UK's email access Bill threatens to hurt law-abiding citizens, says Apple

PA
Updated

Apple has raised concerns about the UK's draft Investigatory Powers Bill, in an official submission to a parliamentary committee.

The boss of the technology giant has already warned against giving spies a ''back door'' to reading people's emails because weakening data security could help criminals.

The company has now passed on its thoughts to the parliamentary committee scrutinising the legislation.

The submission, which has been seen by the Press Association, praises the use of encryption in communications and suggests this should be strengthened.

"We owe it to our customers to protect their personal data to the best of our ability. Increasingly stronger -- not weaker -- encryption is the best way to protect against these threats," the submission reads.

"The Bill threatens to hurt law-abiding citizens in its effort to combat the few bad actors who have a variety of ways to carry out their attacks. The creation of back doors and intercept capabilities would weaken the protections built into Apple products and endanger all our customers.

"A key left under the doormat would not just be there for the good guys. The bad guys would find it too."

Under proposals in Theresa May's Investigatory Powers Bill, communications firms would be legally required to help spies hack into suspects' smartphones and computers.

Domestic providers would be obliged to assist intelligence agencies if they were given warrants to carry out equipment interference.

The technique allows authorities to interfere with electronic devices to obtain data and can range from remotely accessing a computer to covertly downloading the contents of a mobile phone.

It is seen as an increasingly crucial tool as advanced encryption makes intercepting communications more difficult.

However, Apple argues that as encryption is already widely used, weakening it would not slow the threat from criminals.

"Encryption today is as ubiquitous as computing itself and we are all the better for it. There are hundreds of products that use encryption to protect user data, many of them open-source and beyond the regulation of any one government.

"By mandating weakened encryption in Apple products, this Bill will put law-abiding citizens at risk, not the criminals, hackers and terrorists who will continue having access to encryption."

The technology giant also said that given the unpredictable nature of many cyber-attacks, restructuring their security without compromising users would be difficult.

"Some have asserted that, given the expertise of technology companies, they should be able to construct a system that keeps the data of nearly all users secure but still allows the data of very few users to be read covertly when a proper warrant is served.

"But the Government does not know in advance which individuals will become targets of investigation, so the encryption system necessarily would need to be compromised for everyone.

"The best minds in the world cannot rewrite the laws of mathematics. Any process that weakens the mathematical models that protect user data will by extension weaken the protection. And recent history is littered with cases of attackers successfully implementing exploits that nearly all experts either remained unaware of or viewed as merely theoretical."

Apple's submission to the committee runs to eight pages, and focuses on three issues: encryption, the possibility of having to hack its own products, and the precedent it would set by agreeing to comply with UK-issued warrants.

The submission suggests that companies being forced to hack their own systems at the request of government would make them less secure as Apple and others would be forced to alter the design of their systems, which the company suggests could "endanger the privacy and security of users in the UK and elsewhere".

There are also fears in technology circles that the proposals will hit services offering ''end-to-end encryption'' such as WhatsApp and Apple's iMessage, despite the Home Secretary's assurances that the legislation ''will not ban encryption or do anything to undermine the security of people's data".

The proposed new laws could impose obligations on telecommunications providers requiring them to remove ''electronic protection'' applied to ''communications or data''.

Advertisement