The Mobile UK trade body, which represents Three UK, EE (BT), O2 (VMO2) and Vodafone, has called upon the Competition and Markets Authority to probe the impact of Apple’s new iCloud linked internet privacy tool – ‘Private Relay‘ – due to concerns over its negative impacts on their network optimisation and filtering measures.

According to Apple, the iCloud Private Relay service is designed to “protect your privacy by ensuring that when you browse the web in Safari, no single party – not even Apple – can see both who you are and what sites you’re visiting.” In short, it’s similar to a Virtual Private Network (VPN) and encrypted Domain Name System (DNS) service, albeit with a few differences (see our summary of Private Relay).

NOTE: Private Relay is a beta service in iOS15, with limited availability, and to access it you’d first have to pay for an iCloud+ account (purchasable from just £0.79/mo for 50GB – these can be upgraded to ‘Plus’ at no extra cost). But it only works with traffic that goes through the Safari browser.

However, much like the previous debates over past privacy enhancing features (e.g. DNS over HTTPS – DoH), larger home broadband ISPs and mobile network operators have already raised some concerns about the impact of such a feature on their networks and services (here and here).

Aside from making it harder to track the basic browsing activity of their customers (as demanded by the government’s Investigatory Powers Act 2016), the feature can also circumvent internet censorship tools, cause speed issues on certain sites that aren’t optimised for it, stop the ability to zero rate data for certain sites and make it difficult for operators to optimise their content delivery traffic / caching for video streaming etc.

On top of that, there’s a concern that the service may incentivise content providers to work more closely with Apple friendly Content Delivery Networks (CDNs), which might create market distortions. Should the feature be rolled out more generally in the future, and without the subscription model, then this could place Apple at the centre of a high percentage of web transactions (i.e. a lot of power to be handing one company).

All of these issues and more (see further below for a full list) have now been highlighted as part of Mobile UK’s response to the CMA’s interim report on their mobile ecosystem market study.

Mobile UK Report Statement

The CMA’s market study must therefore consider the impact of Private Relay on consumers and the market more generally, and assess whether its introduction further entrenches the market position of Apple. If so, the CMA should assess how regulation can prevent harm to consumers, including through the application of a Code of Conduct or pro-competition interventions for firms identified with strategic market status (“SMS”) by the mobile ecosystem market study.

…

Mobile UK is very concerned that consumers are not fully informed about how Private Relay works or that they understand the full implications of invoking the services. Customers think the service is making everything private and harder to intercept/hack. What most do not realise, though, is that all traffic is now shipped through Apple, who control the user experience. This may stop other helpful features from working and will add latency and jitter to time sensitive applications due to everything funnelling through icloud. It could thus harm new edge applications, just as edge applications are starting to take off.

However, many UK consumers will undoubtably see some benefit in quite a few of the areas that mobile operators view as a negative. Furthermore, it’s important to remember that a lot of the complaints being levelled against Private Relay could be equally applied to a broad spectrum of VPN, Proxy, Encrypted DNS and other internet privacy enhancing features, which are nothing new to this market. The CMA will need to consider that.

Suffice to say, Mobile UK appears to be taking the ‘throw everything at it but the kitchen sink‘ approach to their complaint, but as a result of that it’s not presently clear how many of the things they’ve opted to throw will actually land and receive a positive response.

Some of their arguments do have merit (e.g. consumers may not expect the impact on zero rating, which could result in bill shocks), but the fact that Apple’s service is still both in beta, and restricted to a paid product, will probably work in the technology firm’s favour.

The trade body has also proposed some remedies that the CMA “should consider” in its market study, including the obvious one of preventing Apple from making Private Relay a default-on service. In addition, they also propose to make switching between browsers easier, as well as to increase interoperability of browsers and remedies to address the ability to exercise market power in browsers.

At this point we should highlight that, with a few exceptions (e.g. merger investigations), the CMA tends to be more of a reactionary regulator, which often only acts after seeing provable harm. In this case, it may be too early for the CMA to pass judgement on Private Relay, but we’ll find out the answer to that on 14th June 2022 – deadline for their final report.

Summary of Mobile UK’s Gripes vs Private Relay

Whilst Apple claims Private Relay enhances the privacy of its users, there are a range of other implications to consumers and the mobile ecosystem, including:

a. Customers are directed to more Apple services, accessing the internet in a manner curated by Apple. In fact, Apple is inserting itself into the role of ISP without incurring any of the obligations (such as Net Neutrality) that exist. Apple could thus leverage its position in the device and operating system to grow its iCloud+ user base and to develop its position as an ISP.

b. Competition between ISPs in the UK (fixed and mobile) is intense; Private Relay will diminish the role of the ISP and undermine their ability to differentiate and to compete in the market on fair terms.

c. Online harms: Private Relay encrypts traffic over the Safari browser, compromising the content filtering, malware, anti-scamming and phishing protection provided by network providers.

d. National security: By preventing network providers and Apple from accessing information on traffic encrypted by the service, Private Relay impairs the insights available under the Government’s investigatory powers, with implications for law enforcement, impacting our ability to assist with harm reduction to consumers and the UK (covering terrorism, serious organised crime, child sexual abuse and exploitation).

e. Network performance and security: The traffic information over Safari allows network providers to understand demand patterns across mobile networks. Losing this information could compromise future network optimisation and investment prioritisation.

f. User experience: There are reports that Apple users have suffered a worse browsing experience when using Private Relay. As a result, Apple may benefit from migration of certain traffic away from the Safari browser to apps downloaded from the App Store, where Apple can earn a commission.

g. Customer experience: Private Relay may reduce the ability to diagnose customer issues (due to loss of network data insights) and bill shock, where the customer has the expectation of zero-rated traffic types (such as, when launched, emergency calls over video relay) and content, for example bundling of gaming/sporting content and government Covid sites / applications.

h. Future innovation: By losing access to web traffic information on Apple devices, network providers have less ability to develop new services based on customer insight from web traffic. For example, new innovations in security solutions by network providers often make use of insight from web traffic information.