Tech

Apple opposes new Australian legislation requiring tech companies to break encryption and hand over user data

Apple wrote a scathing critique of the new Access and Assistance Bill in a 7-page letter to the Australian government. This government draft law would impel tech companies with operations in Australia, like Apple, to assist law enforcement and government intelligence agencies in obtaining private electronic data. Although unable to cite evidence, the government claimed that encrypted communications are “increasingly being used by terrorist groups and organized criminals to avoid detection and disruption”.

Apple worries that this new legislation would raise cybersecurity concerns and be an infringement on user privacy. The company’s chief executive Tim Cook wrote an open letter in which he referred to the new draft law as “dangerous precedent.”

The company insists that the legislation relies primarily on the government’s “subjective” comprehension of “technical complexities”. Essentially, the government could compel a tech firm to break encryption, even though security experts, academics, and companies all agree that this would be “dangerous and irresponsible”.

Apple also contends that the laws could would result in “unprecedented power” for ASIO, Australia’s premier spy agency, to construct capabilities into their systems to intercept encrypted communications. These changes, Apple says, would “allow the government to eavesdrop on their customers.”

“We encourage the government to stand by their stated intention not to weaken encryption or compel providers to build systemic weaknesses into their products.” said Apple.

Apple laid out six major concerns over the new law, each arguing that the bill is a violation of international agreements, a detriment to cybersecurity, and a harmful abuse of user trust by compelling companies to create security weaknesses in its products. Experts have claimed for years that it’s simply impossible to create a “secure backdoor” that is both accessible to law enforcement authorities and impervious to hackers.

Apple provided 6 main points detailing their objections:

1) Overly broad powers that could weaken cybersecurity and encryption.

2) A lack of appropriate independent judicial oversight.

3) Technical requirements based only on the government’s subjective view of reasonableness and practicability. 

4) Unprecedented interception requirements. 

5) Unnecessarily stifling secrecy mandates.

6) Extraterritoriality and global impact. 

Apple has a tumultuous history with backdoors. Following the 2016 shooting in San Bernardino, the company did not back down when the FBI requested that they unlock the shooter’s iPhone. In addition to privacy concerns, the company worries that backdoor access allows hackers to access control of a plethora of private data.

“Encryption is simply math. Any process that weakens the mathematical models that protect user data for anyone will by extension weaken the protections for everyone.”

But critics say that the bill’s “broad authorities that would undermine cybersecurity and human rights, including the right to privacy” by forcing companies to build backdoors and hand over user data — even when it’s encrypted. Apple said that it “would be wrong to weaken security for millions of law-abiding customers in order to investigate the very few who pose a threat.”

The letter read:

“We appreciate the government’s outreach to Apple and other companies during the drafting of this bill. While we are pleased that some of the suggestions incorporated improve the legislation, the unfortunate fact is that the draft legislation remains dangerously ambiguous with respect to encryption and security. This is no time to weaken encryption. Rather than serving the interests of Australian law enforcement, it will just weaken the security and privacy of regular customers while pushing criminals further off the grid.”

“For instance, the bill could allow the government to order the makers of smart home speakers to install persistent eavesdropping capabilities into a person’s home, require a provider to monitor the health data of its customers for indications of drug use, or require the development of a tool that can unlock a particular user’s device regardless of whether such tool could be used to unlock every other user’s device as well.”