Apple has long been a proponent for strong on-device encryption, most notably for its iPhones and the iOS operating system. This has often frustrated law enforcement agencies both in the US and overseas, many of which claim the company’s encryption tools and policies are letting criminals avoid capture by masking communications and securing data from the hands of investigators.
Now, in a letter to the Australian government, Apple says it thinks encryption is in fact a benefit and public good that will only strength our protections against cyberattacks and terrorism. In Apple’s eyes, encryption makes everyone’s devices harder to hack and less vulnerable to take-overs, viruses, and other malicious attacks that could undermine personal and corporate security, as well as public infrastructure and services. Apple is specifically responding to the Australian Parliament’s Assistance and Access Bill, which was introduced late last month and is designed to help the government more easily access the devices and data of criminals during active investigations.
“The devices you carry not only contain personal emails, health information and photos but are also conduits to corporations, infrastructure and other critical services. Vital infrastructure — like power grids and transportation hubs — become more vulnerable when individual devices get hacked,” reads the letter, which is available online on a website hosted by the Australian Parliament. “Criminals and terrorists who want to infiltrate systems and disrupt sensitive networks may start their attacks by accessing just one person’s smartphone. In the face of these threats, this is no time to weaken encryption. There is profound risk of making criminals’ jobs easier, not harder. Increasingly stronger — not weaker — encryption is the best way to protect against these threats.”
Part of the Assistance and Access Bill would involve “establishing frameworks” for the telecommunications and technology industries’ assistance in ongoing investigations that involve encrypted data and devices. The bill also calls for stronger search warrants and “modern warrants for the digital age,” which could mean warrants that require companies to bypass encryption or use backdoors and other methods to provide government agencies easier access to on-device and cloud data.
Apple is not outright condemning the bill in this instance. It is, however, making the case that “the draft legislation remains dangerously ambiguous with respect to encryption and security.” Apple’s letter calls for less ambiguous language and a “firm mandate that prohibits the weakening of encryption or security protections.” It also goes point by point in critiquing six key themes the company says it’s identified in the bill that it wants clarification on. Those include “overly broad” government powers that could weaken security and encryption; a lack of judicial oversight; technical requirements that are based on the government’s “subject view of reasonableness and practicability”; what Apple calls “unprecedented interception requirements”; security mandates Apple thinks are “unnecessarily stifling”; and a global reach that could impact companies, citizens, and societies well beyond Australia.
Since Apple’s lengthy showdown with the US Federal Bureau of Investigation starting in 2016 over the unlocking of the San Bernardino shooter’s iPhone, the company has touted its commitment to user privacy and security and its willingness to go to court to prevent giving even well-meaning law enforcement agencies overly broad access or tools that could undermine encryption. Apple’s argument has historically been that these tools, though they may be created only to aid governments, could fall into the wrong hands and weaken security and privacy worldwide. The company is reasserting this opinion in the letter to the Australian Parliament, writing, “Software innovations of the future will depend on the foundation of strong device security. To allow for those protections to be weakened in any way slows our pace of progress and puts everyone at risk.”
Here’s the letter in full: