U.S. tech companies say U.K. privacy bill poses ‘serious threat’ to communication

Happy Tuesday! I’m Trisha Thadani, a technology reporter at The Washington Post subbing for Cristiano. I’m focused on Apple, and its influence on society, politics and policy. Got any tips, or just want to say hi? You can reach me at [email protected]: California probes connected cars, and Democrat-led states urge an appeals court to lift a social media order. First:

Silicon Valley tech companies are pushing back against a proposed safety bill in the United Kingdom, arguing the new law would imperil the security of popular messaging apps, jeopardize the privacy of users around the world — and drive at least one app to leave the U.K. all together.

The Online Safety Bill, which is up for a third vote in September, would mandate companies proactively report illegal activity on their services, like child abuse. But many of the world’s most popular messaging apps — such as iMessage, WhatsApp and Signal — are end-to-end encrypted, which means the companies don’t have access to private communications on the services.

If the law passes, it would amount to some of the tightest restrictions in the world for how tech companies police content. To comply, several companies, including Meta’s WhatsApp, said in a joint statement that the bill would force them to monitor communications on their products so they could report harmful content. The companies said the so-called back door to encryption could be seized by “malicious actors and hostile states.”

Meredith Whittaker, president of encrypted messaging app Signal, said in an interview with a British TV station that the new regulations would force her company to pull the product from the U.K. altogether.

“There is no way to create a back door that bad guys can’t walk through,” she said. “If the British police can get in, hostile nations can get in. [Russian President Vladimir] Putin can get in, the Iranian government can get in. It’s important that we maintain the security and integrity of these systems.”

In a separate statement to The Washington Post, Apple — which has some of the most widely used encrypted apps in the world — said the bill poses a “serious threat” to privacy.

“End-to-end encryption is a critical capability that protects the privacy of journalists, human rights activists and diplomats. It also helps everyday citizens defend themselves from surveillance, identity theft, fraud and data breaches,” said Fred Sainz, a spokesperson for Apple, who added the bill “could put U.K. citizens at greater risk.”

The debate comes as tech companies seek to rapidly expand encryption on their platforms, arguing that users should feel confident that their communications are fully private. For example, Facebook has said it plans to roll out end-to-end encryption across all of its platforms, while Elon Musk — owner of Twitter, recently rebranded as X — has previously said the company should encrypt direct messages on its platform.

Officials in the U.K.’s Department for Science, Innovation and Technology said companies should only implement end-to-end encryption if they can simultaneously prevent “abhorrent” child sexual abuse on their platforms. They maintain that the bill does not ban end-to-end encryption and also does not require services to weaken encryption.

U.K. officials have also argued that end-to-end encryption comes with a major privacy trade-off: while most users may feel more safe using the platform, they say it also allows companies to shirk responsibility of illegal activity, essentially protecting criminal behavior on their platforms.

Encryption has also divided domestic regulators and technology companies, triggering tension with U.S. law enforcement. Apple’s opposition to the bill harks back to a clash with the FBI, when the agency tried getting information from the iPhone of a suspect in the 2015 San Bernardino, Calif., terrorist attack.

Privacy experts and digital rights groups say creating a back door for the government is a slippery slope for the tech companies, as such sweeping legislation by a Western democracy could enable similar efforts from governments around the world — including from the U.S. government.

A similar debate is playing out in Congress over the bipartisan EARN IT Act, which would strip tech companies of liability protections when their users share child pornography and other materials that exploit children. Technologists, industry groups, civil rights advocates and LGBTQ+ interest groups have sharply opposed the bill, warning of the chilling effect it could have on free expression online.

Meanwhile, U.K. officials are also looking to update the Investigatory Powers Act of 2016 to require messaging services to run security features by the Home Office before releasing them and also allow the government to privately demand that some features are disabled.

In a nine-page memo obtained by The Post, Apple slammed this amendment, saying it could “force a company like Apple, that would never build a backdoor, to publicly withdraw critical security features from the UK market, depriving UK users of these protections.”

Andrew Crocker, a director at the Electronic Frontier Foundation, said threatening to remove products from the U.K. over these bills is an extreme reaction from the technology companies — but the threats are also “appropriate” because “what is being proposed is quite extreme.”

“Due to the nature of how these products operate, the [Online Safety Bill] will have an impact around the world,” Crocker said. “Providers can either modify their products for everyone all around the world, cater to the lowest common denominator, or they could say we are only going to give our most secure products to those outside the U.K.”

“None of those are good options,” he said.

The U.S. Treasury Department reviewed a record number of foreign transaction investment requests in 2022 amid a Biden-era push to spur U.S. leadership in emerging technologies, David Shepardson reports for Reuters.

The Committee on Foreign Investment in the United States (CFIUS), a panel responsible for evaluating the national security risks of cross-border exchanges, said in its annual report it “reviewed 286 ‘covered notices’ for transaction approvals last year, up from a record 272 in 2021,” Shepardson writes.

President Biden last year “told CFIUS to sharpen its focus on threats to sensitive data, cyber security and areas such as microelectronics and artificial intelligence, and to more closely vet transactions that could affect U.S. leadership in biotechnology and quantum computing,” Reuters adds.

The report comes as the United States has steadily levied export controls that aim to stifle China’s access to AI chips and other cutting-edge hardware. CFIUS in March also pushed for TikTok’s Chinese owners to divest themselves from the app amid national security concerns over its alleged links to Beijing. Chinese investors notably filed 36 notices seeking approval for deals in 2022, versus 44 in 2021 and 17 in 2020.

The California Privacy Protection Agency will use its newly empowered authority to probe the data collection practices of new generation cars that are often or always connected to the internet, our colleague Joseph Menn reports.

Joseph writes: “The agency was established by a 2020 ballot initiative that toughened the California Consumer Privacy Act of 2018. As of July 1, it can conduct operations to enforce Californians’ right to learn what is being collected about them, the right to stop that information from being spread and the right to have it deleted.”

Car-based data collection has increased steadily in recent years as users leverage modern vehicle features that allow them to connect their phones for calling, music or navigation instructions. Such information is often sought by businesses aiming to advertise their products to drivers, the report notes.

“Though phone connections beam detailed call logs and contacts lists to the automakers and their business partners, those companies have vague privacy policies, ” the report adds.

A group of Democratic state attorneys general asked the New Orleans-based U.S. Court of Appeals for the 5th Circuit to lift a July 4 order that sharply curtails the federal government’s ability to communicate with social media companies, Brendan Pierson reports for Reuters.

Pierson writes: “The top law enforcement officers of 20 states and the District of Columbia, led by New York Attorney General Letitia James, said in a filing on Friday … that the order hampers efforts by government officials to stop the spread of false information.” The order is temporarily on hold while the Biden administration appeals it.

The order from U.S. District Judge Terry Doughty in Louisiana prohibits key federal agencies and officials from meeting and communicating with social media companies about “protected free speech.” The Justice Department previously called the move overly broad, arguing it could prevent the government from warning people about misinformation during national emergencies.

The order stems from a May 2022 lawsuit which “alleged that U.S. government officials, under both Democratic President Joe Biden and his Republican predecessor Donald Trump, effectively coerced social media companies to censor posts over concerns they would fuel vaccine hesitancy during the COVID-19 pandemic or upend elections,” the Reuters report says.

Twitter parent X Corp. threatens to sue a nonprofit that studies hate speech, alleging their findings harm Twitter’s business. Our colleague Taylor Lorenz:

Elon Musk claims he’s a “free speech absolutist,” but he is now using his attorneys to try to silence and threaten a non profit that tracks hate speech and violent extremism https://t.co/D4AXaZ1pMU @CCDHate

Columbia University journalism professor Emily Bell:

Those free speech advocates in full …. Legally threatening research outfits. Of course one route might just be to point to available data open to all researchers ….except it cut that off https://t.co/hweBdC2lZk

New York Times reporter Dave Itzkoff:

https://t.co/kFE0KUcplm pic.twitter.com/Kb2eStylTj

Move fast and beat Musk: The inside story of how Meta built Threads (Naomi Nix and Will Oremus)

Rise of AI newsbots shakes up India's media landscape (Nikkei Asia)

UK regulator seeks public input on Microsoft-Activision deal (Reuters)

US, Europe are growing alarmed by China’s rush into legacy chips (Bloomberg News)

Italian watchdog OKs Google's commitments to end data case (Reuters)

Cryptography may offer a solution to the massive AI-labeling problem (MIT Technology Review)

A Ponzi scheme targets desperate workers amid Zimbabwe’s employment crisis (Rest of World)

‘SHUT IT OFF!!' Disruptive new 'X’ logo removed in San Francisco (Max Hoppenstedt and Trisha Thadani)

Guess whose 1st birthday is in 3 days? 👀 https://t.co/cXH4RYIbSL pic.twitter.com/P8AYRtdh9d

That’s all for today — thank you so much for joining us! Make sure to tell others to subscribe to The Technology 202 here. Get in touch with tips, feedback or greetings on Twitter or email.