Apple has described as “dangerously ambiguous with respect to encryption and security” the federal government’s surveillance bill.
The government has argued that the Telecommunication and Other Legislation Amendment (Assistance and Access) Bill 2018 is necessary to help police and intelligence agencies access online communications services sometimes employed by criminals but has denied that it will weaken encryption.
In a submission to a parliamentary inquiry examining the bill the iPhone maker noted the government’s “stated intention not to weaken encryption or compel providers to build systemic weaknesses into their products” but argued: “Due to the breadth and vagueness of the bill’s authorities, coupled with ill-defined restrictions, that commitment is not currently being met.”
“For instance, the bill could allow the government to order the makers of smart home speakers to install persistent eavesdropping capabilities into a person’s home, require a provider to monitor the health data of its customers for indications of drug use, or require the development of a tool that can unlock a particular user’s device regardless of whether such tool could be used to unlock every other user’s device as well,” Apple argued.
“All of these capabilities should be as alarming to every Australian as they are to us. While we share the goal of protecting the public and communities, we believe more work needs to be done on the bill to iron out the ambiguities on encryption and security to ensure that all Australians are protected to the greatest extent possible in the digital world.”
Apple said that although it appreciated government attempts to assuage some concerns — for example, the bill has a specific provision that it may not be used to compel a company to build a “systemic weakness” into a product — it believes that “future governments could interpret the bill’s broad and vague terms quite differently, wielding its provisions to weaken encryption.”
Apple believes that a government may force a company to build software capable of bypassing the encryption on a particular device. Although the government may believe that such a requirement would not create a “systemic risk” to security, such a tool “even if deployed only to one phone, would render everyone’s encryption and security less effective,” Apple said.
The company engaged in a high profile legal battle with the US Federal Bureau of investigation over just that issue, when the FBI sought to have Apple break the security on an iPhone owned by one of the San Bernardino mass shooters. The FBI reportedly ended up purchasing an exploit developed by a third party to access the data on the handset in question.
Apple in its submission also argued that the bill contains insufficient judicial oversight and “stifling” security requirements.
The full submission (PDF) is available online.