Apple's privacy service, iCloud Private Relay, has been publicly asked by a consortium of UK network operators to be regulated by the UK's Competition and Markets Authority (CMA), saying that it is anti-competitive, possibly harmful to customers, and a national security danger.
Mobile UK, a trade association of British mobile network operators including EE, Virgin Media, O2, Three, and Vodafone, has expressed concerns about iCloud Private Relay having a negative impact on user experience, internet safety, and competition in its response to the CMA's Interim Report on mobile ecosystems.
iCloud Private Relay is a new service introduced with iOS 15 that encrypts all traffic leaving an iPhone, iPad, or Mac using two separate internet relays, preventing companies from using personal information such as IP addresses, location, and browsing activity to build detailed profiles about users.
Following Microsoft's formal complaint regarding Private Relay, Mobile UK believes that the privacy service has unintended consequences for users: "Private Relay has a wide range of implications for Apple consumers, far beyond the level of privacy they choose." "Apple customers have had a worse surfing experience when utilising Private Relay," for example. This is said to have the ability to encourage consumers to "migrate" away from "the Safari browser" and toward "software downloaded via the App Store, where Apple earns a fee."
Private Relay hides network activity from Safari and other unencrypted apps from network providers. Mobile UK claims that by blocking network operators from seeing this information, Private Relay hinders service providers' capacity to diagnose customer difficulties by preventing them from recognising "demand trends across mobile networks."
Furthermore, Private Relay is said to affect network providers' "content filtering, malware, anti-scamming, and phishing protection." Private Relay, according to Mobile UK, is a national security threat since it "impairs the insights available under the Government's investigative powers, with implications for law enforcement" in the areas of "terrorism, major organised crime, child sexual abuse, and exploitation."
Apple is said to be able to "leverage its immense market strength into numerous parts of the market, therefore being able to further consolidate its position" using Private Relay. According to Mobile UK, "providers will not be able to use the traffic data to construct their own competitive mobile browsers in the future" as a result of Private Relay, as well as other services that directly compete with Apple:
Network providers would no longer be able to use Safari web traffic statistics to construct their own digital products and services that compete with Apple directly. A network provider, for example, may no longer have access to information about a user's content viewing habits in order to create their own content to compete with Apple TV. Similarly, a network provider may no longer be permitted to share consumer data with third parties who compete with Apple Search Ads in the digital advertising space. ..
Mobile UK claims that Private Relay is actively undermining the ability of UK Internet Service Providers (ISPs) "to differentiate and compete in the market on fair terms" since Apple is basically becoming an ISP:
Apple terminates the role of the mobile and fixed connectivity provider in resolving the internet connection, taking over the role of the internet service provider. The job of the mobile and fixed connectivity provider is reduced to transporting data from the handset/home to the Apple iCloud platform.
"Apple might thus utilise its position in the device and operating system to build its iCloud + user base to develop its position as an ISP," Mobile UK is concerned.
Furthermore, according to the trade group, Private Relay drives customers to more Apple services, "accessing the internet in an Apple-curated manner." Apple can use Private Relay to "prefer its own proprietary applications and services over those of other vendors."
Private Relay "affects competition in mobile browsers," according to Mobile UK, pointing out that "competitive browsers cannot differentiate themselves readily" due to Apple's WebKit browser engine constraint. Users can't "convert to an alternate browser" to avoid Private Relay, according to the organisation, since "the capacity of rival browsers to differentiate themselves from Safari will still be constrained by the restrictions of Apple's browser engine."
Finally, the trade group claims that Private Relay has to be regulated beyond its appearance as a privacy service:
Consumers are not completely educated on how Private Relay works, nor do they grasp the full implications of using the services, according to Mobile UK...
The CMA should impose "a remedy that limits the usage of Private Relay," or "at the absolute least" prevent "Apple from making Private Relay a default-on service," according to Mobile UK. "Private relay is now default-off," according to the complaint, "but it is already being used by a considerable fraction of Apple users in the UK, despite being in beta mode."
Private Relay should not be offered as a configuration option or installed as the default service. It should be available as an app so that it can compete with other similar services like VPNs. Apple should notify relevant third parties ahead of time about the introduction of Private Relay services so that third parties can advise their customers about how their services might change if Private Relay is used. For example, giving network providers advance notice of the adoption of Private Relay would have allowed them to notify customers about how their security solutions would change, as well as the government about how their investigative authorities based on network traffic data might alter.
See Mobile UK's full submission to the CMA for additional details. In the European Union, iCloud Private Relay has been met with similar suspicion, with major mobile operators requesting that it be banned for encroaching on EU "digital sovereignty."
In its lengthy answer to the CMA, Apple defended its ecosystem vehemently. The regulator had set aside the benefits of Apple's ecosystem "without reasoned foundation, either disregarding them totally or dismissing them on the basis of nothing more than guesswork," according to the complaint. The CMA's Interim Report, according to Apple, was based on "unsubstantiated allegations and hypothetical concerns raised primarily by self-serving complaints" from a small number of multibillion-dollar corporations, "all seeking to make deep changes to the iPhone for their own commercial gain, without verification."