The development, which was first reported by BBC News, makes the iPhone maker the latest to join the chorus of voices opposing upcoming legislative changes to the Investigatory Powers Act (IPA) 2016, which would effectively make encryption protections ineffective.
Specifically, the Online Safety Bill requires companies to install technology to scan for child sexual exploitation and abuse (CSEA) content and terrorism material in encrypted messaging apps and other services. It also mandates that the Home Office clarify security features before releasing messaging services and take immediate action if necessary to disable them without notifying the public.
While the fact does not explicitly call for the removal of end-to-end encryption, it would actually be tantamount to weakening it as the companies providing the services would have to scan all messages and attempt to decrypt them. This has been seen as an inconsistent move that allows the government to implement mass interception and surveillance.
Apple told the British broadcaster that such a provision “would pose a serious and direct threat to data security and information privacy.”
Earlier this April, several messaging apps such as Elementor, Signal, Threema, Viber, Meta-owned WhatsApp and Wire that currently offer encrypted chats published an open letter urging the UK government to reconsider its approach and “encourage companies to provide more privacy and security to their residents”.
The letter states, “The bill provides no explicit protections for encryption, and if enacted as written, OFCOM could be empowered to attempt to force active scanning of private messages on end-to-end encrypted communications services – resulting in defeating the purpose of end-to-end encryption and compromising the privacy of all users.”
Apple, which previously announced its plan to flag potentially problematic and abusive content in iCloud Photos, abandoned it last year following concerns from digital rights groups that the capability could be misused to undermine users’ privacy and security.
This is not the first time that end-to-end encryption has sparked controversy over its need to combat serious crimes online.
In May 2021, WhatsApp sued the Indian government to block internet rules that would force messaging apps to break encryption by including traceability mechanisms to identify the “first originator of information” or risk facing criminal penalties. The case is still pending.
Apple’s refusal to play ball is consistent with its public stance on privacy, which has allowed it to position itself as a “privacy hero” among other companies that insist on collecting user data to serve targeted ads.
But it also sounds hollow when considering the fact that every message sent or received from a non-Apple device is unencrypted—SMS doesn’t support end-to-end encryption—and could potentially open the door to government surveillance.