Australia passes controversial anti-encryption law
The law will compel companies to comply with law enforcement demands to hand over data
The Australian government has passed a controversial new law which will allow law enforcement to compel tech and telecoms companies to break their own encryption for messages if it's believed a crime has been or will be committed.
The 'Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018' was approved by a 46-11 majority earlier this month and could help authorities make faster arrests, but tech companies are uncertain as to how this will work without installing backdoors or vulnerabilities in their services. Failure to comply with the new law will lead to a fine.
Popular apps such as WhatsApp and Signal, which both use end-to-end encryption, could be forced to cease their service in Australia.
The Australian government says encrypted communications have affected around 200 operations in 2018 and that agencies have seen a 55% increase in encrypted traffic over the year.
However, experts argue that concerns remain as to how companies will abide by the law. End-to-end encryption, by design, blocks access to any parties other than the sender and recipient of a message, and therefore there's no way of breaking it for one targetted user. This leaves the likely possibility that a backdoor in the encryption will have to be made, which, in theory, would give anyone with knowledge of its existence, or a means to exploit said backdoor, access to messages.
"This is an extremely bad idea, while the intention is to make a safe and secure physical society to live in, the major problem is that our lives are more online than ever and such actions make our digital society exposed to cybercrime and cyber attacks," said Joseph Carson, chief security scientist at Thycotic.
"This weakens the foundation on what security is built on which is secure communications and any methods to weaken security opens up society to cyber crime across borders. This will likely have a major impact on the Australia economy over time."
Joshua Lund, a developer for Signal, an end-to-end encrypted messaging app, said in a blog post that "the end-to-end encrypted contents of every message and voice/video call are protected by keys that are entirely inaccessible to us. In most cases now we don't even have access to who is messaging whom."
Carson also criticised the government for the apparent likeness to states where encrypted communications are banned, such as Saudi Arabia, Russia and China.
"Any weakening of encryption reduces the security of a country's citizens, such a move means that Australia is no different than China or Saudi Arabia when it comes to citizens' privacy and will be exposed to citizens' rights abuse without sufficient independent oversight," he said.
Whether or not service providers will be able to comply without risking the security of their platform is yet to be seen, however, governments across the world, including the UK, continue to wrestle with technology companies over protecting national security and maintaining privacy.
The UK has also seen a rise in drug crime which is said to have been largely facilitated by encrypted messaging apps, such as Wickr. The billionaire-backed app, which unlike WhatsApp isn't linked to an identifying mobile phone number, uses the same encryption methods as other apps like it, but is particularly loved by criminals because the messages automatically vanish after a time period set by the user.
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisationDownload now
Evaluate your order-to-cash process
15 recommended metrics to benchmark your O2C operationsDownload now
AI 360: Hold, fold, or double down?
How AI can benefit your businessDownload now
Getting started with Azure Red Hat OpenShift
A developer’s guide to improving application building and deployment capabilitiesDownload now