Apple’s Encryption Fight Turns To The UK

Apple’s Encryption Fight Turns To The UK

After a major victory in the United States, Apple is facing an another threat to its encryption efforts on a different front: the United Kingdom.

The Cupertino-based tech giant typically shies away from taking firm stances on specific legislation and works through lobbying groups representing technology companies’ interests. Apple’s CEO Tim Cook today told students in Dublin that the company is opposed to a new British proposal that would require it to provide law enforcement with access to encrypted data.

Cook said creating a so-called backdoor for law enforcement would expose personal data to hackers.

“If you leave a back door in the software, there is no such thing as a back door for good guys only,” Cook said, according to Reuters. “If there is a back door, anyone can come in the back door.”

Cook’s statements have been backed up by privacy and technology experts. This summer, a group at MIT reported government limits on encryption would present risks.

Cook also said the British bill in its current form is vague. He said at the same event that it is not clear how Apple has to comply.

The Brtish bill, known as the Investigatory Powers Bill, would make explicit in law for the first time that law enforcement can hack and bug computers and phones, and it obliges companies to help officials bypass encryption.

Apple began encrypting its smartphones by default in 2014 with the introduction of iOS 8. Law enforcement in the United States has rallied against the update, claiming it would prevent them from obtaining information key to solving investigations.

However the White House has said it will not take a firm stance against encryption. Though the debate has continued heavily in the Capitol Hill hearing rooms, the U.S. Congress has not proposed any legislative solutions to the encryption debate.

The danger of the U.K.’s current proposal does not lie just in the privacy and security risks it presents to British citizens, but in the global precedent such a law would set. If the U.K. passes a law that requires that law enforcement be able to access encrypted data with a warrant, what’s to stop China or Russia from passing a similar law?

Apple hasn’t backed down on encryption since this issue first bubbled up last year. Though it’s been able to hold its own in the debate over encryption, this is the first time it will have to fight a bill targeting this practice.

New U.K. online surveillance proposal could have international reach

New U.K. online surveillance proposal could have international reach

A new surveillance proposal in the United Kingdom is drawing criticism from privacy advocates and tech companies that say it gives the government far-reaching digital surveillance powers that will affect users outside the nation’s borders.

The Draft Investigatory Powers Bill released by British Home Secretary Theresa May Wednesday would force tech companies to build intercept capabilities into encrypted communications and require telecommunications companies to hold on to records of Web sites visited by citizens for 12 months so the government can access them, critics allege.

Policy changes are necessary to maintain security in a changing digital landscape, the government argued. “The means available to criminals, terrorists and hostile foreign states to co-ordinate, inspire and to execute their plans are evolving,” May wrote in a forward to the bill. “Communications technologies that cross communications platforms and international borders increasingly allow those who would do us harm the opportunity to evade detection.”

The bill has some new judicial oversight mechanisms, but the response from privacy advocates was largely negative, with some arguing that those changes aren’t enough to compensate for the expanse of new powers.

“The law would apply to all companies doing business with the UK, which includes basically all companies that operate over the internet,” said Nathan White, senior legislative manager at digital rights group Access. “This means that even wholly domestic encrypted communications in the United States, France, or South Africa would be put at risk.”

Some tech companies themselves also raised alarm bells. “Many aspects of the draft Bill would directly impact internet users not just in the UK, but also beyond British borders,” Yahoo said in a blog post. “Of most concern to us at this stage is the UK Government’s proposal to affirm extraterritorial jurisdiction over foreign service providers.”

The U.K. government says some of the controversial aspects of the draft, including the requirement to unlock encrypted communications, date back to laws already on the books and it replaces a patchwork of powers which go back to the early days of the Web. However, while a Code of Conduct for Interception Capabilities released by the British government earlier this year said communications companies were required to maintain a “permanent interception capability,” it made no mention of decrypting such content.

Privacy advocates say the government is reinterpreting earlier laws in problematic ways. “This is a major change” that would effectively outlaw end-to-end encryption, a form of digital security where only the sender and the recipient of a message can unlock it, White said.

In meetings before the draft was released, the government pressed at least one tech company to build in backdoors into encrypted communications, according to a person familiar with the issue who requested anonymity because he was not authorized to comment on the issue.

Apple’s iMessage system uses end-to-end encryption as do an increasingly number of standalone messaging and calling apps including Signal. If the proposal becomes law, critics warn, such services may be forced to alter their systems to include such “backdoors” to allow the government to access encrypted content — something encryption experts say would undermine security by making the underlying code more complex and giving hackers something new to target — or exit the market. Apple declined to comment on the bill, but chief executive Tim Cook has been a vocal opponent of government-mandated backdoors in the past.

Encryption was at the heart of a U.S. policy debate over the last year. The dialogue was triggered when Apple moved to automatically protect iOS devices with encryption so secure the company itself cannot unlock data stored on an iPhone even if faced with a warrant, assuming that a user turns off automatic back-ups to the company’s servers.

Some law enforcement officials warn that criminals and terrorists are “going dark” due to such technology. But the Obama administration decided not to press for a legislative mandate that would require companies to build ways to access such content into their products, although it has not yet come out with a full policy position on the issue.

Critics argue that has led to ambiguity which emboldened British officials. “This draft proposal from the U.K. government demonstrates the lack of leadership on encryption policy from the Obama Administration” and could lead to similar proposals in other parts of the world, said White.

If one country is able to force companies to unlock encrypted data it will be hard to fend off such requests from others including China and Russia, some inside tech companies fear.

When asked about the British proposal by The Post, National Security Council spokesperson Mark Stroh declined to weigh in. “We’d refer you to the British government on draft British legislation,” he said via e-mail.