Tech companies can be forced to “build new capabilities” that allow access to encrypted messages.
Australia passedthat allow law enforcement to access encrypted messages, legislation that leading tech companies, including Google, Facebook and Twitter, have all opposed.
The laws, which passed late on Thursday Australian time, were billed as essential for national security and a vital tool for law enforcement in the fight against terrorism.
The new laws come as tech companies and governments around the world debate the importance of encryption amid a changing national security landscape. Governments and law enforcement agencies across the US, Europe and other western nations argue terrorists and criminals are flocking to encrypted messaging services to escape detection. They say law enforcement needs access to these services — and greater regulation of tech companies broadly — to ensure public safety.
Tech companies and civil liberties advocates argue that weakening encryption for one device or one case has the potential to break it for everyone, opening a door to hackers and compromising the security that underpins our modern, digital world. For the tech world, encryption is a matter of simple mathematics (even if politicians disagree).
But as a member of the Five Eyes security alliance (alongside the US, UK, Canada and New Zealand) the ramifications of the Australian laws could be felt across the world.
Under the legislation passed in Australia, law enforcement and select government agencies can compel tech companies to give three levels of “assistance” in accessing encrypted messages:
- Technical assistance request: A notice to provide “voluntary assistance” to law enforcement for “safeguarding of national security and the enforcement of the law.”
- Technical assistance notice: A notice requiring tech companies to offer decryption “they are already capable of providing that is reasonable, proportionate, practicable and technically feasible” where the company already has the “existing means” to decrypt communications (e.g. where messages aren’t end-to-end encrypted).
- Technical capability notice: A notice issued by the attorney general, requiring tech companies to “build a new capability” to decrypt communications for law enforcement. The bill stipulates this can’t include capabilities that “remove electronic protection, such as encryption.”
While the Australian government insists the laws don’t provide a “backdoor” into encrypted communications, tech companies and civil liberties groups have voiced strong concerns about their scope and the potential for abuse. In particular, a coalition of Silicon Valley’s biggest tech companies have described the laws as fundamentally flawed and “out of step” with the rest of the world.
In a statement, Amazon, Facebook, Google, Oath and Twitter (under the banner of the joint industry lobby group DIGI) said while they were willing to work with the government to promote public safety, the laws could “potentially jeopardise the security of the apps and systems that millions of Australians use every day.”
Apple has also criticised the laws, submitting a response to the draft legislation that called it “dangerously ambiguous.” (Apple is not a member of the DIGI group).
“It would be wrong to weaken security for millions of law-abiding customers in order to investigate the very few who pose a threat,” Apple said.
The Australian government also came under fire for the rushed process by which the laws were pushed through parliament. A cross party meeting of the Parliamentary Joint Committee on Intelligence and Security convened late on Wednesday to review the laws, leading the conservative government to table a total of 173 amendments to its own bill. The federal Labor opposition complained that they received these amendments at 6:30 a.m. on the last sitting day of Parliament — the day the laws were set to be debated.
However, while Labor politicians expressed concerns about the potential negative consequences of the laws and the rushed nature of their passage through parliament, the leader of the opposition called a press conference at 7:00 p.m. on Thursday night saying they wouldn’t oppose the bill, but would instead try to introduce amendments in 2019, after it was passed.
But Edward Santow, Australia’s human rights commissioner, slammed the hasty passing of the encryption bill, saying harm to Australians couldn’t be undone “after the fact.”
“This new law will dramatically increase the access of intelligence and law enforcement agencies to the private communications of ordinary Australians, with implications for our right to privacy and freedom of expression,” he said.
With the tech companies already pushing back, it remains to be seen how they will respond when the first “assistance” notices start coming through and whether the fallout is felt around the world.