Australian parliament will debate bill to weaken encryption by end of 2018
Australia's government will debate proposed legislation before the end of this year that could force Apple and other companies to introduce backdoors into their products and services, such as the iPhone or iMessage, under the guise of assisting with national security and law enforcement investigations.
The government's list of legislation proposed for introduction in the spring parliamentary sittings includes a reference to a bill to update the country's telecommunications-related laws. Spotted by The Register, the section of the document briefly mentions the bill aims to "address the impact of encrypted communications and devices" in relation to security agency activities and investigations by the police.
"The bill provides a framework for agencies to work with the private sector so that law enforcement can adapt to the increasingly complex online environment" the document reads. "The bill requires both domestic and foreign companies supplying services to Australia to provide greater assistance to agencies."
While the document does not specifically state what this could entail, it does refer to a speech by Minister for Law Enforcement and Cyber Security Angus Taylor from June. In the speech, Taylor mentions the challenge encryption poses for law enforcement agencies in gathering evidence for convictions, and to pre-empt terrorism, and the need for the telecommunications industry and tech companies to be obliged to work with the agencies.
Advising that consultation on new legislation would take place in the following weeks, to "modernize our telecommunications intercept and search warrant powers," Taylor is quick to add the legislation will not create a "backdoor," with the government committed to not going down that route.
"It isn't necessary to give law enforcement agencies access to a decryption key otherwise under the sole control of a user," advised the minister. "We simply don't need to weaken encryption in order to get what we need."
While the wording could suggest the agencies would be able to demand service providers, such as Apple for iMessage and iCloud, hand over data in some way before it is encrypted for transit online, such a move would erode the trust the platform would have from the public. In many cases, where the data sent to the company's servers are encrypted at the user's end, or in the case of end-to-end encryption for messaging services, the company simply cannot access the data at all.
Even though the government wouldn't ask for direct access via a backdoor, the companies could effectively be asked to create their own private backdoor and provide data on request.
Apple has long argued against the creation of backdoors or any actions that deteriorates the security of its products. Speaking in March against renewed attempts by the FBI and the U.S. Department of Justice to create backdoors, senior VP of software engineering Craig Federighi advised "Weakening security makes no sense when you consider that customers rely on our products to keep their personal information safe, run their businesses, or even manage vital infrastructure like power grids and transportation systems."
The resistance from tech companies have so far halted the introduction of backdoors in similar legislative maneuvers. In 2016, the U.K. Parliament eliminated encryption backdoors from its Investigatory Powers Bill before passing it, following pressure from tech firms and campaigners.
This hasn't stopped some ministers from attempting to reintroduce backdoors, with U.K. Home Secretary Amber Rudd calling for access to encrypted communications services in 2017.
In the United States, one proposal for the "Secure Data Act" aims to end the ongoing calls from law enforcement for backdoors, by blocking courts and federal agencies from making such demands.