In a move supported by both major political parties in Australia, a bill named the “Telecommunications Assistance and Access Bill 2018,” has passed the House of Representatives and is headed to the upper House for a vote. Given its bi-partisan support and the position of PM Michael Turnbull regarding encryption, passage into law seems certain.
A Hacker News article provides additional details about the bill and its ramifications, not only for tech companies like Apple, Samsung, WhatsApp, Signal and others but also for individuals. The intended purpose of the legislation is to give the Australian government and security and law enforcement bodies leverage over companies that provide products with encryption capabilities in efforts to,
“fight serious offenses such as crime, terrorist attacks, drug trafficking, smuggling, and sexual exploitation of children.”
While all seem like good reasons for wanting access to the data and communications of suspected villains and bad actors, our Libertarian antennae are twitching. What is to prevent government agencies, and hackers once the means of accessing data become available, from expanding their surveillance at will? Naturally, the Australian government is quick to point out this will never be allowed since a court order to obtain the data is required.
Australia is the first of a group of five countries called the Five Eyes Nations to pass this type of legislation. Given the stances and statements from certain of the other four members; the United States, United Kingdom, New Zealand, and Canada, it seems inevitable that similar legislation will one day advance in those countries as well.
The bill does not require manufacturers to build systemic weaknesses or backdoors into their hardware or software. It just requires those companies to provide the ability to gather data on suspects when ordered to by Australian authorities. The bill requires tech companies to provide access to data before it is encrypted, either on the sending or receiving end. The problem with this approach is that once developed, hackers and bad actors won’t be far behind in gaining the same capabilities.
PM Michael Turnbull, along with the United States FBI, seems unconcerned with the civil liberties that might be trampled. All that matters is national security. Again, a noble sentiment, but history repeatedly demonstrates how powers like these end up being abused.
Here are the three levels of cooperation the bill creates, as spelled out in the Hacker News article:
- Technical Assistance Request (TAR): A notice to request tech companies for providing "voluntary assistance" to law enforcement, which includes "removing electronic protection, providing technical information, installing software, putting information in a particular format and facilitating access to devices or services."
- Technical Assistance Notice (TAN): This notice requires, rather than request, tech companies to give assistance they are already capable of providing that is reasonable, proportionate, practical and technically feasible, giving Australian agencies the flexibility to seek decryption of encrypted communications in circumstances where companies have existing means to do it (like at points where messages are not end-to-end encrypted).
- Technical Capability Notice (TCN): This notice is issued by the Attorney-General requiring companies to "build a new capability" to decrypt communications for Australian law enforcement.
"The Bill could allow the government to order the makers of smart home speakers to install persistent eavesdropping capabilities into a person’s home, require a provider to monitor health data of its customers for indications of drug use, or require the development of tool that can unlock a particular user’s device regardless of whether such [a] tool could be used to unlock every other user’s device as well…"
"While we share the goal of protecting the public and communities, we believe more work needs to be done on the Bill to iron out the ambiguities on encryption and security to ensure that Australian are protected to the greatest extent possible in the digital world."
Pretty chilling stuff. And, just when I have gotten the hang of Alexa. Apple responded to the passage of the bill in the House of Representatives with the following statements,
"Encryption is simply math. Any process that weakens the mathematical models that protect user data for anyone will by extension weaken the protections for everyone.”
“It would be wrong to weaken security for millions of law-abiding customers in order to investigate the very few who pose a threat," the tech giant added.
As the old saying goes, “the genie is out of the bottle,” with the passage, and likely signing into law, of the legislation. As individuals, groups, and companies, we should all be watchful of the effects this legislation has in Australia and elsewhere.
Meanwhile, you can trust your communications and data to the CRIP.TO solution. With its unique blend of hardware, software, and blockchain technology, you are assured of the best encryption outside government and military agencies.
Check out our solutions and our upcoming ICO. You deserve the freedom to communicate fearlessly and CRIP.TO is dedicated to helping you do exactly that.