1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Apple demands the right to secure devices in a letter to the Australian Government

By mongeese · 4 replies
Oct 13, 2018
Post New Reply
  1. Apple sees itself as being forced to choose a side: stronger on-device security or aiding law enforcement. They’ve been trying to choose both, creating an international web portal for law enforcement data access requests, but also creating a ‘USB Restricted Mode’ that prevents law enforcement from hacking locked iPhones. Meanwhile, governments have been pushing for them to more heavily favor law enforcement, but thus far, Apple hasn’t complied.

    Australia took it a step further by drafting new legislation that requires tech companies like Apple to give access to devices or be fined up to AU$10 million (US$7.3 million). In response, Apple sent the Australian government a letter highlighting how device security is a key line of defense against online “criminals and terrorists” and challenged the idea that “weakening encryption is necessary to aid law enforcement.”

    The letter evaluated six key issues with the law – called the Assistance and Access Bill – and then politely demanded that they are solved.

    The first issue is that the bill grants the government and law enforcement “extraordinarily broad and vague powers” over device security implementation. While the bill currently prohibits “implementing or building a systematic weakness or systematic vulnerability” into a device, it doesn’t define either of those terms. The Australian government insists that they don’t want to weaken encryption, but Apple says that needs to be integrated into the bill in case future governments abuse its power.

    The second issue is the absence of judiciary oversight. In the bill’s current form, only the Attorney General’s permission is required to force a company to hand over access keys or fine them the AU$10 million. Apple wants a jury to decide if a warrant is appropriate or not and wants another jury to decide if Apple should pay the fine if the warrant is ignored.

    The third issue is that it is entirely law enforcement’s decision if a warrant is appropriate or not. Even if every expert, researcher, scientists or academic out there believes a warrant is unnecessary and immoral, the government can make the decision without consulting any of them. Apple wants a panel of experts appointed to review each warrant.

    While the bill doesn’t require companies to bake-in intercept capabilities (the ability for law enforcement to remotely view messages and calls in real time), Apple claims that the “exceptions swallow the rule.” One such exception is a ‘computer access warrant’ that is frequently given out to the Australian Security Intelligence Organization (ASIO) that would grant them full intercept capabilities. Apple wants all intercepts prohibited.

    One of the worst issues is that if an employee at a company receives a warrant but believes it to be immoral, there is nothing they can do about it. Due to security concerns, speaking about a warrant is punishable with 5 years’ imprisonment – they can’t even consult their boss. Apple wants internal discussion to be permitted and potentially a primitive appeal process.

    The last issue is contradictions with foreign law. An example Apple provided is that by allowing ASIO to intercept messages, they would be susceptible to US criminal law because they store the data in America. They claim that “Apple could face stiff penalties of up to 4% of its annual turnover under the General Data Protection Regulation” in Europe.

    Personally, I find it very hard to believe that this bill is even required at all. While there have been valid complaints that law enforcement hasn’t been able to access devices, Apple has complied with nearly 26,000 requests for access in Australia alone.

    Permalink to story.

     
  2. jobeard

    jobeard TS Ambassador Posts: 12,646   +1,470

    Amazingly uninformed legislators -- irrespective of National Origin.
     
    mbrowne5061 and ForgottenLegion like this.
  3. mbrowne5061

    mbrowne5061 TS Evangelist Posts: 1,140   +609

    Someone hasn't been keeping up. They sold out, a while ago too.
     
  4. mbrowne5061

    mbrowne5061 TS Evangelist Posts: 1,140   +609

    https://adexchanger.com/data-exchanges/ghostery-sheds-ad-tracker-sells-off-plug-focus-compliance/

    Basically, their model turned into the same as AdBlock's, but toned down a little. They 'blocked' items by default, then let through ones that are 'trusted'. How they defined 'trusted' was a little ambiguous and they never gave users a straight answer when asked about this.

    It has gone open source in the last few months though, but that is a little too late. I recommend uBlock Origin anyway, since that lets you have far more control over what is blocked, and where. It can be used for more than just ads.
     
  5. mbrowne5061

    mbrowne5061 TS Evangelist Posts: 1,140   +609

    Not if the suspicion doesn't trip your alarm bells, no. It trips mine, mainly because there are softwares out there that don't make me suspicious because they are community developed and/or open-source from the get-go, and accomplish the same objective.
     

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...