Apple rebukes Australia's “dangerously ambiguous” anti-encryption billOctober 13, 2018
Apple has strongly criticized Australia’s anti-encryption bill, calling it “dangerously ambiguous” and “alarming to every Australian.”
The Australian government’s draft law — known as the Access and Assistance Bill — would compel tech companies operating in the country, like Apple, to provide “assistance” to law enforcement and intelligence agencies in accessing electronic data. The government claims that encrypted communications are “increasingly being used by terrorist groups and organized criminals to avoid detection and disruption,” without citing evidence.
But critics say that the bill’s “broad authorities that would undermine cybersecurity and human rights, including the right to privacy” by forcing companies to build backdoors and hand over user data — even when it’s encrypted.
Now, Apple is the latest company after Google and Facebook joined civil and digital rights groups — including Amnesty International — to oppose the bill, amid fears that the government will rush through the bill before the end of the year.
In a seven-page letter to the Australian parliament, Apple said that it “would be wrong to weaken security for millions of law-abiding customers in order to investigate the very few who pose a threat.”
“We appreciate the government’s outreach to Apple and other companies during the drafting of this bill,” the letter read. “While we are pleased that some of the suggestions incorporated improve the legislation, the unfortunate fact is that the draft legislation remains dangerously ambiguous with respect to encryption and security.”
“This is no time to weaken encryption,” it read. “Rather than serving the interests of Australian law enforcement, it will just weaken the security and privacy of regular customers while pushing criminals further off the grid.”
Apple laid out six focus points — which you can read in full here — each arguing that the bill would violate international agreements, weaken cybersecurity and harm user trust by compelling tech companies to build weaknesses or backdoors in its products. Security experts have for years said that there’s no way to build a “secure backdoor” that gives law enforcement authorities access to data but can’t be exploited by hackers.
Although Australian lawmakers have claimed that the bill’s intentions are not to weaken encryption or compel backdoors, Apple’s letter said the “the breadth and vagueness of the bill’s authorities, coupled with ill-defined restrictions” leaves the bill’s meaning open to interpretation.
“For instance, the bill could allow the government to order the makers of smart home speakers to install persistent eavesdropping capabilities into a person’s home, require a provider to monitor the health data of its customers for indications of drug use, or require the development of a tool that can unlock a particular user’s device regardless of whether such tool could be used to unlock every other user’s device as well,” the letter said.
Apple’s comments are some of the strongest pro-encryption statements it’s given to date.
Two years ago, the FBI sued Apple to force the technology giant to build a tool to bypass the encryption in an iPhone used by one fo the the San Bernardino shooters, who killed 14 people in a terrorist attack in December 2015. Apple challenged the FBI’s demand — and chief executive Tim Cook penned an open letter called the move a “dangerous precedent.” The FBI later dropped its case after it paid hackers to access the device’s contents.
Australia’s anti-encryption bill is the latest in a string of legislative efforts by governments to seek greater surveillance powers.
The U.K. passed its Investigatory Powers Act in 2016, and earlier this year the U.S. reauthorized its foreign surveillance laws with few changes, despite efforts to close warrantless domestic spying loopholes discovered in the wake of the Edward Snowden disclosures.
The Five Eyes group of governments — made up of the U.K., U.S., Canada, Australia and New Zealand — further doubled down on its anti-encryption aggression in recent remarks, demanding that tech companies provide access or face legislation that would compel their assistance.