Australia has long since been on the crusade to end encryption, and we’ve covered their stance against it in numerous blog posts in the past. Australia and it’s government officials have even come out as saying that they don’t believe in the laws of encryption, or even in mathematics itself.
Turnbull, the Australian prime minister, laughably explained in the past that the laws of mathematics don’t apply to Australian law, that “the laws of mathematics are indeed very commendable, but the only law that applies in Australia is the law of Australia.”
Now in late 2018, Australia has successfully passed a law that allows the government to attack and disarm encrypted messaging apps, despite many warnings from security analysts and critics to do otherwise.
The new law is called the “Assistance and Access” bill, and it allows authorities complete jurisdiction to obtain sensitive information from a device once they have been granted a warrant. If an institution like Whatsapp, for example–does not comply with authorities to decrypt messages, then they could be liable for a $7.2 million dollar fine. In order to comply with such laws, companies like WhatsApp would have to design a backdoor to allow authorities in, which would create a great place for hackers to intervene. The end result is a threat to user privacy and security.
The new law was originally only proposed to be only allowed to be used for extreme crime like Terrorism, but now Labor parties have compromised to allow the law to be carried out for lesser crimes like drug and gun violence. Parties rationalize the powerful law by explaining away the threat to user privacy and security, in favor of national security.
“We are not going to sacrifice the security of Australians,” said Labor Party Leader, Bill Shorten, in a press conference. “We are not going to go home and leave the Australian people on their own over Christmas with inferior laws of national safety.”
The Australian Federal Government has warned that 95% of criminal activity is used by encrypted messaging apps. However, most terrorist activity and serious crimes that the government would want to stop with the law, most likely takes place on custom open-source encryption software that is separate from more casual apps like Whatsapp that could develop backdoors. So in essence, the new law wouldn’t affect criminals who know how to design or use uncrackable algorithms that are separate from companies that can design backdoors.
As we already proposed, the Australian government doesn’t really seem to understand how encryption works. The only parties that the government is hurting is tech companies and the end users, not real criminals. Like we already discussed, if an Australian tech company doesn’t comply to create backdoors for user data that weakens their security policies, they could face huge fines. And we’ve seen instances like this around the world, like in 2016 in the US when Apple refused to unlock an iPhone since it could weaken the security of millions of iPhone users. If that case took place now in Australia, the iPhone would have to be unlocked.
There are many critics of the new law, and understandably so. Lizzie O’Shea, a member of the Alliance for a Safe and Secure Internet, told Reuters that “Any kind of attempt by interception agencies, as they are called in the bill, to create tools to weaken encryption is a huge risk to our digital security.”
Not only will the new law not affect serious criminals who know how to use open-source encryption without company owned messaging apps, but the new law will create backdoors for said criminals to have a cyber free-for-all. In a sense, the new Australian law is a lose/lose for everyone.