Stay informed with free updates
Simply sign up to the Cyber Security myFT Digest — delivered directly to your inbox.
Tech groups have called on ministers to clarify the extent of proposed powers that they fear would allow the UK government to intervene and block the rollout of new privacy features for messaging apps.
The Investigatory Powers Amendment Bill, which was set out in the King’s Speech on Tuesday, would oblige companies to inform the Home Office in advance about any security or privacy features they want to add to their platforms, including encryption.
At present, the government has the power to force telecoms companies and messaging platforms to supply data on national security grounds and to help with criminal investigations.
The new legislation was designed to “recalibrate” those powers to respond to risks posed to public safety by multinational tech companies rolling out new services that “preclude lawful access to data,” the government said.
But Meredith Whittaker, president of private messaging group Signal, urged ministers to provide more clarity on what she described as a “bellicose” proposal amid fears that, if enacted, the new legislation would allow ministers and officials to veto the introduction of new safety features.
“We will need to see the details, but what is being described suggests an astonishing level of technically confused government over-reach that will make it nearly impossible for any service, homegrown or foreign, to operate with integrity in the UK,” she told the Financial Times.
Previously, Meta and Apple, which offer encryption on WhatsApp, and iMessage and FaceTime, respectively, have warned that they will remove any services from the UK if the government seeks to compromise those features.
Meta plans to extend encryption, which prevents anyone other than the users communicating with each other from accessing the messages, to Facebook Messenger by the end of the year.
The messaging platforms have tens of millions of users in Britain.
Whittaker said it was “imperative” for tech groups to improve privacy settings to “defend core technical infrastructure from hackers and other hostile actors”, which was “clearly not comprehended by those behind these changes”.
She added that the “lack of judicial due process” from the government was “deeply alarming”, although “sadly not out of character”.
TechUK, a trade group, warned in its response to the government’s consultation that new investigatory powers legislation as envisaged could oblige companies to comply with a warrant from the Home Office to hand over user data even while a review into the appropriateness of the request is ongoing.
Julian David, chief executive of TechUK, said that the Home Office had “simply not engaged sufficiently with businesses” over the legislation, “driving concerns that changes to the regime could be expansive and disproportionate”.
He added: “This must be rectified at the earliest opportunity to ensure that any changes . . . are effective, informed and focused on addressing any capability gaps the Home Office is able to evidence.”
The threats to remove services come amid a wider sector backlash against a range of government policies, which tech groups say threaten to undermine the privacy and the integrity of their products, including the online safety bill, which passed into law last month.
Apple warned the government in its response to the consultation on the proposed legislation in July, that certain elements of the investigatory powers bill could force tech companies “to publicly withdraw critical security features from the UK market, depriving UK users of these protections”.
WhatsApp has also threatened to exit the UK if forced by the government to break encryption.
The Home Office said the bill would “deliver urgent and targeted changes needed to protect the British public from criminals . . . by enabling intelligence agencies and law enforcement to keep pace with these evolving threats”.
It added: “We have always been clear that we support strong encryption where public safety is designed in, but this cannot come at a cost to public safety and we will not outsource the security of our citizens to unaccountable multinational companies.”
Meta declined to comment. Apple did not respond to a request for comment.
Additional reporting by Tim Bradshaw
Read the full article here