Australia passes controversial anti-encryption law

The law will compel companies to comply with law enforcement demands to hand over data

Encryption

The Australian government has passed a controversial new law which will allow law enforcement to compel tech and telecoms companies to break their own encryption for messages if it's believed a crime has been or will be committed.

The 'Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018' was approved by a 46-11 majority earlier this month and could help authorities make faster arrests, but tech companies are uncertain as to how this will work without installing backdoors or vulnerabilities in their services. Failure to comply with the new law will lead to a fine.

Popular apps such as WhatsApp and Signal, which both use end-to-end encryption, could be forced to cease their service in Australia.

The Australian government says encrypted communications have affected around 200 operations in 2018 and that agencies have seen a 55% increase in encrypted traffic over the year.

However, experts argue that concerns remain as to how companies will abide by the law. End-to-end encryption, by design, blocks access to any parties other than the sender and recipient of a message, and therefore there's no way of breaking it for one targetted user. This leaves the likely possibility that a backdoor in the encryption will have to be made, which, in theory, would give anyone with knowledge of its existence, or a means to exploit said backdoor, access to messages.

Advertisement
Advertisement - Article continues below

"This is an extremely bad idea, while the intention is to make a safe and secure physical society to live in, the major problem is that our lives are more online than ever and such actions make our digital society exposed to cybercrime and cyber attacks," said Joseph Carson, chief security scientist at Thycotic.

"This weakens the foundation on what security is built on which is secure communications and any methods to weaken security opens up society to cyber crime across borders. This will likely have a major impact on the Australia economy over time."

Joshua Lund, a developer for Signal, an end-to-end encrypted messaging app, said in a blog post that "the end-to-end encrypted contents of every message and voice/video call are protected by keys that are entirely inaccessible to us. In most cases now we don't even have access to who is messaging whom."

Carson also criticised the government for the apparent likeness to states where encrypted communications are banned, such as Saudi Arabia, Russia and China.

"Any weakening of encryption reduces the security of a country's citizens, such a move means that Australia is no different than China or Saudi Arabia when it comes to citizens' privacy and will be exposed to citizens' rights abuse without sufficient independent oversight," he said.

Whether or not service providers will be able to comply without risking the security of their platform is yet to be seen, however, governments across the world, including the UK, continue to wrestle with technology companies over protecting national security and maintaining privacy.

The UK has also seen a rise in drug crime which is said to have been largely facilitated by encrypted messaging apps, such as Wickr. The billionaire-backed app, which unlike WhatsApp isn't linked to an identifying mobile phone number, uses the same encryption methods as other apps like it, but is particularly loved by criminals because the messages automatically vanish after a time period set by the user.

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/operating-systems/microsoft-windows/354297/this-exploit-could-give-users-free-windows-7-updates
Microsoft Windows

This exploit could give users free Windows 7 updates beyond 2020

9 Dec 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019