Apple, other US tech giants denounce Australian 'anti-encryption' bill

By Mikey Campbell

Apple and a cadre of U.S. tech companies on Monday signed a letter condemning Australia's recent passage of a cybersecurity bill that bolsters law enforcement and government efforts to obtain access to encrypted messages.

Apple's Messages in iOS.

The Reform Government Surveillance, which includes Apple, Dropbox, Evernote, Facebook, Google, LinkedIn, Microsoft, Oath, Snap and Twitter, is the latest tech consortium to voice opposition to Australia's "Assistance and Access Bill 2018," which flew through parliament last week.

According to a copy of the letter, seen by TechCrunch, the tech group called the bill "deeply flawed" and vowed to pressure Australia's government to "promptly address these flaws when it reconvenes."

"The new Australian law is deeply flawed, overly broad, and lacking in adequate independent oversight over the new authorities," the coalition said in a statement.

Like previous condemnations, many of which arrived after the bill's passage last Thursday, the Reform Government Surveillance claims the new mandate seeks to "undermine the cybersecurity, human rights, or the right to privacy of our users."

Pushed through on the last sitting day of parliament before summer break, the Assistance and Access Bill 2018 sets forth a number of guidelines for accessing secure communications in the wake of strengthening encryption standards. Australia is one of many countries seeking to strike a balance on encryption that provides both consumer protection and a clear path for national security operations.

At issue are requests for technical assistance that can, in some cases, compel private companies to decrypt customer communications. Of particular interest to tech firms are so-called technical capability notices, which critics argue grants law enforcement agencies and select government bodies the power to force the creation of backdoors into secure systems.

The requests and notices are served alongside a warrant, but typically come with a gag order. Further, failure to comply with a notice incurs a fine of A$10 million (about $7.2 million) for corporations.

Australia's government says it "has no interest in undermining systems that protect the fundamental security of communications," but tech firms like Apple argue the bill's language is too vague and could lead to abuse. For example, the bill says companies cannot be forced into implementing "systemic weaknesses" or "systemic vulnerabilities" as a result of a TAN, though said weaknesses and vulnerabilities are not narrowly defined.

A similar argument was proffered in a letter Apple submitted to the Australian Parliamentary Joint Committee on Intelligence and Security in October.

The federal Labor party attempted to modify the legislation last week, but failed to succeed and allowed the bill to pass. Labor leaders vowed amendments will be reviewed when parliament reconvenes.