The Australian Labor Party decided not to oppose a controversial new bill that gives Aussie law enforcement unprecedented powers to crack encryption.
The new law gives security agencies the ability to access the encrypted messages of suspected criminals. Notice how it says suspects, not actual criminals.
The bill even gives government agencies the power to request that tech companies create new ways for them to access messages. That means secret backdoors accessible by them – and potential hackers.
Not only does the bill have dire ramifications at the individual level, but it also threatens to harm the export of Aussie technology.
— Primrose Riordan (@primroseriordan) December 11, 2018
I also asked the minister if the gov would follow GCHQ in releasing details of how they propose to access encrypted messages to allay Oz industry concerns. His answer suggested he was not in favour of this. cc @stilgherrian #aabill
— Primrose Riordan (@primroseriordan) December 12, 2018
After creating these secret access points for government agencies, Aussie hardware and software will be perceived as untrustworthy throughout the world.
Under the new bill, Technical Capability Notices (TCNs) can be handed out to companies in order to make them comply with the legislation.
They will be forced to make modifications to products in order to assist government agencies with accessing a suspect’s messaging history.
The new bill grants three main powers:
- A technical assistance request (TAR): Government agencies can ask tech companies to help “voluntarily”.
- A technical assistance notice (TAN): A company is required by law to provide assistance or face heavy fines.
- A technical capability notice (TCN): A company is not only required by law to provide assistance, they must build a new function to do so.
Authorities still require a “warrant or authorisation” to access the content of the encrypted messages, but they don’t need either to issue a notice.
The issue is simple: encryption is supposed to keep messages secret between the sender and the receiver. If police and intelligence agencies are given access to encrypted messages, it kind of defeats the purpose.
Perhaps the most worrying – and underrepresented – portion of the bill is that it allows foreign countries the same access.
A foreign country can request the Attorney-General “to arrange for access to data”, even if the incident relates to an investigation involving the law of a foreign country.
The only restriction on the access available by agencies from foreign countries is that the individual must be suspected of a crime that is “punishable by a maximum penalty of imprisonment of three years or more” – a huge range of offences.
— ABC Q&A (@QandA) December 10, 2018
It’s not just technology companies that aren’t happy about the legislation. Human rights groups, lawyers and anyone with a lick of sense sees this as a gross misappropriation of governmental power.
“We now have a situation where unprecedented powers to access encrypted communications are now law, even though Parliament knows serious problems exist,” Law Council of Australia President Morry Bailes said in a press release.
Another issue with the bill is that by complying, Australian technology companies could in turn be in breach of European privacy laws, as well of their own policies that require them to notify customers of security breaches.
Australian tech leaders are also concerned that the legislation was rushed through during the final days of Parliament in 2018.
In a series of tweets, Mike Cannon-Brookes, the co-founder of Atlassian, tweeted: “Rushing such complex legislation in days is reckless.”
Opposition leader Bill Shorten admitted as much, saying that the ramped up laws would be reconsidered and adjusted when Parliament returns to session in February.
That means tech companies – and consumers – will be left in the lurch over the Christmas period, where a large portion of the $22.1 billion that is projected to be spent will be on tech products.
The head of Girl Geek Academy, Sarah Moran, who is a cybersecurity teacher, summed up my thoughts in a comment to ABC News: “Do the politicians not understand the internet?… Or do they understand and do not care?”
It’s difficult to decide which answer is more terrifying.
[Feature image by Christian Wiediger]