Saturday, 13 October 2018 07:23

This is no time to weaken encryption, Apple tells Canberra Featured

This is no time to weaken encryption, Apple tells Canberra Pixabay

Apple has told the Australian Government that its proposed encryption bill would have the effect of weakening security "for millions of law-abiding customers in order to investigate the very few who pose a threat".

In a seven-page submission to the Parliamentary Joint Committee on Intelligence and Security, which will be holding hearings on the bill — the first is on 19 October — Apple outlined the myriad threats faced in the online world, adding, "In the face of these threats, this is no time to weaken encryption. There is profound risk of making criminals’ jobs easier, not harder. Increasingly stronger — not weaker — encryption is the best way to protect against these threats."

And it added: "Encryption is simply math. Any process that weakens the mathematical models that protect user data for anyone will by extension weaken the protections for everyone. It would be wrong to weaken security for millions of law-abiding customers in order to investigate the very few who pose a threat."

The PJCIS has released a number of submissions that have been made to it ahead of the hearings. The draft of the proposed legislation, officially known as the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018, was released for public comment on 14 August. The period for comment ended on 10 September.

After outlining the security available on its devices, Apple said that it challenged the idea that weakening encryption was necessary to aid law enforcement. It pointed out the extent of its co-operation with Australian law enforcement, adding that it had processed more than 26,000 requests from Australian authorities in the last five years.

On Thursday, Home Affairs Minister Peter Dutton gave a speech in support of the Bill at the National Press Club in Canberra. 

"We recently announced efforts to expand our law enforcement training efforts so that we can help law enforcement officers understand how they can obtain information from Apple consistent with our legal guidelines," Apple said.

"In fact, we conducted extensive law enforcement training in Australia last month. Like we have always done, we will continue to work with Australian authorities in connection with lawful investigations."

Apple said, despite some amendments, the draft legislation remained "dangerously ambiguous" with respect to encryption and security.

"We encourage the government to stand by their stated intention not to weaken encryption or compel providers to build systemic weaknesses into their products," the submission said. "Due to the breadth and vagueness of the bill’s authorities, coupled with ill-defined restrictions, that commitment is not currently being met.

"For instance, the bill could allow the government to order the makers of smart home speakers to install persistent eavesdropping capabilities into a person’s home, require a provider to monitor the health data of its customers for indications of drug use, or require the development of a tool that can unlock a particular user’s device regardless of whether such tool could be used to unlock every other user’s device as well."

It said every single one of these capabilities should alarm Australians as they had alarmed people at Apple.

"While we share the goal of protecting the public and communities, we believe more work needs to be done on the bill to iron out the ambiguities on encryption and security to ensure that all Australians are protected to the greatest extent possible in the digital world," Apple said.

"Some suggest that exceptions can be made, and access to encrypted data could be created just for only those sworn to uphold the public good. That is a false premise."

Apple outlined its concerns on what it described as several overarching themes:

  • overly broad powers that could weaken cyber security and encryption;
  • a lack of appropriate independent judicial oversight;
  • technical requirements based only on the government’s subjective view of reasonableness and practicability;
  • unprecedented interception requirements;
  • unnecessarily stifling secrecy mandates;
  • extraterritoriality and global impact.

WEBINAR event: IT Alerting Best Practices 27 MAY 2PM AEST

LogicMonitor, the cloud-based IT infrastructure monitoring and intelligence platform, is hosting an online event at 2PM on May 27th aimed at educating IT administrators, managers and leaders about IT and network alerts.

This free webinar will share best practices for setting network alerts, negating alert fatigue, optimising an alerting strategy and proactive monitoring.

The event will start at 2pm AEST. Topics will include:

- Setting alert routing and thresholds

- Avoiding alert and email overload

- Learning from missed alerts

- Managing downtime effectively

The webinar will run for approximately one hour. Recordings will be made available to anyone who registers but cannot make the live event.



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments