targets of investigation, so the encryption system necessarily would need to be compromised for everyone.

“The best minds in the world cannot rewrite the laws of mathematics. Any process that weakens the mathematical models that protect user data will by extension weaken the protection. And recent history is littered with cases of attackers successfully implementing exploits that nearly all experts either remained unaware of or viewed as merely theoretical.”

The company also insists that the proposed new UK law could make life much harder for businesses, both in Europe and beyond.

“The bill would attempt to force non-UK companies to take actions that violate the laws of their home countries,” said Apple’s submission.

“This would immobilise substantial portions of the tech sector and spark serious international conflicts. It would also likely be the catalyst for other countries to enact similar laws, paralysing multinational corporations under the weight of what could be dozens or hundreds of contradictory country-specific laws.”

“Those businesses affected will have to cope with a set of overlapping foreign and domestic laws. When these laws inevitably conflict, the businesses will be left having to arbitrate between them, knowing that in doing so they might risk sanctions. That is an unreasonable position to be placed in.”

And Apple says that its own incorporation in Ireland means that the UK is trying to legislate for companies outside its jurisdiction.

“If the UK asserts jurisdiction over Irish or American businesses, other states will too,” the company said in its submission. “We know that the IP bill process is being watched closely by other countries.”

“For the consumer in, say, Germany, this might represent hacking of their data by an Irish business on behalf of the UK state under a bulk warrant - activity which the provider is not even allowed to confirm or deny. Maintaining trust in such circumstances will be extremely difficult.”

Last month, Cook told Independent.ie that Europe is “leading the world” on privacy and is the place he feels most “at home” on the issue. He said that many of Europe’s instincts on privacy align more closely to his own than other jurisdictions.

“I think Europe is leading the world on that topic and it’s great,” he said. “I feel right at home when I come to Europe and talk about privacy.”

Online Editors

Read More

Promoted articles

Editors Choice

Also in Business