Apple believes bill creates ‘key under doormat for bad guys’

Shortly after Theresa May introduced the draft Investigatory Powers bill in November to update the UK's surveillance laws for the internet age, the home secretary met privately with Tim Cook, Apple's chief executive.

He laid out a number of objections to the proposals, reflecting concerns shared by many other Silicon Valley companies.

The bill gives police and security services access to the records of every UK citizen's internet use without the need for judicial authorisation. But if agencies want the actual content of communications, they will need to be authorised by both the home secretary and a new panel of judicial commissioners.

On Monday, Apple went public with its critique of the plans, providing written evidence to a parliamentary committee scrutinising the bill, laying out three major objections.

First it said the government's proposals would weaken tech companies' use of encryption to protect customer data.

Tim Cook
Getty Images
Tim Cook

The government's proposals suggest that if "the secretary of state and a judicial commissioner think there is necessity and proportionality in order to be able to provide that information, those companies should be required to provide that information [unencrypted] in the clear".

Apple said this meant the UK government was trying to create a "back door" to information shared between people on services such as FaceTime, its video calls feature, and iMessage, its text messaging system. Both of these communications services use "end-to-end encryption", which makes it hard for third parties to intercept information being transmitted between devices.

Apple claimed that the government was asking companies to weaken its encryption methods as an attempt to leave a "key . . . under the doormat" for British security services. But such a key "would not just be there for the good guys. The bad guys would find it too".

Second, Apple is concerned that the new law could "spark serious international conflicts" as the UK wants the right to request data not held in the country. The Californian company said this could lead to a situation where tech companies must choose between breaking the law in the UK or breaking the data protection laws in another country where information is being held. Apple said: "That is an unreasonable position to be placed in."

More from the Financial Times:
Apple warns on surveillance push
EU agrees strict new regime on data protection
US safe harbour deal months away, EU says

Third, the new law creates a legal duty on companies to help the police and security agencies to hack devices to acquire information, providing there is a warrant for "equipment interference" signed by a judge.

Apple said this requirement meant companies were, in effect, being asked to hack the accounts of its own customers. The company said no other country had demanded such a measure; it would set a dangerous example for more repressive regimes around the world.

Apple's intervention will put pressure on the government, which has already been forced to make concessions over the proposed law and has set out a year-long legislative process for its passage. This suggests a lengthy fight will follow.

But Apple, and other Silicon Valley companies such as Google and Facebook which also oppose parts of the bill, face a government determined to upgrade its surveillance capabilities in the face of a rising threat of terrorism and cyber attacks.

"I am clear we need to update our legislation to ensure it is modern, fit for purpose and can respond to emerging threats as technology advances," said Ms May last month.

"There should be no area of cyberspace which is a haven for those who seek to harm us to plot, poison minds and peddle hatred under the radar."