Tech giant Apple contended that the lack of judicial oversight could reduce customer trust and security, among other reservations over Australia’s draft decryption legislation
Australia recently joined forces with the US, the UK, Canada and New Zealand (called the Five Eyes alliance) to propose mandatory backdoors in encrypted chat in a bid to strengthen national security.
While the other Western countries have threatened to force tech companies to provide national security agencies with access to encrypted messages by establishing laws, Australia went ahead and did just that, drafting the Access and Assistance Bill 2018 and introducing it to Parliament last month.
However, critics have voiced their concerns over the proposed law, saying it would potentially require tech companies to build backdoors into their systems
Apple has challenged the premise behind Australia’s proposed decryption law, claiming that weakening encryption would lead to the profound risk of making criminals’ jobs easier.
In its submission to the Australian parliament on the draft legislation, which will require technology companies to provide law enforcement agencies with access to encrypted communications if passed, Apple said encryption is the best way to protect data and ultimately lives.
“Software innovations of the future will depend on the foundation of strong device security,” it said. “To allow for those protections to be weakened in any way slows our pace of progress and puts everyone at risk.”
Apple also took issue with the “dangerously ambiguous” terms of the draft legislation pertaining to encryption and security.
These include “overly broad powers that could weaken cyber security and encryption”, a “lack of appropriate independent judicial oversight”, and “technical requirements based only on the government’s subjective view of reasonableness and practicability”, among others.
They could also allow the government to “require the development of a tool that can unlock a particular user’s device regardless of whether such tool could be used to unlock every other user’s device as well”.
“All of these capabilities should be as alarming to every Australian as they are to us,” Apple said, even as it was appreciative of the government’s inclusion of language that prohibits requiring a provider to implement or build a systemic weakness or systemic vulnerability, or prevent remediation of a systemic weakness.
It urged the government to consider a provision similar to the UK’s Investigatory Powers Act that requires judicial review of proposed technical capability notices before such notices can be served on a supplier.
Besides Apple, Cisco has also raised concerns over the proposed decryption law. In its submission, it expressed “serious reservations” regarding provisions that threaten to undercut sustained efforts by Cisco and others to develop and maintain technologies that are secure, transparent, trustworthy and accountable.
Australia’s draft legislation is being supported by the Police Federation of Australia (PFA), representing the professional and industrial interests of 62,000 members at the national level.
In a statement, it argued that technologies such as encryption – while an important part of Australians’ everyday life – are also being used by organised criminals as well as terrorists.
By 2020, all communications among organised crime groups and terrorists will be encrypted, according to PFA estimates. Some 95% of Australia’s most dangerous criminals and terrorists already use encrypted communications, and 90% of the data being lawfully intercepted by the Australian Federal Police uses some form of encryption.
The PFA said it has been advised that similar obligations already apply to domestic communications companies, and that the proposed law “simply expands those obligations to offshore providers who are providing communication services in Australia”.