Apple joins other tech giants denouncing Australia encryption backdoor proposals

Posted:
in General Discussion
Apple is joining Alphabet, Amazon, and Facebook in opposing a proposed law in Australia that would force companies to provide law enforcement officials access to encrypted data for the purposes of fighting crime, or face steep penalties.




The four companies will be lobbying the government to denounce the proposals, the Alliance for a Safe and Secure Internet group confirmed to Reuters, with the tech giants working together in attempting to convince lawmakers to alter the bill ahead of a parliamentary vote, expected to take place within weeks.

Appearing in a list of legislation proposed for introduction in the spring parliamentary sittings in August, the bill attempts to make it easier for security agencies and the police to investigate crimes and potential national security risks by ordering other entities to provide assistance. Though not specified explicitly, the assistance could potentially demand the creation of some form of security backdoor, which would weaken the overall security of the company's services.

"Any kind of attempt by interception agencies, as they are called in the bill, to create tools to weaken encryption is a huge risk to our digital security, said Alliance spokeswoman Lizzie O'Shea.

The wording of the bill suggested agencies would be able to demand services offer ways to see the data, potentially by acquiring the data at the user's end before it is encrypted and sent over the Internet rather than creating an encryption backdoor. While this would eliminate the need for a backdoor for encryption itself, adding such a "feature" to an app would most likely erode the public's trust of that company.

"It isn't necessary to give law enforcement agencies access to a decryption key otherwise under the sole control of a user," advised Minister for Law Enforcement and Cyber Security Angus Taylor in June. "We simply don't need to weaken encryption in order to get what we need."

The penalties for the bill are hefty, with the proposal suggesting a fine of up to A$10 million ($7.2 million) for companies and institutions who do not comply with a court request for private data. Individuals facing the same request could be imprisoned if they similarly refuse.

It is believed the attempts by the Australian government to change its laws to require effective backdoor access to data held by tech companies is a test case that could see implementation elsewhere, if it is brought into law.

The "Five Eyes" nations, a group consisting of Australia, Canada, the U.S., the U.K., and New Zealand that share intelligence with each other, said it would continue to push for access to encrypted messages and voice communications through changes to laws, under the guise of protecting national security.

Apple's involvement in the lobbying group is a continuation of its efforts to fight demands to create backdoors or for any actions that weakens product security. In March, senior VP of software engineering Craig Federighi advised "Weakening security makes no sense when you consider that customers rely on our products to keep their personal information safe, run their businesses, or even manage vital infrastructure like power grids and transportation systems."

Tech companies have also campaigned against the introduction of backdoors in other legislative change attempts, including pressuring the U.K. Parliament to remove the encryption backdoors element from the 2016 Investigatory Powers Bill before passing it, though efforts to add such backdoors continue in the country.

Efforts are being made to try and protect the United States from implementing similar measures, with the "Secure Data Act" proposed in May to theoretically prevent courts and federal agencies from issuing orders to create backdoors or other security-weakening features.
«1

Comments

  • Reply 1 of 23
    Just going to show that every government desires access to private data. The more complex the society is, the more relevant these accesses become to the relevant authorities.
    jbdragonjahbladewatto_cobra
  • Reply 2 of 23
    gatorguygatorguy Posts: 19,697member
    New Zealand has already passed a law requiring tourists entering the country to supply their device's password if demanded or face a fine up to $3500 US. Russia passed laws restricting the use of encryption and banning end-to-end encrypted messaging services in their country unless the provider supplies the government a "key" (Note that iMessage is still allowed AFAIK which seems odd), Brazil is on the attack too with several lawsuits targeting encrypted communications, and Apple was forced to give up control of iCloud in China, now owned and operated by GCBD.

    I see little chance of avoiding the spread of this Aussie plan to a number of countries over the next 2 years and certainly the other "Five Eyes". It's coming IMO, the net being tightened worldwide.  See this map

     https://www.gp-digital.org/world-map-of-encryption/
    edited October 2018 loquitur
  • Reply 3 of 23
    SpamSandwichSpamSandwich Posts: 30,412member
    All companies should withdraw from Australia if they go forward with this. Turn them back into an isolated prison island.
    jbdragonjahbladeradarthekatJanNLmattinoz
  • Reply 4 of 23
    gatorguygatorguy Posts: 19,697member
    All companies should withdraw from Australia if they go forward with this. Turn them back into an isolated prison island.
    What about China? New Zealand? Ethiopia? Russia? Brazil? The UK?
    edited October 2018
  • Reply 5 of 23
    jbdragonjbdragon Posts: 1,932member
    What this does is weaken iPhone Encryption. But just get a Android phone and you can install 3rd party Encryption which has NO BACK DOORS. There's nothing any of these countries can do about that. So iPhone Encryption is weakened as Apple is the one doing that and they can force Apple, or even Google, but the iPhone is a closed OS. So there's no real way to install 3rd party encryption. Really, real criminals can just get a Android phone and install whatever they want. They don't need Google. These Government think EVERYONE should just be screwed for the tiny fraction of criminals. Really, these Government Agency's have just gotten LAZY.
    olswatto_cobra
  • Reply 6 of 23
    radarthekatradarthekat Posts: 2,898moderator
    jbdragon said:
    What this does is weaken iPhone Encryption. But just get a Android phone and you can install 3rd party Encryption which has NO BACK DOORS. There's nothing any of these countries can do about that. So iPhone Encryption is weakened as Apple is the one doing that and they can force Apple, or even Google, but the iPhone is a closed OS. So there's no real way to install 3rd party encryption. Really, real criminals can just get a Android phone and install whatever they want. They don't need Google. These Government think EVERYONE should just be screwed for the tiny fraction of criminals. Really, these Government Agency's have just gotten LAZY.
    Really?  Only Android phones can install 3rd-party encryption software?  Better tell that to the makers of Photo Vault, an app I use on my iPhone to store pics privately.  It uses encryption separate from Apple’s built-in disk encryption.  I’m betting there’s lots of other apps that are available on iOS that also apply an extra layer of encryption to user data.  
    edited October 2018 watto_cobra
  • Reply 7 of 23
    SpamSandwichSpamSandwich Posts: 30,412member
    gatorguy said:
    All companies should withdraw from Australia if they go forward with this. Turn them back into an isolated prison island.
    What about China? New Zealand? Ethiopia? Russia? Brazil? The UK?
    You expect all of those places to do the same? Just wait and see.
  • Reply 8 of 23
    radarthekatradarthekat Posts: 2,898moderator
    gatorguy said:
    New Zealand has already passed a law requiring tourists entering the country to supply their device's password if demanded or face a fine up to $3500 US. Russia passed laws restricting the use of encryption and banning end-to-end encrypted messaging services in their country unless the provider supplies the government a "key" (Note that iMessage is still allowed AFAIK which seems odd), Brazil is on the attack too with several lawsuits targeting encrypted communications, and Apple was forced to give up control of iCloud in China, now owned and operated by GCBD.

    I see little chance of avoiding the spread of this Aussie plan to a number of countries over the next 2 years and certainly the other "Five Eyes". It's coming IMO, the net being tightened worldwide.  See this map

     https://www.gp-digital.org/world-map-of-encryption/
    New Zealand’s law, to my mind, is the least offensive. It’s similar to the requirement at airports where you must open and turn on your laptop to prove it’s not fake (a bomb).  Okay, it’s worse than that, but it’s similar in the sense that I, as an individual, can simply choose not to travel to New Zealand, or take with me a ‘safe’ spare phone.  

    But when the citizens themselves have their security compromised by a universal back door, that’s another matter altogether.  Because as soon as the first trial where a back door has been used, and the defense attorney demands that his expert have access to the back door code to ensure that evidence collected from his client’s device was not altered by it, that’s when that backdoor will get out into the wild and eventually into the hands of a very bad actor.  
    watto_cobra
  • Reply 9 of 23
    JWSCJWSC Posts: 266member
    gatorguy said:
    ... and Apple was forced to give up control of iCloud in China, now owned and operated by GCBD.
    This is a misleading statement.  Apple moved their iCloud servers to China to serve Chinese citizens and Apple subcontracts GCBD to run these servers.  This means that the cryptographic keys are now stored locally.  But the PRC does not have direct access to these servers nor to the cryptographic keys.  True, they can use the compliant Chinese court system to request the keys for individuals.  But that request goes through Apple and not GCBD.  Apple have NOT given up their control - just yet anyway.

    Old Chinese proverb say, ‘If you can’t say what you mean, how can you mean what you say?’  
  • Reply 10 of 23
    gatorguygatorguy Posts: 19,697member
    JWSC said:
    gatorguy said:
    ... and Apple was forced to give up control of iCloud in China, now owned and operated by GCBD.
    This is a misleading statement.  Apple moved their iCloud servers to China to serve Chinese citizens and Apple subcontracts GCBD to run these servers.  This means that the cryptographic keys are now stored locally.  But the PRC does not have direct access to these servers nor to the cryptographic keys.  True, they can use the compliant Chinese court system to request the keys for individuals.  But that request goes through Apple and not GCBD.  Apple have NOT given up their control - just yet anyway.

    Old Chinese proverb say, ‘If you can’t say what you mean, how can you mean what you say?’  
    The service itself is no longer identified as an Apple one. It's no longer Apple's to control either nor is the iCloud user agreement between Apple and its Chinese buyers of the iPhone.  Apple's obligation is to provide support services for the now GCBD-branded and operated iCLOUD.


    "Welcome to iCloud operated by GCBD

    THIS LEGAL AGREEMENT BETWEEN YOU AND AIPO CLOUD (GUIZHOU) TECHNOLOGY CO., LTD. (“GCBD”) GOVERNS YOUR USE OF THE ICLOUD PRODUCT, SOFTWARE, SERVICES, AND WEBSITES (COLLECTIVELY REFERRED TO AS THE "SERVICE"). APPLE TECHNOLOGY SERVICES (GUIZHOU) LTD., OR A SUCCESSOR OR ASSIGNEE OF APPLE TECHNOLOGY SERVICES (GUIZHOU) LTD., MAY FROM TIME TO TIME PROVIDE SUPPORT TO GCBD IN ITS PROVISION OF THE SERVICE....

    "GCBD is the provider of the Service in the Mainland of China, which permits you to utilize certain Internet services, including storing your personal content (such as contacts, calendars, photos, notes, reminders, documents, app data, and iCloud email) and making it accessible on your compatible devices and computers, and certain location based services, only under the terms and conditions set forth in this Agreement."


    So nope, not misleading at all IMO. Perhaps you hadn't looked into it all that much and assumed it was as simple as Apple initially tried to spin it, just using local servers same as they do everywhere else in the world? I think Mr. Cook portrayed it that way again on the HBO special this week, but at least to his credit he didn't sound particularly comfortable (or confident) saying it out loud.

    edited October 2018
  • Reply 11 of 23
    mr omr o Posts: 1,046member
    Government should stop treating everyone like a criminal. Real criminals know what to do to circumvent surveillance. Mere mortals do not. So why put them at risk for black hat hackers?

    Thank you Apple for keeping that back door firmly shut. If there would be one, it'd be used by both the government, and criminals.


    >:x
    watto_cobra
  • Reply 12 of 23
    JWSCJWSC Posts: 266member
    gatorguy said:
    JWSC said:
    gatorguy said:
    ... and Apple was forced to give up control of iCloud in China, now owned and operated by GCBD.
    This is a misleading statement.  Apple moved their iCloud servers to China to serve Chinese citizens and Apple subcontracts GCBD to run these servers.  This means that the cryptographic keys are now stored locally.  But the PRC does not have direct access to these servers nor to the cryptographic keys.  True, they can use the compliant Chinese court system to request the keys for individuals.  But that request goes through Apple and not GCBD.  Apple have NOT given up their control - just yet anyway.

    Old Chinese proverb say, ‘If you can’t say what you mean, how can you mean what you say?’  
    The service itself is no longer identified as an Apple one. It's no longer Apple's to control either. Their obligation is to provide support services for the GCBD-branded iCLOUD.


    "Welcome to iCloud operated by GCBD

    THIS LEGAL AGREEMENT BETWEEN YOU AND AIPO CLOUD (GUIZHOU) TECHNOLOGY CO., LTD. (“GCBD”) GOVERNS YOUR USE OF THE ICLOUD PRODUCT, SOFTWARE, SERVICES, AND WEBSITES (COLLECTIVELY REFERRED TO AS THE "SERVICE"). APPLE TECHNOLOGY SERVICES (GUIZHOU) LTD., OR A SUCCESSOR OR ASSIGNEE OF APPLE TECHNOLOGY SERVICES (GUIZHOU) LTD., MAY FROM TIME TO TIME PROVIDE SUPPORT TO GCBD IN ITS PROVISION OF THE SERVICE....

    "GCBD is the provider of the Service in the Mainland of China, which permits you to utilize certain Internet services, including storing your personal content (such as contacts, calendars, photos, notes, reminders, documents, app data, and iCloud email) and making it accessible on your compatible devices and computers, and certain location based services, only under the terms and conditions set forth in this Agreement."


    So nope, not misleading at all IMO. Perhaps you hadn't looked into it all that much and assumed it was as simple as Apple initially tried to spin it, just using local servers same as they do everywhere else in the world? I think Mr. Cook portrayed it that way again on the HBO special this week, but at least to his credit he didn't sound particularly comfortable (or confident) saying it out loud.

    Interesting.  But one can’t conclude much from the text about who controls the cryptographic keys and how they are handled.  What assumptions are you making that I’m not seeing in the text?
  • Reply 13 of 23
    gatorguygatorguy Posts: 19,697member
    JWSC said:
    gatorguy said:
    JWSC said:
    gatorguy said:
    ... and Apple was forced to give up control of iCloud in China, now owned and operated by GCBD.
    This is a misleading statement.  Apple moved their iCloud servers to China to serve Chinese citizens and Apple subcontracts GCBD to run these servers.  This means that the cryptographic keys are now stored locally.  But the PRC does not have direct access to these servers nor to the cryptographic keys.  True, they can use the compliant Chinese court system to request the keys for individuals.  But that request goes through Apple and not GCBD.  Apple have NOT given up their control - just yet anyway.

    Old Chinese proverb say, ‘If you can’t say what you mean, how can you mean what you say?’  
    The service itself is no longer identified as an Apple one. It's no longer Apple's to control either. Their obligation is to provide support services for the GCBD-branded iCLOUD.


    "Welcome to iCloud operated by GCBD

    THIS LEGAL AGREEMENT BETWEEN YOU AND AIPO CLOUD (GUIZHOU) TECHNOLOGY CO., LTD. (“GCBD”) GOVERNS YOUR USE OF THE ICLOUD PRODUCT, SOFTWARE, SERVICES, AND WEBSITES (COLLECTIVELY REFERRED TO AS THE "SERVICE"). APPLE TECHNOLOGY SERVICES (GUIZHOU) LTD., OR A SUCCESSOR OR ASSIGNEE OF APPLE TECHNOLOGY SERVICES (GUIZHOU) LTD., MAY FROM TIME TO TIME PROVIDE SUPPORT TO GCBD IN ITS PROVISION OF THE SERVICE....

    "GCBD is the provider of the Service in the Mainland of China, which permits you to utilize certain Internet services, including storing your personal content (such as contacts, calendars, photos, notes, reminders, documents, app data, and iCloud email) and making it accessible on your compatible devices and computers, and certain location based services, only under the terms and conditions set forth in this Agreement."


    So nope, not misleading at all IMO. Perhaps you hadn't looked into it all that much and assumed it was as simple as Apple initially tried to spin it, just using local servers same as they do everywhere else in the world? I think Mr. Cook portrayed it that way again on the HBO special this week, but at least to his credit he didn't sound particularly comfortable (or confident) saying it out loud.

    Interesting.  But one can’t conclude much from the text about who controls the cryptographic keys and how they are handled.  What assumptions are you making that I’m not seeing in the text?
    Obviously the request to access user data would go thru GCBD and not Apple. iCloud in China is not an Apple-provided service. That does not mean Apple isn't obligated to provide support as necessary as according to the disclosure they are, but the party in control is GCBD and not Apple.
  • Reply 14 of 23
    JWSCJWSC Posts: 266member
    gatorguy said:
    JWSC said:
    gatorguy said:
    JWSC said:
    gatorguy said:
    ... and Apple was forced to give up control of iCloud in China, now owned and operated by GCBD.
    This is a misleading statement.  Apple moved their iCloud servers to China to serve Chinese citizens and Apple subcontracts GCBD to run these servers.  This means that the cryptographic keys are now stored locally.  But the PRC does not have direct access to these servers nor to the cryptographic keys.  True, they can use the compliant Chinese court system to request the keys for individuals.  But that request goes through Apple and not GCBD.  Apple have NOT given up their control - just yet anyway.

    Old Chinese proverb say, ‘If you can’t say what you mean, how can you mean what you say?’  
    The service itself is no longer identified as an Apple one. It's no longer Apple's to control either. Their obligation is to provide support services for the GCBD-branded iCLOUD.


    "Welcome to iCloud operated by GCBD

    THIS LEGAL AGREEMENT BETWEEN YOU AND AIPO CLOUD (GUIZHOU) TECHNOLOGY CO., LTD. (“GCBD”) GOVERNS YOUR USE OF THE ICLOUD PRODUCT, SOFTWARE, SERVICES, AND WEBSITES (COLLECTIVELY REFERRED TO AS THE "SERVICE"). APPLE TECHNOLOGY SERVICES (GUIZHOU) LTD., OR A SUCCESSOR OR ASSIGNEE OF APPLE TECHNOLOGY SERVICES (GUIZHOU) LTD., MAY FROM TIME TO TIME PROVIDE SUPPORT TO GCBD IN ITS PROVISION OF THE SERVICE....

    "GCBD is the provider of the Service in the Mainland of China, which permits you to utilize certain Internet services, including storing your personal content (such as contacts, calendars, photos, notes, reminders, documents, app data, and iCloud email) and making it accessible on your compatible devices and computers, and certain location based services, only under the terms and conditions set forth in this Agreement."


    So nope, not misleading at all IMO. Perhaps you hadn't looked into it all that much and assumed it was as simple as Apple initially tried to spin it, just using local servers same as they do everywhere else in the world? I think Mr. Cook portrayed it that way again on the HBO special this week, but at least to his credit he didn't sound particularly comfortable (or confident) saying it out loud.

    Interesting.  But one can’t conclude much from the text about who controls the cryptographic keys and how they are handled.  What assumptions are you making that I’m not seeing in the text?
    Obviously the request to access user data would go thru GCBD and not Apple. iCloud in China is not an Apple-provided service. That does not mean Apple isn't obligated to provide support as necessary as according to the disclosure they are, but the party in control is GCBD and not Apple.
    And that includes cryptographic key management?  Are you sure?  How do you know this?
  • Reply 15 of 23
    gatorguygatorguy Posts: 19,697member
    JWSC said:
    gatorguy said:
    JWSC said:
    gatorguy said:
    JWSC said:
    gatorguy said:
    ... and Apple was forced to give up control of iCloud in China, now owned and operated by GCBD.
    This is a misleading statement.  Apple moved their iCloud servers to China to serve Chinese citizens and Apple subcontracts GCBD to run these servers.  This means that the cryptographic keys are now stored locally.  But the PRC does not have direct access to these servers nor to the cryptographic keys.  True, they can use the compliant Chinese court system to request the keys for individuals.  But that request goes through Apple and not GCBD.  Apple have NOT given up their control - just yet anyway.

    Old Chinese proverb say, ‘If you can’t say what you mean, how can you mean what you say?’  
    The service itself is no longer identified as an Apple one. It's no longer Apple's to control either. Their obligation is to provide support services for the GCBD-branded iCLOUD.


    "Welcome to iCloud operated by GCBD

    THIS LEGAL AGREEMENT BETWEEN YOU AND AIPO CLOUD (GUIZHOU) TECHNOLOGY CO., LTD. (“GCBD”) GOVERNS YOUR USE OF THE ICLOUD PRODUCT, SOFTWARE, SERVICES, AND WEBSITES (COLLECTIVELY REFERRED TO AS THE "SERVICE"). APPLE TECHNOLOGY SERVICES (GUIZHOU) LTD., OR A SUCCESSOR OR ASSIGNEE OF APPLE TECHNOLOGY SERVICES (GUIZHOU) LTD., MAY FROM TIME TO TIME PROVIDE SUPPORT TO GCBD IN ITS PROVISION OF THE SERVICE....

    "GCBD is the provider of the Service in the Mainland of China, which permits you to utilize certain Internet services, including storing your personal content (such as contacts, calendars, photos, notes, reminders, documents, app data, and iCloud email) and making it accessible on your compatible devices and computers, and certain location based services, only under the terms and conditions set forth in this Agreement."


    So nope, not misleading at all IMO. Perhaps you hadn't looked into it all that much and assumed it was as simple as Apple initially tried to spin it, just using local servers same as they do everywhere else in the world? I think Mr. Cook portrayed it that way again on the HBO special this week, but at least to his credit he didn't sound particularly comfortable (or confident) saying it out loud.

    Interesting.  But one can’t conclude much from the text about who controls the cryptographic keys and how they are handled.  What assumptions are you making that I’m not seeing in the text?
    Obviously the request to access user data would go thru GCBD and not Apple. iCloud in China is not an Apple-provided service. That does not mean Apple isn't obligated to provide support as necessary as according to the disclosure they are, but the party in control is GCBD and not Apple.
    And that includes cryptographic key management?  Are you sure?  How do you know this?
    No one can be sure. All there's certainty about is the legal disclosure, approved by and agreed to by Apple, clearly and unequivocally stating in writing that the service and user agreement covering the sharing and use of user data is between GCBD and the iPhone owner. Apple's involvement, and thru Chinese subsidiaries, is stated as providing support for GCBD's obligations to both legal authorities and the user. It is not Apple's service any longer and logically Apple is not the one to be served with demands for user data they don't control. 

    ...and by the way warrants aren't required in China either. GCBD is legally obligated to cooperate with any police inquiry, which includes access to readable user data if deemed important to the investigation. The side agreement between GCBD and China Telecom should make it easier to add in the phone calls and messages sent and rec'd from user's iPhones to go along with any cloud-stored data. 
    edited October 2018
  • Reply 16 of 23
    radarthekat said:
    I, as an individual, can simply choose not to travel to New Zealand, or take with me a ‘safe’ spare phone.  
    Whats on your normal phone phone that would be of interest to NZ Customs who need probable cause to search it?
  • Reply 17 of 23
    entropysentropys Posts: 1,431member

    .
    hentaiboy said:
    radarthekat said:
    I, as an individual, can simply choose not to travel to New Zealand, or take with me a ‘safe’ spare phone.  
    Whats on your normal phone phone that would be of interest to NZ Customs who need probable cause to search it?
    It doesn’t  matter what is on his phone. It’s the mindset behind it which constantly seeks to assert the power of the state over the individual. The authorities have no reason to suspect they will need to look at a particular person’s data. They just want to be able to. It is a reflection of the rapid growth of government and an assumption by the politicians that they can do what they like. They should reflect on the words of a young River Tan:
    People don't like to be meddled with. We tell them what to do, what to think, don't run, don't walk. We're in their homes and in their heads and we haven't the right. We're meddlesome.
    watto_cobra
  • Reply 18 of 23
    If we continue to give up our rights and freedoms for the sake of "security," pretty soon there'll be nothing left worth protecting.
  • Reply 19 of 23
    Hopefully the Illegitimacy of the current Australian government and the Ministers driving this change will be exposed before passes, but it will come down to the wire. 

    If Apple want to be effective on this they need to in the face of the cross-bench and educate them how dangerous such a move will be.
    watto_cobra
  • Reply 20 of 23
    mattinoz said:
    Hopefully the Illegitimacy of the current Australian government and the Ministers driving this change will be exposed before passes, but it will come down to the wire. 

    If Apple want to be effective on this they need to in the face of the cross-bench and educate them how dangerous such a move will be.
    But if they don’t get the message across effectively or some of the cross bench are just a bit too thick to get it........ A decision will need to be made. I for one hope that Apple chooses to take the no lose opertunity to send a message to all governments around the world. If faced with this position again here is what we will do, “As a result of the laws passed by the Australian Government recently and the penalties that can be applied to us as a company and to our customers as individuals means, till further notice the only function that will work on all iPhones & iPads is the keypad dialing and the biometric’s of the devices until the said laws are retracted.” 

    The response from the public will be swift and harsh and not towards Apple. This government is already badly on the nose and a move like this would be received just the way the Tech companies would want it to be, and with an election just around the corner it might help to solve a few othe things as well.
    watto_cobra
Sign In or Register to comment.