wordpress blog stats
Connect with us

Hi, what are you looking for?

Apple says UK’s Investigatory Powers (Amendment) Bill could allow the country to veto user protections

One of the most contentious provisions under the amendment is that of a new notification requirement which requires telecom operators to inform the govt of proposed changes that could negatively impact their ability to access data. This, commentators say, could impact innovation as well as deployment of features such as encryption.

Apple has called out the UK government’s plans to update the Investigatory Powers Act (IPA) 2016, stating that in doing so, the country could “attempt to secretly veto new user protections globally”, according to a report by the BBC. The Investigatory Powers (Amendment) Bill, proposes the following—

  • creating a new condition for the use of internet connections to aid ‘target detection’
  • introducing a less stringent regulatory regime for the examination of bulk personal data where users have limited to no expectation of privacy (such as publicly available online telephone directories)
  • a new notification requirement that can be issued to select telecommunication operators which requires them to inform the government of proposed changes to their products or services that could negatively impact the current ability of agencies to lawfully access data. (This could potentially thwart a platform’s attempt to introduce encryption as a feature.)

Apple’s main point of concern is the abovementioned notification requirement (clause 20 of the amendment bill). Apple says that this would be an “unprecedented overreach” by the UK government. In July last year when the amendment bill was proposed, Apple even said that it would rather remove services such as FaceTime and iMessage from the UK rather than compromise security, according to a report by Quartz. Apple isn’t the only one concerned about the notification requirement, others such as Meta and Signal have also spoken up against the amendment.

Concerns raised against clause 20:

In 2023, the UK government conducted a consultation on the amendment bill. Some of the key concerns raised during the consultation were

  • The objective of clause 20 is to block the rollout of new technologies. In doing so, the government would thwart innovation.
  • It would empower the government to direct the design of products and services intended for the UK consumer market and make it the global arbiter of what level of data security and encryption are permissible.
  • Bad actors could exploit vulnerabilities during delays in security updates.
  • The notification requirement would become unworkable because operators wouldn’t necessarily know what changes to a service could affect lawful access.

Growing concern around the breakage of encryption:

This notification requirement isn’t the only UK regulation that threatens encryption. As far back as 2015, the UK government proposed a complete ban on apps like WhatsApp and iMessage if they declined to provide UK security services backdoor access to messages. Then in 2016, the UK passed the original Investigatory Powers Act (IPA), which allowed the government to outlaw encrypted services by issuing something called a Technical Capability Notice (TCN).

In 2023, the Online Safety Bill was passed by the UK government. This bill holds platforms responsible for ensuring that child sexual abuse material, or CSAM, is not being transmitted through their service. Clause 122 of the bill allows the UK’s communications regulator to issue notices requiring them to develop and deploy software that will scan phones for prohibited content. This clause, just like the notification requirement, has been called out for its potential to break encryption.

UK government’s clarification on the notification requirement:

“The notification requirement will not allow the Secretary of State to prevent a technical change to an existing service, rollout of a new service or any other relevant change,” the UK government said, responding to the concerns raised during the consultation on the amendment bill. They said that it was not meant as an approval mechanism and there would be no method to allow the Secretary of the State to intervene in any way with the decision the operator has chosen.

The UK government explained that the notification requirement was simply meant to give law enforcement authorities time to adjust to upcoming changes. They added that they intend to lay out the details of exactly which of an operator’s services the notification requirement applies to and what level of change meets the threshold for notification.

STAY ON TOP OF TECH NEWS: Our daily newsletter with the top story of the day from MediaNama, delivered to your inbox before 9 AM. Click here to sign up today!

Also read:

Written By

Free Reads


The ‘Reforming Intelligence and Securing America Act’ (RISAA) is a legislation to reauthorize Section 702 of the Foreign Intelligence Surveillance Act (FISA).


In its submission, the Interior Ministry said the decision to impose a ban was "made in the interest of upholding national security, maintaining public...


Among other things, the security requirements include data encryption and regular review and updated access permissions to reflect personnel changes.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



NPCI CEO Dilip Asbe recently said that what is not written in regulations is a no-go for fintech entities. But following this advice could...


Notably, Indus Appstore will allow app developers to use third-party billing systems for in-app billing without having to pay any commission to Indus, a...


The existing commission-based model, which companies like Uber and Ola have used for a long time and still stick to, has received criticism from...


Factors like Indus not charging developers any commission for in-app payments and antitrust orders issued by India's competition regulator against Google could contribute to...


Is open-sourcing of AI, and the use cases that come with it, a good starting point to discuss the responsibility and liability of AI?...

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ