Tech alliance unites to condemn new anti-encryption bill

The privacy of all Australians is at risk. Photo: Tech Crunch

Technology giants and human rights groups have formed an alliance to fight the Australian government’s new encryption bill.

Calling themselves the Alliance for a Safe and Secure Internet, the group consists of industry, consumer and human rights groups, who are criticising the government for attempting to pass legislation that threatens the digital security of Australians.

**********

UPDATE: 11/12/18 | Anti-encryption legislation has now been passed into law, clearing the Senate 42-12 this week. Read more about this here.

**********

BACKGROUND

In August, we were one of the first outlets to reveal the Australian government has released details of a new telecommunications bill granting agencies new powers to access encrypted communications data, including enhancing obligations of companies to provide assistance and new warrants to covertly obtain evidence directly from devices.

Following discussions last year on ‘combatting terrorism’, a draft was finally released after extensive delay by the Turnbull government in the form of the Assistance and Access Bill 2018, and was quickly introduced to Parliament during the midst of a ‘strawberry scandal’ following public submissions.

The Australian government has spoken previously on the threat of encryption when ‘combatting terrorism’, and to this end, will force communications providers to work extensively with government agencies to gain access to a target’s data where it was in their power to do so.

Currently, secure end-to-end encryption cannot be intercepted without some kind of backdoor, and this is how the Australian government insists is how the new legislation will work, by allowing agencies to seek help from providers, both domestic and offshore, in the execution of their functions.

According to the released documents, the first half of the bill introduces a suite of measures that will improve the ability of agencies to access communications content and data, including enhancing the obligations of domestic providers to provide assistance, and new computer warrants and methods that will enable authorities to covertly obtain evidence directly from a device.

These options will require providers to offer up details about technical characteristics of their systems that could help agencies exploit weaknesses that have not been patched. It also includes installing software, and designing and building new systems.

The second half the new legislation also amends the computer access provisions in the ASIO Act to address particular ‘operational challenges’, enabling the group to intercept communications for the purpose of executing a computer access warrant.

The penalties include fines of up $10 million for companies that refuse to facilitate access to secret data and communications and 10 years jail for individuals who refuse to tell investigators their password to unlock a device.

A coalition of American and Australian civil society groups and technology companies, including Apple and Microsoft, outlined issues with a draft version of the law in a submission to the Government, voicing concerns about its amended version.

The Australian government says the legislation will help law enforcement and security agencies ‘keep pace’ with advances in technology, but critics say it would force tech companies to facilitate access to encrypted information without judicial oversight.

ALLIANCE UNITES

Alliance members opposed to the bill include the Communications Alliance, which counts Telstra, Optus and Vodafone among its members, digital policy industry group DIGI, whose members include Facebook and Google, the Australian Industry Group, Australian Communications Consumer Action Group and Amnesty International.

The group fears the bill’s proposed powers, which could see technology and telecommunication companies, among others, made to build new ways of intercepting emails or text messages, could have serious implications for online security overseas as well as domestically.

The alliances’ spokeswoman Lizzie O’Shea, who is a board member of Digital Rights Watch, spoke on the importance of this bill to media this week:

“This bill stands to have a huge impact on millions of Australians, so it is crucial that lawmakers reject this proposal in its present form before we sleepwalk into a digital dystopia.

As a group, we are so concerned by the bill we feel it is our collective civic duty to use our voices to make sure the public is aware of the alarming legislation the federal government is attempting to rush through Parliament with its Assistance and Access Bill.”

While the government insists the laws will not require tech companies and telcos to include “backdoors” so investigators can break encrypted communications, experts believe provisions that allow agencies to install spyware will leave devices vulnerable to hacking.

The government is adamant the bill would not force the likes of Apple or Google to undermine encryption, however the idea that tech firms will have to crack their own encryption, without weakening that encryption or creating a backdoor, is just not possible.

“We should all be worried, because this legislation doesn’t only target criminals, it puts every Australian at risk. We use encryption to buy things online, manage our finances, and communicate personally and professionally. Hospitals, transportation systems and government agencies use encrypted data.

Creating tools to weaken encrypted systems for one purpose weakens it for all purposes. If the federal government succeeds in doing so, it could be your bank account, your personal correspondence, or your medical records that are compromised in the end,” Ms O’Shea said.

One way technology companies could assist agencies would be to target an individual with a tailored modification to an app to compromise their messages, Fergus Hanson, head of International Cyber Policy Centre at the Australian Strategic Policy Institute (ASPI), suggested:

“Assistance is expected to be provided on a no-profit, no-loss basis and immunities from civil liability are available for help given. The Bill maintains the default position that providers assisting Government should not absorb the cost of that assistance nor be subject to civil suit for things done in accordance with requests from Government.”

The bill could also have far-reaching consequences for consumer technology around the world, according to Nicole Buskiewicz, the managing director of the Digital Industry Group Inc (DIGI), which represents Google, Facebook, and Twitter in Australia:

“If an agency requested a company for example to install particular software to access user data, the mere presence of that software would impact the operation and the maintenance of the system,” she said.

The Australian Human Rights Commission and business lobby groups have also expressed concerns over implications to their own sectors.

A government spokesperson said the bill had been referred to the Parliamentary Joint Committee on Intelligence and Security.

Stay up-to-date on this story and related news in our Intelligence category.

For more TOTT News, SUBSCRIBE to the website for FREE and follow us on social media for more exclusive content:

Facebook — Facebook.com/TOTTNews
YouTube — YouTube.com/TOTTNews
Instagram — Instagram.com/TOTTNews
Twitter — Twitter.com/EthanTOTT