- Companies say helping government snoop will damage trust
- Industry rivals, privacy groups united in opposition to bill
Major global technology and telecommunications companies, from Microsoft to Google to Vodafone, have outlined their objections to a proposed U.K. law that they say would let British intelligence agencies engage in mass surveillance and force them to give the government access to encrypted communication.
The objections were contained in written evidence, published Thursday, submitted by the companies to a U.K. Parliamentary committee considering the draft legislation. The newly released comments echoed written evidence already published by some individual companies, including Apple Inc.
The proposed U.K. law, known as the Investigatory Powers Bill, would undermine customers’ trust in their products and brands, according to Facebook, Google, Microsoft, Twitter and Yahoo, which made a joint submission to Parliament -- a rare show of unity among rivals. Opposition has also come from privacy-rights groups that have tussled with tech companies in the past over their own handling of users’ personal data.
Among their objections in the written submission, the five U.S. tech companies together expressed concerns that the law would impose requirements at odds with laws elsewhere. They also said other countries could enact similar legislation, creating a morass of competing and conflicting obligations as different legal jurisdictions came into contact.
“The jurisdiction issue is the bad one,” says Ross Anderson, a computer security researcher and a professor at University of Cambridge, via e-mail. If other countries were to roll out laws similar to the one being proposed in the U.K., it could create situations with no simple solution. For example, Anderson said, a court in India could ask companies like Facebook to turn over data associated with someone who lives in Canada and has never been in India, and impose a secrecy order on them. That would put Facebook in an enormously tricky situation. “How can they give believable assurances of privacy to users in Canada, and also employ engineers in India?” he said.
Access to Data
The European Union in December announced a stringent new data privacy and protection regulation, motivated in part by concerns that U.S. spy agencies had been collecting vast amounts of European communications traffic and personal data. And data protection authorities in some countries have tried to mandate that companies notify them whenever approached by a foreign government for access their citizens’ communications or personal information. Yet, the companies said, the proposed U.K. law would in many cases make it illegal for them to disclose such demands, even in the course of challenging them before data protection authorities or courts.
Apple, which submitted a separate comment letter last month, focused more heavily on the possible dangers of weakened encryption. The proposed law would require technology companies to create ways for governments to intercept and decode encrypted communications. Any such back doors could be exploited by cybercriminals, Apple said.
“We owe it to our customers to protect their personal data to the best of our ability,” the iPhone maker said, noting the growing danger posed by hackers. “Increasingly stronger -- not weaker -- encryption is the best way to protect against these threats.”
The comment letters were among more than 120 pieces of written testimony submitted to a Joint Parliamentary Committee charged with examining the draft legislation, which Prime Minister David Cameron’s government introduced in November. The committee has also been holding hearings on the proposed law, which is expected to come to a vote this spring and, if passed, would take effect at the start of 2017. The government has said the proposed law is necessary, both to provide a legal framework for practices its intelligence agencies already engage in, and to provide security services with stronger tools to counter the threat of criminals and terrorists using sophisticated technology, including encryption.
The potential cost of complying with the proposed law is among the concerns companies raised, although they didn’t provide any estimates of how large this cost might be. The bill would “force companies to expend considerable resources hacking their own systems at the government’s direction,” Apple said in its letter. Vodafone, a U.K. mobile company, in its submission suggested that the cost of altering its systems to allow surveillance should be borne by the government, not industry.
Vodafone also objected that portions of the proposed bill that would give the U.K. government the legal authority to hack into communications. Vodafone said such hacking would not only undermine trust in its brand, but could comprise the reliability of its network.