Amazon has not ruled out legal action if the Australian government passes its controversial encryption “back door” law.
The proposed laws are currently the subject of a parliamentary inquiry that Home Affairs Minister Peter Dutton is demanding be cut short, in the wake of the recent Melbourne terror attacks.
Amazon and several other tech giants were reportedly consulted on the proposed legislation when it was being drafted. But in submissions on the bill, the companies have said they are concerned at the broad nature of the laws and the likelihood any encryption backdoors will be exploited by bad actors.
Today, during an Amazon Web Services user conference in Las Vegas, the cloud services provider’s security chief reiterated those concerns and told Which-50, depending on the bill’s final wording, they would not rule out legal action if it passes.
“There are reasons that people need to make sure they have the right tools available to fight terrorism,” Stephen Schmidt, AWS CISO said, in reference to the recent terror attack in Melbourne.
“We just think that this is an attempt that may be a little bit broadly focused as opposed to a more narrow, appropriate one.”
Schmidt said he hopes the Australian government would remain true to their word on not introducing encryption backdoors.
“As the bill is not yet finalised…it is a little up in the air as to where that will ultimately land. The statement from the government was that they did not want to do something that would be inherently bad for security by introducing vulnerabilities into the system,” he said.
“We hope that that’s represented correctly in the bill when it comes out the other end.”
Schmidt said his concern is the new laws will go too far and require tech companies to deliberately introduce vulnerabilities in their systems. Something he said was a “really, really bad idea”.
“I’m a firm believer that intentionally introduced vulnerabilities in systems are a really, really bad idea.
“Because there are many, many more people with ill intent out there, than there are governments with good intent that gain access to information. And they will find vulnerabilities that are intentionally created in services and systems. And that will put all of us at risk as a result.”
According to Schmidt, there is concern at AWS that governments want to create a backdoor specifically at the point when data is processed. He explained that data is always encrypted on AWS with the exception of when it is being processed, like when a machine learning model is applied.
If governments insisted on creating such a backdoor Schmidt said AWS would “take them to court” and at the very least inform their customers — a current provision in AWS contracts.