In a complaint to the regulator, UK network operators target iCloud Private Relay 2022

Apple’s privacy service, UK network operators target iCloud Private Relay, has been publicly asked by a consortium of UK network operators to be regulated by the UK’s Competition and Markets Authority (CMA), saying that it is anti-competitive, possibly harmful to customers, and national security danger.

In a complaint to the regulator, UK network operators target iCloud Private Relay

UK network operators target iCloud Private

Mobile UK, a trade association of British mobile network operators including EE, Virgin Media, O2, Three, and Vodafone, has expressed concerns about iCloud Private Relay having a negative impact on user experience, internet safety, and competition in its response to the CMA’s Interim Report on mobile ecosystems.

iCloud Private UK network operators target iCloud Private is a new service introduced with iOS 15 that encrypts all traffic leaving an iPhone, iPad, or Mac using two separate internet relays, preventing companies from using personal information such as IP addresses, location, and browsing activity to build detailed profiles about users.

Following Microsoft’s formal complaint regarding UK network operators target iCloud Private Relay, Mobile UK believes that the privacy service has unintended consequences for users: “Private Relay has a wide range of implications for Apple consumers, far beyond the level of privacy they choose.” “Apple customers have had a worse surfing experience when utilizing Private Relay,” for example. This is said to have the ability to encourage consumers to “migrate” away from “the Safari browser” and toward “software downloaded via the App Store, where Apple earns a fee.”

UK network operators target iCloud Private hides network activity from Safari and other unencrypted apps from network providers. The mobile UK claims that by blocking network operators from seeing this information, Private Relay hinders service providers’ capacity to diagnose customer difficulties by preventing them from recognizing “demand trends across mobile networks.”

Furthermore, UK network operators target iCloud Private is said to affect network providers’ “content filtering, malware, anti-scamming, and phishing protection.” Private Relay, according to Mobile UK, is a national security threat since it “impairs the insights available under the Government’s investigative powers, with implications for law enforcement” in the areas of “terrorism, major organized crime, child sexual abuse, and exploitation.”

Apple is said to be able to “leverage its immense market strength into numerous parts of the market, therefore being able to further consolidate its position” using Private Relay. According to Mobile UK, “providers will not be able to use the traffic data to construct their own competitive mobile browsers in the future” as a result of Private Relay, as well as other services that directly compete with Apple:

Network providers would no longer be able to use Safari web traffic statistics to construct their own digital products and services that compete with Apple directly. A network provider, for example, may no longer have access to information about a user’s content viewing habits in order to create their own content to compete with Apple TV. Similarly, a network provider may no longer be permitted to share consumer data with third parties who compete with Apple Search Ads in the digital advertising space.

Mobile UK claims that UK network operators target iCloud Private is actively undermining the ability of UK Internet Service Providers (ISPs) “to differentiate and compete in the market on fair terms” since Apple is basically becoming an ISP:

Apple unilaterally terminates the role of the mobile and fixed connectivity provider in resolving the internet connection, with Apple itself taking over the role of the ISP. The mobile and fixed connectivity provider’s role is reduced to providing conveyance from the handset/home to the Apple iCloud platform.

“Apple might thus utilize its position in the device and operating system to build its iCloud + user base to develop its position as an ISP,” Mobile UK is concerned.

Furthermore, according to the trade group, UK network operators target iCloud Private drives customers to more Apple services, “accessing the internet in an Apple-curated manner.” Apple can use Private Relay to “prefer its own proprietary applications and services over those of other vendors.”

UK network operators target iCloud Private Relay “affects competition in mobile browsers,” according to Mobile UK, pointing out that “competitive browsers cannot differentiate themselves readily” due to Apple’s WebKit browser engine constraint. Users can’t “convert to an alternate browser” to avoid Private Relay, according to the organization, since “the capacity of rival browsers to differentiate themselves from Safari will still be constrained by the restrictions of Apple’s browser engine.”

Finally, the trade group claims that Private Relay has to be regulated beyond its appearance as a privacy service:

Mobile UK is very concerned that consumers are not fully informed about how Private Relay works or that they understand the full implications of invoking the services.

The CMA should impose “a remedy that limits the usage of Private Relay,” or “at the absolute least” prevent “Apple from making Private Relay a default-on service,” according to Mobile UK. “Private relay is now default-off,” according to the complaint, “but it is already being used by a considerable fraction of Apple users in the UK, despite being in beta mode.”

Private Relay should not be presented as a set up option or installed as an on-default service. It should be made available as an app with others can compete with similar services such as VPNs. Apple should notify relevant third parties in advance of introducing Private Relay services, so that third parties can inform their customers of how their service may change were Private Relay to be used. For example, advance warning of the introduction of Private Relay would have allowed network providers to inform customers how their security solutions may change and also inform Government how it changes their investigatory powers insight from network traffic data.

See Mobile UK’s full submission to the CMA for additional details. In the European Union, iCloud Private Relay has been met with similar suspicion, with major mobile operators requesting that it be banned for encroaching on EU “digital sovereignty.”

In its lengthy answer to the CMA earlier this week, UK network operators target iCloud Private vehemently defended its ecosystem. The regulator had set aside the benefits of Apple’s ecosystem “without reasoned foundation, either disregarding them totally or dismissing them on the basis of nothing more than guesswork,” according to the complaint. The CMA’s Interim Report, according to Apple, is based on “unsubstantiated allegations and hypothetical concerns raised primarily by self-serving complaints” from a small group of multibillion-dollar corporations, “all seeking to make deep changes to the iPhone for their own commercial gain, without independent verification.”