Anti-encryption bill Australia

Australia Passes New Anti-Encryption Bill

In July last year, the government of Australia announced plans for laws that would legally force tech companies like Facebook, WhatsApp, and Apple to allow law enforcement agencies access to encrypted user communications, which was met with widespread criticism.

A draft of the Assistance and Access Bill was nonetheless introduced in August 2018, and though originally developed to address encryption-related issues, it grants broad powers that will lead to an increase in government hacking.

With the bill now passed by Australia’s House of Representatives, the new legislation is expected to be enforced by Christmas this year. In the following paragraphs, we’ll give you an overview of what the bill is about and why it’s such a big deal.

What is encryption?

Encryption is defined as the process of encoding data or information so that it can only be accessed by authorized parties. In simple terms, it’s a technology utilized to ensure messages stay between the sender and receiver.

But encryption isn’t just limited to popular messaging apps such as Signal and WhatsApp. It’s practically used across the Internet to add an extra layer of protection to personal information and keep it safe from prying eyes.

What does the anti-encryption bill do?

To put it simply, the bill would allow the police to issue “technical notices” to oblige companies operating within Australia to help the government hack, insert backdoors, implant malware, or undermine encryption.

According to the Australian Security Intelligence Organization (ASIO), encryption impacts at least nine out of ten priority cases. The passing of the new laws, however, will provide law enforcement with three key powers:

  1. Technical Assistance Notices: These are compulsory notices for a company to use an interception capability they already possess to decrypt a particular communication, or face financial penalties.
  1. Technical Capability Notices: These are compulsory notices for a company to develop a new interception capability to help the police gain access to a suspect’s data, or face financial penalties.
  1. Technical Assistance Requests: These are voluntary requests, and a company won’t face any financial penalties for non-compliance. For example, if they can provide technical details about how networks are built.

The anti-encryption bill has been strongly opposed by experts, arguing that the proposed provisions are vague, contradictory, and still contain loopholes. Moreover, they have warned of serious consequences if the security of online systems are tinkered with.

What its practical effects might be?

The Australian government has been working on the anti-encryption bill for more than a year now, and it’s evident they have made effort to ensure that the laws don’t create a systematic vulnerability or weakness for services providing end-to-end encryption.

The legislation would still allow backdoors though, and this will negatively impact the online privacy and security of Australians. Here’s a few ways the bill is going to affect tech companies, and ultimately, Internet users:

Increase in Government Hacking

When the anti-encryption laws are put into effect, the government will have the authority to both compel companies to reveal details about their systems as well as make modifications to them whenever needed.

This, in conjunction with the ability to secretly obtain data straight from devices, would empower law enforcement agencies to expand their hacking capabilities. There’s nothing in the bill that ensures the government will not utilize any uncovered vulnerabilities.

New Cybersecurity Threats 

As mentioned, the bill would make it compulsory for companies to give details about their systems and how they work. Plus, it would not only allow more people to physically access the networks, but also require companies to use new functionality developed by the government.

All these different aspects, once combined, are very likely to create new attack vectors for companies to safeguard against, which means private user data would also be at the risk of being exposed to cybercriminals.

Who can spy on your communications?

The anti-encryption bill will give the following law enforcement agencies additional powers:

  • Australian Criminal Intelligence Commission (ACIC)
  • Australian Security Intelligence Organization (ASIO)
  • Australian Signals Directorate (ASD)
  • Australian Commission for Law Enforcement Integrity (ACLEI)
  • Australian Secret Intelligence Service (ASIS)
  • Australian Federal Police (AFP)

However, the laws have also been designed, in most cases, to give state police similar access to encrypted data. The lack of oversight when it comes to state agencies is another huge concern for the opposers of the bill.

Can they block access to services if they don’t comply?

The new laws, which are being formulated by the Federal government, aren’t about shutting down services such as WhatsApp and Facebook. That being said, they do include financial penalties for non-compliance.

Many tech companies that offer popular messaging apps are headquartered overseas, so there are speculations about how law enforcement agencies would make them do anything under the anti-encryption bill.

In fact, some might even resort to leaving the country altogether rather than complying with the new law. For example, Senetas – a leading encryption technology provider – claims they could lose overseas customers because they can’t guarantee their products haven’t been compromised for Australian law enforcement.

How is the Internet reacting to the bill?

The anti-encryption laws are a world-first, and therefore it doesn’t come as a surprise that it’s garnering a lot of attention from tech companies, security experts, as well as human rights groups from around the world. Here’s what the Internet is saying about the new laws:

Wrapping things up

Australia’s anti-encryption bill is the first law of its kind to be passed, and it comes with extreme implications for both tech companies and Internet users in the country. Though the law was created to counter terrorism, it can create further risks to the privacy and security of Australians. In fact, there’s a pressing international concern the bill would make the Internet a less secure place.

What do you think? Let us know your thoughts about Australia’s new anti-encryption law in the comments below!

Haris Shahid has a genuine passion in covering the latest happenings in the cyber security and digital landscape. He likes getting out and about, but mostly ends up spending too much of his time behind a computer keyboard.

Join 3 million+ users to embrace internet freedom

Signup for PureVPN to get complete online security and privacy with a hidden IP address and encrypted internet traffic.

Shares