This article was first published in our 2018 print edition.
The suspicion of the government secretly snooping through your online messages has been an uneasy thought in the back of the minds of even the most transparent and morally righteous people out there. This suspicion is becoming all too real, proven by the fact that the government isn’t even trying to keep its actions secret. Angus Taylor’s new cybersecurity laws will coerce tech companies to allow Australian law enforcement agencies access into encrypted data. The repercussions of the new cybersecurity laws could potentially be felt across the country, as most Australians use encrypted forms of communication for administering their day-to-day life. Government agencies having widely unaccountable access to this data poses a significant threat of systematic failure and an individual’s right to privacy.
The Assistance and Access Bill 2018 was released on the 14th of August 2018 as a draft by the Department of Home Affairs for public consultation. The bill is in response to Peter Dutton’s claim that encryption is a “significant obstacle for criminal investigation.”2 The Liberals’ new proposed laws will force tech companies to grant Australian law enforcement agencies access to encrypted material or face severe financial repercussions, which could include “fines up to $10 million.”3 The Bill would allow Technical Assistance Requests, Technical Assistance Notices and Technical Capability Notices to be issued to the Attorney-General on the request of the heads of various Australian law enforcement agencies. The Bill has also created more extensive powers for the issuing of a warrant under the Surveillance Devices Act 2004, Crimes Act 1914, the Customs Act 1901 and ASIO Act 1979.2 Taylor claims that the proposed laws will not give law enforcement agencies “backdoor” access to peoples’ encrypted material or create “systematic weakness”, but there are doubts over his claims.
So, what is this fear of “backdoor” access and “systematic weakness” which the government has been pursuing desperately to ease the concerns of civil and digital rights advocates? Malcolm Turnbull explained this technological concept, as well as a sixty-three-year-old could, telling a press conference at the Australian Federal Police Headquarters that it “is typically a flaw in a software program that perhaps the… developer of the software program is not aware of and that somebody who knows about it can exploit.”1 The former Prime Minister is correct in explaining that software, in general, can be manipulated to be accessed against the intentions of the creator, but does not explain the worrisome concept of “backdoor” unaccountable and invasive access by law enforcement agencies in the context of the Assistance and Access Bill.
The government has repeatedly stated that “The measures expressly prevent the weakening of encryption or the introduction of so-called backdoors.”3 Digital and civil rights advocates do not seem to be convinced about these claims. The motivation for tech companies to strengthen the encryption of information over their services was in response to what Edward Snowden uncovered about the practices of the NSA in 2013. With this new legislation being proposed law enforcement agencies will be given access to vast powers with little space for judicial review. This could potentially lead to a similar violation within Australia by law enforcement agencies abusing their powers, given in the name of national security, to intrude on Australians’ rights to privacy.
The lack of judicial review and possible weakening of encryption is seen through the three types of technical warrants and the unclear jurisdiction of law enforcement over what possible areas of investigation this Bill would cover. The Bill states that agencies will be able to request technical assistance if matters concern national security threats and “protecting the public revenue.”4 This becomes very broad and unclear over where government agencies can use this Bill. The government has claimed the proposed legislation was created for protecting national security but seems to be used as a way of extending the government’s power and using this potential legislation as a vehicle to intrude into innocent individuals’ personal information.
The three ways in which the government is planning on collecting encrypted information are through Technical Assistance Requests, Technical Assistance Notices and Technical Capability Notices. Technical Assistance Requests can be issued by “The Director-General of Security (DGS), the Director-General of the Australian Secret Intelligence Service (DGSIS), the Director-General of the Australian Signals Directorate (DGASD) and the chief officer of an interception agency (COIA).”4
Under Section 317ZS of the Bill (relating to Technical Assistance Requests), there are few limitations over what an agency can request, and all voluntary requests are not reported on the Annual Audit Disclosure. As well as 317ZS, Section 371E(1)(a) states that, under the Technical Assistance Request, modification to an electronic system’s encryption protection could be made. This clause goes against everything the government has tried to assure in relation to both the weakening of encryption and “backdoor” access.
The collaboration over access to encrypted information is purely between the technology service and law enforcement agencies. This could become a system that will gradually evolve into the complete disintegration of individual privacy through encryption. There is also the potential of the increased use of a black market of online end-to-end encryption communication services, not bound by a public centralised figure, to grant the government access.
National security, transparency and privacy are three factors that need to be considered when creating new laws which could potentially encroach on an individual’s liberties. There are undesirable repercussions from what has been proposed by the government under the Assistance and Access Bill 2018. Such repercussions include difficult judicial review and broad terms of reference of investigation, due to the lack of clarity in many of the clauses within the proposed legislation.
These proposed laws will provide the government with the ability to weaken encryption and have “backdoor” access, due to the difficulty for tech companies going through the arduous process of scrutinising every request by the government. The accumulative effect of all these factors will potentially lead to an Australian ASIO saga like what was seen in America with NSA and Edward Snowden. The proposed legislation could ascend Australia into a future of state monitoring into much more than what we could possibly imagine. With Julian Assange hiding in the Ecuadorian Embassy in London, who knows how intrusive it can possibly become.
1Computerworld 2017, Encryption crackdown: the government doesn’t much care for your terrorist maths, https://www.computerworld.com.au.
2Innovation Australia 2018a, An Encryption Bill with Holes in It, https://www.innovationaus.com.
3Innovation Australia 2018b, Anti-Encryption Bill is Overreach, https://www.innovationaus.com.
4State of It 2018, Assistance and Access Bill 2018, https://stateofit.com/interception.
Cover photo from Flickr.