Australia passes contentious encryption bill opposed by Apple, other tech companies
The Australia parliament on Thursday passed a set of new cybersecurity measures that compels technology companies to furnish law enforcement agencies access to encrypted customer messages, a law that Apple and other tech firms railed against during its draft period.
Apple Messages on iOS.
Officially titled the "Assistance and Access Bill 2018," Australia's new law garnered the scrutiny of tech companies and civil rights advocates alike for the seemingly wide berth it grants law enforcement agencies in requesting access to digital communications.
Vague language, particularly in a to-be-amended limitation detailing "systemic weakness," prompted public cries of disapproval as critics warned of potential abuse by government agencies. Of immediate concern are backdoors into secure platforms, the creation of which might be foisted upon tech companies under the guise of "assistance."
As reported by CNET, the legislation calls on companies to provide three levels of assistance to law enforcement and select government agencies:
Failure to comply with a notice incurs a fine of A$10 million (about $7.2 million) for corporations or A$50,000 for individuals.
Of the three, Technical Capability Notices are thought to pose the greatest threat to strong encryption practices as the stipulation appears to rubber-stamp the creation of software backdoors. While Australian officials have attempted to ameliorate the situation, vowing the bill does not provide a route to such extreme degradations of existing encryption methods, critics are still concerned.
In particular, the bill refers to "systemic weaknesses" or "systemic vulnerabilities" that companies cannot be forced to implement as a result of TANs or TCNs. The government says it "has no interest in undermining systems that protect the fundamental security of communications," but opponents argue the language is too vague. Indeed, systemic weaknesses and vulnerabilities do not carry a narrow, technical definition.
Apple, which is among a cadre of tech giants that have for the past few months vehemently opposed the bill's passage, in part opposes the legislation because of these odd ambiguities.
In October, Apple submitted a letter to the Australian Parliamentary Joint Committee on Intelligence and Security, urging the body to clarify ambiguous language in a draft of the statute before its ratification. The letter also reinforced Apple's commitment to customer privacy, arguing strong encryption is vital to the safeguarding of national security, especially in light of large-scale database hacks.
"There is a profound risk of making criminals' jobs easier, not harder," Apple notes. "Increasingly stronger - not weaker - encryption is the best way to protect against these threats."
Despite its contentious nature, the bill was pushed through on the last sitting day of Parliament before the summer break, reports CNET. The federal Labor opposition was forced to table modifications to the legislation, but allowed it to pass on condition that the amendments would be reviewed when parliament reconvenes.
Apple Messages on iOS.
Officially titled the "Assistance and Access Bill 2018," Australia's new law garnered the scrutiny of tech companies and civil rights advocates alike for the seemingly wide berth it grants law enforcement agencies in requesting access to digital communications.
Vague language, particularly in a to-be-amended limitation detailing "systemic weakness," prompted public cries of disapproval as critics warned of potential abuse by government agencies. Of immediate concern are backdoors into secure platforms, the creation of which might be foisted upon tech companies under the guise of "assistance."
As reported by CNET, the legislation calls on companies to provide three levels of assistance to law enforcement and select government agencies:
- Technical Assistance Requests: Companies provide voluntary assistance to aid certain agencies as they perform duties relating to "Australia's national interests, the safeguarding of national security and the enforcement of the law."
- Technical Assistance Notices: Requires companies to provide assistance that is "reasonable, proportionate, practicable and technically feasible." Providers are able to use existing means like encryption keys to decrypt communications.
- Technical Capability Notices: Requires companies to build a new capability that enables it to provide assistance to law enforcement agencies and government bodies. The notice cannot force a provider to build or implement a capability to remove electronic protection, such as encryption.
Failure to comply with a notice incurs a fine of A$10 million (about $7.2 million) for corporations or A$50,000 for individuals.
Of the three, Technical Capability Notices are thought to pose the greatest threat to strong encryption practices as the stipulation appears to rubber-stamp the creation of software backdoors. While Australian officials have attempted to ameliorate the situation, vowing the bill does not provide a route to such extreme degradations of existing encryption methods, critics are still concerned.
In particular, the bill refers to "systemic weaknesses" or "systemic vulnerabilities" that companies cannot be forced to implement as a result of TANs or TCNs. The government says it "has no interest in undermining systems that protect the fundamental security of communications," but opponents argue the language is too vague. Indeed, systemic weaknesses and vulnerabilities do not carry a narrow, technical definition.
Apple, which is among a cadre of tech giants that have for the past few months vehemently opposed the bill's passage, in part opposes the legislation because of these odd ambiguities.
In October, Apple submitted a letter to the Australian Parliamentary Joint Committee on Intelligence and Security, urging the body to clarify ambiguous language in a draft of the statute before its ratification. The letter also reinforced Apple's commitment to customer privacy, arguing strong encryption is vital to the safeguarding of national security, especially in light of large-scale database hacks.
"There is a profound risk of making criminals' jobs easier, not harder," Apple notes. "Increasingly stronger - not weaker - encryption is the best way to protect against these threats."
Despite its contentious nature, the bill was pushed through on the last sitting day of Parliament before the summer break, reports CNET. The federal Labor opposition was forced to table modifications to the legislation, but allowed it to pass on condition that the amendments would be reviewed when parliament reconvenes.
Comments
Meanwhile, if unopposed, it would make it much easier for the government to snoop on ordinary citizens, including the collection of material that would and should have stayed private but gets picked up anyway during investigation.
Put simply there is no middle ground in security, something is either secure or not secure - there is no such thing as semi-secure, or secure but for only a certain group.
The next day, the backdoor into Stupid iOS becomes public knowledge and the free world SHAMES Australia, ad nauseam.
For those who'd enjoy learning about the fruits of totalitarian surveillance, the estate of George Orwell very kindly provides a FREE copy of the book 'Nineteen Eighty-Four' to read online here:
http://www.george-orwell.org/1984/index.html
"The telescreen received and transmitted simultaneously. Any sound that Winston made, above the level of a very low whisper, would be picked up by it, moreover, so long as he remained within the field of vision which the metal plaque commanded, he could be seen as well as heard. There was of course no way of knowing whether you were being watched at any given moment. How often, or on what system, the Thought Police plugged in on any individual wire was guesswork. It was even conceivable that they watched everybody all the time. But at any rate they could plug in your wire whenever they wanted to. You had to live -- did live, from habit that became instinct -- in the assumption that every sound you made was overheard, and, except in darkness, every movement scrutinized. . . ."
Have fun Australia. I personally will NEVER give up my human right to PRIVACY or my right to NOT INCRIMINATE MYSELF. It's built into my country's Constitution. Sad to be you. Happy to enjoy Apple's devotion to human rights!
Oh and Australia: The Terrorists Just WON. You lost.
And don't knock Australia's democracy, it is a far more democratic country that the US. No gerrymandering, no dis-enfranchisment of minorities, and a far greater percentage of eligible voters actually get out and vote (on a weekend!) And far, far fewer guns. Oh, and universal healthcare. But I digress...
Apart from unclear things. I feel once a first pinhole is shot through the wall of security, more and more countries will follow unless it is plugged quickly.
And while I don’t have a solid idea how such laws might affect me personally in my life, I am always very sceptical when politicians pass laws that require deep technical skills in order to judge consequences, in particular years ahead and with different people at the helm.
Right wing politicians have no respect for the individual rights of the citizens
anyway, bone headed legislation.