Back in July 2017, the Australian Government stated its intention to introduce new legislation that would force companies to decrypt secure messages, and now the details surrounding the proposed laws are finally coming to light.
While Australian telcos already offer a degree of assistance to the country’s law enforcement, providing user data in investigations relating to high-level crime, the government’s concern is that the same cooperation isn’t provided by big tech companies such as Apple, Google, and Facebook, which all offer their own encrypted messaging services.
As such, the proposed bill is intended to request a degree of cooperation in accessing devices or messages from any tech company that operates within Australia, or whose services are made available in the country.
The bill detailed
Much of the new details we’ve learned about the proposed legislation come from an exposure draft of the Assistance and Access Bill 2018 (opens in new tab), which offers close to 200 pages worth of legislation amendments regarding cybersecurity and law enforcement.
The most significant of these – Part 15 of the Telecommunications Act, which is titled “Industry Assistance” – will allow certain high-ranking security officials to formally request access to encrypted communications from the providers of those services.
While the companies being issued the requests are initially only asked to hand over information on a voluntary basis, this can be escalated to an official notice, which would “require” companies to provide the data in the situation where it has access to it, or to devise a means of obtaining the data if not.
The inherent issue
The latter “technical capability notice” is particularly troubling when it comes to end-to-end encryption, as it hopes to force any company involved in the encryption process to somehow create a decryption solution within 28 days.
The companies affected could include telcos, messaging service providers, physical communications facilities and their staff, or even contracted software developers that happened to have worked on any of these.
Critics of the legislation have previously pointed out that it could undermine the security of end-to-end encrypted messaging, which would otherwise see the communication unconditionally protected until it reaches the recipient's device.
Despite the Assistance and Access Bill mentioning a ban on the use of backdoors – it says it does not want a “systemic vulnerability” to be built into encrypted systems, that could then be accessed by anyone with the key – it’s unclear how tech companies will be able to fully comply with the proposed laws without these in place.