This could get interesting. The Australian Telecommunications and other Legislation Amendment (Assistance and Access) Bill 2018 would require tech companies to decrypt communications on request and even require tech companies to build back doors into their software if they don’t already have them.
Of course, like all governments (think GDPR), the bill does not stop at Australia’s border and would, in theory, require companies worldwide to comply. It is not clear what leverage they have against a company that does not have a legal entity in Australia.
It is not clear how they would get Hamas or ISIS to obey their law, so while the law, if enacted, would weaken protections for law abiding citizens worldwide and would possibly allow them to intercept the communications of dumb terrorists, it will do nothing to protect us against smart terrorists – the ones we really need to be concerned about.
The bill defines a designated communications provider as any foreign or domestic communications providers, device manufacturers, component manufacturers, application providers and traditional carriers and carriage service providers.
That means that everything from your email to a physical device that supports encryption is up for grabs.
In explaining the bill the government mentions companies like Facebook, Instagram, Signal, Telegram and even web site logins.
The bill calls for three levels of hacking to be provided on demand:
- Technical assistance request – this one is voluntary. If a company wants to, it can cooperate.
- Technical assistance notice – this one requires a company to decrypt stuff that they have the technical ability to decrypt.
- Technical capability notice – this one requires the company to build a new back door into the security of their product and somehow secretly get the user to install the new hacked version of the software. However, the bill says that this back door cannot remove encryption. HUH?!
The first two are not a big deal. The last one is a killer.
Australia’s Minister for Law Enforcement and Cyber Security said that this bill would allow law enforcement to access your data without compromising the security of the network.
The Minister did not want to go anywhere near the words encryption back door, but technically that is the only way to accomplish what they are asking for. The Minister said that tech companies would be able to provide access without weakening security, He didn’t suggest how this is possible. It is not.
He said that we are ensuring we don’t break the encryption systems of the company; so we are only asking them to do what they are capable of doing. Item 3 above tells companies to do what is not currently possible, so either he has not read the bill, doesn’t understand the bill or is lying. Take your pick. The Minister of Magic is convinced that he can do that without breaking the encryption of the technology companies.
On the other side, the tech companies like Apple, Facebook and Google danced around the conversation giving it a wide berth. They do have a challenge since they don’t want to appear to support terrorists while, at the same time, they know what the government is asking is impossible without compromising the security and privacy of their customers worldwide. If they give this capability to Australia, what is their justification for not giving it to China or Russia or any other country that asks?
The Australian Prime Minister, Malcolm Turnbull said “The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia.” Apparently, he thinks the laws of physics are optional in his country.
Currently, this is only a bill, so who knows what will happen, but if passed, companies will need to make some very uncomfortable decisions.
Since Australia is a small market, one option for bold companies would be to block the use of their services to residents of that continent. Remember that there are fewer people in Australia than, say, in Canada or even in just the sate of Texas and a little more than half the population of California. That being said, businesses rarely like to turn away customers, even if it means violating their core principals, so it will be interesting to see what companies like Apple choose to do.
Information for this post came from CNet.