The Competition & Markets Authority (CMA) released its interim report on mobile ecosystems at the beginning of the year, prompting some of the UK’s biggest mobile networks to raise their own concerns about Apple Private Relay.
The response comes from Mobile UK – a trade association that includes EE, Virgin Media O2, Three and Vodafone – and details all the problems the networks have with Private Relay, a security feature Apple launched in 2021.
Private Relay is a tool designed to protect user privacy when browsing in Safari by sending web requests through two separate Internet relays.
In the first relay, the user’s IP address is visible to Apple and their network provider but the web address they’re visiting is hidden. In the second relay, a third-party provider gives the user a temporary IP address, decrypts the web address and connects them to that site.
This means that no organisation (including Apple itself) can see both who is browsing and which sites they’re visiting and build a comprehensive profile on them based on their Internet usage.
According to Mobile UK’s letter, “Private Relay affects Apple users in many ways, beyond simply what level of privacy a user wants”.
The trade association is concerned that by sending users through an array of Apple products, including iOS, Safari and iCloud, Apple is curating the way that consumers access the internet and taking on the role of an ISP without incurring any of its obligations, such as Net Neutrality.
“Competition between ISPs in the UK (fixed and mobile) is intense; Private Relay will diminish the role of the ISP and undermine their ability to differentiate and to compete in the market on fair terms”, wrote Mobile UK.
The group also raised concerns over security, arguing that in encrypting traffic over Safari, Private Relay could compromise the content filtering, malware, anti-scamming and phishing protection provided by networks.
Banning network and network providers from access traffic information will also affect what law enforcement can see, which Mobile UK says could impact its mobile networks’ ability to assist with harm reduction when it comes to “terrorism, serious organised crime, child sexual abuse and exploitation” in the UK.
Mobile networks also use Internet traffic to understand demand patterns across mobile networks.
“Losing this information could compromise future network optimisation and investment prioritisation”, said Mobile UK.
Finally, the group warned of reports that Apple users have suffered worse browsing experiences with Private Relay on and argued that Apple could benefit from these experiences, as more users may choose to download apps from the App Store where Apple can earn a commission.
While Private Relay is currently an opt-in feature (it’s currently in its beta stage), the group fears that Apple will make it switched on by default later in 2022.
“Private Relay should not be presented as a set up option or installed as a default-on service. It should be made available as an App with which others can compete with similar services such as VPNs”, concluded Mobile UK.
The mobile trade association also argued that Apple should be forced to notify relevant third parties in advance when introducing Private Relay services, giving network providers time to inform customers about changes to their security solutions and governments of how Private Relay will affect their investigatory powers insight from network traffic data.
“Mobile UK is very concerned that consumers are not fully informed about how Private Relay works or that they understand the full implications of invoking the services”.