Connecting to public Wi-Fi always carries certain risks but users who access the internet at McDonald's and Westfield in Australia could be targeted for surveillance by police under the country's new encryption legislation.
According to a briefing by the home affairs department obtained through a freedom of information request, police can use new powers to compel device manufacturers, telecoms, social media companies, retailers and other businesses that give their customers free Wi-Fi to provide information on users.
When it passed through the Australian parliament in December, the Telecommunications Access and Assistance Act raised a number of red flags due to the high number of offenses with a prison sentence of three years.
- VPNs can solve public Wi-Fi anxiety
- Business on the move: how to secure 4G and public Wi-Fi connections
- You need a VPN when accessing public Wi-Fi. Here's why.
At the time, the tech sector warned that the law would harm Australian companies but due to the re-election of the Morrison government, the law will remain unchanged at least for this term of parliament.
Telecommunications Access and Assistance Act
Under the new law, law enforcement agencies will have the power to compel cooperation from “designated communications providers” but in reality “any Australian retailer who offers a mobile phone application for online shopping or offers an application for mobile viewing” could be required to assist in police spying.
The briefing also provided several examples of the type of assistance authorities can lawfully require such as having a social media company help to automate the creation of fake accounts, a mobile carrier increasing a user's data allowance so surveillance methods don't eat up all of their data, forcing a device to send messages as an unecrypted SMS and a data center providing access to a customer's server rack to install a surveillance device.
Chief executive at the Communications Alliance John Stanton explained how the new law could force service providers to compromise their own networks, saying:
“One of the more concerning examples is the installation of software on to a network that’s been developed by agencies. The service provider isn’t necessarily going to know what that software is capable of doing, and what risks it presents to the security of its network and its customers.”
The new legislation does prohibit government agencies from requiring for backdoors to be built into products but they could still get around this by targeting flaws that have already been discovered which would grant them access.
- We've also highlighted the best VPN so that you can stay protected while using public Wi-Fi