Apple is not the only tech giant to tell Australia’s Federal Government exactly what it thinks of the proposed decryption law that was entered into Parliament last month.
A private industry body called The Digital Industry Group Inc (DIGI), representing tech companies like Google, Facebook and Twitter, voiced its concerns over the Assistance and Access Bill 2018 in August, and this has been followed up with criticisms from Mozilla and Cisco.
In a formal submission to the Parliamentary Joint Committee on Intelligence and Security, Cisco says the law would “result in the creation of backdoors”, something CEO Chuck Robbins promised would never happen on the company’s equipment, while Mozilla is worried about the integrity of its open-source software.
Amongst the 31 submissions presented to the Joint Committee reviewing the draft law, there is a resounding statement that this kind of legislation would sow distrust among customers.
“For an open source organisation, which would need to close portions of its source code and/or release builds that are not made from its publicly released code bases, this is at odds with the core principles of open source, user expectations, and potentially contractual license obligations,” Mozilla said.
The networking company added that, “To maintain the trust of its customers, Cisco believes that any form of surveillance technique which is implemented in its products must be publicly disclosed.”
Both companies are concerned with the concept of “technical capability notices” (TCN), a compulsory notice for communication providers to build interception capabilities to decrypt any private message law enforcement wants to lay its hands on.
According to Mozilla, “A TCN is, in effect, an intentional introduction of a security vulnerability,” with the internet company warning it would lead to users disabling automatic updates on their devices.
Cisco is also worried that being compelled to add backdoors into encrypted platforms would lead to user distrust.
Breaking the internet
Even the Internet Architecture Board (IAB) criticised the proposed law, suggesting that compelling companies to build backdoors into secure systems would “introduce a systemic weakness” that would “erode trust in the internet itself”.
“The mere ability to compel internet infrastructure providers’ compliance introduces that vulnerability to the entire system, because it weakens that same trust,” said IAB chair Ted Hardie. “The internet, as a system, moves from one whose characteristics are predictable to one where they are not.”
He added that if similar legislation was introduced by other countries, it would result in the “fragmentation of the internet”.
Despite the opposition, Australia’s Home Affairs Minister Peter Dutton is pushing for the bill to be passed, describing the law as “essential”.
“Given we are talking about nine out of 10 national security investigations now being impeded because of the use of encryption, we need to deal with it. It doesn’t go as far as some people would want, but it is a measured response,” Dutton said.