U.S. Tech Firms Criticize U.K. Spying Legislation
Post# of 22757
Source: Dow Jones News
Leading U.S. technology companies, including Apple Inc., Google Inc. and Facebook Inc., roundly criticized proposed U.K. legislation that would expand the British government's spying powers, according to responses to lawmakers released Thursday.
The tech companies' strong push back underscores the challenges the British government will have to overcome to make the proposed laws work in practice, even as police and prosecutors welcome the changes.
Set to be voted on later this year, the draft bill proposes enhanced surveillance powers that government officials say they need to keep pace with changes in technology.
But the tech companies say the new measures, some of which would require them to collect data in bulk and help law-enforcement officials crack encrypted communications, are overzealous.
"The actions the U.K. government takes here could have far-reaching implications—for our customers, for your own citizens, and for the future of the global technology industry," said Facebook, Google, Microsoft Corp., Twitter Inc. and Yahoo Inc. in a joint submission dated Dec. 21.
Voicing particular concern about the effect the proposed law could have on the privacy and security of their customers' data, the companies also warned of the high cost of complying with the new rules, which require tech companies to keep records of their customers' Internet usage and hand them to police on request.
In a separate letter to lawmakers, Apple said that to comply with the proposals would weaken the strength of encryption in the products and services the company offers, making it easier for criminals and terrorists to steal data and launch cyberattacks.
"Increasingly stronger—not weaker—encryption is the best way to protect against these threats," Apple said. "The fact is to comply with the government's proposal, the personal data of millions of law-abiding citizens would be less secure," the company said.
The U.K. law is the latest flashpoint in a battle between U.S. technology companies and governments over where to draw the line between user privacy and national security. Since 2013, when former U.S. National Security Agency contractor Edward Snowden leaked documents alleging widespread government snooping by the U.S. and allied countries, U.S. tech companies have been at pains to push back against surveillance policies that they worried would cause customers to lose trust in their businesses.
British Home Secretary Theresa May, who has championed the bill, is scheduled to address some of the concerns voiced by the companies when she appears in front of lawmakers next week.
Among the most controversial powers in the new bill is the ability of intelligence officials to hack computers to access communications of terror suspects, something the government only publicly acknowledged that it was capable of doing earlier this year.
That, said Facebook, Google, Microsoft, Twitter and Yahoo, was "a step in the wrong direction."
In a rare public intervention, the head of the U.K.'s domestic intelligence agency, known as MI5, said last year that officials needed to draw upon a wider range of tools, including the option to "conduct operations online and to mount IT attacks," against terrorist networks to access their communications. MI5 head Andrew Parker and other government officials have argued that the rise of encryption in the post-Snowden era has made their jobs more difficult.
This view was echoed in submissions from British law-enforcement agencies on Thursday. "We consider the bill's provisions essential to ensure effective investigations and prosecutions in a world where technology, capability and opportunity are constantly evolving," said Alison Saunders, the country's most senior prosecutor.
Some police officers said they felt the proposed law doesn't go far enough.
Restrictions on how hacking powers can be used, and the amount of judicial oversight laid out in the draft bill should be reconsidered, said the heads of the Metropolitan Police, the U.K.'s counterterrorism command, the National Crime Agency, and the Border Agency, in a joint submission.
If the bill passes into law, it risks being struck down by European judges, who have already taken issue with the private collection of personal data. On Oct. 6, the EU's highest court annulled the "Safe Harbor" pact that was used by thousands of companies to transfer customer information to the U.S. The court ruled the pact violates customers' privacy rights by potentially exposing them to allegedly indiscriminate surveillance by the U.S. government.
But a series of terrorist attacks in Europe and the U.S. last year has hardened the debate.
Following those attacks, government officials have moved to bolster their surveillance powers, with France enacting two new surveillance laws in the past year alone.
Law-enforcement officials in the U.K., France and Germany have argued they need more cooperation from technology companies in turning over information on users, as well as in gaining access to encrypted communication tools they say terrorists use.
American tech companies say they already cooperate with European authorities, but say they are limited by U.S. law. In general, the U.S. companies will only turn over limited personal information about users to a limited set of U.S.-allied countries. They direct European authorities to channel more-detailed requests to the U.S. government.
Tech executives say they are particularly wary of setting a precedent that would encourage countries to make surveillance demands beyond their borders—arguing it could embolden authoritarian countries to pass similar laws.
"The legislation must avoid conflicts with the laws of other nations and contribute to a system where like-minded governments work together, not in competition, to keep people more secure," a Microsoft spokesman said.
Write to Alexis Flynn at alexis.flynn@wsj.com and Sam Schechner at sam.schechner@wsj.com
(END) Dow Jones Newswires
January 08, 2016 02:15 ET (07:15 GMT)
Copyright (c) 2016 Dow Jones & Company, Inc.