There are no active ads.

New law in Australia is bad news for tech security

by Brandon Russell | January 23, 2019January 23, 2019 1:00 pm EST

A few years ago, tensions between Apple and law enforcement boiled over when the Cupertino company refused to unlock an iPhone belonging to a man alleged to have carried out a terrorist act in San Bernardino, Calif. In the future, a new law could force Apple to build a door to iPhones whether it wants to or not.

A New York Times report details a recently approved law in Australia that will provide law enforcement with the tools necessary to circumvent encryption meant to protect consumers. Any company that wants to sell devices in Australia is compelled to comply.

While the law is only in effect in Australia, authorities in other countries might enact similar processes. According to the NYT report, the new law has “limited oversight mechanisms.”

NYT explains:

A notice sent to a company must be ‘reasonable and proportionate,’ and the authorities must have a warrant to gain access to a phone or service. But the agency issuing the notice decides what is reasonable.

There is an appeals process if a company is asked to build a new interception capability. A firm can ask an independent assessment panel consisting of a technical expert and a former judicial officer to review the notice.

The law doesn’t require companies like Apple to build tools with universal decryption capabilities, according to NYT. However, Apple argues that it cannot build back door access to a specific iPhone without opening up other models to attack.

In a statement to the Australian Parliament’s Joint Committee on Intelligence from last October, Apple argued that introducing tools to decrypt its products is “alarming.” It won’t just be Apple affected by the law; everyone from Facebook to other smartphone manufacturers will have to comply.

Worryingly, the law makes it possible for government agencies to force tech companies to surreptitiously install backdoor software on products.

Last year, Apple argued that strong encryption is important to consumer and corporate safety, because it makes devices less vulnerable to attacks. This, in turn, is a better solution to thwarting cyberattacks and terrorism, which is essentially at the crux of the new Australian law.

“The devices you carry not only contain personal emails, health information and photos but are also conduits to corporations, infrastructure and other critical services,” Apple said in its letter.

“Increasingly stronger—not weaker—encryption is the best way to protect against these threats,” Apple added.

NYTimes

Brandon Russell

Brandon Russell likes to rollerblade while listening to ACDC.

Advertisement

Advertisement