Law enforcement agencies around the globe have stepped up their requests for greater authority in the weeks following a series of deadly terrorism attacks in Paris and San Bernardino in the United States. Public officials have called for new ways to spy on terrorist groups and their communications, some of which is said to take place secretly on encrypted Internet messaging platforms.
UK officials argue that the ability to intercept and view digital communications in transit "are essential to
tackle child sexual exploitation, to dismantle serious crime cartels, take drugs and guns off our streets and prevent terrorist attacks."
But tech companies say the Investigatory Powers bill could lead to abuse. It would open the door, they say, to demands that U.S. firms provide authorities with special access into otherwise secure communications, undermining privacy for all.
"The reality is, if you put a back door in, that back door’s for everybody — for good guys and bad guys," Apple chief executive Tim Cook said in an interview on CBS's "60 Minutes" Sunday.
Apple struck much the same tone in its feedback to the U.K. government Monday.
"The best minds in the world cannot rewrite the laws of mathematics," reads the filing, a copy of which was obtained by The Washington Post. "Any process that weakens the mathematical models that protect user data will by extension weaken the protection."
Privacy analysts said Monday that the Investigatory Powers bill would set a remarkable surveillance precedent.
"It also somewhat brazenly seeks to extend UK law to the entire Internet by allowing UK authorities to demand non-UK businesses retain data about their users' behaviors online," said Joseph Lorenzo Hall, chief technologist at the U.S.-based Center for Democracy and Technology.
Industry officials worry that the extension of British law abroad could also breed confusion and legal uncertainty.
The proposed powers laid out in the legislation "broadly and unilaterally assert UK jurisdiction overseas," Yahoo argues in its testimony, potentially producing "highly problematic" conflicts between British law and the rules of other countries. Companies obligated to follow the British legislation could run up against U.S. privacy regulations, for example.
Government attempts to seize customer data stored outside of the United Kingdom should be subject to strict intergovernmental processes, according to some companies. Without the use of mutual legal agreements between countries, one government's requests for user data could end up violating the rights of the target living in another country, the firms said.
"The legislation must avoid conflicts with the laws of other nations and contribute to a system where like-minded governments work together, not in competition, to keep people more secure," said Microsoft in a statement. "We appreciate the government's willingness to engage in an open debate and will continue to advocate for a system that is workable on a global basis."
Google and Facebook didn't immediately respond to requests for comment Monday.
Tech companies aren't alone in pointing out the challenges for the U.K. government. European telecom companies including Vodafone, O2 and 3 said last week the bill could be costly to implement if it is approved — particularly because they could be required to begin monitoring and collecting information about what is traversing their networks like never before.
"I am concerned that we will perhaps solve one problem, but not necessarily in the best way, and create another cybersecurity problem," said Mark Hughes, Vodafone's head of security, before a government panel last week.
The Investigatory Powers bill is expected to move forward next summer in Parliament after officials have had a chance to review the comments from tech companies and other groups.