On Thursday last week, Australia finally passed the “Telecommunications Assistance and Access Bill 2018,” also known as the Anti-Encryption Bill, that would now allow law enforcement to force Google, Facebook, WhatsApp, Signal, and other tech giants to help them access encrypted communications. The more has come out of this and through this article, we will go through the details of the Bill and what it impacts.
To pass this bill the Australian government argues that the new legislation is important for national security and claimed to be an essential tool to help law enforcement and security agencies fight serious offences such as crime, terrorist attacks and drug trafficking.
Since the bill was supported by both the Liberal and Labor parties, the upper house could vote in support of the Assistance and Access Bill to make it law, which is expected to come into effect immediately during the next session of parliament in early 2019.
The issue with this is that the Bill does not properly clarify specifics around the potential power that the Assistance and Access Bill could give Australian government and law enforcement agencies over citizen’s digital privacy, it contains new provisions for companies to provide three levels of “assistance” in accessing encrypted data, as explained below:
- Technical Assistance Request (TAR): A notice to request tech companies for providing “voluntary assistance” to law enforcement, which includes “removing electronic protection, providing technical information, installing software, putting information in a particular format and facilitating access to devices or services.”
- Technical Assistance Notice (TAN): This notice requires, rather than request, tech companies to give assistance they are already capable of providing that is reasonable, proportionate, practical and technically feasible, giving Australian agencies the flexibility to seek decryption of encryption of encrypted communications in circumstances where companies have existing means to do it (like at points where messages are not end-to-end encrypted).
- Technical Capability Notice (TCN): This notice is issued by the Attorney-General requiring companies to “build a new capability” to decrypt communications for Australian law enforcement.
What does this mean?
These notices would compel tech companies to modify their software and service infrastructure to backdoor encrypted communications and data that could otherwise not be obtained.
It is also worth noting that companies could face a very large financial penalty for not complying with the new law.
The Bill clearly says that the tech companies can’t be compelled to introduce a “Systemic weakness” or “systemic backdoors” into their legit software or hardware, or “remove electronic protection,” like encryption to satisfy government demands.
Instead, the new legislation contains measures aimed at facilitating lawful access to information through two avenues – “decryption of encrypted technologies and access to communications and data at points where they are not encrypted.”
“We encourage the government to stand by their stated intention not to eaken encryption or compel providers to build systemic weaknesses into their products,” – The bill stipulated.
It’s clear that this bill is for access of information requires assistance from tech companies, meaning that Australian law enforcement is looking for ways to snoop on your messages before they are encrypted, or at least to try and read them once they’re decrypted on the users’ end.
Please go and read the Assitance and Access Bill [PDF] word-by-word, here’s a further snippet:
“The Bill could allow the government to order the makers of smart home speakers to intall persistent eavesdropping capabilities into a person’s home, require a provider to monitor health data of its customers for indications of drug use, or require the development of tool that can unlock a particular user’s device regardless of whether such [a] tool coulod be used to unlock every other user’s device as well…”
“While we share the goal of protecting the public and communities, we believe more work needs to be done on the Bill to iron out the ambiguities on encryption and security to ensure that Australian are protected to the greatest extent possible in the digital world.”
“FEN” (Five Eyes Nations):
Australia is a member of the intelligence alliance known as the “Five Eye Nations”, a group of countries including the United States, United Kingdom, Canada, and New Zealand, which last month declared that “Privacy is not an absolute” and the use of end-to-end encryption “Should be rare,” the new bill could be a stepping stone towards new encryption laws in other nations as well.
This Bill also claims that without the new legislation, law enforcement agencies face the problem of “going dark: – a term used by the FBI and U.S. Department of Justice (DoJ) to describe the situation when they failed to intercept encrypted data and communications.
Just last year the previous Australian Prime minister, who we supported (see article here), stated just last year that “The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia.”
A month ago Apple responded to the bill (tech companies were contacted months before the bill was approved) making a submission to the Australian government, saying;
“Encryption is simply math. Any process that weakens the mathematical models that protect user data for anyone will be extension weaken the protections for everyone.”
“It would be wrong to weaken security for millions of law-abiding customers in order to investigate the very few who pose a threat,” the tech giants added.
Essentially Apple argues that encryption is simply math and that any effort to change that math will affect the privacy and security of everyone that uses their devices. Moreover, the new way to intercept into devices could possibly open a backdoor for hackers, making it easier for them to spy on encrypted communications or steal sensitive encrypted information.
Other Articles You May Enjoy: