In July last year, the government of Australia announced plans for laws that would legally force tech companies like Facebook, WhatsApp, and Apple to allow law enforcement agencies access to encrypted user communications, which was met with widespread criticism.
A draft of the Assistance and Access Bill was nonetheless introduced in August 2018, and though originally developed to address encryption-related issues, it grants broad powers that will lead to an increase in government hacking.
With the bill now passed by Australia’s House of Representatives, the new legislation is expected to be enforced by Christmas this year. In the following paragraphs, we’ll give you an overview of what the bill is about and why it’s such a big deal.
What is encryption?
Encryption is defined as the process of encoding data or information so that it can only be accessed by authorized parties. In simple terms, it’s a technology utilized to ensure messages stay between the sender and receiver.
But encryption isn’t just limited to popular messaging apps such as Signal and WhatsApp. It’s practically used across the Internet to add an extra layer of protection to personal information and keep it safe from prying eyes.
What does the anti-encryption bill do?
To put it simply, the bill would allow the police to issue “technical notices” to oblige companies operating within Australia to help the government hack, insert backdoors, implant malware, or undermine encryption.
According to the Australian Security Intelligence Organization (ASIO), encryption impacts at least nine out of ten priority cases. The passing of the new laws, however, will provide law enforcement with three key powers:
- Technical Assistance Notices: These are compulsory notices for a company to use an interception capability they already possess to decrypt a particular communication, or face financial penalties.
- Technical Capability Notices: These are compulsory notices for a company to develop a new interception capability to help the police gain access to a suspect’s data, or face financial penalties.
- Technical Assistance Requests: These are voluntary requests, and a company won’t face any financial penalties for non-compliance. For example, if they can provide technical details about how networks are built.
The anti-encryption bill has been strongly opposed by experts, arguing that the proposed provisions are vague, contradictory, and still contain loopholes. Moreover, they have warned of serious consequences if the security of online systems are tinkered with.
What its practical effects might be?
The Australian government has been working on the anti-encryption bill for more than a year now, and it’s evident they have made effort to ensure that the laws don’t create a systematic vulnerability or weakness for services providing end-to-end encryption.
The legislation would still allow backdoors though, and this will negatively impact the online privacy and security of Australians. Here’s a few ways the bill is going to affect tech companies, and ultimately, Internet users:
Increase in Government Hacking
When the anti-encryption laws are put into effect, the government will have the authority to both compel companies to reveal details about their systems as well as make modifications to them whenever needed.
This, in conjunction with the ability to secretly obtain data straight from devices, would empower law enforcement agencies to expand their hacking capabilities. There’s nothing in the bill that ensures the government will not utilize any uncovered vulnerabilities.
New Cybersecurity Threats
As mentioned, the bill would make it compulsory for companies to give details about their systems and how they work. Plus, it would not only allow more people to physically access the networks, but also require companies to use new functionality developed by the government.
All these different aspects, once combined, are very likely to create new attack vectors for companies to safeguard against, which means private user data would also be at the risk of being exposed to cybercriminals.
Who can spy on your communications?
The anti-encryption bill will give the following law enforcement agencies additional powers:
- Australian Criminal Intelligence Commission (ACIC)
- Australian Security Intelligence Organization (ASIO)
- Australian Signals Directorate (ASD)
- Australian Commission for Law Enforcement Integrity (ACLEI)
- Australian Secret Intelligence Service (ASIS)
- Australian Federal Police (AFP)
However, the laws have also been designed, in most cases, to give state police similar access to encrypted data. The lack of oversight when it comes to state agencies is another huge concern for the opposers of the bill.
Can they block access to services if they don’t comply?
The new laws, which are being formulated by the Federal government, aren’t about shutting down services such as WhatsApp and Facebook. That being said, they do include financial penalties for non-compliance.
Many tech companies that offer popular messaging apps are headquartered overseas, so there are speculations about how law enforcement agencies would make them do anything under the anti-encryption bill.
In fact, some might even resort to leaving the country altogether rather than complying with the new law. For example, Senetas – a leading encryption technology provider – claims they could lose overseas customers because they can’t guarantee their products haven’t been compromised for Australian law enforcement.
How is the Internet reacting to the bill?
The anti-encryption laws are a world-first, and therefore it doesn’t come as a surprise that it’s garnering a lot of attention from tech companies, security experts, as well as human rights groups from around the world. Here’s what the Internet is saying about the new laws:
#AAbill just passed the house as amended (yes, all 173) despite the disagreement 🤷♂️🙄
— Senator Jordon Steele-John (@Jordonsteele) December 6, 2018
if the #aabill passes I just won’t be able to work in Australia 🙁 I have an ethical obligation to users of my software not to expose their data. Breaking all their crypto/security is just a non-starter.
— Adam Chalmers (@adam_chal) December 4, 2018
I’ve been talking to/listening to a lot of very smart tech people tonight, about #AAbill. Without exception, they are all furious, horrified, scared, or all three. Genuine fears this could hobble Aus tech industry, and surveillance used for far more than just serious crime
— Josh Butler (@JoshButler) December 5, 2018
I’m a tech worker, I don’t know if I want to stay here and I don’t know if my company can stay here.
The #aabill is causing a lot of anxiety for a lot of folks.
— Eliza Sorensen (@Zemmiph0bia) December 4, 2018
The week started with the welcome news that Labor would oppose the #aabill .
It ended with Labor voting against THEIR OWN amendments to the bill and give the government everything they wanted. It’s now law. Shameful.
— Richard Di Natale (@RichardDiNatale) December 6, 2018
I just want an MP from the Labor party to explain in simple terms how they think what they passed today is going to protect Australians over Christmas. #aabill
— Daniel Myles (@deejayqf) December 6, 2018
That’s okay, while the tech ecosystem burns with collapse of R&D incentives in Australia and now these useless and damaging anti cyber security #aabill laws, our neighbours in NZ are launching a new more generous R&D scheme.
Watch as companies leave Australia in droves.
— Dr Jehan Kanga 🌈 (@jehankanga) December 4, 2018
The encryption bill in Australia will make it impossible foreign companies and countries to trust any Australian software which contains encryption. Thanks LNP and ALP for decimating this trust 🤬 #auspol #aabill.
— Tim Butler (@timbutler) December 4, 2018
So, as expected, #aabill is already costing Australian businesses BIG money; Atlassian, one of Australia’s first break-out tech companies just lost an estimated $1B off it’s stock price.
— Emelia 👸🏻 (@ThisIsMissEm) December 6, 2018
Over in Australia they’re shooting themselves in the face with a shockingly technically nonsensical encryption backdoor law. Doesn’t even help it just poison-pills their entire domestic tech industry, breaks imports.
Send prayers to the kangaroo punchers with copper internet. 🙏
— SwiftOnSecurity (@SwiftOnSecurity) December 6, 2018
Wrapping things up
Australia’s anti-encryption bill is the first law of its kind to be passed, and it comes with extreme implications for both tech companies and Internet users in the country. Though the law was created to counter terrorism, it can create further risks to the privacy and security of Australians. In fact, there’s a pressing international concern the bill would make the Internet a less secure place.
What do you think? Let us know your thoughts about Australia’s new anti-encryption law in the comments below!