Government encryption bill: Cisco, Mozilla join chorus of tech critics

Networking vendor Cisco has joined a lengthening list of tech sector critics of a bill that the government says is necessary to help police and security agencies counteract the use of encrypted communications channels.

Telcos, rights groups and industry groups whose members include Google, Facebook, Twitter and Amazon have criticised the bill. Apple has said the proposed legislation is “dangerously ambiguous with respect to encryption and security”.

In a submission to a parliamentary inquiry Cisco said it has “serious reservations” about the bill, particularly because the example set by Australia is likely to be emulated by other nations.

The part of the bill that has been most scrutinised involves the creation of a system of Technical Assistance Requests (TARs), Technical Assistance Notices (TANs) and Technical Capability Notices (TCN).

TARs and TANs involve requests from police organisations based on capabilities that a communications provider already possesses. TCNs is an instruction from the government to a company to build an entirely new surveillance capability into its products or services — e.g. the potential creation of backdoors (though subject to certain limitations, such as a ban on requiring a company to implement a “systemic weakness”).

Cisco said that TCNs are “more problematic” than TANs.

Both TANs and TCNs “suffer from a lack of checks and balances” to ensure that they are reasonable and proportionate, Cisco believes. There is also “a significant issue with regard to transparency” about the system created by the bill.

The bill could “result in the creation of backdoors” by requiring a company to build a new surveillance capability but preventing it from documenting the existence of that capability, Cisco said.

“Building an undisclosed surveillance function–even if mandated by law and intended for use only in specific instances pursuant to a lawfully issued judicial warrant–would violate our public pronouncements to the contrary,” Cisco said.

Any “form of surveillance technique” implemented in Cisco’s products “must be publicly disclosed,” the vendor argued. It should be able to document the existence of a capability, even if the disclosure of the “operational use” of that feature during an investigation is banned.

Mozilla, the custodian of a number of open source projects including the Firefox web browser, said that the “breadth and lack of clarity” of the proposed legislation “would result in a net loss for security and due process, and would introduce substantial international complexities impacting both developers and users of technology”.

“A rush to enact legislation in the proposed form could do significant harm to the Internet,” a submission from the organisation said. “TCNs in particular present the government with capabilities that we don’t believe are appropriate, as well as being a significant risk to the security of the Internet.”

The parliamentary inquiry examining the bill is scheduled to hold its first public hearing later this week.