Apple could pull FaceTime and iMessage from UK over surveillance

Apple threatens to withdraw services if proposed changes to the Investigatory Powers Act are implemented

Apple has threatened to withdraw services including FaceTime and iMessage from the UK if the proposed changes to surveillance law compelling tech firms to make significant privacy modifications come into effect.

In recent months, the company has emerged as a vocal opponent to what it perceives as the UK government moves against online privacy.

Last month, Apple expressed concerns that certain provisions in the upcoming Online Safety Bill could potentially jeopardise privacy of UK citizens.

The UK government is also seeking to revise the 2016 Investigatory Powers Act (IPA), which serves as the legislation governing how security agencies can interfere with privacy to access investigatory information, launching an eight-week consultation on the proposed changes.

This consultation is open to professional bodies, academia, general public and interest groups. The government says it will explore potential outcomes for revised IPA notices regimes, aiming to enhance the effectiveness of the current regimes.

Under the IPA, law enforcement agencies can ask telecommunication companies to store internet browsing records and mass collect personal data.

Currently, the process involves independent oversight through a review process, and tech firms have the option to appeal before being required to comply with the requests. Under the proposed update to the IPA, disabling security features would need to be done immediately, without informing the public.

Apple reacts to proposed changes to the IPA

Apple has taken a firm stance, stating that it would remove certain services, including iMessage and FaceTime, instead of compromising the security of its offerings if the proposed changes to the IPA become law.

The company has submitted a detailed nine-page document expressing its opposition to many of the proposed changes.

Notably, the company strongly objects to the requirement of including backdoors for end-to-end encryption, the obligation to report changes to product security features before their release, and being compelled to disable security features before any appeals process can occur.

Apple has asserted that it will not implement changes specific to one country that would compromise the security of all its users.

It emphasised that certain alterations would necessitate a software update, making it impossible to execute them secretly.

According to a report by The Guardian, Apple's submission to the government expressed concerns that the bill would grant the Home Office elevated status, essentially making it the global authority in determining the acceptable level of data security and encryption.

In response to Apple's concerns, the Home Office stated that the IPA is designed with the primary purpose of safeguarding the public from criminals, child sex abusers and terrorists.

Apple, WhatsApp and Signal oppose the Online Safety Bill

Apple, WhatsApp and Signal are united in their opposition to a clause in the UK's Online Safety Bill, which grants communications regulator Ofcom the authority to mandate companies to install technology for scanning encrypted messaging apps and other services to detect Child Sexual Abuse Material (CSAM).

On Wednesday, the House of Lords approved a government amendment concerning the scrutiny of encrypted messaging within the bill. This amendment stipulates that before ordering a messaging service to utilise "accredited technology" for scanning message content, Ofcom must await a report from a "skilled person."

In earlier versions of the bill, this step was considered optional.

Last month a joint letter from 80 national and international civil society organisations, academics and tech experts to Technology Minister Chloe Smith, urging a reconsideration of Ofcom's new powers.

"The UK could become the first liberal democracy to require the routine scanning of people's private chat messages, including chats that are secured by end-to-end encryption," the letter said.

Several messaging platforms, including Signal and WhatsApp, have said openly that they will refuse to comply with any attempts to weaken privacy, even if directed to do so by the Online Safety Bill or any other regulatory authority, and would instead withdraw their services from the UK.