In a seven-page submission to the Parliamentary Joint Committee on Intelligence and Security, which will be holding hearings on the bill — the first is on 19 October — Apple outlined the myriad threats faced in the online world, adding, "In the face of these threats, this is no time to weaken encryption. There is profound risk of making criminals’ jobs easier, not harder. Increasingly stronger — not weaker — encryption is the best way to protect against these threats."
And it added: "Encryption is simply math. Any process that weakens the mathematical models that protect user data for anyone will by extension weaken the protections for everyone. It would be wrong to weaken security for millions of law-abiding customers in order to investigate the very few who pose a threat."
The PJCIS has released a number of submissions that have been made to it ahead of the hearings. The draft of the proposed legislation, officially known as the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018, was released for public comment on 14 August. The period for comment ended on 10 September.
On Thursday, Home Affairs Minister Peter Dutton gave a speech in support of the Bill at the National Press Club in Canberra.
"We recently announced efforts to expand our law enforcement training efforts so that we can help law enforcement officers understand how they can obtain information from Apple consistent with our legal guidelines," Apple said.
"In fact, we conducted extensive law enforcement training in Australia last month. Like we have always done, we will continue to work with Australian authorities in connection with lawful investigations."
Apple said, despite some amendments, the draft legislation remained "dangerously ambiguous" with respect to encryption and security.
"We encourage the government to stand by their stated intention not to weaken encryption or compel providers to build systemic weaknesses into their products," the submission said. "Due to the breadth and vagueness of the bill’s authorities, coupled with ill-defined restrictions, that commitment is not currently being met.
"For instance, the bill could allow the government to order the makers of smart home speakers to install persistent eavesdropping capabilities into a person’s home, require a provider to monitor the health data of its customers for indications of drug use, or require the development of a tool that can unlock a particular user’s device regardless of whether such tool could be used to unlock every other user’s device as well."
It said every single one of these capabilities should alarm Australians as they had alarmed people at Apple.
"While we share the goal of protecting the public and communities, we believe more work needs to be done on the bill to iron out the ambiguities on encryption and security to ensure that all Australians are protected to the greatest extent possible in the digital world," Apple said.
"Some suggest that exceptions can be made, and access to encrypted data could be created just for only those sworn to uphold the public good. That is a false premise."
Apple outlined its concerns on what it described as several overarching themes:
- overly broad powers that could weaken cyber security and encryption;
- a lack of appropriate independent judicial oversight;
- technical requirements based only on the government’s subjective view of reasonableness and practicability;
- unprecedented interception requirements;
- unnecessarily stifling secrecy mandates;
- extraterritoriality and global impact.