Australia’s peak industry group has warned that “systemic weakness or vulnerability” could be created that would be open to exploitation by the proposed legislations made by Peter Dutton which proposes to increase the capabilities of the government for surveillance into telecommunication devices by injecting spyware risks.
This was said by the Australian Industry Group in response to a call for public consultations for the assistance and access bill and the body warned that there could be unintended results because of the push by the Australian home ministry to mandate telcos and tech giants, including names such as Apple, Samsung, Google and Facebook, to insert secret “backdoors” in their devices and the messaging platforms.
While proposing the legislation last week, Dutton had explained that the proposals are aimed to make law enforcement agencies better equipped to counter threats of new technologies and added that the new technologies were being “increasingly misused and indeed exploited” by “criminal syndicates and terrorists”.
The new legislation would give authorities “additional powers for overt and covert computer access”, which included “the use of software to collect information directly from devices”, Dutton said.
The tech companies are not being forced to create weakness in their devices ort systems by the government, but it intends to enable the legitimate government authorities to gain access to the current vulnerabilities of the current systems or to install systems or software on each of the devices or systems that will give access to the authorities, the government claimed.
The criminal groups may be being handed over more tools inadvertently by the government proposals even if it was just a “one-off firmware update targeted at that suspect and no one else”, warned the Ai in its submission.
“We are of the view that introducing any type of technical capability or functionality to grant access to a user’s hardware or services potentially creates a systemic weakness or vulnerability,” the group’s submission says. “Once developed, it may be capable of extension to any and all users and could also create an opening for others to take advantage of new and existing weaknesses in the system.”
The Digital Industry Group had earlier issued similar warning about the proposed legislation bill that was made public last month by the government. The group had warned that devices could become vulnerable to attacks by the move.
The broadness of the definitions for some terms that the government had proposed were questioned by the Ai Group.
“We would be concerned if broadly and vaguely scoped legislation could compel companies to build security vulnerabilities into their products – this would affect all users of that product and result in weaker security for everyone,” the industry group warned.
Because the government could be creating “domestic laws that may be ineffective, out of step and overreaching with other relevant jurisdictions”, therefore the Ai also advised the government of international considerations.
“At worst, applying a stricter regime in Australia than overseas could impact Australia’s digital capability and competitiveness, impeding network innovation, discouraging business presence in the Australian market, and leaving Australia behind,” it said.
Currently, decryption techniques can be used under the existing laws to access encrypted data by Australia’s internal spy agency, Asio, and the department of home affairs.
(Adapted from TheGuardian.com)