Australia encryption bill will weaken cyber security, warns Apple
- 15 October, 2018 10:42
Apple has hit back against Australia's controversial surveillance bill by raising concerns about the Assistance and Access Bill, arguing its “dangerously ambiguous” wording will create a risk to weakened cyber security.
In its submission to a joint committee on intelligence and security, Apple argued it was imperative that law included a firm mandate to prohibit the weakening of encryption or security protections.
“Encryption is the single best tool we have to protect data and ultimately lives,” the company argued. “Software innovations of the future will depend on the foundation of strong device security.
"To allow for those protections to be weakened in any way slows our pace of progress and puts everyone at risk.
“Some suggest that exceptions can be made, and access to encrypted data could be created just for only those sworn to uphold the public good. That is a false premise. Encryption is simply math.
"Any process that weakens the mathematical models that protect user data for anyone will by extension weaken the protections for everyone. It would be wrong to weaken security for millions of law-abiding customers in order to investigate the very few who pose a threat."
Apple argued that the bill contained insufficient judicial oversight and “stifling” security requirements
The government has so far claimed the Telecommunication and Other Legislation Amendment (Assistance and Access) Bill 2018 is necessary to help police and intelligence agencies access online communications services sometimes employed by criminals, and has denied that it will weaken encryption.
Apple’s concerns also mirror those of the Digital Industry Group Inc (DIGI), a consortium which included Amazon, Google, Facebook, Oath and Twitter, in raising concerns that the bill’s vague wording may lead to systemic weaknesses being built or implemented into products.
“Without clearly defined parameters, we see no reason why the government could not seek to prevent particular users from receiving general security updates or prohibit providers from fixing mere security flaws that impact large numbers of customers but that may not qualify as “systemic” in the government’s eyes,” Apple stated.
“What is clear, is that without well-defined terms and narrowly tailored parameters, the government could compel providers to weaken critical protections that safeguard their customers’ most sensitive personal data.”
In addition, Apple argued against giving the Australian Security Intelligence Organisation (ASIO) power to impel providers to build intercept capabilities into their technology.
“Ordering providers to develop capabilities that would allow the government to eavesdrop on their customers would undermine security and shake confidence in the very technology that users rely on to process financial transactions, communicate sensitive information to their family members, or send intimate health data to healthcare providers,” the submission read.
Concerns over the bill’s potential impact on user privacy were also raised earlier this month when Digital Rights Watch, the Human Rights Law Centre, Amnesty International and Access Now joined forces to form their own coalition fighting the bill.
When asked about why the group had not joined the DIGI, the APF’s Dr Monique Mann told Computerworld it would be like getting “in bed with the evil empire”.