A lobby group representing tech giants including Twitter, Facebook, Amazon, and Google has called on the government to back down on plans to allow law enforcement agencies to exploit vulnerabilities in their encryption.
Draft legislation, unveiled by the Australian government in August, would force tech companies to: remove protections on devices, give law enforcement agencies the design specs of their devices, install software on a device when asked, provide access to devices, and help agencies build their own systems.
In a submission to the government about the legislation, Digital Industry Group (DIGI) managing director Nicole Buskiewicz said the legislation would "undermine public safety by making it easier for bad actors to commit crimes against individuals, organisations or communities".
"The bill as currently written could undermine security for all users, including the vast majority of people and businesses who use digital services for good," she said.
"The proposal for companies to facilitate technical vulnerabilities is of particular concern as it doesn’t just create a vulnerability for law enforcement to exploit, it becomes a vulnerability for all, making it easier for criminals to exploit digital technologies to commit crimes."
Under the legislation, law enforcement agencies can issue companies with notices to undertake specific actions, including requiring companies to build weaknesses in their systems to allow law enforcement to then exploit those weaknesses to access communications and other information by people suspected of committing crimes.
Buskiewicz said the tech companies believed that that this would "erode consumer trust and introduce weaknesses that malicious actors could exploit".
The companies have also complained that under the current proposal there is no judicial oversight for notices being issued, and have called on the government to introduce a warrant system that would force law enforcement agencies to go to a judge before tech companies would be handed notices to access messages or anything else police required.
But she said the government was still asking a lot.
"It’s important to note that even if these recommendations were adopted, the bill proposes extraordinary powers of unprecedented scope, and their exercise should be limited to combating serious crimes that pose a grave threat to human life or safety," she said.
"The bill proposes extraordinary powers of unprecedented scope, and their exercise should be limited to combating serious crimes that pose a grave threat to human life or safety"
Consultation on the draft legislation ended yesterday. The government has yet to indicate when the legislation might be introduced into parliament. Labor has yet to state its position on the legislation. The Greens party is opposed to it, and Greens senator Jordon Steele-John said in a statement that he was "thrilled" by the comments from the tech companies.
"Contrary to the stated objective of the bill, Australian cyber security will be significantly diminished by undermining the fundamental principles of end-to-end encryption — which is exactly what this legislation proposes," he said. "It is akin to allowing Donald Trump to read your mail over your shoulder as you open it!"
After the leadership change and cabinet reshuffle last month, home affairs minister Peter Dutton is now responsible for cyber security matters.