Yoodley is reader-supported. When you buy through links on our site, we may earn an affiliate commission.

More details about the changes in the United Kingdom’s Investigatory Powers Act (IPA) 2016 are becoming clearer, and that includes the things the government wants to control. As it appears, the Home Office doesn’t only want to have power over the security features being handled by tech companies like Apple but also the security updates they are providing to customers.

Different companies already expressed initial dislike over the matter, which is reasonable. As we explained in a report in July:

IPA gives the UK’s security and intelligence agencies, law enforcement and other public authorities investigatory powers over interception of communications, retention and acquisition of communications data, equipment interference for obtaining communications and other data, and retention and examination of bulk personal datasets. However, the changes the UK wants will further force tech companies to submit to the authorities’ demands, which could negatively impact their customers’ privacy and security.

To start, the changes will require companies to first inform the Home Office regarding changes in the security features of their products before releasing them. It also obliges non-UK-based companies to comply with changes that would affect their product globally, including providing a backdoor to end-to-end encryption. Lastly, the changes will push companies to follow the order of the Home Office to disable or block a security feature immediately without having the option to appeal this or request a review.

Unfortunately, as pointed out by the security online forum Just Security (via 9To5Mac), the proposed change in the IPA would go beyond the security features in devices: it will also affect the security updates and patches the companies are providing to customers. Under the proposal, companies would also need to inform the government prior to the rollout of any security update. Worse, the Secretary of State can request these companies not to release them just to allow the government to continuously snoop on people’s devices.

Device manufacturers would likely also have to notify the government before making available important security updates that fix known vulnerabilities and keep devices secure. Accordingly, the Secretary of State, upon receiving such an advance notice, could now request operators to, for instance, abstain from patching security gaps to allow the government to maintain access for surveillance purposes.

The legislators want to downplay the severity of the proposal’s effect by saying that the practice would only be limited to individuals considered terror offense suspects and could only be employed for a maximum of six months. Blocking an update meant to protect customers in the entire country from possible attacks, however, invalidates the idea completely. In case pushed, this will be an incredibly massive issue not only for Apple — which endorses security as one of the top attractions of its devices like the iPhone — but also for other companies and the entire population of the UK population.

What’s your opinion about this matter? Let us know in the comment section!


Please enter your comment!
Please enter your name here