Just a few short days after the Australian Government originally announced its intention to pass new, far-reaching anti-encryption laws before Christmas, it’s made good on the promise, becoming the first country in the world to impose legislation of this nature.
The new laws will allow certain Australian state and federal governmental and law enforcement agencies to request access to a suspected criminal’s encrypted communications. Those requests will go directly to the tech company responsible for the specific encrypted messaging service.
Despite the Opposition Labor party initially stating it would only accept the “unsatisfactory” bill with strict limitations, it has since dropped these demands on the proviso that the government reconsider its proposed amendments when the government next sits in early 2019.
However, this proviso is one based on good faith and doesn’t necessitate that any of the Opposition's proposed limitations – such as reducing the power to only federal level law enforcement – will be enacted by the government come the new year.
- Apple comes out swinging against Australia’s proposed decryption law
- Mozilla and Cisco weigh in on Australia’s proposed decryption laws
The intent of the new bill is to protect Australian citizens from serious crimes such as terrorism, child sex offences, as well as drug- and gun-related crimes. The Australian Government believes that 95% of suspects currently surveilled by spy agencies are using such encrypted messaging apps.
However, critics have panned the laws as being short-sighted and missing the point of encryption. While the government claims that it won’t be requesting any tech companies to build “systemic weaknesses” into their products (i.e. backdoors), there may be little alternative when it comes to encryption, and the terminology used in the bill has been hotly debated.
The new laws will mean that if an Australian agency requests access to what it believes are criminal communications occurring over WhatsApp, Messenger or iMessage, the likes of Facebook and Apple will be legally obligated to decrypt their messages.
Critics of the laws have pointed out that, by its very nature, secure end-to-end encryption necessitates that only the parties involved in a message chain are able to see communications in their decrypted form, and that building a vulnerability (backdoor) into the software critically undermines the security of the entire system.
International privacy groups and tech companies such as Mozilla, Cisco, and Apple have criticised the laws as having the ability to make the entire internet less secure due to the universal nature of the encryption services being used.
For instance, if Apple is forced to build a vulnerability into its products for the sake of an Australian investigation, this could well mean that the same weakness can be exploited by bad actors – such as criminals and authoritarian governments – worldwide.
Considering the West's recent concerns over Huawei’s susceptibility to similarly invasive laws in its home country of China, Australian tech manufacturers have said they fear they'll receive the same kind of ban when attempting to export their products.
While Australia may be the first to institute such laws, it’s unlikely to be the last, with the US and UK governments both calling for mandatory backdoors in a recent Five Eyes nation meeting.