CHAPTER 11: SERVICE PROVIDERS
“Governments should not unilaterally try to compel disclosure of email or other
private content across international borders, particularly when that data
belongs to citizens of another country.”9
They were united in their opposition to any system in which they could be required to
hand even the US Government a key to encrypted material: even if this had been
feasible politically it was thought that it would, like the abandoned Clipper Chip
proposals which sought maintain access for intercepting agencies in the 1990s, simply
encourage new strategies for secure encryption.10
11.16. Some foreign companies have made clear their unwillingness to facilitate cooperation
with intelligence or law enforcement:
(a)
Telegram, which is used by many foreign fighters in Syria, advertises itself
heavily as privacy-secure, and promotes “crypto-contests” to test the security
of its encryption.11 Its co-founder Pavel Durov, a Russian citizen, is quoted as
saying: "The no. 1 reason for me to support and help launch Telegram was to
build a means of communication that can’t be accessed by the Russian security
agencies.”12
(b)
Apple has put its encryption beyond its own reach. It says of its messaging
service: “Apple has no way to decrypt iMessage and FaceTime data when it’s
in transit between devices. So unlike other companies’ messaging services,
Apple doesn’t scan your communications, and we wouldn’t be able to comply
with a wiretap order even if we wanted to.”13
Others, while understanding the importance of national security, feel discomfort about
bilateral negotiations with the UK Government because they are sensitive, postSnowden, to allegations that they are voluntary participants in privacy intrusion. As
one company put it to me: “We can’t get into conversations that leave our customers
on the outside ...our priority is our brand, not UK intelligence”.
11.17. The Government has asserted the extraterritorial effect of UK law, and made it explicit
in DRIPA 2014. In theory, therefore, the Government could seek to compel
cooperation by overseas service providers in the same way as it compels companies
based in the UK, although this has not yet been tested in a UK or foreign court. In a
narrow sense, this might be said to meet the desire of the US companies for legal
clarity. But overseas service providers are generally unhappy with the assertion of
extraterritoriality in DRIPA 2014, which they did not necessarily accept (despite the
view of the UK Government) to have been implicit in the previous law and had not
encountered in the laws of other countries. While legal compulsion was in principle
preferable to voluntary compliance, it was thought that the unilateral assertion of extraterritorial effect would be met by blocking statutes, was not “scalable to a global
9
10
11
12
13
Joint comments from Facebook, Google, Microsoft, Twitter and Yahoo, October 2014.
See 4.45 above.
See https://telegram.org.
“Why telegram has become the hottest messaging app in the world, The Verge website, 25 February
2014.
See the privacy section on Apple’s website: https://www.apple.com/uk/privacy/privacy-built-in/. Its
comments do not however apply to encrypted data on the iCloud.
206