Apple has warned that the eSafety Commissioner’s proposed standards to tackle online child abuse would threaten user privacy and turn private companies into “arms of the state” by forcing them to comb through private user communications.
The tech giant said that child exploitation is “abhorrent” but that it had serious concerns over the proposed new rules.
“Forcing providers to comb through the private storage and communications of all its users, without any particularity, reason for suspicion, or other constraint, improperly turns private companies into arms of the state and would up-end the trusted relationship between a provider and its users,” Apple said in its submission.
“There is evidence from other platforms that innocent parties have been swept into dystopian dragnets that have made them victims when they have done nothing more than share perfectly normal and appropriate pictures of their babies.”
The eSafety Commissioners proposal would see mandatory compliance measures introduced that would operate alongside registered industry codes to protect Australians from illegal and restricted online content.
However, Apple said that the proposed changes would create a “backdoor,” as reported in The Australian.
This backdoor would allow encrypted data, such as text messages, photos and more, to be handled by law enforcement agencies. However, the iPhone manufacturer believes that the data would also be opened up to cyber criminals – making users more vulnerable to further exploitation.
“End-to-end encryption ensures that only users — and not the companies who provide services — can access a user’s personal information and communications,” said Apple.
“Encryption provides an essential layer of additional security because it ensures that a malicious actor cannot obtain access to a user’s data even if the actor is able to breach a service provider’s networks.
“It shields everyday citizens from unlawful surveillance, identity theft, fraud, and data breaches, and it serves as an invaluable protection for journalists, human rights activists, and government employees who are constantly targeted by malicious actors.”
The privacy environment in Australia is in a state of flux. The Privacy Act is currently out for review, with the potential for sweeping changes to the online advertising market. Julie Inman Grant, the eSafety Commissioner, has also been taking many steps to penalise tech platforms – including slamming and fining X/Twitter for creating a “perfect storm” of online hate.
However, Inman Grant said last year that she did not expect to “break end-to-end encryption” in the consultation with the industry.
“Nor do we expect companies to design systematic vulnerabilities or weaknesses into any of their end-to-end encrypted services,” she added.
However, Apple said that this sentiment was not expressed in the draft standards.
“We recommend that eSafety adopt a clear and consistent approach expressly supporting end-to-end encryption so that there is no uncertainty and confusion or potential inconsistency across codes and standards,” it said.
Apple’s assertion that this new approach to privacy will open the door for scammers and cyber security issues could have huge knock-on implications for brand reputations. Optus had barely begun to recover from its data breach in late 2022 before it was hit with a huge service outage last year.
Australian consumers would be unlikely to forgive a brand – even Apple – for opening a backdoor to their private communications.