UK network operators target private iCloud relay in complaint to regulator

A group of UK network operators have formally urged the UK Competition and Markets Authority (CMA) to regulate iCloud Private Relay, claiming that Apple’s privacy service is uncompetitive, potentially harmful to users and a national security threat.

Public iCloud feature
In its response to the CMA’s interim report on mobile ecosystems, Mobile UK, a trade association of British mobile network operators including EE, Virgin Media O2, Three and Vodafone, raised concerns that ‌iCloud‌ Private Relay could Have a negative impact on user experience, Internet security and competition.

‌iCloud‌ Private Relay was a new service introduced with iOS 15 that ensured that all traffic leaving an iPhone‌, iPad‌‌ or Mac was encrypted using two separate Internet relays, so that companies could not use personal information such as IP address, location, and browsing activity to create detailed profiles of users.

After filing a formal complaint about Microsoft’s Private Relay, Mobile UK claims that the privacy service can have undesirable side effects for users: “Private Relay affects Apple users in many ways, beyond simply the level of privacy a user wants.” For example, “Apple users experienced a worse browsing experience when using Private Relay.” This allegedly has the potential to push users to “migrate” away from the “Safari browser to apps downloaded from the App Store where Apple can earn a commission”.

Private Relay prevents network providers from seeing network traffic from Safari and unencrypted apps. In preventing network operators from seeing this traffic, Mobile UK says Private Relay prevents service providers from understanding “demand patterns across mobile networks”, limiting their ability to effectively diagnose customer problems.

Furthermore, Private Relay allegedly compromises “content, malware, anti-fraud, and anti-phishing protection provided by network providers.” Mobile UK also claims that the Private Relay is a national security threat, as it “impairs insights available under government investigative powers, while including law enforcement” in relation to “terrorism, serious organized crime, child sexual abuse and exploitation.”

Private Relay allegedly allows Apple to “leverage on its significant market power in several market areas and thus be able to establish itself further.” Mobile UK says that due to the private relay feature, “service providers will not be able to use traffic data to develop their own competing mobile browsers in the future,” as well as other services that directly compete with Apple:

Network providers will no longer be able to use web traffic data through Safari to develop their digital products and services that complete directly with Apple. For example, a network provider may not be able to access information about a user’s content viewing habits to develop their own content that competes with Apple TV. Likewise, the network provider may not be able to share consumer insights with third parties that provide digital advertising services in competition with Apple search advertising…

Mobile UK asserts that the ability of UK Internet Service Providers (ISPs) to “discriminate and compete in the marketplace on fair terms” is being undermined by Private Relay given that Apple has effectively become an ISP:

Apple unilaterally ends the role of the fixed-line and mobile provider in the Internet connection solution, with Apple itself taking over the role of the Internet service provider. The role of the fixed and mobile connection provider has been reduced to providing transfer from the phone/home to the Apple iCloud platform.

Mobile UK is concerned that “Apple could therefore take advantage of its position in the device and operating system to grow its iCloud ‌+ user to advance its position as an Internet service provider.”

Furthermore, the trade association said that Private Relay directs users to more Apple services, “accessing the Internet in an Apple-sponsored manner.” Private Relay enables Apple to “prefer its own owned apps and services, at the expense of other service providers.”

Mobile UK also said that Private Relay “affects competition in mobile browsers”, highlighting that “competing browsers cannot distinguish themselves easily” as a result of a restriction on Apple’s WebKit browser engine. The organization complains that users cannot “switch to an alternative browser” to avoid Private Relay because “the ability of a competitor’s browser to differentiate itself from Safari will still be limited by the terms of the Apple browser engine.”

In conclusion, the trade association says that Private Relay should be regulated beyond superficial existence as a privacy service:

Mobile UK is seriously concerned that consumers are not fully aware of how Private Relay works or that they understand the full implications of a service recall…

[…]

Thus, the effect of private migration is multidimensional and can only be assessed through a specificity lens.

Mobile UK urged the CMA to implement “a remedy that limits the use of private relays”, or “at least” prevents “Apple from making the private relay service a default”. The complaint noted that “Private Relay is currently off default but is already in use by a significant portion of Apple’s UK customers, despite being in beta mode.”

Private migration should not be offered as a setup option or installed as a service in default. It should be available because the app with others can compete with similar services like VPNs. Apple must notify relevant third parties in advance of the provision of Private Relay services, so that third parties can inform their customers how to change their service if they use Private Relay. For example, forewarning about the introduction of Private Relay would have allowed network providers to inform customers how their security solutions might change and also inform the government about how it changed its view of investigative authorities on network traffic data.

For more information, see Mobile UK’s complete application to the CMA. iCloud Private Relay has come under similar suspicion in the European Union, where major mobile operators have sought to ban “private relays” for violating EU “digital sovereignty”.

Earlier this week, Apple vigorously defended its ecosystem in its detailed response to the CMA. She said the regulator had set aside the merits of Apple’s ecosystem “without rationale, either by ignoring them entirely or rejecting them on the basis of no more than speculation.” Apple claimed that the CMA’s interim report was based on “unsubstantiated allegations and hypothetical concerns raised primarily through self-service complaints” from a few multi-billion dollar companies, all of which seek to make profound changes to the “iPhone”. “For its own commercial gain, without independent verification.”