The Australian Government is in the final stages of passing a bill that would allow police and other law enforcement agencies to access encrypted communications between individuals. It would force technology companies to comply with a range of new rules, including removing “electronic protection” from devices, or else face substantial fines.
Christian Porter, Attorney-General of Australia, states that this update is necessary to help catch serious criminals, such as terrorists and child sex offenders, as they often use encrypted messaging apps as their main method of communication. He calls it a “massive step forward for the Australian people, in ensuring our outstanding intelligence and security agencies are, in their words, back in the game”.
The encryption bill, which is almost 200 pages long, introduces a whole host of proposed new powers, but the section entitled ‘Schedule 1’ has attracted the most criticism. It proposes:
- Technical Assistance Requests (TAR): Police can ask a company to give their help “voluntarily”, such as providing information or technical details about new developments
- Technical Assistance Notices (TAN): Companies are required to provide assistance or else face fines – this could include decrypting individual communications
- Technical Capability Notices (TCN): Requires companies to build new functions to enable police to access a suspect’s data or else face fines
It is unclear what will happen if this new bill does become law, but technology companies and human rights groups are raising concerns that it could make the whole internet less secure. Encryption isn’t exclusively used for messaging apps such as WhatsApp and Signal – it’s also a fundamental part of online security, and protects your details when you use online banking sites or email services. It is feared that giving authorities the power to ‘decrypt’ this data will weaken data security as a whole.
Australians will also have no way of knowing whether or not their messages have been read by the government. The proposed bill contains detailed security provisions, meaning even if a company was forced to build a new function to allow law enforcement agencies to access communications, they wouldn’t be obliged to inform the user.
The Australian Labor Party, which is mostly in support of the bill, claims that even if it’s passed as a law scrutiny will continue well into 2019 through an ongoing committee process. It would also be subject to a 28 day consultation period, meaning no changes would actually come into effect until after New Year’s Day.