Charudatta Galande provided an answer on quora.com to this question.
Read his response at: QUORA.COM
The foundation said in a submission to the government that being forced to secretly create vulnerabilities in an open source product would be extremely difficult.
Mozilla express a number of concerns, including:
The limitation on systemic vulnerabilities is inadequate.
The key provision seeking to limit the widespread security risks of this bill is a prohibition on forcing companies to build a “systemic vulnerability” into their systems or to prevent them from rectifying a systemic vulnerability. However, the term “systemic” is not defined
in the bill, leaving dangerous ambiguity that could be exploited by the government. The accompanying Explanatory Document provides some additional clarity but not confidence in stating that systemic vulnerabilities exclude “actions that weaken methods of
encryption or authentication on a particular device.”
The Government goes on to say that this legislation would permit “requir[ing] a provider to enable access to a particular service, particular device or particular item of software.”
For a company to enable this capability would effectively be to create a systemic vulnerability, whether the capability is provided by “one-off” upgrades sent to specific devices or by inserting a remote access capability to all versions of their products. In
either case, the company will be left with a fast-path method to compromising their user’s data, thus creating a high risk of compromise by malicious actors.
You can download the PDF here: Mozilla Submission
The bill “could allow the government to order the makers of smart home speakers to install persistent eavesdropping capabilities into a person’s home, require a provider to monitor the health data of its customers for indications of drug use, or require the development of a tool that can unlock a particular user’s device regardless of whether such tool could be used to unlock every other user’s device as well", Apple said in a parliamentary submission.
In the submission, Apple said, "The encryption technology built into today’s iPhone represents the best data security available to consumers. And cryptographic protections on the device don't just help prevent unauthorized access to your personal data — they're a critical line of defense against a criminal who seeks to implant malware or spyware, and use the device of an
unsuspecting person to gain access to a business, public utility or government agency."
They go open to say "While the bill presents many questions and opportunities for clariﬁcation, we focus our comments on several overarching themes: (1) overly broad powers that could weaken cybersecurity and encryption; (2) a lack of appropriate independent judicial oversight, (3) technical requirements based only on the government’s subjective view of reasonableness and practicability, (4) unprecedented interception requirements, (5) unnecessarily stiﬂing secrecy mandates, and (6) extraterritoriality and global impact.".
Microsoft claims to have taken care of the inadvertent file deletion issue affecting users upgrading Windows 10, and is rolling out a fixed version to early adopters in its Windows Insider program for further testing.
"We have fully investigated all reports of data loss, identified and fixed all known issues in the update, and conducted internal validation," Microsoft's director of program management for Windows servicing and delivery John Cable said.
Later in the speech Fifield said “Australians should be able to control their online footprints and their personal data," a clear reference to Europe's General Data Protection Regulation. "They should be able to trust their online news sources," he added, before warning "And when these things don't happen, we will look at the full range of policy, regulatory and other options available to us.”
As always, it is wise to hold off with major updates until the dust settles.
Source: itnews article