Australia passes controversial anti-encryption law

The law will compel companies to comply with law enforcement demands to hand over data

Encryption

The Australian government has passed a controversial new law which will allow law enforcement to compel tech and telecoms companies to break their own encryption for messages if it's believed a crime has been or will be committed.

The 'Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018' was approved by a 46-11 majority earlier this month and could help authorities make faster arrests, but tech companies are uncertain as to how this will work without installing backdoors or vulnerabilities in their services. Failure to comply with the new law will lead to a fine.

Popular apps such as WhatsApp and Signal, which both use end-to-end encryption, could be forced to cease their service in Australia.

The Australian government says encrypted communications have affected around 200 operations in 2018 and that agencies have seen a 55% increase in encrypted traffic over the year.

However, experts argue that concerns remain as to how companies will abide by the law. End-to-end encryption, by design, blocks access to any parties other than the sender and recipient of a message, and therefore there's no way of breaking it for one targetted user. This leaves the likely possibility that a backdoor in the encryption will have to be made, which, in theory, would give anyone with knowledge of its existence, or a means to exploit said backdoor, access to messages.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"This is an extremely bad idea, while the intention is to make a safe and secure physical society to live in, the major problem is that our lives are more online than ever and such actions make our digital society exposed to cybercrime and cyber attacks," said Joseph Carson, chief security scientist at Thycotic.

"This weakens the foundation on what security is built on which is secure communications and any methods to weaken security opens up society to cyber crime across borders. This will likely have a major impact on the Australia economy over time."

Joshua Lund, a developer for Signal, an end-to-end encrypted messaging app, said in a blog post that "the end-to-end encrypted contents of every message and voice/video call are protected by keys that are entirely inaccessible to us. In most cases now we don't even have access to who is messaging whom."

Carson also criticised the government for the apparent likeness to states where encrypted communications are banned, such as Saudi Arabia, Russia and China.

"Any weakening of encryption reduces the security of a country's citizens, such a move means that Australia is no different than China or Saudi Arabia when it comes to citizens' privacy and will be exposed to citizens' rights abuse without sufficient independent oversight," he said.

Advertisement - Article continues below

Whether or not service providers will be able to comply without risking the security of their platform is yet to be seen, however, governments across the world, including the UK, continue to wrestle with technology companies over protecting national security and maintaining privacy.

The UK has also seen a rise in drug crime which is said to have been largely facilitated by encrypted messaging apps, such as Wickr. The billionaire-backed app, which unlike WhatsApp isn't linked to an identifying mobile phone number, uses the same encryption methods as other apps like it, but is particularly loved by criminals because the messages automatically vanish after a time period set by the user.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/hardware/laptops/354533/dell-xps-13-new-9300-hands-on-review-chasing-perfection
Laptops

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020