قالب وردپرس درنا توس
Home / Technology / Apple urges Australian government not to weaken encryption with backdoors

Apple urges Australian government not to weaken encryption with backdoors



Apple has submitted its formal response to a draft bill undergoing debate by the Australian government, with the iPhone maker calling for "increasingly stronger – not weaker – encryption" as a way to protect against the growing number of online threats.

 Parliament House, Canberra

Provided to AppleInsider by Apple, the seven-page submission to the Australian Parliamentary Joint Committee on Intelligence and Security on the "Telecommunications and Other Legislation Amendment (Assistance and Access ) Bill 201

8, "arguing for clarity on the bill's goals, and encouraging the government to avoid going down the path of weakening encryption.

Introduced to the parliamentary calendar in August, the bill proposes updates to the country's telecommunications-related laws, including a need for private sector companies to "provide greater assistance to agencies." Mens de bill krever assistance fra virksomheder som Apple, er det sprog, der er ambiguøst nok til at potentielt betyde oprettelsen af ​​backdoors i krypterede apps og tjenester, hvilket mange tech virksomheder er stærkt uenige med.

Noting Apple's role in protecting national security and citizen's lives, and its teams working to stay one step ahead of criminal attackers, the letter claims the threats that pertain to personal data or co-opting hardware for broader assaults "only grow more serious and sophisticated over time.

"It is precisely because of these threats that we support strong encryption," Apple assets. Highlighting the trillion transactions conducted online and protected by encryption every day, the threats to these communications are said to be "very real and increasingly sophisticated. "

Referencing the government's Notifiable Data Breaches database records of 2.5 or more daily data violations over the last quarter, -" And that's just breaches that were identified and reported, "Apple offers up the NotPetya attack from 2017 As an example of a need for robust security, an attack that effectively shut down Cadbury's manufacturing systems and impacting other companies.

" In de face van deze threats, dit is geen tijd om weaken encryption. There is a profound risk of making criminals' jobs easier, not harder, "writes Apple." Increasingly stronger – not weaker – encryption is the best way to protect against these threats. "

Apple assists Australian law enforcement now

Apple also challenges the suggestion that weaker encryption is needed to help law enforcement. In Australia alone, it has processed over 26,000 requests from local security forces across

Det er oppmuntret for staten at "stå ved deres angivne intentioner om ikke at fortryke kryptering eller tvangsudbydere to build systemic weaknesses into their products, "but due to the" breadth and vagueness of the bill's authorities "and" ill-defined r Estrictions, "Apple suggests the intention is not being met by the bill in its current form.

Apple suggests the bill could force smart home speakers to install persistent eavesdropping capabilities, or require a provider to monitor health data of its customers for signs of drug use, of het creëren van een instrument om een ​​specifiek gebruikersapparaat te openen, zelfs als dat gereedschap kan worden gebruikt om alle andere gebruikers apparaten te openen.

"All of these capabilities should be as alarming to every Australian as they are to us," Apple adds, before calling for the laws to be "clear and unambiguous."

"Encryption is the single best tool we have to protect data and ultimately lives. Software innovations of the future will depend on the foundation of strong device security," said Apple. "For at disse beskyttelserne skal kunne forveksles, på nogen måde sænker vores tempo fremskridt og sætter alle i fare."

The submission then goes on to highlight specific overarching themes that those working on the draft of the bill need to take into account. Først, firmaet klager over hvordan "Overly broad authorities could weaken cybersecurity and encryption."

"For example, the government may seek to compel a provider to develop custom software to bypass a particular device's encryption. The government's view is that if it only seeks such a tool for a particular user's device, it will create no systemic risk, "argued Apple. "As we have firmly stated, however, the development of such a tool, even if deployed only to one phone, would render everyone's encryption and security less effective."

This echoes previous comments made by Apple CEO Tim Cook, arguing the Technique is analogous to leaving a key under a doormat, an action that makes it available to authorities if necessary, but also makes it findable by burglars. "Criminals are using every technology tool to hack into people's accounts," said Cook. "Hvis de vet at det er en nøkkel skjult et sted, de vil ikke stoppe før de finner det."

The bill is not specific enough

The submission then goes on to highlight specific overarching themes that those working on the draft of the bill need to take into account. Først, firmaet klager over hvordan "Overly broad authorities could weaken cybersecurity and encryption."

"For example, the government may seek to compel a provider to develop custom software to bypass a particular device's encryption. The government's view is that if it only seeks such a tool for a particular user's device, it will create no systemic risk, "argued Apple. "As we have firmly stated, however, the development of such a tool, even if deployed only to one phone, would render everyone's encryption and security less effective."

Not the first time that Apple has said this

This echoes previous comments made by Apple CEO Tim Cook, arguing the technique is analogous to leaving a key under a doormat, an action that makes it available to authorities if necessary, but also makes it findable by burglars. "Criminals are using every technology tool to hack into people's accounts," said Cook. "Hvis de vet at det er en nøkkel skjult et sted, de vil ikke stoppe før de finner det."

Apple also advises insufficient judicial review can reduce customer trust and security, arguing there is concern that an independent judicial review is not required before the government could issue a technical assistance notice (TAN) or capability notice (TCN). The UK's Investigatory Powers Act is suggested as a model Australia could follow, as it requires such reviews before a provider can be served a notice.

There is also a concern the key factual determinations only depend on the government's own assessment of the circumstances and the technical complexities involved. Den regering er underrettet om at det bør tage hensyn til andre synspunkter, som for eksempel fra sikkerhetseksperter, akademikere og privatpersoner, før du foretar noen bestemmelser.

Whistleblowers Beware

The bill also introduces problems regarding its secrecy requirements, in that while they are welcome in principle, they are too broad and could stifle innocent disclosures, or disclosures for the purpose of reporting abuse.

"If an engineer working for a provider tasked with compliance with a TCN had a legitimate legal or ethical concern, they could be imprisoned for five years for merely disclosing the fact of a TCN to his or her employer's human resources office," wrote apple "Similarly, an employee of a provider who legitimately believed a TAN or TCN violated the law, could not disclose that concern for fear of punishment."

Apple suggests there should be more of a balance between maintaining secrecy and giving customers and providers de lovene er "being executed properly and lawfully."

Incompatible internationally

Lastly, Apple expresses concern about how the laws would impact companies outside Australia, as while the draft advises it is an allowable defense for a provider to claim a TCN or TAN may contravene a foreign jurisdiction's law if they are based abroad, it does not go far enough. The bill does grant immunity for compliance with TAN or TCNs, it applies only to Australia, and does not take into account violations of laws in other countries while complying with the notice.

"Forcing business with operations outside Australia to comply with TANs or TCNs that violate the laws of other countries in which they operate, will just incentivize criminals to use service providers that never assist Australian authorities or ones that operate underground in jurisdictions unfriendly to Australian interests, "Apple concluded. "Rather than serving the interests of Australian law enforcement, it will just weaken the security and privacy of regular customers while pushing criminals further off the grid."

Earlier in October, it was revealed Apple joined johnson, Amazon, and Facebook i opposisjonering av forslagene, en fortsettelse av en kampanje ved teknologibedrifter for å bekjempe tilbakevendelser og andre lovgivningsmæssige ændringer som svækker sikkerheten for alle brukere. De firmaer har tidligere udstedt udtalelser til forskellige regeringer og sikkerhedsorganer rundt om i verden for at bekæmpe de voksende opkald fra lovgivere og retshåndhevelsesorganer for å gjøre det lettere å få tilgang til informasjon som er sikkert kryptert.

Outside of tech companies, some lawmakers in the U.S. er forsøks å sette en stopper for lignende tiltak som blir implementert av staten. Den "Secure Data Act", som foreslås i maj, syftar til at forhindre domstols og føderale byråer fra å utstede ordrer for å skape backdoors eller andre sikkerhetssvakningsfunksjoner.


Source link