Apple wants the UK government to rein in snooper's charter
Tim Cook is a vocal opponent of any form of encryption weakening, and now Apple has spoken out against the UK government's Investigatory Powers Bill -- otherwise known as the snooper's charter. Currently in draft form, the bill would require ISPs to retain customers' browsing histories for a year, and would require technology companies to implement backdoors that would allow encryption to be bypassed.
Apple says that it has serious concerns about the proposed bill in its current form, and calls for sweeping changes to be implemented. The company has famously refused to allow access to encrypted iMessage chats, and this is a stance it is reiterating.
The company says that it is simply not possible to allow backdoor access to data without weakening encryption for everyone. It also expressed concerns that the bill would legalize governmental hacking of computers around the world. In a submission to the committee overseeing the bill, Apple says:
We believe it would be wrong to weaken security for hundreds of millions of law-abiding customers so that it will also be weaker for the very few who pose a threat. In this rapidly evolving cyber-threat environment, companies should remain free to implement strong encryption to protect customers.
This is a sentiment that echoes the words of CEO Tim Cook, and Apple makes a point that is hard to argue against:
The creation of backdoors and intercept capabilities would weaken the protections built into Apple products and endanger all our customers. A key left under the doormat would not just be there for the good guys. The bad guys would find it too.
There is particular alarm that the bill would grant the UK government worldwide powers -- something that many would see not only as invasive, but also wildly undemocratic. Apple says that this would create an awkward relation with customers:
It would place businesses like Apple -- whose relationship with customers is in part built on a sense of trust about how data will be handled -- in a very difficult position. For the consumer in, say, Germany, this might represent hacking of their data by an Irish business on behalf of the UK state under a bulk warrant -- activity which the provider is not even allowed to confirm or deny. Maintaining trust in such circumstances will be extremely difficult.
Those businesses affected will have to cope with a set of overlapping foreign and domestic laws. When these laws inevitably conflict, the businesses will be left having to arbitrate between them, knowing that in doing so they might risk sanctions. That is an unreasonable position to be placed in.